[CRM-12606] Custom fields: creating an option with a quote in the option label causes SQL error - CiviCRM Issue Tracker

Details

Type: Bug
Status: Done/Fixed
Priority: Trivial
Resolution: Fixed/Completed
Affects Version/s: 4.3.3
Fix Version/s: 4.3.4
Component/s: None
Labels:
- i18n

Description

When creating a new custom field, and adding options after the field has been created, civicrm escapes the string twice, causing an SQL error.

How to reproduce:

create a custom field, type Integer, widget Select
add an option for the field, save
go back to the management of the field options, add a new one:
- Label: L'été
- Value: 123 (doesn't matter)

Saving will cause an SQL error.

I isolated the code to: civicrm/CRM/Custom/Form/Option.php formRule()

$optionLabel = CRM_Utils_Type::escape($fields['label'], 'String');
$optionValue = CRM_Utils_Type::escape($fields['value'], 'String');

I don't think it is necessary to escape() the strings here, because the DB calls later pass the params as 'string':

$params = array(
1 => array($optionGroupId, 'Integer'),
2 => array($optionLabel, 'String'),
);

Attachments

Activity

People

Assignee:

Donald A. Lobo

Reporter:

Mathieu Lutfy

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2013-05-14 16:39

Updated:

2013-05-14 16:46

Resolved:

2013-05-14 16:46