From c03a12dbe1902eb30e7d01626f1d990c4e618230 Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Tue, 1 Mar 2022 15:52:47 +1100
Subject: [PATCH] security/core#114 Fix Stored XSS in event title field

---
 CRM/Utils/System.php                       | 2 +-
 templates/CRM/Event/Form/Selector.tpl      | 4 ++--
 templates/CRM/Event/Page/ManageEvent.tpl   | 2 +-
 templates/CRM/Report/Form/Event/Income.tpl | 2 +-
 templates/CRM/Report/Form/Layout/Table.tpl | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/CRM/Utils/System.php b/CRM/Utils/System.php
index 8d57b5bed9..5570eff8cb 100644
--- a/CRM/Utils/System.php
+++ b/CRM/Utils/System.php
@@ -482,7 +482,7 @@ class CRM_Utils_System {
   public static function setTitle($title, $pageTitle = NULL) {
     self::$title = $title;
     $config = CRM_Core_Config::singleton();
-    return $config->userSystem->setTitle($title, $pageTitle);
+    return $config->userSystem->setTitle(CRM_Utils_String::purifyHtml($title), CRM_Utils_String::purifyHtml($pageTitle));
   }
 
   /**
diff --git a/templates/CRM/Event/Form/Selector.tpl b/templates/CRM/Event/Form/Selector.tpl
index 1461fc4d53..9ee1cd8cc6 100644
--- a/templates/CRM/Event/Form/Selector.tpl
+++ b/templates/CRM/Event/Form/Selector.tpl
@@ -40,10 +40,10 @@
             <td>{$form.$cbName.html}</td>
         {/if}
   <td class="crm-participant-contact_type">{$row.contact_type}</td>
-      <td class="crm-participant-sort_name"><a href="{crmURL p='civicrm/contact/view' q="reset=1&cid=`$row.contact_id`"}" title="{ts}View contact record{/ts}">{$row.sort_name}</a></td>
+      <td class="crm-participant-sort_name"><a href="{crmURL p='civicrm/contact/view' q="reset=1&cid=`$row.contact_id`"}" title="{ts}View contact record{/ts}">{$row.sort_name|smarty:nodefaults|purify}</a></td>
     {/if}
 
-    <td class="crm-participant-event_title"><a href="{crmURL p='civicrm/event/info' q="id=`$row.event_id`&reset=1"}" title="{ts}View event info page{/ts}">{$row.event_title}</a>
+    <td class="crm-participant-event_title"><a href="{crmURL p='civicrm/event/info' q="id=`$row.event_id`&reset=1"}" title="{ts}View event info page{/ts}">{$row.event_title|smarty:nodefaults|purify}</a>
         {if !empty($contactId)}<br /><a href="{crmURL p='civicrm/event/search' q="reset=1&force=1&event=`$row.event_id`"}" title="{ts}List participants for this event (all statuses){/ts}">({ts}participants{/ts})</a>{/if}
     </td>
     {assign var="participant_id" value=$row.participant_id}
diff --git a/templates/CRM/Event/Page/ManageEvent.tpl b/templates/CRM/Event/Page/ManageEvent.tpl
index c69aa9943f..8451f3eae4 100644
--- a/templates/CRM/Event/Page/ManageEvent.tpl
+++ b/templates/CRM/Event/Page/ManageEvent.tpl
@@ -55,7 +55,7 @@
           <tr id="event-{$row.id}" class="crm-entity {if NOT $row.is_active} disabled{/if}">
           <td class="crm-event_{$row.id}">
             <a href="{crmURL p='civicrm/event/info' q="id=`$row.id`&reset=1"}"
-               title="{ts}View event info page{/ts}" class="bold">{$row.title}</a>&nbsp;&nbsp;({ts}ID:{/ts} {$row.id})<br/>
+               title="{ts}View event info page{/ts}" class="bold">{$row.title|smarty:nodefaults|purify}</a>&nbsp;&nbsp;({ts}ID:{/ts} {$row.id})<br/>
                <span><b>{$row.repeat}</b></span>
           </td>
           <td class="crm-event-city">{$row.city}</td>
diff --git a/templates/CRM/Report/Form/Event/Income.tpl b/templates/CRM/Report/Form/Event/Income.tpl
index 7f5446882a..25072c85c5 100644
--- a/templates/CRM/Report/Form/Event/Income.tpl
+++ b/templates/CRM/Report/Form/Event/Income.tpl
@@ -31,7 +31,7 @@
                           {if $keys == 'Title'}
                               <tr>
                                         <th>{$keys}</th>
-                                        <th colspan="3">{$values}</th>
+                                        <th colspan="3">{$values|smarty:nodefaults|purify}</th>
                                     </tr>
                                 {else}
                                     <tr class="{cycle values="odd-row,even-row"} crm-report crm-report_event_summary" id="crm-report_{$eventID}_summary_{$keys}">
diff --git a/templates/CRM/Report/Form/Layout/Table.tpl b/templates/CRM/Report/Form/Layout/Table.tpl
index c95d9a3d08..a0ffd69822 100644
--- a/templates/CRM/Report/Form/Layout/Table.tpl
+++ b/templates/CRM/Report/Form/Layout/Table.tpl
@@ -127,7 +127,7 @@
                                 <span class="nowrap">{$row.$field|crmMoney}</span>
                            {/if}
                         {else}
-                            {$row.$field}
+                            {$row.$field|smarty:nodefaults|purify}
                         {/if}
 
                         {if array_key_exists($fieldLink, $row) && $row.$fieldLink}</a>{/if}
-- 
2.25.1