From 608e78dbd807e3710afafb97ea449153173217b0 Mon Sep 17 00:00:00 2001
From: Laurent Giovannoni <laurent.giovannoni@maarch.org>
Date: Tue, 13 Aug 2013 13:01:04 +0000
Subject: [PATCH] evo: control on ws storeResource

---
 core/trunk/core/class/resources_controler.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/core/trunk/core/class/resources_controler.php b/core/trunk/core/class/resources_controler.php
index d05cec5bbf3..53f6cf671c9 100755
--- a/core/trunk/core/class/resources_controler.php
+++ b/core/trunk/core/class/resources_controler.php
@@ -244,6 +244,9 @@ class resources_controler
 
     private function prepareStorage($data, $docserverId, $status, $fileFormat)
     {
+        require_once 'core/class/class_db.php';
+        $dbQuery = new dbquery();
+        $dbQuery->connect();
         $statusFound = false;
         $typistFound = false;
         $typeIdFound = false;
@@ -254,6 +257,11 @@ class resources_controler
                     $data[$i]['value'] = '0';
                 }
             }
+            if (strtoupper($data[$i]['type']) == 'STRING') {
+               $data[$i]['value'] = $dbQuery->protect_string_db($data[$i]['value']);
+               $data[$i]['value'] = str_replace(";", "", $data[$i]['value']);
+               $data[$i]['value'] = str_replace("--", "", $data[$i]['value']);
+            }
             if (strtoupper($data[$i]['column']) == strtoupper('status')) {
                 $statusFound = true;
             }
@@ -264,9 +272,6 @@ class resources_controler
                 $typeIdFound = true;
             }
             if (strtoupper($data[$i]['column']) == strtoupper('custom_t10')) {
-                require_once 'core/class/class_db.php';
-                $dbQuery = new dbquery();
-                $dbQuery->connect();
                 $mail = array();
                 $theString = str_replace(">", "", $data[$i]['value']);
                 $mail = explode("<", $theString);
-- 
GitLab