CVE-2023-2427: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@514f4df

Expand Up @@ -31,12 +31,12 @@ class Tags /** * @var Configuration */ private $config; private Configuration $config;
/** * @var array<int, string> */ private $recordsByTagName = []; private array $recordsByTagName = [];
/** * Constructor. Expand All @@ -59,11 +59,11 @@ public function getAllLinkTagsById(int $recordId): string $tagListing = '’;
foreach ($this->getAllTagsById($recordId) as $taggingId => $taggingName) { $title = Strings::htmlspecialchars($taggingName, ENT_QUOTES, ‘utf-8’); $title = Strings::htmlentities($taggingName); $url = sprintf('%sindex.php?action=search&tagging_id=%d’, $this->config->getDefaultUrl(), $taggingId); $oLink = new Link($url, $this->config); $oLink->itemTitle = $taggingName; $oLink->text = $taggingName; $oLink->itemTitle = $title; $oLink->text = $title; $oLink->tooltip = $title; $tagListing .= $oLink->toHtmlAnchor() . ', '; } Expand Down