From 09d59cb41535903ff3fe10192a895dbf4a01ac6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9CKomal?= <“komal_m@tekditechnologies.com”>
Date: Tue, 8 May 2018 18:21:37 +0530
Subject: [PATCH 1/3] Bug #126919 fix: In activity stream Avoid XSS attack

---
 src/admin/models/activities.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/admin/models/activities.php b/src/admin/models/activities.php
index 9622992..206f96e 100755
--- a/src/admin/models/activities.php
+++ b/src/admin/models/activities.php
@@ -140,6 +140,9 @@ public function getItems()
 		{
 			foreach ($items as $k => $item)
 			{
+				// Avoid XSS attack
+				$item->formatted_text = htmlspecialchars($item->formatted_text, ENT_COMPAT, 'UTF-8');
+
 				// Get date in local time zone
 				$item->created_date = JHtml::date($item->created_date, 'Y-m-d h:i:s');
 				$item->updated_date = JHtml::date($item->updated_date, 'Y-m-d h:i:s');

From 1789e44cbb1315811a71027da933336ccc41536c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9CKomal?= <“komal_m@tekditechnologies.com”>
Date: Tue, 8 May 2018 18:24:20 +0530
Subject: [PATCH 2/3] Bug #126919 fix: In activity stream Avoid XSS attack

---
 src/admin/models/activities.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/admin/models/activities.php b/src/admin/models/activities.php
index 206f96e..1322a40 100755
--- a/src/admin/models/activities.php
+++ b/src/admin/models/activities.php
@@ -141,7 +141,10 @@ public function getItems()
 			foreach ($items as $k => $item)
 			{
 				// Avoid XSS attack
-				$item->formatted_text = htmlspecialchars($item->formatted_text, ENT_COMPAT, 'UTF-8');
+				if ($item->formatted_text)
+				{
+					$item->formatted_text = htmlspecialchars($item->formatted_text, ENT_COMPAT, 'UTF-8');
+				}
 
 				// Get date in local time zone
 				$item->created_date = JHtml::date($item->created_date, 'Y-m-d h:i:s');

From c22bb05119f4db29f8009747d8457ed1060d3a61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9CKomal?= <“komal_m@tekditechnologies.com”>
Date: Tue, 15 May 2018 11:08:06 +0530
Subject: [PATCH 3/3] Bug #126919 fix: In activity stream Avoid XSS attack

---
 src/admin/models/activities.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/admin/models/activities.php b/src/admin/models/activities.php
index 1322a40..63145c1 100755
--- a/src/admin/models/activities.php
+++ b/src/admin/models/activities.php
@@ -43,6 +43,7 @@ public function __construct($config = array())
 			);
 		}
 
+		$this->filter = JFilterInput::getInstance();
 		parent::__construct($config);
 	}
 
@@ -143,7 +144,7 @@ public function getItems()
 				// Avoid XSS attack
 				if ($item->formatted_text)
 				{
-					$item->formatted_text = htmlspecialchars($item->formatted_text, ENT_COMPAT, 'UTF-8');
+					$item->formatted_text = $this->filter->clean($item->formatted_text);
 				}
 
 				// Get date in local time zone