From 68b107ceb06ac51085871f371c7fc21c57e725fc Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Fri, 9 Aug 2019 07:38:06 +1000
Subject: [PATCH] security/core#65 Fix Display of Report title that contains
 XSS in it when shown on dashboard

---
 CRM/Core/BAO/Dashboard.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CRM/Core/BAO/Dashboard.php b/CRM/Core/BAO/Dashboard.php
index a94154d178..a7aa6dde23 100644
--- a/CRM/Core/BAO/Dashboard.php
+++ b/CRM/Core/BAO/Dashboard.php
@@ -161,7 +161,7 @@ class CRM_Core_BAO_Dashboard extends CRM_Core_DAO_Dashboard {
       $data[$item['column_no']][] = [
         'id' => (int) $item['dashboard_id'],
         'name' => $item['name'],
-        'title' => $item['label'],
+        'title' => CRM_Utils_String::purifyHtml($item['label']),
         'url' => self::parseUrl($item['url']),
         'cacheMinutes' => $item['cache_minutes'],
         'fullscreenUrl' => self::parseUrl($item['fullscreen_url']),
-- 
2.25.1