fix theoretical XSS issue in notices

diff --git a/wcfsetup/install/files/lib/data/notice/Notice.class.php b/wcfsetup/install/files/lib/data/notice/Notice.class.php
index 3e1b989d7dc0772104a50be577e1e62877c9d9dc..03a35191ae37670936ce73fa619e30d3708b8d28 100644 (file)
--- a/wcfsetup/install/files/lib/data/notice/Notice.class.php
+++ b/wcfsetup/install/files/lib/data/notice/Notice.class.php
@@ -6,6 +6,7 @@ use wcf\system\condition\ConditionHandler;
 use wcf\system\request\IRouteController;
 use wcf\system\user\storage\UserStorageHandler;
 use wcf\system\WCF;
+use wcf\util\StringUtil;
 
 /**
  * Represents a notice.
@@ -41,8 +42,8 @@ class Notice extends DatabaseObject implements IRouteController {
                // replace `{$username}` with the active user's name and `{$email}`
                // with the active user's email address
                $text = strtr(WCF::getLanguage()->get($this->notice), [
-                       '{$username}' => WCF::getUser()->username,
-                       '{$email}' => WCF::getUser()->email
+                       '{$username}' => $this->noticeUseHtml ? StringUtil::encodeHTML(WCF::getUser()->username) : WCF::getUser()->username,
+                       '{$email}' => $this->noticeUseHtml ? StringUtil::encodeHTML(WCF::getUser()->email) : WCF::getUser()->email
                ]);
                
                if (!$this->noticeUseHtml) {