From 56295b54062a284020fccce12a5044f9fa7d2770 Mon Sep 17 00:00:00 2001
From: Thorsten Rinne <thorsten@phpmyfaq.de>
Date: Sun, 12 Feb 2023 20:41:36 +0100
Subject: [PATCH] fix: added missing conversion to HTML entities

---
 phpmyfaq/src/phpMyFAQ/Helper/UserHelper.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/phpmyfaq/src/phpMyFAQ/Helper/UserHelper.php b/phpmyfaq/src/phpMyFAQ/Helper/UserHelper.php
index 26bdfa9a5c..39b0ba1269 100644
--- a/phpmyfaq/src/phpMyFAQ/Helper/UserHelper.php
+++ b/phpmyfaq/src/phpMyFAQ/Helper/UserHelper.php
@@ -17,6 +17,7 @@
 
 namespace phpMyFAQ\Helper;
 
+use phpMyFAQ\Strings;
 use phpMyFAQ\User;
 
 /**
@@ -58,7 +59,7 @@ public function getAllUserOptions(int $id = 1, bool $allowBlockedUsers = false):
                     '<option value="%d" %s>%s (%s)</option>',
                     $userId,
                     (($userId === $id) ? 'selected' : ''),
-                    $this->user->getUserData('display_name'),
+                    Strings::htmlentities($this->user->getUserData('display_name')),
                     $this->user->getLogin()
                 );
             }