Security: Refactor hidden input generation using Display::input

Replaced manual HTML string construction with the Display::input method for hidden inputs. This improves code readability, maintainability, and aligns with existing utility usage. Security measures with Security::remove_XSS remain intact.

See advisory GHSA-7p5f-34rx-49h8

Author: AngelFQC

main/inc/lib/sortable_table.class.php

@@ -444,12 +444,18 @@ class="form-search"
             foreach ($this->additional_parameters as $key => $value) {
                 if (is_array($value)) {
                     foreach ($value as $subKey => $subValue) {
-                        $html .= '<input type="hidden" name ="'.Security::remove_XSS($subKey).'" value ="'
-                            .Security::remove_XSS($subValue).'" />';
+                        $html .= Display::input(
+                            'hidden',
+                            Security::remove_XSS($subKey),
+                            Security::remove_XSS($subValue)
+                        );
                     }
                 } else {
-                    $html .= '<input type="hidden" name ="'.Security::remove_XSS($key).'" value ="'
-                        .Security::remove_XSS($value).'" />';
+                    $html .= Display::input(
+                        'hidden',
+                        Security::remove_XSS($key),
+                        Security::remove_XSS($value)
+                    );
                 }
             }
         }