diff --git a/layouts/v7/modules/Vtiger/Comment.tpl b/layouts/v7/modules/Vtiger/Comment.tpl
index 5980b51dab69187181379bbd213795532c49085b..0764a0dd502d6f7ff84e21944f46c521a76dc62e 100644
--- a/layouts/v7/modules/Vtiger/Comment.tpl
+++ b/layouts/v7/modules/Vtiger/Comment.tpl
@@ -19,7 +19,7 @@
<div class="col-lg-12">
<div class="media">
<div class="media-left title" id="{$COMMENT->getId()}">
- {assign var=CREATOR_NAME value=$COMMENT->getCommentedByName()}
+ {assign var=CREATOR_NAME value={decode_html($COMMENT->getCommentedByName())}}
<div class="col-lg-2 recordImage commentInfoHeader" style ="width:50px; height:50px; font-size: 30px;" data-commentid="{$COMMENT->getId()}" data-parentcommentid="{$COMMENT->get('parent_comments')}" data-relatedto = "{$COMMENT->get('related_to')}">
{assign var=IMAGE_PATH value=$COMMENT->getImagePath()}
{if !empty($IMAGE_PATH)}
diff --git a/layouts/v7/modules/Vtiger/DetailViewHeaderTitle.tpl b/layouts/v7/modules/Vtiger/DetailViewHeaderTitle.tpl
index a2777bdfaa470ae182aafdca2767daa5685e32b9..4032e90a20a862270d51a26cfe57298b502bfc76 100644
--- a/layouts/v7/modules/Vtiger/DetailViewHeaderTitle.tpl
+++ b/layouts/v7/modules/Vtiger/DetailViewHeaderTitle.tpl
@@ -24,7 +24,7 @@
{foreach item=NAME_FIELD from=$MODULE_MODEL->getNameFields()}
{assign var=FIELD_MODEL value=$MODULE_MODEL->getField($NAME_FIELD)}
{if $FIELD_MODEL->getPermissions()}
- <span class="{$NAME_FIELD}">{$RECORD->get($NAME_FIELD)}</span>
+ <span class="{$NAME_FIELD}">{decode_html($RECORD->get($NAME_FIELD))}</span>
{/if}
{/foreach}
</span>
diff --git a/layouts/v7/modules/Vtiger/EmailPreview.tpl b/layouts/v7/modules/Vtiger/EmailPreview.tpl
index db4bce28727bba8d681caed7b1e4c1f4ac5d9234..d97ef089889a2938e6b9732b606a974bc8ef2ddc 100644
--- a/layouts/v7/modules/Vtiger/EmailPreview.tpl
+++ b/layouts/v7/modules/Vtiger/EmailPreview.tpl
@@ -146,7 +146,7 @@
</div>
</div>
</div>
- <textarea style="display:none;" id="iframeDescription">{$RECORD->get('description')}</textarea>
+ <textarea style="display:none;" id="iframeDescription">{decode_html($RECORD->get('description'))}</textarea>
<div class="row email-info-row">
<div class="col-lg-2" style="padding-right:10px;">
<div class="pull-right">{vtranslate('LBL_DESCRIPTION',$MODULE)}</div>
diff --git a/layouts/v7/modules/Vtiger/Header.tpl b/layouts/v7/modules/Vtiger/Header.tpl
index 707f6117481cdf2a0f85d23be636f5df715556c9..1a11b569f5d809a6ca226f3e400a4d6d21b67fcc 100644
--- a/layouts/v7/modules/Vtiger/Header.tpl
+++ b/layouts/v7/modules/Vtiger/Header.tpl
@@ -59,7 +59,7 @@
var _USERMETA;
{if $CURRENT_USER_MODEL}
_USERMETA = { 'id' : "{$CURRENT_USER_MODEL->get('id')}", 'menustatus' : "{$CURRENT_USER_MODEL->get('leftpanelhide')}",
- 'currency' : "{$USER_CURRENCY_SYMBOL}", 'currencySymbolPlacement' : "{$CURRENT_USER_MODEL->get('currency_symbol_placement')}",
+ 'currency' : "{decode_html($USER_CURRENCY_SYMBOL)}", 'currencySymbolPlacement' : "{$CURRENT_USER_MODEL->get('currency_symbol_placement')}",
'currencyGroupingPattern' : "{$CURRENT_USER_MODEL->get('currency_grouping_pattern')}", 'truncateTrailingZeros' : "{$CURRENT_USER_MODEL->get('truncate_trailing_zeros')}",'userlabel':"{decode_html($CURRENT_USER_MODEL->get('userlabel'))}",};
{/if}
</script>
diff --git a/layouts/v7/modules/Vtiger/ListColumnsEdit.tpl b/layouts/v7/modules/Vtiger/ListColumnsEdit.tpl
index 710745bbdafd21d4de900be73e60b5575bd3c9d1..ead442bda2a451feeff55fef348ab6f85e50ce2f 100644
--- a/layouts/v7/modules/Vtiger/ListColumnsEdit.tpl
+++ b/layouts/v7/modules/Vtiger/ListColumnsEdit.tpl
@@ -67,7 +67,7 @@
{if $FIELD_MODEL->getDisplayType() eq '6'}
{continue}
{/if}
- <div class="instafilta-target item {if array_key_exists($FIELD_MODEL->getCustomViewColumnName(), $SELECTED_FIELDS)}hide{/if}" data-cv-columnname="{$FIELD_MODEL->getCustomViewColumnName()}" data-columnname='{$FIELD_MODEL->get('column')}' data-field-id='{$FIELD_MODEL->getId()}'>
+ <div class="instafilta-target item {if array_key_exists(decode_html($FIELD_MODEL->getCustomViewColumnName()), $SELECTED_FIELDS)}hide{/if}" data-cv-columnname="{$FIELD_MODEL->getCustomViewColumnName()}" data-columnname='{$FIELD_MODEL->get('column')}' data-field-id='{$FIELD_MODEL->getId()}'>
<span class="fieldLabel">{vtranslate($FIELD_MODEL->get('label'),$FIELD_MODULE_NAME)}</span>
</div>
{/foreach}
diff --git a/layouts/v7/modules/Vtiger/PicklistColorMap.tpl b/layouts/v7/modules/Vtiger/PicklistColorMap.tpl
index 94f8538cc31b87fa68e9d29de7f36ac2e6110200..4701f13598d8da05b4d4cfe7430df48b260b67b4 100644
--- a/layouts/v7/modules/Vtiger/PicklistColorMap.tpl
+++ b/layouts/v7/modules/Vtiger/PicklistColorMap.tpl
@@ -16,7 +16,7 @@
{/if}
{assign var=PICKLIST_COLOR_MAP value=Settings_Picklist_Module_Model::getPicklistColorMap($FIELD_NAME, true)}
{foreach item=PICKLIST_COLOR key=PICKLIST_VALUE from=$PICKLIST_COLOR_MAP}
- {assign var=PICKLIST_TEXT_COLOR value=decode_html(Settings_Picklist_Module_Model::getTextColor($PICKLIST_COLOR))}
+ {assign var=PICKLIST_TEXT_COLOR value= decode_html(Settings_Picklist_Module_Model::getTextColor($PICKLIST_COLOR))}
{assign var=CONVERTED_PICKLIST_VALUE value=Vtiger_Util_Helper::convertSpaceToHyphen($PICKLIST_VALUE)}
.picklist-{$FIELD_MODEL->getId()}-{Vtiger_Util_Helper::escapeCssSpecialCharacters($CONVERTED_PICKLIST_VALUE)} {
background-color: {$PICKLIST_COLOR};
diff --git a/layouts/v7/modules/Vtiger/QuickViewCommentsList.tpl b/layouts/v7/modules/Vtiger/QuickViewCommentsList.tpl
index e0f5b95cfc8e94664fe69ba477a8445c69c8ed79..f7424325937b26fa951580b594a5b06e21177ea4 100644
--- a/layouts/v7/modules/Vtiger/QuickViewCommentsList.tpl
+++ b/layouts/v7/modules/Vtiger/QuickViewCommentsList.tpl
@@ -17,7 +17,7 @@
<div class="recentCommentsBody row">
<br>
{foreach key=index item=COMMENT from=$COMMENTS}
- {assign var=CREATOR_NAME value=$COMMENT->getCommentedByName()}
+ {assign var=CREATOR_NAME value={decode_html($COMMENT->getCommentedByName())}}
<div class="commentDetails">
<div class="singleComment">
{assign var=PARENT_COMMENT_MODEL value=$COMMENT->getParentCommentModel()}
diff --git a/layouts/v7/modules/Vtiger/uitypes/OwnerFieldSearchView.tpl b/layouts/v7/modules/Vtiger/uitypes/OwnerFieldSearchView.tpl
index 4fdd538d585da954607ce22c4d4277fcec339812..a48cef1382b4424748f27f2dc41c4ab37fff98cb 100644
--- a/layouts/v7/modules/Vtiger/uitypes/OwnerFieldSearchView.tpl
+++ b/layouts/v7/modules/Vtiger/uitypes/OwnerFieldSearchView.tpl
@@ -40,7 +40,7 @@
{if count($ALL_ACTIVEGROUP_LIST) gt 0}
<optgroup label="{vtranslate('LBL_GROUPS')}">
{foreach key=OWNER_ID item=OWNER_NAME from=$ALL_ACTIVEGROUP_LIST}
- <option value="{$OWNER_NAME}" data-picklistvalue= '{$OWNER_NAME}' {if in_array(trim($OWNER_NAME),$SEARCH_VALUES)} selected {/if}
+ <option value="{$OWNER_NAME}" data-picklistvalue= '{$OWNER_NAME}' {if in_array(trim(decode_html($OWNER_NAME)),$SEARCH_VALUES)} selected {/if}
{if array_key_exists($OWNER_ID, $ACCESSIBLE_GROUP_LIST)} data-recordaccess=true {else} data-recordaccess=false {/if} >
{$OWNER_NAME}
</option>
diff --git a/layouts/v7/modules/Vtiger/uitypes/OwnerGroupFieldSearchView.tpl b/layouts/v7/modules/Vtiger/uitypes/OwnerGroupFieldSearchView.tpl
index 51edb7f9ee6784a66ddf3d9b1a1a8726dc84bf45..847603524c2464f94bc4ba12cc6566c65e9e2e3c 100644
--- a/layouts/v7/modules/Vtiger/uitypes/OwnerGroupFieldSearchView.tpl
+++ b/layouts/v7/modules/Vtiger/uitypes/OwnerGroupFieldSearchView.tpl
@@ -26,7 +26,7 @@
<select class="select2 listSearchContributor {$ASSIGNED_USER_ID}"name="{$ASSIGNED_USER_ID}" multiple id="group_id" style="display:none">
{if count($ALL_ACTIVEGROUP_LIST) gt 0}
{foreach key=OWNER_ID item=OWNER_NAME from=$ALL_ACTIVEGROUP_LIST}
- <option value="{$OWNER_NAME}" data-picklistvalue= '{$OWNER_NAME}' {if in_array(trim($OWNER_NAME),$SEARCH_VALUES)} selected {/if}
+ <option value="{$OWNER_NAME}" data-picklistvalue= '{$OWNER_NAME}' {if in_array(trim(decode_html($OWNER_NAME)),$SEARCH_VALUES)} selected {/if}
{if array_key_exists($OWNER_ID, $ACCESSIBLE_GROUP_LIST)} data-recordaccess=true {else} data-recordaccess=false {/if} >
{$OWNER_NAME}
</option>
diff --git a/layouts/v7/modules/Vtiger/uitypes/String.tpl b/layouts/v7/modules/Vtiger/uitypes/String.tpl
index 00ec549f4208b9fc32266f91d059df3358108c72..8d4f57446a9ed77ee9514bf164408d20a67c0150 100644
--- a/layouts/v7/modules/Vtiger/uitypes/String.tpl
+++ b/layouts/v7/modules/Vtiger/uitypes/String.tpl
@@ -16,7 +16,7 @@
{if (!$FIELD_NAME)}
{assign var="FIELD_NAME" value=$FIELD_MODEL->getFieldName()}
{/if}
- <input id="{$MODULE}_editView_fieldName_{$FIELD_NAME}" type="text" data-fieldname="{$FIELD_NAME}" data-fieldtype="string" class="inputElement {if $FIELD_MODEL->isNameField()}nameField{/if}" name="{$FIELD_NAME}" value="{$FIELD_MODEL->get('fieldvalue')}"
+ <input id="{$MODULE}_editView_fieldName_{$FIELD_NAME}" type="text" data-fieldname="{$FIELD_NAME}" data-fieldtype="string" class="inputElement {if $FIELD_MODEL->isNameField()}nameField{/if}" name="{$FIELD_NAME}" value="{decode_html($FIELD_MODEL->get('fieldvalue'))|htmlentities}"
{if $FIELD_MODEL->get('uitype') eq '3' || $FIELD_MODEL->get('uitype') eq '4'|| $FIELD_MODEL->isReadOnly()}
{if $FIELD_MODEL->get('uitype') neq '106'}
readonly