From b4cd8c974eb64b61ac5293ca9686460ad819cc6a Mon Sep 17 00:00:00 2001
From: "Paula V. Quispe" <paula.quispe@colosa.com>
Date: Wed, 24 Aug 2016 13:55:38 -0400
Subject: [PATCH] HOR-1679

HOR-1679

HOR-1679
---
 workflow/engine/classes/model/Process.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/workflow/engine/classes/model/Process.php b/workflow/engine/classes/model/Process.php
index 09f29a945..764f4ac5a 100755
--- a/workflow/engine/classes/model/Process.php
+++ b/workflow/engine/classes/model/Process.php
@@ -664,15 +664,14 @@ class Process extends BaseProcess
 
         foreach ($processes as $process) {
             $proTitle = isset($process['PRO_TITLE'])? $process['PRO_TITLE'] : '';
-            $proDescription = isset($process['PRO_DESCRIPTION']) ? $process['PRO_DESCRIPTION'] : '';
+            $proDescription = isset($process['PRO_DESCRIPTION']) ? htmlspecialchars($process['PRO_DESCRIPTION']) : '';
             $process["PRO_TYPE_PROCESS"] = ($process["PRO_TYPE_PROCESS"] == "PUBLIC") ? G::LoadTranslation("ID_PUBLIC") : G::LoadTranslation("ID_PRIVATE");
-
             // verify if the title is already set on the current language
             if (trim( $proTitle ) == '') {
                 // if not, then load the record to generate content for current language
                 $proData = $this->load( $process['PRO_UID'] );
                 $proTitle = $proData['PRO_TITLE'];
-                $proDescription = $proData['PRO_DESCRIPTION'];
+                $proDescription = htmlspecialchars($proData['PRO_DESCRIPTION']);
             }
 
             //filtering by $processName