From 79c6914bab8c9da07ac950fda17648d08c68b130 Mon Sep 17 00:00:00 2001
From: Peter Ivanov <peter@microweber.com>
Date: Fri, 8 Jul 2022 20:31:13 +0300
Subject: [PATCH] update

---
 .../editor_tools/module_settings/index.php       | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/userfiles/modules/microweber/toolbar/editor_tools/module_settings/index.php b/userfiles/modules/microweber/toolbar/editor_tools/module_settings/index.php
index a6bc6821ccd..b8a55eed45d 100644
--- a/userfiles/modules/microweber/toolbar/editor_tools/module_settings/index.php
+++ b/userfiles/modules/microweber/toolbar/editor_tools/module_settings/index.php
@@ -87,7 +87,7 @@
     if (isset($_GET['autosize'])) {
         $autoSize = $_GET['autosize'];
     }
-    $autoSize = xss_clean($autoSize);
+    $autoSize = intval($autoSize);
 
     $type = '';
     if (isset($_GET['type'])) {
@@ -95,6 +95,16 @@
     }
     $type = xss_clean($type);
 
+            $other = [
+                ';',
+                '\'',
+                '//',
+                '`',
+                '\\',
+
+            ];
+    $type = str_replace($other, '', $type);
+
     $mod_id = $mod_orig_id = false;
     $is_linked_mod = false;
 
@@ -108,6 +118,8 @@
     if ($mod_id != $mod_orig_id) {
         $is_linked_mod = true;
     }
+
+
     ?>
 
     <script type="text/javascript">
@@ -124,7 +136,7 @@
         addIcon();
 
         autoSize = <?php  print $autoSize; ?>;
-        settingsType = '<?php print $type; ?>';
+        settingsType = '<?php print htmlentities($type); ?>';
 
         window.onbeforeunload = function () {
             $(document.body).addClass("mw-external-loading")