sec(Calendar) XSS in Subject of To Dos. https://huntr.dev/bounties/bc…

…19b4db-6491-411d-bf58-76e40d18639e
tsolucio · Oct 17, 2021 · 1b9c86b · 1b9c86b
1 parent cd89d97
commit 1b9c86b
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 6 deletions.
diff --git a/Smarty/templates/Buttons_List.tpl b/Smarty/templates/Buttons_List.tpl
@@ -63,7 +63,7 @@
 									{if !empty($isDetailView) || !empty($isEditView)}
 									<span class="slds-page-header__title slds-truncate" title="{$MODULELABEL|@addslashes}">
 										<span class="slds-page-header__name-meta">[ {$TITLEPREFIX} ]</span>
-										{$MODULELABEL|textlength_check}
+										{$MODULELABEL}
 									</span>
 									{else}
 									<a class="hdrLink"

diff --git a/include/utils/utils.php b/include/utils/utils.php
@@ -691,7 +691,9 @@ function decide_to_html() {
 	$action = vtlib_purify($request['action']);
 	$search = vtlib_purify($request['search']);
 	$ajax_action = '';
-	if ($request['module'] != 'Settings' && $request['file'] != 'ListView' && $request['module'] != 'Portal' && $request['module'] != 'Reports') {
+	if ($request['file']!='ActivityReminderCallbackAjax' && $request['module']!='Settings' && $request['file']!='ListView'
+		&& $request['module']!='Portal' && $request['module']!='Reports'
+	) {
 		$ajax_action = $request['module'].'Ajax';
 	}
 	if (($action != 'CustomView' && $action != 'Export' && $action != $ajax_action && $action != 'LeadConvertToEntities' && $action != 'CreatePDF'

diff --git a/modules/cbCalendar/ActivityReminderCallbackAjax.php b/modules/cbCalendar/ActivityReminderCallbackAjax.php
@@ -176,10 +176,10 @@ function printToDoList($activities_reminder) {
 		$smarty->assign('TASKItemRead', $ACTIVITY['cbreaded']);
 		$smarty->assign('TASKImage', $ACTIVITY['activityimage']);
 		$smarty->assign('TASKType', $ACTIVITY['activitytype']);
-		$smarty->assign('TASKTitle', $ACTIVITY['cbsubject']);
-		$smarty->assign('TASKSubtitle', $ACTIVITY['activitytype'].' - '.$ACTIVITY['cbstatus']);
-		$smarty->assign('TASKSubtitleColor', $ACTIVITY['cbcolor']);
-		$smarty->assign('TASKStatus', $ACTIVITY['cbdate'].' '.$ACTIVITY['cbtime']);
+		$smarty->assign('TASKTitle', vtlib_purify($ACTIVITY['cbsubject']));
+		$smarty->assign('TASKSubtitle', vtlib_purify($ACTIVITY['activitytype'].' - '.$ACTIVITY['cbstatus']));
+		$smarty->assign('TASKSubtitleColor', vtlib_purify($ACTIVITY['cbcolor']));
+		$smarty->assign('TASKStatus', vtlib_purify($ACTIVITY['cbdate'].' '.$ACTIVITY['cbtime']));
 		$actions = array();
 		$actions[getTranslatedString('LBL_VIEW', 'Settings')] = array(
 			'type' => 'link',