security/core#78 Purify HTML of activity details field when viewing the activity

author Seamus Lee <seamuslee001@gmail.com>

Fri, 29 May 2020 07:17:04 +0000 (17:17 +1000)

committer Seamus Lee <seamuslee001@gmail.com>

Wed, 19 Aug 2020 06:16:45 +0000 (16:16 +1000)
author Seamus Lee <seamuslee001@gmail.com>
Fri, 29 May 2020 07:17:04 +0000 (17:17 +1000)
committer Seamus Lee <seamuslee001@gmail.com>
Wed, 19 Aug 2020 06:16:45 +0000 (16:16 +1000)
diff --git a/CRM/Activity/Form/Activity.php b/CRM/Activity/Form/Activity.php

index afaaffac73ac6b7a2eb3fa122a4770008d9171aa..329e330960674c16ecba3fbbb74c1fcc253934ca 100644 (file)
--- a/CRM/Activity/Form/Activity.php
+++ b/CRM/Activity/Form/Activity.php
@@ -503,6 +503,7 @@ class CRM_Activity_Form_Activity extends CRM_Contact_Form_Task {
      }
  
      if ($this->_action & CRM_Core_Action::VIEW) {
+      $this->_values['details'] = CRM_Utils_String::purifyHtml($this->_values['details']);
        $url = CRM_Utils_System::url(implode("/", $this->urlPath), "reset=1&id={$this->_activityId}&action=view&cid={$this->_values['source_contact_id']}");
        CRM_Utils_Recent::add(CRM_Utils_Array::value('subject', $this->_values, ts('(no subject)')),
          $url,
author	Seamus Lee <seamuslee001@gmail.com>
	Fri, 29 May 2020 07:17:04 +0000 (17:17 +1000)
committer	Seamus Lee <seamuslee001@gmail.com>
	Wed, 19 Aug 2020 06:16:45 +0000 (16:16 +1000)