From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 1 Jan 2024 12:47:35 +0000 (+0100)
Subject: Encode the title of conversations
X-Git-Tag: 5.5.20~1
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=725b10a8b7a2b3414c99f7e4b6dfa70de587a6ec;p=GitHub%2FWoltLab%2Fcom.woltlab.wcf.conversation.git

Encode the title of conversations
---

diff --git a/files/lib/data/conversation/ConversationAction.class.php b/files/lib/data/conversation/ConversationAction.class.php
index d21b0fe..c07d4d6 100644
--- a/files/lib/data/conversation/ConversationAction.class.php
+++ b/files/lib/data/conversation/ConversationAction.class.php
@@ -26,6 +26,7 @@ use wcf\system\user\notification\object\ConversationUserNotificationObject;
 use wcf\system\user\notification\UserNotificationHandler;
 use wcf\system\user\storage\UserStorageHandler;
 use wcf\system\WCF;
+use wcf\util\StringUtil;
 
 /**
  * Executes conversation-related actions.
@@ -936,7 +937,7 @@ class ConversationAction extends AbstractDatabaseObjectAction implements
             );
 
             return [
-                'content' => $conversation->getTitle(),
+                'content' => StringUtil::encodeHTML($conversation->getTitle()),
                 'image' => $image,
                 'isUnread' => $conversation->isNew(),
                 'link' => $link,