Add missing encoding of the url

diff --git a/wcfsetup/install/files/lib/system/gridView/renderer/LinkColumnRenderer.class.php b/wcfsetup/install/files/lib/system/gridView/renderer/LinkColumnRenderer.class.php
index 7d6fe7d9db4e68ef544624e603919a055b5258a4..4feee846039f43b5faf18702eb5f122df49125ee 100644 (file)
--- a/wcfsetup/install/files/lib/system/gridView/renderer/LinkColumnRenderer.class.php
+++ b/wcfsetup/install/files/lib/system/gridView/renderer/LinkColumnRenderer.class.php
@@ -5,6 +5,7 @@ namespace wcf\system\gridView\renderer;
 use wcf\data\DatabaseObject;
 use wcf\system\request\LinkHandler;
 use wcf\system\WCF;
+use wcf\util\StringUtil;
 
 /**
  * Allows the setting of a link to a column.
@@ -31,7 +32,7 @@ class LinkColumnRenderer extends AbstractColumnRenderer implements ILinkColumnRe
             \array_merge($this->parameters, ['object' => $context])
         );
 
-        return '<a href="' . $href . '"'
+        return '<a href="' . StringUtil::encodeHTML($href) . '"'
             . ($this->titleLanguageItem ? ' title="' . WCF::getLanguage()->get($this->titleLanguageItem) . '"' : '') . '>'
             . $value
             . '</a>';