From 3a73d957e5ca43793fc567b075ddaec0d05c0cc5 Mon Sep 17 00:00:00 2001
From: joebordes <joe@tsolucio.com>
Date: Sun, 21 Aug 2022 19:11:21 +0200
Subject: [PATCH] sec(EditView) XSS in form parameters

---
 Smarty/templates/EditViewHidden.tpl | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/Smarty/templates/EditViewHidden.tpl b/Smarty/templates/EditViewHidden.tpl
index 495fb2dacc..28b5f5d76d 100644
--- a/Smarty/templates/EditViewHidden.tpl
+++ b/Smarty/templates/EditViewHidden.tpl
@@ -47,13 +47,13 @@
 {elseif $MODULE eq 'Documents'}
 	<input type="hidden" name="max_file_size" value="{$MAX_FILE_SIZE}">
 	<input type="hidden" name="form">
-	<input type="hidden" name="email_id" value="{if isset($EMAILID)}{$EMAILID}{/if}">
-	<input type="hidden" name="ticket_id" value="{if isset($TICKETID)}{$TICKETID}{/if}">
-	<input type="hidden" name="fileid" value="{if isset($FILEID)}{$FILEID}{/if}">
-	<input type="hidden" name="parentid" value="{if isset($PARENTID)}{$PARENTID}{/if}">
+	<input type="hidden" name="email_id" value="{if isset($EMAILID)}{$EMAILID|@urlencode}{/if}">
+	<input type="hidden" name="ticket_id" value="{if isset($TICKETID)}{$TICKETID|@urlencode}{/if}">
+	<input type="hidden" name="fileid" value="{if isset($FILEID)}{$FILEID|@urlencode}{/if}">
+	<input type="hidden" name="parentid" value="{if isset($PARENTID)}{$PARENTID|@urlencode}{/if}">
 
 {elseif $MODULE eq 'Products'}
-	<input type="hidden" name="activity_mode" value="{if isset($ACTIVITY_MODE)}{$ACTIVITY_MODE}{/if}">
+	<input type="hidden" name="activity_mode" value="{if isset($ACTIVITY_MODE)}{$ACTIVITY_MODE|@urlencode}{/if}">
 {/if}
 
 <input type="hidden" name="pagenumber" value="{if isset($smarty.request.start)}{$smarty.request.start|@vtlib_purify}{/if}">
@@ -62,11 +62,11 @@
 <input type="hidden" name="mode" value="{$MODE}">
 <input type="hidden" name="action">
 <input type="hidden" name="saverepeat" value="0">
-<input type="hidden" name="return_module" value="{if isset($RETURN_MODULE)}{$RETURN_MODULE}{/if}">
-<input type="hidden" name="return_id" value="{if isset($RETURN_ID)}{$RETURN_ID}{/if}">
-<input type="hidden" name="return_action" value="{if isset($RETURN_ACTION)}{$RETURN_ACTION}{/if}">
-<input type="hidden" name="return_viewname" value="{if isset($RETURN_VIEWNAME)}{$RETURN_VIEWNAME}{/if}">
-<input type="hidden" name="createmode" value="{$CREATEMODE}" />
+<input type="hidden" name="return_module" value="{if isset($RETURN_MODULE)}{$RETURN_MODULE|@urlencode}{/if}">
+<input type="hidden" name="return_id" value="{if isset($RETURN_ID)}{$RETURN_ID|@urlencode}{/if}">
+<input type="hidden" name="return_action" value="{if isset($RETURN_ACTION)}{$RETURN_ACTION|@urlencode}{/if}">
+<input type="hidden" name="return_viewname" value="{if isset($RETURN_VIEWNAME)}{$RETURN_VIEWNAME|@urlencode}{/if}">
+<input type="hidden" name="createmode" value="{$CREATEMODE|@urlencode}" />
 <input type="hidden" name="cbcustominfo1" id="cbcustominfo1" value="{if isset($smarty.request.cbcustominfo1)}{$smarty.request.cbcustominfo1|@urlencode}{/if}" />
 <input type="hidden" name="cbcustominfo2" id="cbcustominfo2" value="{if isset($smarty.request.cbcustominfo2)}{$smarty.request.cbcustominfo2|@urlencode}{/if}" />
 {if isset($DUPLICATE) && $DUPLICATE eq 'true'}
@@ -76,7 +76,7 @@
 <input type="hidden" name="Module_Popup_Save" value="{if isset($smarty.request.Module_Popup_Save)}{$smarty.request.Module_Popup_Save|@urlencode}{/if}" />
 <input type="hidden" name="Module_Popup_Save_Param" value="{if isset($smarty.request.Module_Popup_Save_Param)}{$smarty.request.Module_Popup_Save_Param|@urlencode}{/if}" />
 <input type="hidden" name="FILTERFIELDSMAP" value="{if isset($smarty.request.FILTERFIELDSMAP)}{$smarty.request.FILTERFIELDSMAP|@urlencode}{/if}" />
-<input name='search_url' id="search_url" type='hidden' value='{if isset($SEARCH)}{$SEARCH}{/if}'>
+<input name='search_url' id="search_url" type='hidden' value='{if isset($SEARCH)}{$SEARCH|@urlencode}{/if}'>
 {if isset($CUSTOM_LINKS) && !empty($CUSTOM_LINKS.EDITVIEWHTML)}
 {foreach from=$CUSTOM_LINKS.EDITVIEWHTML item=evhtml}
 	{eval var=$evhtml->linkurl}