escape fields when using addme_[assign|observer]

orthagh · trasher · commit ebca9b1a7e6a · 2020-05-05T14:04:30.000+02:00
diff --git a/front/ticket.form.php b/front/ticket.form.php
@@ -155,7 +155,7 @@
 
 } else if (isset($_POST['addme_observer'])) {
    $track->check($_POST['tickets_id'], READ);
-   $input = array_merge($track->fields, [
+   $input = array_merge(Toolbox::addslashes_deep($track->fields), [
       'id' => $_POST['tickets_id'],
       '_itil_observer' => [
          '_type' => "user",
@@ -171,7 +171,7 @@
 
 } else if (isset($_POST['addme_assign'])) {
    $track->check($_POST['tickets_id'], READ);
-   $input = array_merge($track->fields, [
+   $input = array_merge(Toolbox::addslashes_deep($track->fields), [
       'id' => $_POST['tickets_id'],
       '_itil_assign' => [
          '_type' => "user",
