fix(abstracttarget): missing escaping before SQL query

Author: btry

inc/abstracttarget.class.php

@@ -565,10 +565,12 @@ public function prepareInputForClone($input) {
    }
 
    protected static function getTemplateByName(string $name): int {
+      global $DB;
+
       $targetTemplateType = (new static())->getTemplateItemtypeName();
       $targetTemplate = new $targetTemplateType();
       $targetTemplate->getFromDBByCrit([
-         'name' => $name,
+         'name' => $DB->escape($name),
       ]);
 
       if ($targetTemplate->isNewItem()) {