security/core#95 Purify Summary and description fields for events on the event info...

diff --git a/templates/CRM/Event/Page/EventInfo.tpl b/templates/CRM/Event/Page/EventInfo.tpl
index 38a9beaba2c67a1186a7924e614cf4c2e065f111..4b858973e4d9e609b379e664a5cfec1332269451 100644 (file)
--- a/templates/CRM/Event/Page/EventInfo.tpl
+++ b/templates/CRM/Event/Page/EventInfo.tpl
@@ -89,12 +89,12 @@
 
   {if $event.summary}
       <div class="crm-section event_summary-section">
-        {$event.summary}
+        {$event.summary|purify}
       </div>
   {/if}
   {if $event.description}
       <div class="crm-section event_description-section summary">
-          {$event.description}
+          {$event.description|purify}
       </div>
   {/if}
   <div class="clear"></div>

diff --git a/templates/CRM/Event/Page/List.tpl b/templates/CRM/Event/Page/List.tpl
index e5f5fa182f19c98b3c0ea81d370162e0ef5bc0aa..4cbf20b541d3734812f51880f39a0e87fb6880bd 100644 (file)
--- a/templates/CRM/Event/Page/List.tpl
+++ b/templates/CRM/Event/Page/List.tpl
@@ -30,7 +30,7 @@
     {foreach from=$events key=uid item=event}
       <tr class="{cycle values="odd-row,even-row"} {$row.class}">
         <td><a href="{crmURL p='civicrm/event/info' q="reset=1&id=`$event.event_id`"}" title="{ts}read more{/ts}"><strong>{$event.title}</strong></a></td>
-        <td>{if $event.summary}{$event.summary} (<a href="{crmURL p='civicrm/event/info' q="reset=1&id=`$event.event_id`"}" title="{ts}details...{/ts}">{ts}read more{/ts}...</a>){else}&nbsp;{/if}</td>
+        <td>{if $event.summary}{$event.summary|purify} (<a href="{crmURL p='civicrm/event/info' q="reset=1&id=`$event.event_id`"}" title="{ts}details...{/ts}">{ts}read more{/ts}...</a>){else}&nbsp;{/if}</td>
         <td class="nowrap" data-order="{$event.start_date|crmDate:'%Y-%m-%d'}">
           {if $event.start_date}{$event.start_date|crmDate}{if $event.end_date}<br /><em>{ts}through{/ts}</em><br />{strip}
             {* Only show end time if end date = start date *}