diff --git a/include/utils/VtlibUtils.php b/include/utils/VtlibUtils.php
index 57852c7b8120d1e55b178771f301839d28c0c80d..b430388a133e8f18637331eb52563d48f684729a 100644
--- a/include/utils/VtlibUtils.php
+++ b/include/utils/VtlibUtils.php
@@ -667,8 +667,9 @@ function purifyHtmlEventAttributes($value){
"onreset|onsearch|onselect|onsubmit|onkeydown|onkeypress|onkeyup|".
"onclick|ondblclick|ondrag|ondragend|ondragenter|ondragleave|ondragover|".
"ondragstart|ondrop|onmousedown|onmousemove|onmouseout|onmouseover|".
- "onmouseup|onmousewheel|onscroll|onwheel|oncopy|oncut|onpaste";
- if(preg_match("/\s(".$htmlEventAttributes.")\s*=/i", $value)) {
+ "onmouseup|onmousewheel|onscroll|onwheel|oncopy|oncut|onpaste|onload|".
+ "onselectionchange|onabort|onselectstart";
+ if(preg_match("/\s*(".$htmlEventAttributes.")\s*=/i", $value)) {
$value = str_replace("=", "=", $value);
}
return $value;
diff --git a/modules/Portal/models/ListView.php b/modules/Portal/models/ListView.php
index 2d45654e1755893b9f223fb88989709a51f1432e..2e14293adfdd955356ade40135a8adfef65ffa74 100644
--- a/modules/Portal/models/ListView.php
+++ b/modules/Portal/models/ListView.php
@@ -33,7 +33,7 @@ class Portal_ListView_Model extends Vtiger_ListView_Model {
$listResult = $db->pquery($listQuery, array());
- $listViewEntries = array();
+ $listViewEntries = array();
for($i = 0; $i < $db->num_rows($listResult); $i++) {
$row = $db->fetch_row($listResult, $i);
@@ -54,10 +54,10 @@ class Portal_ListView_Model extends Vtiger_ListView_Model {
public function getQuery() {
$query = 'SELECT portalid, portalname, portalurl, createdtime FROM vtiger_portal';
- $searchValue = $this->get('search_value');
+ $searchValue = $this->getForSql('search_value');
if(!empty($searchValue))
$query .= " WHERE portalname LIKE '".$searchValue."%'";
-
+
return $query;
}