if ($bConvert) {
$bVarsFromForm = true;
} else {
if ($bProcessPost) {
$bVarsFromForm = true;
if (isset($_POST['save']) || isset($_POST['saveAndView']) || isset($_POST['saveAndAdd']) || isset($_POST['apply']) || $bAjaxSubmit) {
//Check entities access -->
$quoteID = isset($_POST['UF_QUOTE_ID']) ? intval($_POST['UF_QUOTE_ID']) : 0;
if ($quoteID > 0 && !CCrmQuote::CheckReadPermission($quoteID)) {
$quoteID = 0;
}
$dealID = isset($_POST['UF_DEAL_ID']) ? intval($_POST['UF_DEAL_ID']) : 0;
if ($dealID > 0 && !CCrmDeal::CheckReadPermission($dealID)) {
$dealID = 0;
}
$info = CCrmInvoice::__GetCompanyAndContactFromPost($_POST);
$companyID = $info['COMPANY'];
if ($companyID > 0 && !CCrmCompany::CheckReadPermission($companyID)) {
$companyID = 0;
}
$contactID = $info['CONTACT'];
if ($contactID > 0 && !CCrmContact::CheckReadPermission($contactID)) {
$contactID = 0;
}
unset($info);
//<-- Check entities access
$comments = trim($_POST['COMMENTS']);
$bSanitizeComments = $comments !== '' && strpos($comments, '<');
$userDescription = trim($_POST['USER_DESCRIPTION']);
$bSanitizeUserDescription = $userDescription !== '' && strpos($userDescription, '<');
if ($bSanitizeComments || $bSanitizeUserDescription) {
