diff --git a/phpmyfaq/contact.php b/phpmyfaq/contact.php
index e66f8dd0da..27a9a9c4c4 100644
--- a/phpmyfaq/contact.php
+++ b/phpmyfaq/contact.php
@@ -49,7 +49,7 @@
'msgContactOwnText' => nl2br(Strings::htmlspecialchars($faqConfig->get('main.contactInformations'))),
'msgContactEMail' => $PMF_LANG['msgContactEMail'],
'msgContactPrivacyNote' => $PMF_LANG['msgContactPrivacyNote'],
- 'privacyURL' => $faqConfig->get('main.privacyURL'),
+ 'privacyURL' => Strings::htmlentities($faqConfig->get('main.privacyURL')),
'msgPrivacyNote' => $PMF_LANG['msgPrivacyNote'],
'msgNewContentName' => $PMF_LANG['msgNewContentName'],
'msgNewContentMail' => $PMF_LANG['msgNewContentMail'],
diff --git a/phpmyfaq/index.php b/phpmyfaq/index.php
index a0f2cd1ccc..2f06ce265c 100755
--- a/phpmyfaq/index.php
+++ b/phpmyfaq/index.php
@@ -619,7 +619,7 @@
'msgGlossary' => '' . $PMF_LANG['ad_menu_glossary'] . '',
'privacyLink' => sprintf(
'%s',
- $faqConfig->get('main.privacyURL'),
+ Strings::htmlentities($faqConfig->get('main.privacyURL')),
$PMF_LANG['msgPrivacyNote']
),
'backToHome' => '' . $PMF_LANG['msgHome'] . '',
@@ -642,7 +642,7 @@
'msgGlossary' => '' . $PMF_LANG['ad_menu_glossary'] . '',
'privacyLink' => sprintf(
'%s',
- $faqConfig->get('main.privacyURL'),
+ Strings::htmlentities($faqConfig->get('main.privacyURL')),
$PMF_LANG['msgPrivacyNote']
),
'allCategories' => '' .
diff --git a/phpmyfaq/request-removal.php b/phpmyfaq/request-removal.php
index 554273ae41..d4dfc15adc 100644
--- a/phpmyfaq/request-removal.php
+++ b/phpmyfaq/request-removal.php
@@ -18,6 +18,7 @@
use phpMyFAQ\Captcha;
use phpMyFAQ\Core\Exception;
use phpMyFAQ\Helper\CaptchaHelper;
+use phpMyFAQ\Strings;
use phpMyFAQ\User\CurrentUser;
if (!defined('IS_VALID_PHPMYFAQ')) {
@@ -50,7 +51,7 @@
'msgContactRemove' => $PMF_LANG['msgContactRemove'],
'msgContactPrivacyNote' => $PMF_LANG['msgContactPrivacyNote'],
'msgPrivacyNote' => $PMF_LANG['msgPrivacyNote'],
- 'privacyURL' => $faqConfig->get('main.privacyURL'),
+ 'privacyURL' => Strings::htmlentities($faqConfig->get('main.privacyURL')),
'msgNewContentName' => $PMF_LANG['msgNewContentName'],
'msgNewContentMail' => $PMF_LANG['msgNewContentMail'],
'ad_user_loginname' => $PMF_LANG['ad_user_loginname'],