From 1b9c86ba1e97970d556e6e8ffd9f26d4c4c324fb Mon Sep 17 00:00:00 2001
From: joebordes <joe@tsolucio.com>
Date: Mon, 18 Oct 2021 01:41:59 +0200
Subject: [PATCH] sec(Calendar) XSS in Subject of To Dos.
 https://huntr.dev/bounties/bc19b4db-6491-411d-bf58-76e40d18639e

---
 Smarty/templates/Buttons_List.tpl                   | 2 +-
 include/utils/utils.php                             | 4 +++-
 modules/cbCalendar/ActivityReminderCallbackAjax.php | 8 ++++----
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/Smarty/templates/Buttons_List.tpl b/Smarty/templates/Buttons_List.tpl
index 7ae6a6bb23..3c1d449b11 100644
--- a/Smarty/templates/Buttons_List.tpl
+++ b/Smarty/templates/Buttons_List.tpl
@@ -63,7 +63,7 @@
 									{if !empty($isDetailView) || !empty($isEditView)}
 									<span class="slds-page-header__title slds-truncate" title="{$MODULELABEL|@addslashes}">
 										<span class="slds-page-header__name-meta">[ {$TITLEPREFIX} ]</span>
-										{$MODULELABEL|textlength_check}
+										{$MODULELABEL}
 									</span>
 									{else}
 									<a class="hdrLink"
diff --git a/include/utils/utils.php b/include/utils/utils.php
index 7321f26197..529dbafe08 100644
--- a/include/utils/utils.php
+++ b/include/utils/utils.php
@@ -691,7 +691,9 @@ function decide_to_html() {
 	$action = vtlib_purify($request['action']);
 	$search = vtlib_purify($request['search']);
 	$ajax_action = '';
-	if ($request['module'] != 'Settings' && $request['file'] != 'ListView' && $request['module'] != 'Portal' && $request['module'] != 'Reports') {
+	if ($request['file']!='ActivityReminderCallbackAjax' && $request['module']!='Settings' && $request['file']!='ListView'
+		&& $request['module']!='Portal' && $request['module']!='Reports'
+	) {
 		$ajax_action = $request['module'].'Ajax';
 	}
 	if (($action != 'CustomView' && $action != 'Export' && $action != $ajax_action && $action != 'LeadConvertToEntities' && $action != 'CreatePDF'
diff --git a/modules/cbCalendar/ActivityReminderCallbackAjax.php b/modules/cbCalendar/ActivityReminderCallbackAjax.php
index cde68aeccc..7a46524310 100644
--- a/modules/cbCalendar/ActivityReminderCallbackAjax.php
+++ b/modules/cbCalendar/ActivityReminderCallbackAjax.php
@@ -176,10 +176,10 @@ function printToDoList($activities_reminder) {
 		$smarty->assign('TASKItemRead', $ACTIVITY['cbreaded']);
 		$smarty->assign('TASKImage', $ACTIVITY['activityimage']);
 		$smarty->assign('TASKType', $ACTIVITY['activitytype']);
-		$smarty->assign('TASKTitle', $ACTIVITY['cbsubject']);
-		$smarty->assign('TASKSubtitle', $ACTIVITY['activitytype'].' - '.$ACTIVITY['cbstatus']);
-		$smarty->assign('TASKSubtitleColor', $ACTIVITY['cbcolor']);
-		$smarty->assign('TASKStatus', $ACTIVITY['cbdate'].' '.$ACTIVITY['cbtime']);
+		$smarty->assign('TASKTitle', vtlib_purify($ACTIVITY['cbsubject']));
+		$smarty->assign('TASKSubtitle', vtlib_purify($ACTIVITY['activitytype'].' - '.$ACTIVITY['cbstatus']));
+		$smarty->assign('TASKSubtitleColor', vtlib_purify($ACTIVITY['cbcolor']));
+		$smarty->assign('TASKStatus', vtlib_purify($ACTIVITY['cbdate'].' '.$ACTIVITY['cbtime']));
 		$actions = array();
 		$actions[getTranslatedString('LBL_VIEW', 'Settings')] = array(
 			'type' => 'link',