From 834133f7d3b564198dc2a6d79630eb9a2f8629f4 Mon Sep 17 00:00:00 2001
From: Matthias Schmidt <gravatronics@live.com>
Date: Sun, 6 Sep 2020 14:48:10 +0200
Subject: [PATCH] Disallow `href` attribute for `user` template plugin

---
 .../template/plugin/UserFunctionTemplatePlugin.class.php      | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wcfsetup/install/files/lib/system/template/plugin/UserFunctionTemplatePlugin.class.php b/wcfsetup/install/files/lib/system/template/plugin/UserFunctionTemplatePlugin.class.php
index 5b56dd2c52..0b85635392 100644
--- a/wcfsetup/install/files/lib/system/template/plugin/UserFunctionTemplatePlugin.class.php
+++ b/wcfsetup/install/files/lib/system/template/plugin/UserFunctionTemplatePlugin.class.php
@@ -80,6 +80,10 @@ class UserFunctionTemplatePlugin implements IFunctionTemplatePlugin {
 			}
 		}
 		
+		if (isset($tagArgs['href'])) {
+			throw new \InvalidArgumentException("'href' attribute is not allowed.");
+		}
+		
 		$append = '';
 		if (isset($tagArgs['append'])) {
 			$append = $tagArgs['append'];
-- 
2.20.1