From 2f8b5e5eeb52bfc6e9a1b6a934bd7f21a48de4e0 Mon Sep 17 00:00:00 2001
From: Romain Quetiez <romain.quetiez@combodo.com>
Date: Thu, 23 Mar 2017 15:16:30 +0000
Subject: [PATCH] N.519 REST/JSON Add a comment in pure text into the case log
 (only for add_item/items syntaxes, use format="text")

SVN:trunk[4619]
---
 core/ormcaselog.class.inc.php | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/core/ormcaselog.class.inc.php b/core/ormcaselog.class.inc.php
index 394dbf9e2..e6a21f90c 100644
--- a/core/ormcaselog.class.inc.php
+++ b/core/ormcaselog.class.inc.php
@@ -1,5 +1,5 @@
 <?php
-// Copyright (C) 2010-2016 Combodo SARL
+// Copyright (C) 2010-2017 Combodo SARL
 //
 //   This file is part of iTop.
 //
@@ -23,7 +23,7 @@ define('CASELOG_SEPARATOR', "\n".'========== %1$s : %2$s (%3$d) ============'."\
 /**
  * Class to store a "case log" in a structured way, keeping track of its successive entries
  *  
- * @copyright   Copyright (C) 2010-2016 Combodo SARL
+ * @copyright   Copyright (C) 2010-2017 Combodo SARL
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 class ormCaseLog {
@@ -568,8 +568,6 @@ class ormCaseLog {
 
 	public function AddLogEntryFromJSON($oJson, $bCheckUserId = true)
 	{
-		$sText = HTMLSanitizer::Sanitize(isset($oJson->message) ? $oJson->message : '');
-
 		if (isset($oJson->user_id))
 		{
 			if (!UserRights::IsAdministrator())
@@ -616,10 +614,16 @@ class ormCaseLog {
 		}
 		else
 		{
-			// TODO: what is the default format ? text ?
+			// The default is HTML
 			$sFormat = 'html';
 		}
-		
+
+		$sText = isset($oJson->message) ? $oJson->message : '';
+		if ($sFormat == 'html')
+		{
+			$sText = HTMLSanitizer::Sanitize($sText);
+		}
+
 		$sDate = date(AttributeDateTime::GetInternalFormat(), $iDate);
 
 		$sSeparator = sprintf(CASELOG_SEPARATOR, $sDate, $sOnBehalfOf, $iUserId);