From 20ffcf44cd4d605fd7835c6530cafb9e5e6d58a8 Mon Sep 17 00:00:00 2001
From: Matthias Schmidt <gravatronics@live.com>
Date: Fri, 25 Jul 2014 16:55:23 +0200
Subject: [PATCH] Add missing HTML encoding

---
 wcfsetup/install/files/lib/data/user/UserProfile.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/data/user/UserProfile.class.php b/wcfsetup/install/files/lib/data/user/UserProfile.class.php
index 187c5fa518..ca900ed7d6 100644
--- a/wcfsetup/install/files/lib/data/user/UserProfile.class.php
+++ b/wcfsetup/install/files/lib/data/user/UserProfile.class.php
@@ -811,6 +811,6 @@ class UserProfile extends DatabaseObjectDecorator implements IBreadcrumbProvider
 	public function getAnchorTag() {
 		$link = LinkHandler::getInstance()->getLink('User', array('object' => $this->getDecoratedObject()));
 		
-		return '<a href="'.$link.'" class="userLink" data-user-id="'.$this->userID.'">'.$this->username.'</a>';
+		return '<a href="'.$link.'" class="userLink" data-user-id="'.$this->userID.'">'.StringUtil::encodeHtml($this->username).'</a>';
 	}
 }
-- 
2.20.1