Merge branch '5.5'

diff --git a/ts/WoltLabSuite/Core/StringUtil.ts b/ts/WoltLabSuite/Core/StringUtil.ts
index df4f27ceb498796176a1fd615e7863d0f544d0de..de0a70d9937b21b5d69cc8d871f753a6675a8d47 100644 (file)
--- a/ts/WoltLabSuite/Core/StringUtil.ts
+++ b/ts/WoltLabSuite/Core/StringUtil.ts
@@ -63,11 +63,11 @@ export function ucfirst(string: string): string {
  */
 export function unescapeHTML(string: string): string {
   return String(string)
-    .replace(/&/g, "&")
     .replace(/"/g, '"')
     .replace(/'/g, "'")
     .replace(/&lt;/g, "<")
-    .replace(/&gt;/g, ">");
+    .replace(/&gt;/g, ">")
+    .replace(/&amp;/g, "&");
 }
 
 /**

diff --git a/wcfsetup/install/files/js/WoltLabSuite/Core/StringUtil.js b/wcfsetup/install/files/js/WoltLabSuite/Core/StringUtil.js
index d12d871ab3dfcc7441b6cdf6676e0aca40790762..6b5967a1103a804094f01500d2912fde6d0d2bbd 100644 (file)
--- a/wcfsetup/install/files/js/WoltLabSuite/Core/StringUtil.js
+++ b/wcfsetup/install/files/js/WoltLabSuite/Core/StringUtil.js
@@ -65,11 +65,11 @@ define(["require", "exports"], function (require, exports) {
      */
     function unescapeHTML(string) {
         return String(string)
-            .replace(/&/g, "&")
             .replace(/"/g, '"')
             .replace(/'/g, "'")
             .replace(/&lt;/g, "<")
-            .replace(/&gt;/g, ">");
+            .replace(/&gt;/g, ">")
+            .replace(/&amp;/g, "&");
     }
     exports.unescapeHTML = unescapeHTML;
     /**

diff --git a/wcfsetup/install/files/lib/data/article/ArticleAction.class.php b/wcfsetup/install/files/lib/data/article/ArticleAction.class.php
index 6a9be0be42bc3d4bdac0da52b7257635a4b6c161..6627643ff1b04fe5b0a118475d168aa711f92b81 100644 (file)
--- a/wcfsetup/install/files/lib/data/article/ArticleAction.class.php
+++ b/wcfsetup/install/files/lib/data/article/ArticleAction.class.php
@@ -702,7 +702,11 @@ class ArticleAction extends AbstractDatabaseObjectAction
         }
 
         $this->readInteger('categoryID');
-        if (ArticleCategory::getCategory($this->parameters['categoryID']) === null) {
+        $category = ArticleCategory::getCategory($this->parameters['categoryID']);
+        if ($category === null) {
+            throw new UserInputException('categoryID');
+        }
+        if (!$category->isAccessible()) {
             throw new UserInputException('categoryID');
         }
     }

diff --git a/wcfsetup/install/files/lib/system/clipboard/action/ArticleClipboardAction.class.php b/wcfsetup/install/files/lib/system/clipboard/action/ArticleClipboardAction.class.php
index c1fefe6600f1a1897e8acc8314d4925679cdd24e..3ea69a0b51fa544a9aa057f1c729a00a90c7b083 100644 (file)
--- a/wcfsetup/install/files/lib/system/clipboard/action/ArticleClipboardAction.class.php
+++ b/wcfsetup/install/files/lib/system/clipboard/action/ArticleClipboardAction.class.php
@@ -163,7 +163,16 @@ class ArticleClipboardAction extends AbstractClipboardAction
             return [];
         }
 
-        return \array_keys($this->objects);
+        $objectIDs = [];
+
+        /** @var Article $article */
+        foreach ($this->objects as $article) {
+            if ($article->canEdit()) {
+                $objectIDs[] = $article->articleID;
+            }
+        }
+
+        return $objectIDs;
     }
 
     /**