Fix injection of not null fields (#542)

* add nullable fields on function

* fix isNullable list

* update CHANGELOG.md

Author: Mary-Clb

CHANGELOG.md

@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Fixed
 
+- Fix user fields nullability to prevent SQL errors during injection
 - Remove groups as import link field
 - Fix `clean` function
 

inc/userinjection.class.php

@@ -55,7 +55,14 @@ public function connectedTo()
 
     public function isNullable($field)
     {
-        return true; // By default, all fields can be null
+        return in_array($field, [
+            'begin_date',
+            'date_sync',
+            'end_date',
+            'last_login',
+            'substitution_end_date',
+            'substitution_start_date',
+        ]);
     }