diff --git a/layouts/v7/modules/HelpDesk/SelectEmailFields.tpl b/layouts/v7/modules/HelpDesk/SelectEmailFields.tpl
index f8b5fdb395a867ea50f973da2eab37a09ac26aa0..f032b1b0476f00150f9d417190d92993244c015b 100644
--- a/layouts/v7/modules/HelpDesk/SelectEmailFields.tpl
+++ b/layouts/v7/modules/HelpDesk/SelectEmailFields.tpl
@@ -24,7 +24,7 @@
<input type="hidden" name="operator" value="{$OPERATOR}" />
<input type="hidden" name="search_value" value="{$ALPHABET_VALUE}" />
{if $SEARCH_PARAMS}
- <input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />
+ <input type="hidden" name="search_params" value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($SEARCH_PARAMS))}' />
{/if}
<input type="hidden" name="fieldModule" value={$SOURCE_MODULE} />
<input type="hidden" name="to" value='{ZEND_JSON::encode($TO)}' />
diff --git a/layouts/v7/modules/Inventory/OverlayEditView.tpl b/layouts/v7/modules/Inventory/OverlayEditView.tpl
index 5a937afd9941e2381c9b6d98f28e66e9987b93d1..160c2d4f931f483b0e6d1ea232c9ba8def6ee97d 100644
--- a/layouts/v7/modules/Inventory/OverlayEditView.tpl
+++ b/layouts/v7/modules/Inventory/OverlayEditView.tpl
@@ -46,7 +46,7 @@
<input type="hidden" name="returnrelatedModule" value="{$RETURN_RELATED_MODULE}" />
<input type="hidden" name="returnpage" value="{$RETURN_PAGE}" />
<input type="hidden" name="returnviewname" value="{$RETURN_VIEW_NAME}" />
- <input type="hidden" name="returnsearch_params" value='{ZEND_JSON::encode($RETURN_SEARCH_PARAMS)}' />
+ <input type="hidden" name="returnsearch_params" value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($RETURN_SEARCH_PARAMS))}' />
<input type="hidden" name="returnsearch_key" value={$RETURN_SEARCH_KEY} />
<input type="hidden" name="returnsearch_value" value={$RETURN_SEARCH_VALUE} />
<input type="hidden" name="returnoperator" value={$RETURN_SEARCH_OPERATOR} />
diff --git a/layouts/v7/modules/Potentials/SelectEmailFields.tpl b/layouts/v7/modules/Potentials/SelectEmailFields.tpl
index a964008f4d8e1ffb1ca51ce2ec7957537f28f42d..1eef188d84559d8371bc9c27fac91fe90864c11c 100644
--- a/layouts/v7/modules/Potentials/SelectEmailFields.tpl
+++ b/layouts/v7/modules/Potentials/SelectEmailFields.tpl
@@ -24,7 +24,7 @@
<input type="hidden" name="operator" value="{$OPERATOR}" />
<input type="hidden" name="search_value" value="{$ALPHABET_VALUE}" />
{if $SEARCH_PARAMS}
- <input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />
+ <input type="hidden" name="search_params" value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($SEARCH_PARAMS))}' />
{/if}
<input type="hidden" name="fieldModule" value={$SOURCE_MODULE} />
<input type="hidden" name="to" value='{ZEND_JSON::encode($TO)}' />
diff --git a/layouts/v7/modules/Reports/MoveReports.tpl b/layouts/v7/modules/Reports/MoveReports.tpl
index 1fcbada3513e2dbe5527c6ac0bd8e8e9873dd10f..081d5e43ce6da3d90a7d4aa91b8172d473d8d403 100644
--- a/layouts/v7/modules/Reports/MoveReports.tpl
+++ b/layouts/v7/modules/Reports/MoveReports.tpl
@@ -19,7 +19,7 @@
<input type="hidden" name="selected_ids" value={ZEND_JSON::encode($SELECTED_IDS)} />
<input type="hidden" name="excluded_ids" value={ZEND_JSON::encode($EXCLUDED_IDS)} />
<input type="hidden" name="viewname" value="{$VIEWNAME}" />
- <input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />
+ <input type="hidden" name="search_params" value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($SEARCH_PARAMS))}' />
<div class="modal-body">
<div class="form-group">
<label for="inputEmail3" class="col-sm-4 control-label">{vtranslate('LBL_FOLDERS_LIST', $MODULE)}<span class="redColor">*</span></label>
diff --git a/layouts/v7/modules/Settings/Workflows/AdvanceFilter.tpl b/layouts/v7/modules/Settings/Workflows/AdvanceFilter.tpl
index 723bfef0b95089d515c5c0f0ce8c76c6dc7969df..c690497c084082bb888e4007e1f015f8b974bedc 100644
--- a/layouts/v7/modules/Settings/Workflows/AdvanceFilter.tpl
+++ b/layouts/v7/modules/Settings/Workflows/AdvanceFilter.tpl
@@ -24,11 +24,11 @@
<div class="filterContainer">
<input type="hidden" name="date_filters" data-value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($DATE_FILTERS))}' />
- <input type=hidden name="advanceFilterOpsByFieldType" data-value='{ZEND_JSON::encode($ADVANCED_FILTER_OPTIONS_BY_TYPE)}' />
+ <input type=hidden name="advanceFilterOpsByFieldType" data-value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($ADVANCED_FILTER_OPTIONS_BY_TYPE))}' />
{foreach key=ADVANCE_FILTER_OPTION_KEY item=ADVANCE_FILTER_OPTION from=$ADVANCED_FILTER_OPTIONS}
{$ADVANCED_FILTER_OPTIONS[$ADVANCE_FILTER_OPTION_KEY] = vtranslate($ADVANCE_FILTER_OPTION, $MODULE)}
{/foreach}
- <input type=hidden name="advanceFilterOptions" data-value='{ZEND_JSON::encode($ADVANCED_FILTER_OPTIONS)}' />
+ <input type=hidden name="advanceFilterOptions" data-value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($ADVANCED_FILTER_OPTIONS))}' />
<div class="allConditionContainer conditionGroup contentsBackground" style="padding-bottom:15px;">
<div class="header">
<span><strong>{vtranslate('LBL_ALL_CONDITIONS',$MODULE)}</strong></span>
diff --git a/layouts/v7/modules/Settings/Workflows/WorkFlowConditions.tpl b/layouts/v7/modules/Settings/Workflows/WorkFlowConditions.tpl
index 116f7098f87051c4bfce4c363fe7a7779f5ceb0f..670d044f147ba96c6371b847cdf6f4d499e02563 100644
--- a/layouts/v7/modules/Settings/Workflows/WorkFlowConditions.tpl
+++ b/layouts/v7/modules/Settings/Workflows/WorkFlowConditions.tpl
@@ -11,7 +11,7 @@
-->*}
{strip}
<input type="hidden" name="conditions" id="advanced_filter" value='' />
- <input type="hidden" id="olderConditions" value='{ZEND_JSON::encode($WORKFLOW_MODEL->get('conditions'))}' />
+ <input type="hidden" id="olderConditions" value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($WORKFLOW_MODEL->get('conditions')))}' />
<input type="hidden" name="filtersavedinnew" value="{$WORKFLOW_MODEL->get('filtersavedinnew')}" />
<div class="editViewHeader">
<div class='row'>
diff --git a/layouts/v7/modules/Users/CalendarSettingsEditView.tpl b/layouts/v7/modules/Users/CalendarSettingsEditView.tpl
index f3edd00ca2d9205e511e35150ea86f5a58207d06..215289ea1f976c0d8922d3d963eea521e1183c1c 100644
--- a/layouts/v7/modules/Users/CalendarSettingsEditView.tpl
+++ b/layouts/v7/modules/Users/CalendarSettingsEditView.tpl
@@ -40,7 +40,7 @@
<input type="hidden" name="returnrelatedModule" value="{$RETURN_RELATED_MODULE}" />
<input type="hidden" name="returnpage" value="{$RETURN_PAGE}" />
<input type="hidden" name="returnviewname" value="{$RETURN_VIEW_NAME}" />
- <input type="hidden" name="returnsearch_params" value='{ZEND_JSON::encode($RETURN_SEARCH_PARAMS)}' />
+ <input type="hidden" name="returnsearch_params" value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($RETURN_SEARCH_PARAMS))}' />
<input type="hidden" name="returnsearch_key" value={$RETURN_SEARCH_KEY} />
<input type="hidden" name="returnsearch_value" value={$RETURN_SEARCH_VALUE} />
<input type="hidden" name="returnoperator" value={$RETURN_SEARCH_OPERATOR} />
diff --git a/layouts/v7/modules/Vtiger/AddCommentForm.tpl b/layouts/v7/modules/Vtiger/AddCommentForm.tpl
index e436d980a250800e1a7a2dd5d9588d6db78a7936..3238c76b185aa870aedeefd0eceedd9a889c8e8d 100644
--- a/layouts/v7/modules/Vtiger/AddCommentForm.tpl
+++ b/layouts/v7/modules/Vtiger/AddCommentForm.tpl
@@ -21,7 +21,7 @@
<input type="hidden" name="search_key" value= "{$SEARCH_KEY}" />
<input type="hidden" name="operator" value="{$OPERATOR}" />
<input type="hidden" name="search_value" value="{$ALPHABET_VALUE}" />
- <input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />
+ <input type="hidden" name="search_params" value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($SEARCH_PARAMS))}' />
{assign var=HEADER_TITLE value={vtranslate('LBL_ADDING_COMMENT', $MODULE)}}
{include file="ModalHeader.tpl"|vtemplate_path:$MODULE TITLE=$HEADER_TITLE}
diff --git a/layouts/v7/modules/Vtiger/AdvanceFilter.tpl b/layouts/v7/modules/Vtiger/AdvanceFilter.tpl
index 2895431a26922928321c28a39a288a8033658394..7df2f3ba234a9c6284231827eaf2296c693f3e07 100644
--- a/layouts/v7/modules/Vtiger/AdvanceFilter.tpl
+++ b/layouts/v7/modules/Vtiger/AdvanceFilter.tpl
@@ -24,7 +24,7 @@
<div class="filterContainer filterElements well filterConditionContainer filterConditionsDiv">
<input type="hidden" name="date_filters" data-value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($DATE_FILTERS))}' />
- <input type=hidden name="advanceFilterOpsByFieldType" data-value='{ZEND_JSON::encode($ADVANCED_FILTER_OPTIONS_BY_TYPE)}' />
+ <input type=hidden name="advanceFilterOpsByFieldType" data-value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($ADVANCED_FILTER_OPTIONS_BY_TYPE))}' />
{foreach key=ADVANCE_FILTER_OPTION_KEY item=ADVANCE_FILTER_OPTION from=$ADVANCED_FILTER_OPTIONS}
{$ADVANCED_FILTER_OPTIONS[$ADVANCE_FILTER_OPTION_KEY] = vtranslate($ADVANCE_FILTER_OPTION, $MODULE)}
{/foreach}
diff --git a/layouts/v7/modules/Vtiger/ComposeEmailForm.tpl b/layouts/v7/modules/Vtiger/ComposeEmailForm.tpl
index a2600f07cac903da5762fd7d41f1f7373a46fa11..5d3bc7c27739d78e63f9f8c466474de95edd4371 100644
--- a/layouts/v7/modules/Vtiger/ComposeEmailForm.tpl
+++ b/layouts/v7/modules/Vtiger/ComposeEmailForm.tpl
@@ -38,7 +38,7 @@
<input type="hidden" name="search_key" value= "{$SEARCH_KEY}" />
<input type="hidden" name="operator" value="{$OPERATOR}" />
<input type="hidden" name="search_value" value="{$ALPHABET_VALUE}" />
- <input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />
+ <input type="hidden" name="search_params" value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($SEARCH_PARAMS))}' />
<div class="row toEmailField">
<div class="col-lg-12">
diff --git a/layouts/v7/modules/Vtiger/Export.tpl b/layouts/v7/modules/Vtiger/Export.tpl
index 2fffe80e6300cbab0cf9c2d9a963da0595732111..8f84d447e1a21165ea3de404cdd0bb390b7b939a 100644
--- a/layouts/v7/modules/Vtiger/Export.tpl
+++ b/layouts/v7/modules/Vtiger/Export.tpl
@@ -22,7 +22,7 @@
<input type="hidden" name="search_key" value= "{$SEARCH_KEY}" />
<input type="hidden" name="operator" value="{$OPERATOR}" />
<input type="hidden" name="search_value" value="{$ALPHABET_VALUE}" />
- <input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />
+ <input type="hidden" name="search_params" value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($SEARCH_PARAMS))}' />
<input type="hidden" name="orderby" value="{$ORDER_BY}" />
<input type="hidden" name="sortorder" value="{$SORT_ORDER}" />
<input type="hidden" name="tag_params" value='{Zend_JSON::encode($TAG_PARAMS)}' />
diff --git a/layouts/v7/modules/Vtiger/MassEditForm.tpl b/layouts/v7/modules/Vtiger/MassEditForm.tpl
index f8fdc9f45e0c9718ea4663b6539e8011c34e77a7..8fc24ee416665a0726c9a591a5186a5da8f4b3ff 100644
--- a/layouts/v7/modules/Vtiger/MassEditForm.tpl
+++ b/layouts/v7/modules/Vtiger/MassEditForm.tpl
@@ -17,7 +17,7 @@
<input type="hidden" name="viewname" value="{$CVID}" />
<input type="hidden" name="selected_ids" value={ZEND_JSON::encode($SELECTED_IDS)}>
<input type="hidden" name="excluded_ids" value={ZEND_JSON::encode($EXCLUDED_IDS)}>
- <input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />
+ <input type="hidden" name="search_params" value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($SEARCH_PARAMS))}' />
<div>
<header class="overlayHeader" style='flex:0 0 auto;'>
{assign var=TITLE value="{vtranslate('LBL_MASS_EDITING',$MODULE)}"}
diff --git a/layouts/v7/modules/Vtiger/OverlayEditView.tpl b/layouts/v7/modules/Vtiger/OverlayEditView.tpl
index 1873cbbb8263761e07a7c3799dafd5ac3618d0fe..66c58bdf9ae297d8d5d72671695e90f43da33ddf 100644
--- a/layouts/v7/modules/Vtiger/OverlayEditView.tpl
+++ b/layouts/v7/modules/Vtiger/OverlayEditView.tpl
@@ -46,7 +46,7 @@
<input type="hidden" name="returnrelatedModule" value="{$RETURN_RELATED_MODULE}" />
<input type="hidden" name="returnpage" value="{$RETURN_PAGE}" />
<input type="hidden" name="returnviewname" value="{$RETURN_VIEW_NAME}" />
- <input type="hidden" name="returnsearch_params" value='{ZEND_JSON::encode($RETURN_SEARCH_PARAMS)}' />
+ <input type="hidden" name="returnsearch_params" value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($RETURN_SEARCH_PARAMS))}' />
<input type="hidden" name="returnsearch_key" value={$RETURN_SEARCH_KEY} />
<input type="hidden" name="returnsearch_value" value={$RETURN_SEARCH_VALUE} />
<input type="hidden" name="returnoperator" value={$RETURN_SEARCH_OPERATOR} />
diff --git a/layouts/v7/modules/Vtiger/SelectEmailFields.tpl b/layouts/v7/modules/Vtiger/SelectEmailFields.tpl
index b89e525f01ababd66976aa03105de7e8a792fdd0..7094c7793fb1a2efb4dc3c74003fd4d7e96ff5e5 100644
--- a/layouts/v7/modules/Vtiger/SelectEmailFields.tpl
+++ b/layouts/v7/modules/Vtiger/SelectEmailFields.tpl
@@ -24,7 +24,7 @@
<input type="hidden" name="operator" value="{$OPERATOR}" />
<input type="hidden" name="search_value" value="{$ALPHABET_VALUE}" />
{if $SEARCH_PARAMS}
- <input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />
+ <input type="hidden" name="search_params" value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($SEARCH_PARAMS))}' />
{/if}
<input type="hidden" name="fieldModule" value={$SOURCE_MODULE} />
<input type="hidden" name="to" value='{ZEND_JSON::encode($TO)}' />
diff --git a/layouts/v7/modules/Vtiger/SendSMSForm.tpl b/layouts/v7/modules/Vtiger/SendSMSForm.tpl
index 432104491545298187d8d9f981feb415cd1a36d9..b01ea0dd8e88272be54cddb26e517f0f84339ce8 100644
--- a/layouts/v7/modules/Vtiger/SendSMSForm.tpl
+++ b/layouts/v7/modules/Vtiger/SendSMSForm.tpl
@@ -23,7 +23,7 @@
<input type="hidden" name="search_key" value= "{$SEARCH_KEY}" />
<input type="hidden" name="operator" value="{$OPERATOR}" />
<input type="hidden" name="search_value" value="{$ALPHABET_VALUE}" />
- <input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />
+ <input type="hidden" name="search_params" value='{Vtiger_Util_Helper::toSafeHTML(ZEND_JSON::encode($SEARCH_PARAMS))}' />
<div class="modal-body">
<div>