Fixes: Setting default values to save automatically with the record when it's saved from quick create

modules/Events/actions/SaveAjax.php

@@ -160,6 +160,26 @@ class Events_SaveAjax_Action extends Events_Save_Action {
 			$this->setRecurrenceInfo($recordModel);
 		}
 
+		$moduleName = $request->getModule();
+		$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
+		$fieldModelList = $moduleModel->getFields();
+		foreach ($fieldModelList as $fieldName => $fieldModel) {
+			
+			if ($request->has($fieldName)) {
+				$fieldValue = $request->get($fieldName, null);
+			} else {
+				$fieldValue = $fieldModel->getDefaultFieldValue();
+			}
+			$fieldValue = $this->purifyCkeditorField($fieldName, $fieldValue);
+			if ($fieldValue !== null) {
+				if (!is_array($fieldValue)) {
+					$fieldValue = trim($fieldValue);
+				}
+				$fieldValue = Vtiger_Util_Helper::validateFieldValue($fieldValue, $fieldModel);
+				$recordModel->set($fieldName, $fieldValue);
+			}
+		}
+
 		$startDate = $request->get('date_start');
 		if (!empty($startDate)) {
 			//Start Date and Time values
@@ -214,4 +234,14 @@ class Events_SaveAjax_Action extends Events_Save_Action {
 		return $recordModel;
 	}
 
+	public function purifyCkeditorField($fieldName, $fieldValue) {
+        $ckeditorFields = array('commentcontent', 'notecontent', 'signature');
+        if((in_array($fieldName, $ckeditorFields)) && $fieldValue !== null){
+            $purifiedContent = vtlib_purify(decode_html($fieldValue));
+            // Purify malicious html event attributes
+            $fieldValue = purifyHtmlEventAttributes(decode_html($purifiedContent),true);
+        }
+        return $fieldValue;
+    }
+
 }