Add missing HTML encoding to TimeModifierTemplatePlugin

diff --git a/wcfsetup/install/files/lib/system/template/plugin/TimeModifierTemplatePlugin.class.php b/wcfsetup/install/files/lib/system/template/plugin/TimeModifierTemplatePlugin.class.php
index 592a20c4305dbaefb8112b8a1ccf49496d5cedb0..63533dd7e7f1e87da9a17f4d3fb13faece11ff61 100644 (file)
--- a/wcfsetup/install/files/lib/system/template/plugin/TimeModifierTemplatePlugin.class.php
+++ b/wcfsetup/install/files/lib/system/template/plugin/TimeModifierTemplatePlugin.class.php
@@ -3,6 +3,7 @@ namespace wcf\system\template\plugin;
 use wcf\system\template\TemplateEngine;
 use wcf\system\WCF;
 use wcf\util\DateUtil;
+use wcf\util\StringUtil;
 
 /**
  * Template modifier plugin which formats a unix timestamp.
@@ -29,7 +30,7 @@ class TimeModifierTemplatePlugin implements IModifierTemplatePlugin {
                $isFutureDate = ($timestamp > TIME_NOW);
                $dateTime = $this->getRelativeTime($dateTimeObject, $timestamp, $date, $time, $isFutureDate);
                
-               return '<time datetime="'.DateUtil::format($dateTimeObject, 'c').'" class="datetime" data-timestamp="'.$timestamp.'" data-date="'.$date.'" data-time="'.$time.'" data-offset="'.$dateTimeObject->getOffset().'"'.($isFutureDate ? ' data-is-future-date="true"' : '').'>'.$dateTime.'</time>';
+               return '<time datetime="'.DateUtil::format($dateTimeObject, 'c').'" class="datetime" data-timestamp="'.$timestamp.'" data-date="'.StringUtil::encodeHTML($date).'" data-time="'.StringUtil::encodeHTML($time).'" data-offset="'.$dateTimeObject->getOffset().'"'.($isFutureDate ? ' data-is-future-date="true"' : '').'>'.$dateTime.'</time>';
        }
        
        /**