Filtering Bug (PHP Code Passed) #5178

New issue

Open

opened 2026-02-20 16:30:59 -05:00 by deekerman · 1 comment

deekerman commented 2026-02-20 16:30:59 -05:00

Owner

Copy link

Originally created by @juncelcarreon on GitHub (Mar 28, 2024).

Issue

I was copy pasting some PHP data beforehand and was trying to search for a Lead afterwards.

I was copying a lead name and immediately entered to search. What I checked by the time that it was already loading trying to search, is that in the input field the one that I copied is actually the PHP data I tried to copy beforehand

Expected Behavior

The behavior should have been this:

Actual Behavior

The PHP Code that I accidentally copied is now the ones showing on the Lead List View Page.

Possible Fix

For now the way I restored it is just use this URL:
http://mycrm.com/index.php?action=index&module=Leads&searchFormTab=advanced_search&query=true&clear_query=true

Steps to Reproduce

1. Goto any Module (Mine is the Leads)
2. Click on the Filter
3. Copy a certain code (Mine is a PHP Code)
   

Context

I believe this is just a rarity (I think). Not really affecting me that much since I found a solution to reset it.

Your Environment

• SuiteCRM Version used: 7.11.21
• Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Chrome
• Environment name and version (e.g. MySQL, PHP 7): 7.4.27
• Operating System and version (e.g Ubuntu 16.04): CentOs 7

Originally created by @juncelcarreon on GitHub (Mar 28, 2024). <!--- Provide a general summary of the issue in the **Title** above --> <!--- Before you open an issue, please check if a similar issue already exists or has been closed before. ---> <!--- If you have discovered a security risk please report it by emailing security@suitecrm.com. This will be delivered to the product team who handle security issues. Please don't disclose security bugs publicly until they have been handled by the security team. ---> <!--- Please be aware that as of the 31st January 2022 we no longer support 7.10.x. New issues referring to 7.10.x will only be valid if applicable to 7.12.x and above. If your issue is still applicable in 7.12.x, please create the issue following the template below --> #### Issue <!--- Provide a more detailed introduction to the issue itself, and why you consider it to be a bug --> <!--- Ensure that all code ``` is surrounded ``` by triple back quotes. This can also be done over multiple lines --> I was copy pasting some PHP data beforehand and was trying to search for a Lead afterwards. I was copying a lead name and immediately entered to search. What I checked by the time that it was already loading trying to search, is that in the input field the one that I copied is actually the PHP data I tried to copy beforehand #### Expected Behavior <!--- Tell us what should happen --> The behavior should have been this:  #### Actual Behavior <!--- Tell us what happens instead --> <!--- Also please check relevant logs (suitecrm.log, php error.log etc.) --> The PHP Code that I accidentally copied is now the ones showing on the Lead List View Page.  #### Possible Fix <!--- Not obligatory, but suggest a fix or reason for the bug --> For now the way I restored it is just use this URL: **_http://mycrm.com/index.php?action=index&module=Leads&searchFormTab=advanced_search&query=true&clear_query=true_** #### Steps to Reproduce <!--- Provide a link to a live example, or an unambiguous set of steps to --> <!--- reproduce this bug include code to reproduce, if relevant --> 1. Goto any Module (Mine is the Leads) 2. Click on the Filter 3. Copy a certain code (Mine is a PHP Code)  #### Context <!--- How has this bug affected you? What were you trying to accomplish? --> <!--- If you feel this should be a low/medium/high priority then please state so --> I believe this is just a rarity (I think). Not really affecting me that much since I found a solution to reset it. #### Your Environment <!--- Include as many relevant details about the environment you experienced the bug in --> * SuiteCRM Version used: **7.11.21** * Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): **Chrome** * Environment name and version (e.g. MySQL, PHP 7): **7.4.27** * Operating System and version (e.g Ubuntu 16.04): **CentOs 7**

deekerman added the

Type: Bug

Priority:Important

Severity: Major

Status: Team Investigating

Area:Search

labels 2026-02-20 16:30:59 -05:00

deekerman commented 2026-02-20 16:31:01 -05:00

Author

Owner

Copy link

@chris001 commented on GitHub (Mar 28, 2024):

The code must sanitize the user input in the search box. This is required to fix this code injection vulnerability.

@chris001 commented on GitHub (Mar 28, 2024): The code must sanitize the user input in the search box. This is required to fix this code injection vulnerability.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

hotfix

develop

master

feature/php-8.4-compatibility

hotfix-7.14.x

next

feature/campaigns_revert

v7.15.0

v7.14.8

v7.14.7

v7.14.6

v7.14.5

v7.14.4

v7.14.3

v7.12.14

v7.14.2

v7.14.1

v7.12.13

v7.14.0

v7.14.0-beta

v7.13.4

v7.12.12

v7.12.11

v7.13.3

v7.12.10

v7.13.2

v7.12.9

v7.13.1

v7.13.0

v7.13.0-beta

v7.12.8

v7.12.7

v7.12.6

v7.12.5

v7.12.4

v7.12.3

v7.10.36

v7.12.2

v7.10.35

v7.12.1

v7.10.34

v7.11.23

v7.12.0

v7.12-rc

v7.11.22

v7.10.33

v7.11.21

v7.10.32

v7.11.20

v7.10.31

v7.11.19

v7.10.30

v8.0.0-beta.1

v7.10.29

v7.11.18

v7.11.17

v7.11.16

v7.10.28

v7.11.15

v7.10.27

v7.11.14

v7.10.26

v7.11.13

v7.10.25

v7.11.12

v7.10.24

v7.10.23

v7.11.11

v7.10.22

v7.11.10

v7.10.21

v7.11.9

v7.11.8

v7.10.20

v7.11.7

v7.10.19

v7.8.31

v7.10.18

v7.11.6

v7.11.5

v7.10.17

v7.8.30

v7.11.4

v7.10.16

v7.8.29

v7.11.3

v7.10.15

v7.8.28

v7.11.2

v7.10.14

v7.8.27

v7.11.1

v7.8.26

v7.10.13

v7.11.0

v7.10.12

v7.8.25

v7.11-rc-2

v7.11-rc

v7.10.11

v7.8.24

v7.11-beta

v7.10.10

v7.8.23

v7.10.9

v7.8.22

v7.10.8

v7.8.21

v7.10.7

v7.10.6

v7.8.20

v7.10.5

v7.8.19

v7.10.4

v7.10.3

v7.9.17

v7.8.18

v7.8.17

v7.10.2

v7.9.16

v7.8.16

7.9.15

v7.10.1

v7.10.0

v7.9.14

v7.8.15

v7.8.14

v7.9.13

v7.10-RC-2

v7.8.13

v7.9.12

v.7.9.11

v7.9.11

v7.8.12

v7.9.10

v7.8.11

v7.10-RC

v7.9.9

v7.8.10

v7.10-beta-3

v7.9.8

v7.8.9

v7.10-beta-2

v7.10-beta

v7.9.7

v7.8.8

v7.8.7

7.9.6

v7.9.5

v7.8.6

v7.9.4

v7.9.3

v7.9.2

v7.9.1

v7.8.5

v7.9.0

v7.8.4

v7.9.0-rc

v7.9.0-beta

v7.8.3

v7.8.2

v7.8.1

v7.8.0

v7.8.0-rc

v7.8.0-beta.2

v7.7.9

v7.8.0-beta

v7.7.8

v7.6.10

v7.7.7

v7.6.9

v7.7.6

v7.6.8

v7.7.5

v7.6.7

v7.7.4

v7.7.3

v7.7.2

v7.7.1

v7.7

v7.7-rc2

v7.7-rc

v7.6.6

v7.5.5

v7.6.5

v7.5.4

v7.7-beta2

v7.7-beta1

v7.6.4

v7.6.3

v7.6.2

v7.6.1

v7.6

v7.6-rc

v7.6-beta.2

v7.6-beta-1

v7.5.3

v7.5.2

v7.5.1

v7.5

v7.5-rc

v7.5-beta.2

v7.5-beta

v7.4.3

v7.4.2

v7.4.1

v7.4

v7.3.2

v7.4-rc

v7.4-beta.2

v7.4-beta

v7.3.1

v7.2.4

v7.3

v7.1.8

v7.3beta3

v7.2.3

v7.3-beta

v7.2.2

7.2.2

v7.1.7

7.1.7

v7.1.6

v7.2.1

v7.2

v7.2beta3

v7.1.5

v7.2beta2

v7.2beta

v7.1.4

v7.1.3

v7.1.2

v7.1.1

v7.1

v7.1RC2

v7.1RC

v7.1beta2

v7.1beta

v7.0.2

v7.0.1

Labels

Clear labels   

Area: API

  

Area: Campaigns

  

Area: Cases

  

Area: Clean Up

  

Area: Clean Up: Performance

  

Area: Dashlets

  

Area: Databases

  

Area: Developer Tools

  

Area: Elasticsearch

  

Area: Elasticsearch

  

Area: Emails

  

Area: Emails:Campaigns

  

Area: Emails:Cases

  

Area: Emails:Compose

  

Area: Emails:Config

  

Area: Emails:Templates

  

Area: Environment

  

Area: Installation

  

Area: Language

  

Area: Mobile

  

Area: Module

  

Area: PDFs

  

Area: PHP8

  

Area: Reports

  

Area: Studio

  

Area: Styling

  

Area: Upgrading

  

Area: Workflow

  

Area:Activity Stream

  

Area:Calls

  

Area:Import

  

Area:Projects

  

Area:Search

  

Area:Surveys

  

Area:Themes

  

Area:Users

  

Branch:Hotfix

  

Good First Issue

  

Hacktoberfest

  

Help Wanted

  

PR:Community Contribution

  

PR:Type:Enhancement

  

Priority:Critical

  

Priority:Important

  

Priority:Moderate

  

Severity: Major

  

Severity: Minor

  

Severity: Moderate

  

Status: Requires Code Review

  

Status: Requires Updates

  

Status: Stale

  

Status: Team Investigating

  

Status:Assessed

  

Status:Fix Proposed

  

Status:Needs Assessed

  

Status:Requires Automated Tests

  

Type: Bug

  

Type:Deprecated

  

Type:Discussion

  

Type:Duplicate

  

Type:Invalid

  

Type:Question

  

Type:Suggestion

  

Type:Suggestion

No labels

Area: API

Area: Campaigns

Area: Cases

Area: Clean Up

Area: Clean Up: Performance

Area: Dashlets

Area: Databases

Area: Developer Tools

Area: Elasticsearch

Area: Elasticsearch

Area: Emails

Area: Emails:Campaigns

Area: Emails:Cases

Area: Emails:Compose

Area: Emails:Config

Area: Emails:Templates

Area: Environment

Area: Installation

Area: Language

Area: Mobile

Area: Module

Area: PDFs

Area: PHP8

Area: Reports

Area: Studio

Area: Styling

Area: Upgrading

Area: Workflow

Area:Activity Stream

Area:Calls

Area:Import

Area:Projects

Area:Search

Area:Surveys

Area:Themes

Area:Users

Branch:Hotfix

Good First Issue

Hacktoberfest

Help Wanted

PR:Community Contribution

PR:Type:Enhancement

Priority:Critical

Priority:Important

Priority:Moderate

Severity: Major

Severity: Minor

Severity: Moderate

Status: Requires Code Review

Status: Requires Updates

Status: Stale

Status: Team Investigating

Status:Assessed

Status:Fix Proposed

Status:Needs Assessed

Status:Requires Automated Tests

Type: Bug

Type:Deprecated

Type:Discussion

Type:Duplicate

Type:Invalid

Type:Question

Type:Suggestion

Type:Suggestion

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/SuiteCRM-SuiteCRM#5178

No description provided.