From f15ab9236750c3269612207ede13c7bad73ebc22 Mon Sep 17 00:00:00 2001
From: Ahmad Gneady <support@bigprof.com>
Date: Sat, 3 Jul 2021 17:41:38 +0200
Subject: [PATCH] Fix stored xss in nicedit

---
 app/clients_dml.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/clients_dml.php b/app/clients_dml.php
index f6af85d..ffcf444 100644
--- a/app/clients_dml.php
+++ b/app/clients_dml.php
@@ -428,7 +428,7 @@ function clients_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $Al
 		if(!$dvprint) $templateCode = str_replace('<%%VALUE(website)%%>', html_attr($row['website']), $templateCode);
 		$templateCode = str_replace('<%%URLVALUE(website)%%>', urlencode($urow['website']), $templateCode);
 		if($AllowUpdate || $AllowInsert) {
-			$templateCode = str_replace('<%%HTMLAREA(comments)%%>', '<textarea name="comments" id="comments" rows="5">' . html_attr($row['comments']) . '</textarea>', $templateCode);
+			$templateCode = str_replace('<%%HTMLAREA(comments)%%>', '<textarea name="comments" id="comments" rows="5">' . safe_html(htmlspecialchars_decode($row['comments'])) . '</textarea>', $templateCode);
 		} else {
 			$templateCode = str_replace('<%%HTMLAREA(comments)%%>', '<div id="comments" class="form-control-static">' . $row['comments'] . '</div>', $templateCode);
 		}