From 00dc3414a2bffc1e70ab8edc4363bad4b0cfa720 Mon Sep 17 00:00:00 2001
From: OpenXE <>
Date: Sat, 28 Jan 2023 16:32:34 +0100
Subject: [PATCH] Ticket system bugfix unescaped text in check ticket rule

---
 classes/Modules/Ticket/Task/TicketImportHelper.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/classes/Modules/Ticket/Task/TicketImportHelper.php b/classes/Modules/Ticket/Task/TicketImportHelper.php
index 6bec5cd0..390db20c 100644
--- a/classes/Modules/Ticket/Task/TicketImportHelper.php
+++ b/classes/Modules/Ticket/Task/TicketImportHelper.php
@@ -289,10 +289,10 @@ class TicketImportHelper
         FROM `ticket_regeln` AS `tr`
         WHERE
           tr.aktiv = 1
-          AND ('".$recipientMail."' LIKE tr.empfaenger_email OR tr.empfaenger_email = '')
-          AND ('".$senderMail."' LIKE tr.sender_email OR tr.sender_email = '')
-          AND ('".$senderMail."' LIKE tr.name OR tr.name = '')
-          AND ('".$subject."' LIKE tr.betreff OR tr.betreff = '')";
+          AND ('".$this->db->real_escape_string($recipientMail)."' LIKE tr.empfaenger_email OR tr.empfaenger_email = '')
+          AND ('".$this->db->real_escape_string($senderMail)."' LIKE tr.sender_email OR tr.sender_email = '')
+          AND ('".$this->db->real_escape_string($senderMail)."' LIKE tr.name OR tr.name = '')
+          AND ('".$this->db->real_escape_string($subject)."' LIKE tr.betreff OR tr.betreff = '')";
 
          $this->logger->debug('ticket rule',['sql' => $sql]);