escaping $newName

fixes: #32

lib/forcal/Utils/forcalListHelper.php

@@ -113,7 +113,7 @@ static public function cloneData($table, $id)
         $lastId = $sql->getLastId();
         $sql->setQuery('SELECT name_1 FROM ' . $table . ' WHERE id = '. $lastId);
         $newName = $sql->getValue('name_1').' - '.rex_i18n::msg('rex_forcal_entries_copy');
-        $sql->setQuery('UPDATE ' . $table . ' SET name_1 = "'.$newName.'", status = 0 WHERE id = '.$lastId);
+        $sql->setQuery('UPDATE ' . $table . ' SET name_1 = "'.$sql->escape($newName).'", status = 0 WHERE id = '.$lastId);
         return rex_view::info(rex_i18n::msg($table . '_cloned'));
     }
 
@@ -131,4 +131,4 @@ static public function deleteData($table, $id)
         $sql->setQuery("DELETE FROM $table WHERE id=$id");
         return rex_view::info(rex_i18n::msg($table . '_deleted'));
     }
-}
+}