From fecc803ab9c3e82718c4bcea7fe919d7a22ec024 Mon Sep 17 00:00:00 2001
From: Thorsten Rinne <thorsten@phpmyfaq.de>
Date: Tue, 14 Feb 2023 18:47:29 +0100
Subject: [PATCH] fix: added missing conversion to HTML entities

---
 phpmyfaq/admin/category.main.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/phpmyfaq/admin/category.main.php b/phpmyfaq/admin/category.main.php
index d55552c716..8e7c3cb706 100644
--- a/phpmyfaq/admin/category.main.php
+++ b/phpmyfaq/admin/category.main.php
@@ -21,6 +21,7 @@
 use phpMyFAQ\Category\CategoryRelation;
 use phpMyFAQ\Database;
 use phpMyFAQ\Filter;
+use phpMyFAQ\Strings;
 
 if (!defined('IS_VALID_PHPMYFAQ')) {
     http_response_code(400);
@@ -319,9 +320,10 @@
             foreach ($category->getCategoryTree() as $id => $cat) {
                 // CategoryHelper translated in this language?
                 if ($cat['lang'] == $lang) {
-                    $categoryName = $cat['name'];
+                    $categoryName = Strings::htmlentities($cat['name']);
                 } else {
-                    $categoryName = $cat['name'] . ' (' . $languageCodes[strtoupper($cat['lang'])] . ')';
+                    $categoryName = Strings::htmlentities($cat['name']) .
+                        ' (' . $languageCodes[strtoupper($cat['lang'])] . ')';
                 }