You are not logged in.
Dear all,
When a user email contains a quote char like "Tom.O'Connor@domain.com", then even if the user is existing in DB, it will not be retrieved due to invalid SQL query.
In User::getOrImportByEmail() function, quotes should be escaped before sending request to mySQL.
Thank you,
regards,
Tomolimo
PS: our current version is 0.83.8, but I can see this is still existing with 0.85.4
GLPI 9.2.4 - PHP 7.2.13 x64 / ProcessMaker 3.3.0-community-RE-1.7 - PHP 7.1.24 x64 / Windows 2012 x64 / IIS 8.5 / MySQL 5.7.17 x64
Worldwide: >12316 PC, >9400 users (16 languages, >11 timezones), >360k tickets, >3600 entities, >4200 groups
Raynet is ARaymond (http://www.araymond.com) IT service management
Offline