From 1fe7a87d7f389929151b99f4ca6d25e45edfc95b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Anne?= <cedric.anne@gmail.com>
Date: Mon, 24 Oct 2022 14:31:20 +0200
Subject: [PATCH] Prevent XSS on Dropdown imports

---
 src/CommonDropdown.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/CommonDropdown.php b/src/CommonDropdown.php
index 761b773bcca..8900aa1048b 100644
--- a/src/CommonDropdown.php
+++ b/src/CommonDropdown.php
@@ -35,6 +35,7 @@
 
 use Glpi\Application\View\TemplateRenderer;
 use Glpi\Features\AssetImage;
+use Glpi\Toolbox\Sanitizer;
 
 /// CommonDropdown class - generic dropdown
 abstract class CommonDropdown extends CommonDBTM
@@ -706,6 +707,8 @@ public function import(array $input)
             return -1;
         }
 
+        $input = Sanitizer::sanitize($input);
+
        // Check twin :
         if ($ID = $this->findID($input)) {
             if ($ID > 0) {
@@ -744,7 +747,7 @@ public function importExternal(
             return 0;
         }
 
-        $ruleinput      = ["name" => stripslashes($value)];
+        $ruleinput      = ["name" => $value];
         $rulecollection = RuleCollection::getClassByType($this->getType(), true);
 
         foreach ($this->additional_fields_for_dictionnary as $field) {
@@ -766,14 +769,14 @@ public function importExternal(
             break;
        }*/
 
-        $input = [
+        $input = Sanitizer::sanitize([
             'name'        => $value,
             'comment'     => $comment,
             'entities_id' => $entities_id,
-        ];
+        ]);
 
         if ($rulecollection) {
-            $res_rule = $rulecollection->processAllRules(Toolbox::stripslashes_deep($ruleinput), [], []);
+            $res_rule = $rulecollection->processAllRules(Sanitizer::dbUnescapeRecursive($ruleinput), [], []);
             if (isset($res_rule["name"])) {
                 $input["name"] = $res_rule["name"];
             }