From: Matthias Schmidt <gravatronics@live.com>
Date: Wed, 16 Aug 2017 15:32:54 +0000 (+0200)
Subject: Encode trophy description in received trophy user activity event
X-Git-Tag: 3.1.0_Alpha_1~19
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=8761e75a712f07f87712e3946f2f4438b10d421b;p=GitHub%2FWoltLab%2FWCF.git

Encode trophy description in received trophy user activity event
---

diff --git a/wcfsetup/install/files/lib/system/user/activity/event/TrophyReceivedUserActivityEvent.class.php b/wcfsetup/install/files/lib/system/user/activity/event/TrophyReceivedUserActivityEvent.class.php
index db723f3243..5bf88e9119 100644
--- a/wcfsetup/install/files/lib/system/user/activity/event/TrophyReceivedUserActivityEvent.class.php
+++ b/wcfsetup/install/files/lib/system/user/activity/event/TrophyReceivedUserActivityEvent.class.php
@@ -3,6 +3,7 @@ namespace wcf\system\user\activity\event;
 use wcf\data\user\trophy\UserTrophyList;
 use wcf\system\SingletonFactory;
 use wcf\system\WCF;
+use wcf\util\StringUtil;
 
 /**
  * User activity event implementation for receiving a trophy.
@@ -38,7 +39,7 @@ class TrophyReceivedUserActivityEvent extends SingletonFactory implements IUserA
 				$event->setIsAccessible();
 				
 				$event->setTitle(WCF::getLanguage()->getDynamicVariable('wcf.user.trophy.recentActivity.received', ['userTrophy' => $trophies[$event->objectID]]));
-				$event->setDescription($trophies[$event->objectID]->getDescription());
+				$event->setDescription(StringUtil::encodeHTML($trophies[$event->objectID]->getDescription()));
 			}
 			else {
 				$event->setIsOrphaned();