From 34f45c58bf3ce2b5505d8768ac684b26f027740d Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Fri, 29 May 2020 17:17:04 +1000
Subject: [PATCH] security/core#78 Purify HTML of activity details field when
 viewing the activity

---
 CRM/Activity/Form/Activity.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CRM/Activity/Form/Activity.php b/CRM/Activity/Form/Activity.php
index afaaffac73..329e330960 100644
--- a/CRM/Activity/Form/Activity.php
+++ b/CRM/Activity/Form/Activity.php
@@ -503,6 +503,7 @@ class CRM_Activity_Form_Activity extends CRM_Contact_Form_Task {
     }
 
     if ($this->_action & CRM_Core_Action::VIEW) {
+      $this->_values['details'] = CRM_Utils_String::purifyHtml($this->_values['details']);
       $url = CRM_Utils_System::url(implode("/", $this->urlPath), "reset=1&id={$this->_activityId}&action=view&cid={$this->_values['source_contact_id']}");
       CRM_Utils_Recent::add(CRM_Utils_Array::value('subject', $this->_values, ts('(no subject)')),
         $url,
-- 
2.25.1