From 7cd68a3cd360a1f3297a01d126b164123af75a41 Mon Sep 17 00:00:00 2001
From: joebordes <joe@tsolucio.com>
Date: Thu, 1 Sep 2022 11:51:31 +0200
Subject: [PATCH] sec(RelatedList) XSS in link parameters

---
 include/utils/ListViewUtils.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/utils/ListViewUtils.php b/include/utils/ListViewUtils.php
index 62a8cf6c45..7a6bcc0c0b 100644
--- a/include/utils/ListViewUtils.php
+++ b/include/utils/ListViewUtils.php
@@ -168,11 +168,11 @@ function getListViewHeader($focus, $module, $sort_qry = '', $sorder = '', $order
 						if ($relatedlist != '' && $relatedlist != 'global') {
 							$relationURL = '';
 							if (!empty($_REQUEST['relation_id'])) {
-								$relationURL = '&relation_id=' . vtlib_purify($_REQUEST['relation_id']);
+								$relationURL = '&relation_id=' . filter_var($_REQUEST['relation_id'], FILTER_SANITIZE_NUMBER_INT);
 							}
 							$actionsURL = '';
 							if (!empty($_REQUEST['actions'])) {
-								$actionsURL = '&actions=' . vtlib_purify($_REQUEST['actions']);
+								$actionsURL = '&actions=' . urlencode(vtlib_purify($_REQUEST['actions']));
 							}
 							if (empty($_REQUEST['header'])) {
 								$moduleLabel = $module;