From df1438ea040f9bb81900ed397c21fce6fb8b046c Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Mon, 7 Feb 2022 02:13:59 +0900
Subject: [PATCH] Move XSS filtering before multilang juggling

---
 modules/document/document.controller.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index 1fd83bc64..c3507e79e 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -903,6 +903,12 @@ class documentController extends document
 			$obj->content = getModel('editor')->converter($obj, 'document');
 		}
 		
+		// Remove iframe and script if not a top adminisrator in the session.
+		if($logged_info->is_admin != 'Y')
+		{
+			$obj->content = removeHackTag($obj->content);
+		}
+
 		// Change not extra vars but language code of the original document if document's lang_code is different from author's setting.
 		if($source_obj->get('lang_code') != Context::getLangType())
 		{
@@ -928,12 +934,6 @@ class documentController extends document
 			}
 		}
 
-		// Remove iframe and script if not a top adminisrator in the session.
-		if($logged_info->is_admin != 'Y')
-		{
-			$obj->content = removeHackTag($obj->content);
-		}
-
 		// if temporary document, regdate is now setting
 		if($source_obj->get('status') == $this->getConfigStatus('temp')) $obj->regdate = date('YmdHis');