From bd172104c91b15c76327dba54ca8b619ac09e052 Mon Sep 17 00:00:00 2001
From: Chloe Deguzman <chloe.deguzman@processmaker.com>
Date: Tue, 8 Mar 2016 15:44:42 +0000
Subject: [PATCH] HOR-282 Added XSS filtering for proxyDataCombobox.

---
 workflow/engine/methods/cases/proxyDataCombobox.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/workflow/engine/methods/cases/proxyDataCombobox.php b/workflow/engine/methods/cases/proxyDataCombobox.php
index f7528e39e..a0d65d2df 100755
--- a/workflow/engine/methods/cases/proxyDataCombobox.php
+++ b/workflow/engine/methods/cases/proxyDataCombobox.php
@@ -5,8 +5,8 @@
  */
 
 $appUid    = isset($_POST["appUid"])? $_POST["appUid"] : "";
-$dynUid    = isset($_POST["dynUid"])? $_POST["dynUid"] : "";
-$proUid    = isset($_POST["proUid"])? $_POST["proUid"] : "";
+$dynUid    = isset($_POST["dynUid"])? htmlspecialchars($_POST["dynUid"]) : "";
+$proUid    = isset($_POST["proUid"])? htmlspecialchars($_POST["proUid"]) : "";
 $fieldName = isset($_POST["fieldName"])? $_POST["fieldName"] : "";
 
 $filename = $proUid . PATH_SEP . $dynUid . ".xml";