Fixed issue [security] #16068: Stored Cross Site Scripting Vulnerabil…

…ity in permission rules. (Thanks to Matthew Aberegg)

application/controllers/admin/PermissiontemplatesController.php

@@ -83,6 +83,10 @@ public function applyedit()
         $aPermissiontemplate = Yii::app()->request->getPost('Permissiontemplates');
         $model = $this->loadModel($aPermissiontemplate['ptid']);
 
+        // XSS filter
+        $aPermissiontemplate['name'] = CHtml::encode($aPermissiontemplate['name']);
+        $aPermissiontemplate['description'] = CHtml::encode($aPermissiontemplate['description']);
+
         $newAttributes = array_merge($model->attributes, $aPermissiontemplate);
         $model->attributes = $newAttributes;