[configuration] Use unsafeInsert/unsafeUpdate for saving values (#8759)

The values get double-escaped when modified now if they contain HTML. Use unsafe variants of database calls so that the values to not get modified when re-saved. Fixes #8748
aces · Jun 12, 2023 · f768560 · f768560
1 parent 690b8a8
commit f768560
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/modules/configuration/ajax/process.php b/modules/configuration/ajax/process.php
@@ -60,7 +60,7 @@
                 }
             }
             // Update the config setting to the new value.
-            $DB->update(
+            $DB->unsafeUpdate(
                 'Config',
                 ['Value' => $value],
                 ['ID' => $key]
@@ -108,7 +108,7 @@
                 }
             }
             // Add the new setting
-            $DB->insert(
+            $DB->unsafeInsert(
                 'Config',
                 [
                     'ConfigID' => $ConfigSettingsID, // FK to ConfigSettings.