From f8beca56b8b8aa7b427324fe6e5455e946105df3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?=
 <frederic34@users.noreply.github.com>
Date: Sat, 14 Nov 2020 17:08:24 +0100
Subject: [PATCH] Update card.php

---
 htdocs/opensurvey/card.php | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/htdocs/opensurvey/card.php b/htdocs/opensurvey/card.php
index 393914f95ba..15c52a52539 100644
--- a/htdocs/opensurvey/card.php
+++ b/htdocs/opensurvey/card.php
@@ -117,7 +117,7 @@ if (empty($reshook))
 			$object->date_fin = $expiredate;
 			$object->allow_comments = GETPOST('cancomment', 'aZ09') == 'on' ? 1 : 0;
 			$object->allow_spy = GETPOST('canseeothersvote', 'aZ09') == 'on' ? 1 : 0;
-			$object->mailsonde = GETPOST('mailsonde', 'aZ09') == 'on' ? true : false;
+			$object->mailsonde = GETPOST('mailsonde', 'aZ09') == 'on' ? 1 : 0;
 
 			$res = $object->update($user);
 			if ($res < 0) {
@@ -132,21 +132,18 @@ if (empty($reshook))
 	{
 		$error = 0;
 
-		if (!GETPOST('comment'))
-		{
+		if (!GETPOST('comment')) {
 			$error++;
 			setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Comment")), null, 'errors');
 		}
-		if (!GETPOST('commentuser'))
-		{
+		if (!GETPOST('commentuser')) {
 			$error++;
 			setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("User")), null, 'errors');
 		}
 
-		if (!$error)
-		{
-			$comment = GETPOST("comment");
-			$comment_user = GETPOST('commentuser');
+		if (!$error) {
+			$comment = (string) GETPOST("comment", "restricthtml");
+			$comment_user = (string) GETPOST('commentuser', "restricthtml");
 
 			$resql = $object->addComment($comment, $comment_user);