From 8675aa82df9bab2ac13b6632ce9fb03c0ad856d9 Mon Sep 17 00:00:00 2001
From: Jeroen Peelaerts <jeroen.peelaerts@gmail.com>
Date: Wed, 21 Jul 2021 23:13:00 +0200
Subject: [PATCH] Attribute value encoding fix (#3241)

---
 application/controllers/Attributes.php | 16 ++++++++++++----
 application/views/attributes/form.php  |  4 ++--
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/application/controllers/Attributes.php b/application/controllers/Attributes.php
index c9e224fba..3527dafd8 100644
--- a/application/controllers/Attributes.php
+++ b/application/controllers/Attributes.php
@@ -42,16 +42,24 @@ class Attributes extends Secure_Controller
 		echo json_encode(array('total' => $total_rows, 'rows' => $data_rows));
 	}
 
-	public function save_attribute_value($attribute_value)
+	public function save_attribute_value()
 	{
-		$success = $this->Attribute->save_value(urldecode($attribute_value), $this->input->post('definition_id'), $this->input->post('item_id'), $this->input->post('attribute_id'));
+		$success = $this->Attribute->save_value(
+			$this->input->post('attribute_value'),
+			$this->input->post('definition_id'),
+			$this->input->post('item_id'),
+			$this->input->post('attribute_id')
+		);
 
 		echo json_encode(array('success' => $success != 0));
 	}
 
-	public function delete_attribute_value($attribute_value)
+	public function delete_attribute_value()
 	{
-		$success = $this->Attribute->delete_value($attribute_value, $this->input->post('definition_id'));
+		$success = $this->Attribute->delete_value(
+			$this->input->post('attribute_value'),
+			$this->input->post('definition_id')
+		);
 
 		echo json_encode(array('success' => $success));
 	}
diff --git a/application/views/attributes/form.php b/application/views/attributes/form.php
index c15f386bf..c36266a74 100644
--- a/application/views/attributes/form.php
+++ b/application/views/attributes/form.php
@@ -147,7 +147,7 @@ $(document).ready(function()
 		}
 		else
 		{
-			$.post('<?php echo site_url($controller_name . "/delete_attribute_value/");?>' + escape(value), {definition_id: definition_id});
+			$.post('<?php echo site_url($controller_name . "/delete_attribute_value/");?>', {definition_id: definition_id, attribute_value: value});
 		}
 		$(this).parents("li").remove();
 	};
@@ -176,7 +176,7 @@ $(document).ready(function()
 			}
 			else
 			{
-				$.post('<?php echo site_url("attributes/save_attribute_value/");?>' + escape(value), {definition_id: definition_id});
+				$.post('<?php echo site_url("attributes/save_attribute_value/");?>', {definition_id: definition_id, attribute_value: value});
 			}
 		}