14572: Impossible to manually edit an answer when one the the fields contains a quote (' or ")

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

14572	Bug reports	Data Entry (non public)	public	2019-02-24 00:48	2019-04-30 09:11

Reporter	routard	Assigned To	DenisChenu
Priority	none	Severity	crash
Status	closed	Resolution	fixed
Product Version	3.15.x
Fixed in Version	3.16.x

Summary	14572: Impossible to manually edit an answer when one the the fields contains a quote (' or ")
Description	Hi! There is still a bug when an answer contains a simple or double quote. When I want to edit this answer, some special characters are obviously not correctly escaped. In my exemple (see joined file), the field {TOKEN:ATTRIBUTE_5} is : Saint-Ouen l'Aumône So it contains a simple quote. When editing this answer, the field is broken. Same problem with double quotes and with special characters I think. The only solution is to manually update the database... just impossible! (and surprisingly, there is no problem when editing a participant)
Steps To Reproduce	Just create an answer containing a special character (quote)
Tags	No tags attached.
Attached Files	LS.jpg (261,696 bytes)

Bug heat	4
Complete LimeSurvey version number (& build)	Version 3.15.9+190214
I will donate to the project if issue is resolved	No
Browser	Firefox
Database type & version	mysqlnd 5.0.12-dev
Server OS (if known)	Linux webm414.mp.ha.ovh.net 4.14.66-ovh-vps-grsec-zfs-classid #1 SMP Thu Aug 23 15:15:40 CEST 2018 x86_64
Webserver software & version (if known)	Apache
PHP Version	7.2.14

User List	There are no users monitoring this issue.

DenisChenu 2019-02-24 15:50 developer ~50684 Last edited: 2019-02-24 15:53	Can you upload a simple LSA file please :) It's in admin edit right ? OK : EQUATION question type

routard 2019-02-24 16:43 reporter ~50685	Yes, it's in admin edit, when u list the answers and edit one of them (button with a pen icon). In my example, it's an equation, automatically prefiled with an attribute from the tokens. And ur right, I've didn't noticed but no problem when it's a simple text field.

DenisChenu 2019-02-28 18:32 developer ~50715	https://github.com/LimeSurvey/LimeSurvey/commit/6058e35877eb5b75a96f05ba0fecbd170ca7f433 PS : i really think there are potential security issues …

DenisChenu 2019-03-01 09:34 developer ~50720	More commit https://github.com/LimeSurvey/LimeSurvey/commit/cd827588094bb3a98957dd6fa8cf3d1686aeeafc https://github.com/LimeSurvey/LimeSurvey/commit/69667ff07bb78e573b010f023c265b6b246c7f66

Date Modified	Username	Field	Change
2019-02-24 00:48	routard	New Issue
2019-02-24 00:48	routard	File Added: LS.jpg
2019-02-24 12:56	DenisChenu	Assigned To	=> DenisChenu
2019-02-24 12:56	DenisChenu	Status	new => assigned
2019-02-24 15:50	DenisChenu	Note Added: 50684
2019-02-24 15:53	DenisChenu	Note Edited: 50684
2019-02-24 16:43	routard	Note Added: 50685
2019-02-24 17:17	DenisChenu	Assigned To	DenisChenu =>
2019-02-24 17:17	DenisChenu	Status	assigned => confirmed
2019-02-28 18:28	DenisChenu	Assigned To	=> DenisChenu
2019-02-28 18:28	DenisChenu	Status	confirmed => assigned
2019-02-28 18:32	DenisChenu	Status	assigned => resolved
2019-02-28 18:32	DenisChenu	Resolution	open => fixed
2019-02-28 18:32	DenisChenu	Fixed in Version	=> 3.16.x
2019-02-28 18:32	DenisChenu	Note Added: 50715
2019-03-01 09:34	DenisChenu	Note Added: 50720
2019-04-30 09:11	c_schmitz	Status	resolved => closed