diff --git a/app/Controllers/Items.php b/app/Controllers/Items.php
index f6203d87c..5d9088b99 100644
--- a/app/Controllers/Items.php
+++ b/app/Controllers/Items.php
@@ -618,7 +618,7 @@ class Items extends Secure_Controller
// Save item data
$item_data = [
'name' => $this->request->getPost('name'),
- 'description' => $this->request->getPost('description'),
+ 'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'category' => $this->request->getPost('category'),
'item_type' => $item_type,
'stock_type' => $this->request->getPost('stock_type') === null ? HAS_STOCK : intval($this->request->getPost('stock_type')),
diff --git a/app/Views/receivings/receiving.php b/app/Views/receivings/receiving.php
index 2fce3f898..7a39ab682 100644
--- a/app/Views/receivings/receiving.php
+++ b/app/Views/receivings/receiving.php
@@ -215,15 +215,15 @@ if (isset($success)) {
'class' => 'form-control input-sm',
'value' => $item['description']
]);
- } else {
- if ($item['description'] != '') { // TODO: !==?
- echo $item['description'];
- echo form_hidden('description', $item['description']);
} else {
- echo '' . lang('Sales.no_description') . '';
- echo form_hidden('description', '');
+ if ($item['description'] != '') { // TODO: !==?
+ echo esc($item['description']);
+ echo form_hidden('description', $item['description']);
+ } else {
+ echo '' . lang('Sales.no_description') . '';
+ echo form_hidden('description', '');
+ }
}
- }
?>
|