From bec9afc911127d7b53ff2bf55e3557f5bbdf34e2 Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 1 Jan 2024 13:47:42 +0100
Subject: [PATCH] Encode the title of moderation queues

---
 .../lib/data/moderation/queue/ModerationQueueAction.class.php  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/data/moderation/queue/ModerationQueueAction.class.php b/wcfsetup/install/files/lib/data/moderation/queue/ModerationQueueAction.class.php
index a806d082a0..1c9cf9a610 100644
--- a/wcfsetup/install/files/lib/data/moderation/queue/ModerationQueueAction.class.php
+++ b/wcfsetup/install/files/lib/data/moderation/queue/ModerationQueueAction.class.php
@@ -14,6 +14,7 @@ use wcf\system\moderation\queue\ModerationQueueManager;
 use wcf\system\user\storage\UserStorageHandler;
 use wcf\system\visitTracker\VisitTracker;
 use wcf\system\WCF;
+use wcf\util\StringUtil;
 
 /**
  * Executes moderation queue-related actions.
@@ -145,7 +146,7 @@ class ModerationQueueAction extends AbstractDatabaseObjectAction
 
         $items = \array_map(static function (ViewableModerationQueue $queue) {
             return [
-                'content' => $queue->getAffectedObject()->getTitle(),
+                'content' => StringUtil::encodeHTML($queue->getAffectedObject()->getTitle()),
                 'image' => '<span class="icon icon48 ' . $queue->getIconName() . '"></span>',
                 'isUnread' => $queue->isNew(),
                 'link' => $queue->getLink(),
-- 
2.20.1