Data not escaped; improve tests

trasher · trasher · commit b90c6385b9c3 · 2020-05-05T10:15:29.000+02:00
possible fix for #6961
diff --git a/inc/knowbaseitem.class.php b/inc/knowbaseitem.class.php
@@ -1936,8 +1936,8 @@ public function revertTo($revid) {
 
       $values = [
          'id'     => $this->getID(),
-         'name'   => $revision->fields['name'],
-         'answer' => $revision->fields['answer']
+         'name'   => addslashes($revision->fields['name']),
+         'answer' => addslashes($revision->fields['answer'])
       ];
 
       if ($this->update($values)) {
diff --git a/tests/functionnal/KnowbaseItem_Revision.php b/tests/functionnal/KnowbaseItem_Revision.php
@@ -99,6 +99,49 @@ public function testNewRevision() {
          $where
       );
       $this->integer((int)$nb)->isIdenticalTo(2);
+
+      //try a change on contents
+      $this->boolean(
+         $kb1->update(
+            [
+               'id'     => $kb1->getID(),
+               'answer' => \Toolbox::addslashes_deep('Don\'t use paths with spaces, like C:\\Program Files\\MyApp')
+            ]
+         )
+      )->isTrue();
+
+      $this->boolean(
+         $kb1->update(
+            [
+               'id'     => $kb1->getID(),
+               'answer' => 'Answer changed'
+            ]
+         )
+      )->isTrue();
+
+      $nb = countElementsInTable(
+         'glpi_knowbaseitems_revisions',
+         $where
+      );
+      $this->integer((int)$nb)->isIdenticalTo(4);
+
+      $nrev_id = null;
+      $data = $DB->request([
+         'SELECT' => new \QueryExpression('MAX(id) AS id'),
+         'FROM'   => 'glpi_knowbaseitems_revisions'
+      ])->next();
+      $nrev_id = $data['id'];
+
+      $this->boolean($kb1->getFromDB($kb1->getID()))->isTrue();
+      $this->boolean($kb1->revertTo($nrev_id))->isTrue();
+
+      $this->boolean($kb1->getFromDB($kb1->getID()))->isTrue();
+      $this->string($kb1->fields['answer'])->isIdenticalTo('Don\'t use paths with spaces, like C:\\Program Files\\MyApp');
+
+      //reset
+      $this->boolean($kb1->getFromDB($kb1->getID()))->isTrue();
+      $this->boolean($kb1->revertTo($rev_id))->isTrue();
+
    }
 
    public function testGetTabNameForItemNotLogged() {
