#156058834::XSS in default Value while creating custom field

21d3d850 · N Nikhil · 0e7499a4 · 21d3d850
Commit 21d3d850 authored 1 year ago by N Nikhil
--- a/modules/Settings/LayoutEditor/models/Module.php
+++ b/modules/Settings/LayoutEditor/models/Module.php
@@ -191,7 +191,7 @@ class Settings_LayoutEditor_Module_Model extends Vtiger_Module_Model {
 		if (is_array($defaultValue)) {
 			$defaultValue = implode(' |##| ', $defaultValue);
 		}
-		$fieldModel->set('defaultvalue', $defaultValue);
+		$fieldModel->set('defaultvalue', vtlib_purify($defaultValue));

 		$blockModel = Vtiger_Block_Model::getInstance($blockId, $this);
 		$blockModel->addField($fieldModel);