Fix a form injection problem with the EMS. Addresses bug #11773.

docs/changelog/7.x.x.txt

@@ -2,6 +2,7 @@
  - fixed #11903: Unnecessary debug in Thingy
  - fixed #11908: Inbox messages linger after deleting a user
  - fixed #11909: Wrong message count in the inbox
+ - fixed #11773: Form injection in the EMS event ordering code.
 
 7.10.2
  - fixed #11884: Editing Templates impossible / Code editor not loaded

lib/WebGUI/Asset/Wobject/EventManagementSystem.pm

@@ -2456,7 +2456,8 @@ Method to move an event down one position in display order
 sub www_moveEventMetaFieldDown {
 	my $self = shift;
 	return $self->session->privilege->insufficient unless ($self->canEdit);
-	$self->moveCollateralDown('EMSEventMetaField', 'fieldId', $self->session->form->get("fieldId"));
+    my $fieldId = $self->session->form->get("fieldId");
+	$self->moveCollateralDown('EMSEventMetaField', 'fieldId', $fieldId);
 	return $self->www_manageEventMetaFields;
 }
 
@@ -2471,7 +2472,8 @@ Method to move an event metdata field up one position in display order
 sub www_moveEventMetaFieldUp {
 	my $self = shift;
 	return $self->session->privilege->insufficient unless ($self->canEdit);
-	$self->moveCollateralUp('EMSEventMetaField', 'fieldId', $self->session->form->get("fieldId"));
+    my $fieldId = $self->session->form->get("fieldId");
+	$self->moveCollateralUp('EMSEventMetaField', 'fieldId', $fieldId);
 	return $self->www_manageEventMetaFields;
 }