From 43573447e1266750ebd07e5bad0551d85017aeec Mon Sep 17 00:00:00 2001
From: =?utf8?q?Joshua=20R=C3=BCsweg?= <josh@bastelstu.be>
Date: Sun, 29 Jan 2017 15:36:36 +0100
Subject: [PATCH] fix theoretical XSS issue in notices

---
 wcfsetup/install/files/lib/data/notice/Notice.class.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/wcfsetup/install/files/lib/data/notice/Notice.class.php b/wcfsetup/install/files/lib/data/notice/Notice.class.php
index 3e1b989d7d..03a35191ae 100644
--- a/wcfsetup/install/files/lib/data/notice/Notice.class.php
+++ b/wcfsetup/install/files/lib/data/notice/Notice.class.php
@@ -6,6 +6,7 @@ use wcf\system\condition\ConditionHandler;
 use wcf\system\request\IRouteController;
 use wcf\system\user\storage\UserStorageHandler;
 use wcf\system\WCF;
+use wcf\util\StringUtil;
 
 /**
  * Represents a notice.
@@ -41,8 +42,8 @@ class Notice extends DatabaseObject implements IRouteController {
 		// replace `{$username}` with the active user's name and `{$email}`
 		// with the active user's email address
 		$text = strtr(WCF::getLanguage()->get($this->notice), [
-			'{$username}' => WCF::getUser()->username,
-			'{$email}' => WCF::getUser()->email
+			'{$username}' => $this->noticeUseHtml ? StringUtil::encodeHTML(WCF::getUser()->username) : WCF::getUser()->username,
+			'{$email}' => $this->noticeUseHtml ? StringUtil::encodeHTML(WCF::getUser()->email) : WCF::getUser()->email
 		]);
 		
 		if (!$this->noticeUseHtml) {
-- 
2.20.1