hotline #36925 fix sql error when inserting special char

application/modules/admin/controllers/UsersController.php

@@ -48,7 +48,14 @@ class Admin_UsersController extends ZendAfi_Controller_Action {
       ? $this->_getParam('by_role_level', 'all')
       : $this->_getParam('by_role_level', ZendAfi_Acl_AdminControllerRoles::ABONNE_SIGB);
 
-    $search_value = $this->_getParam('search_for', null);
+    $search_value = str_replace(["\000",
+                                 "\n",
+                                 "\r",
+                                 "\"",
+                                 "\'",
+                                 "'",
+                                 "\032"], '', $this->_getParam('search_for', null));
+
     $valide_subscription = $this->_getParam('by_valide_subscription', null);
 
     $limit = ['limitPage' => [$this->view->page, 20]];

tests/application/modules/admin/controllers/UsersControllerTest.php

@@ -144,7 +144,7 @@ class UsersControllerIndexTest extends UsersControllerWithMarcusTestCase {
 
       ->beStrict();
 
-    $this->dispatch('/admin/users?by_id_site=all&by_role_level=2&by_valide_subscription=1&search_for=francis', true);
+    $this->dispatch('/admin/users?by_id_site=all&by_role_level=2&by_valide_subscription=1&search_for=\"\'fra"n\'cis"', true);
   }