From b0bf25df2fad8b4ae9ca5a8fa5b42455be7055db Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Fri, 30 Sep 2022 11:17:02 +0000
Subject: [PATCH] correctly encode output, fixes #1619

Closes #1619

Merge request studip/studip!1047
---
 lib/models/LogEvent.php | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/lib/models/LogEvent.php b/lib/models/LogEvent.php
index 1d9a52bcab5..31a33b26be9 100644
--- a/lib/models/LogEvent.php
+++ b/lib/models/LogEvent.php
@@ -239,7 +239,7 @@ class LogEvent extends SimpleORMap implements PrivacyObject
             return $this->$field;
         }
 
-        return '<em>' . $study_area->getPath(' &gt ') . '</em>';
+        return '<em>' . htmlReady($study_area->getPath(' > ')) . '</em>';
     }
 
     /**
@@ -264,8 +264,7 @@ class LogEvent extends SimpleORMap implements PrivacyObject
         $plugin_manager = PluginManager::getInstance();
         $plugin_info = $plugin_manager->getPluginInfoById($this->$field);
 
-        return $plugin_info ? '<em>'
-                . $plugin_info['name'] . '</em>' : $this->$field;
+        return $plugin_info ? '<em>' . htmlReady($plugin_info['name']) . '</em>' : $this->$field;
     }
 
     /**
@@ -279,10 +278,10 @@ class LogEvent extends SimpleORMap implements PrivacyObject
         $all_semester = Semester::findAllVisible(false);
         foreach ($all_semester as $val) {
             if ($val['beginn'] == $this->$field) {
-                return '<em>' . $val['name'] . '</em>';
+                return '<em>' . htmlReady($val['name']) . '</em>';
             }
         }
-        return $this->$field;
+        return htmlReady($this->$field);
     }
 
     /**
-- 
GitLab