From a1cf620cdae2dbe64a7a14a3f665831c046e546f Mon Sep 17 00:00:00 2001 From: Chloe Deguzman Date: Fri, 4 Mar 2016 12:45:41 +0000 Subject: [PATCH] HOR-285 Now sanitizing input for Process titles. --- workflow/engine/src/ProcessMaker/Project/Workflow.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/workflow/engine/src/ProcessMaker/Project/Workflow.php b/workflow/engine/src/ProcessMaker/Project/Workflow.php index c3d5666e9..c47730720 100755 --- a/workflow/engine/src/ProcessMaker/Project/Workflow.php +++ b/workflow/engine/src/ProcessMaker/Project/Workflow.php @@ -66,6 +66,15 @@ class Workflow extends Handler $data['PRO_CATEGORY'] = array_key_exists('PRO_CATEGORY', $data) ? $data['PRO_CATEGORY'] : ""; try { + + // Check to make sure that there aren't any html sneaking into process titles. + + $testTitle = strip_tags($data['PRO_TITLE']); + + if($testTitle != $data['PRO_TITLE']) { + $data['PRO_TITLE'] = $testTitle; + } + self::log("Create Process with data:", $data); //validate if process with specified name already exists