Skip to content

VT710: missing Vtiger_Util_Helper::toSafeHTML()

I was testing on vt7.1.0 in French language and I could not create correctly (advanced) filter both module and workflow :/

In French some condition comparators have a single quote (').

Into AdvanceFilter.tpl, for both module and settings/workflow, Vtiger_Util_Helper::toSafeHTML() is missing

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Vtiger/AdvanceFilter.tpl:27
<input type=hidden name="advanceFilterOpsByFieldType" data-value='{ZEND_JSON::encode($ADVANCED_FILTER_OPTIONS_BY_TYPE)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Vtiger/AdvanceFilter.tpl:31
<input type=hidden name="advanceFilterOptions" data-value='{ZEND_JSON::encode($ADVANCED_FILTER_OPTIONS)}' />


vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Settings/Workflows/AdvanceFilter.tpl:27
<input type=hidden name="advanceFilterOpsByFieldType" data-value='{ZEND_JSON::encode($ADVANCED_FILTER_OPTIONS_BY_TYPE)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Settings/Workflows/AdvanceFilter.tpl:31
<input type=hidden name="advanceFilterOptions" data-value='{ZEND_JSON::encode($ADVANCED_FILTER_OPTIONS)}' />

I done a global search to find out cases where, potentially, Vtiger_Util_Helper::toSafeHTML() is required.

Here for a quick check

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/HelpDesk/SelectEmailFields.tpl:27
<input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Inventory/OverlayEditView.tpl:49
<input type="hidden" name="returnsearch_params" value='{ZEND_JSON::encode($RETURN_SEARCH_PARAMS)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Potentials/SelectEmailFields.tpl:27
<input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Reports/MoveReports.tpl:22
<input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Users/CalendarSettingsEditView.tpl:43
<input type="hidden" name="returnsearch_params" value='{ZEND_JSON::encode($RETURN_SEARCH_PARAMS)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Vtiger/AddCommentForm.tpl:24
<input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Vtiger/ComposeEmailForm.tpl:41
<input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Vtiger/Export.tpl:25
<input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Vtiger/MassEditForm.tpl:20
<input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Vtiger/OverlayEditView.tpl:49
<input type="hidden" name="returnsearch_params" value='{ZEND_JSON::encode($RETURN_SEARCH_PARAMS)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Vtiger/SelectEmailFields.tpl:27
<input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Vtiger/SendSMSForm.tpl:26
<input type="hidden" name="search_params" value='{ZEND_JSON::encode($SEARCH_PARAMS)}' />

vtigercrm7.1.0/vtigercrm/layouts/v7/modules/Settings/Workflows/WorkFlowConditions.tpl:14
<input type="hidden" id="olderConditions" value='{ZEND_JSON::encode($WORKFLOW_MODEL->get('conditions'))}' />

Copyright 2023 Vtiger. All rights reserved.