From 5d5f22ba713fedcc8cc1b5171e10a6793771fa75 Mon Sep 17 00:00:00 2001
From: Thierry Bugier <tbugier@teclib.com>
Date: Wed, 6 Feb 2019 12:35:28 +0100
Subject: [PATCH] fix(targetticket,targetchange): escape single quotes

Signed-off-by: Thierry Bugier <tbugier@teclib.com>
---
 inc/targetchange.class.php | 5 +++++
 inc/targetticket.class.php | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/inc/targetchange.class.php b/inc/targetchange.class.php
index 7b6c4c1b7..d8c1f1443 100644
--- a/inc/targetchange.class.php
+++ b/inc/targetchange.class.php
@@ -199,6 +199,11 @@ public static function import($targetitems_id = 0, $target_data = []) {
          }
       }
 
+      // escape text fields
+      foreach (['title', 'content'] as $key) {
+         $target_data[$key] = $DB->escape($target_data[$key]);
+      }
+
       // update target ticket
       $item->update($target_data);
 
diff --git a/inc/targetticket.class.php b/inc/targetticket.class.php
index 0079e289d..e52d655f5 100644
--- a/inc/targetticket.class.php
+++ b/inc/targetticket.class.php
@@ -1548,7 +1548,7 @@ public static function import($targetitems_id = 0, $target_data = []) {
       }
 
       // escape text fields
-      foreach (['title'] as $key) {
+      foreach (['title', 'content'] as $key) {
          $target_data[$key] = $DB->escape($target_data[$key]);
       }