From: Seamus Lee Date: Wed, 5 Aug 2020 20:31:22 +0000 (+1000) Subject: security/core#95 Purify Summary and description fields for events on the event info... X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=09adb67dbff4bb27fd3bf8baf508573725a7766e;p=civicrm-core.git security/core#95 Purify Summary and description fields for events on the event info and event cart screens --- diff --git a/templates/CRM/Event/Page/EventInfo.tpl b/templates/CRM/Event/Page/EventInfo.tpl index 38a9beaba2..4b858973e4 100644 --- a/templates/CRM/Event/Page/EventInfo.tpl +++ b/templates/CRM/Event/Page/EventInfo.tpl @@ -89,12 +89,12 @@ {if $event.summary}
- {$event.summary} + {$event.summary|purify}
{/if} {if $event.description}
- {$event.description} + {$event.description|purify}
{/if}
diff --git a/templates/CRM/Event/Page/List.tpl b/templates/CRM/Event/Page/List.tpl index e5f5fa182f..4cbf20b541 100644 --- a/templates/CRM/Event/Page/List.tpl +++ b/templates/CRM/Event/Page/List.tpl @@ -30,7 +30,7 @@ {foreach from=$events key=uid item=event} {$event.title} - {if $event.summary}{$event.summary} ({ts}read more{/ts}...){else} {/if} + {if $event.summary}{$event.summary|purify} ({ts}read more{/ts}...){else} {/if} {if $event.start_date}{$event.start_date|crmDate}{if $event.end_date}
{ts}through{/ts}
{strip} {* Only show end time if end date = start date *}