Navigation Menu

Skip to content

Commit

Permalink
fix: added missing conversion to HTML entities
Browse files Browse the repository at this point in the history
  • Loading branch information
@thorsten
thorsten committed Jan 25, 2023
1 parent 77b42b9 commit b76d583
Showing 1 changed file with 4 additions and 22 deletions.
26 changes: 4 additions & 22 deletions phpmyfaq/src/phpMyFAQ/Faq.php
View file
Expand Up @@ -2450,15 +2450,7 @@ public function renderOpenQuestions(): string
$mail = new Mail($this->config);

$query = sprintf(
"
SELECT
COUNT(id) AS num
FROM
%sfaqquestions
WHERE
lang = '%s'
AND
is_visible != 'Y'",
"SELECT COUNT(id) AS num FROM %sfaqquestions WHERE lang = '%s' AND is_visible != 'Y'",
Database::getTablePrefix(),
$this->config->getLanguage()->getLanguage()
);
Expand All @@ -2478,17 +2470,7 @@ public function renderOpenQuestions(): string
}

$query = sprintf(
"
SELECT
*
FROM
%sfaqquestions
WHERE
lang = '%s'
AND
is_visible = 'Y'
ORDER BY
created ASC",
"SELECT * FROM %sfaqquestions WHERE lang = '%s' AND is_visible = 'Y' ORDER BY created ASC",
Database::getTablePrefix(),
$this->config->getLanguage()->getLanguage()
);
Expand All @@ -2503,14 +2485,14 @@ public function renderOpenQuestions(): string
'<td><small>%s</small><br><a href="mailto:%s">%s</a></td>',
$date->format(Date::createIsoDate($row->created)),
$mail->safeEmail($row->email),
$row->username
Strings::htmlentities($row->username)
);
$output .= sprintf(
'<td><strong>%s:</strong><br>%s</td>',
isset($category->categoryName[$row->category_id]['name']) ?
$category->categoryName[$row->category_id]['name'] :
'',
strip_tags($row->question)
Strings::htmlentities($row->question)
);
if ($this->config->get('records.enableCloseQuestion') && $row->answer_id) {
$output .= sprintf(
Expand Down

0 comments on commit b76d583

Please sign in to comment.