From 243bc58ce5f8d34056d5f607a1c3c4f40672757a Mon Sep 17 00:00:00 2001
From: root <you@example.com>
Date: Fri, 10 May 2024 17:44:37 +0530
Subject: [PATCH] Fixes : Xss payload in Users last name and first name issue
 is fixed

---
 include/utils/VtlibUtils.php | 7 -------
 modules/Users/Users.php      | 2 +-
 2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/include/utils/VtlibUtils.php b/include/utils/VtlibUtils.php
index d9deda054..cc65a9ba6 100644
--- a/include/utils/VtlibUtils.php
+++ b/include/utils/VtlibUtils.php
@@ -530,13 +530,6 @@ function vtlib_tosingular($text) {
 	return $text;
 }
 
-/**
- * Helps to remove HTML tags and attributes.
- */
-function vtlib_strip_tagattrs($str) {
-    return preg_replace('/=/', '-', strip_tags($str));
-}
-
 /**
  * Get picklist values that is accessible by all roles.
  */
diff --git a/modules/Users/Users.php b/modules/Users/Users.php
index 4c1559fab..b88c9f8dc 100755
--- a/modules/Users/Users.php
+++ b/modules/Users/Users.php
@@ -779,7 +779,7 @@ class Users extends CRMEntity {
 			}
 			$userlabel = trim(decode_html($userlabel));
 			
-			$this->column_fields['userlabel'] = vtlib_strip_tagattrs($userlabel);
+			$this->column_fields['userlabel'] = vtlib_strip_quoted(strip_tags($userlabel));
 		}
 
 		if($insertion_mode == 'edit') {
-- 
GitLab