Filtering Bug (PHP Code Passed)

[juncelcarreon]

Issue

I was copy pasting some PHP data beforehand and was trying to search for a Lead afterwards.

I was copying a lead name and immediately entered to search. What I checked by the time that it was already loading trying to search, is that in the input field the one that I copied is actually the PHP data I tried to copy beforehand

Expected Behavior

The behavior should have been this:

Actual Behavior

The PHP Code that I accidentally copied is now the ones showing on the Lead List View Page.

Possible Fix

For now the way I restored it is just use this URL: _http://mycrm.com/index.php?action=index&module=Leads&searchFormTab=advanced_search&query=true&clear_query=true_

Steps to Reproduce

1. Goto any Module (Mine is the Leads)
2. Click on the Filter
3. Copy a certain code (Mine is a PHP Code)

Context

I believe this is just a rarity (I think). Not really affecting me that much since I found a solution to reset it.

Your Environment

• SuiteCRM Version used: 7.11.21
• Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Chrome
• Environment name and version (e.g. MySQL, PHP 7): 7.4.27
• Operating System and version (e.g Ubuntu 16.04): CentOs 7

[chris001]

The code must sanitize the user input in the search box. This is required to fix this code injection vulnerability.