Skip to content

Commit

Permalink
Prevent double escaping of multiline when cloning an item
Browse files Browse the repository at this point in the history 
fixes glpi-project#18123
  • Loading branch information
@cedric-anne
cedric-anne committed Oct 24, 2024
1 parent 26997c8 commit bdde592
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 5 deletions.
35 changes: 35 additions & 0 deletions phpunit/functional/ProjectTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@

use DbTestCase;
use Glpi\Team\Team;
use Glpi\Toolbox\Sanitizer;
use ProjectState;
use ProjectTask;
use ProjectTeam;
Expand Down Expand Up @@ -453,6 +454,40 @@ public function testClone()
$this->assertEquals($expected, $tasks_clone);
}

public function testCloneWithOverridenInput()
{
$project = $this->createItem(
'Project',
[
'name' => __FUNCTION__,
]
);

$raw_description = <<<PLAINTEXT
> a
> multiline
> description
PLAINTEXT;

$sanitized_description = <<<PLAINTEXT
&#62; a
&#62; multiline
&#62; description
PLAINTEXT;

// Clone with raw input
$projects_id_clone = $project->clone(['content' => $raw_description]);
$project_clone = new \Project();
$this->assertTrue($project_clone->getFromDB($projects_id_clone));
$this->assertEquals($sanitized_description, $project_clone->fields['content']);

// Clone with already sanitized input
$projects_id_clone = $project->clone(Sanitizer::sanitize(['content' => $raw_description]));
$project_clone = new \Project();
$this->assertTrue($project_clone->getFromDB($projects_id_clone));
$this->assertEquals($sanitized_description, $project_clone->fields['content']);
}

/**
* Functional test to ensure that project's states colors are shown in
* the search results
Expand Down
9 changes: 4 additions & 5 deletions src/Features/Clonable.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@

use CommonDBConnexity;
use CommonDBTM;
use Glpi\Toolbox\Sanitizer;
use Session;
use Toolbox;

/**
* Clonable objects
Expand Down Expand Up @@ -230,10 +230,9 @@ public function clone(array $override_input = [], bool $history = true)
return false;
}
$new_item = new static();
$input = Toolbox::addslashes_deep($this->fields);
foreach ($override_input as $key => $value) {
$input[$key] = Toolbox::addslashes_deep($value);
}

$input = array_merge($this->fields, $override_input);
$input = Sanitizer::sanitize($input);
$input = $new_item->cleanCloneInput($input);

// Do not compute a clone name if a new name is specified (Like creating from template)
Expand Down

0 comments on commit bdde592

Please sign in to comment.