From 0f57bb0a33d486bacd3806c1ba31e829390c1873 Mon Sep 17 00:00:00 2001
From: Thorsten Rinne <thorsten@phpmyfaq.de>
Date: Tue, 1 Nov 2022 09:23:57 +0100
Subject: [PATCH] fix: added missing conversion to HTML entities

---
 phpmyfaq/src/phpMyFAQ/Helper/CategoryHelper.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/phpmyfaq/src/phpMyFAQ/Helper/CategoryHelper.php b/phpmyfaq/src/phpMyFAQ/Helper/CategoryHelper.php
index 92691bee7c..0b61c3ab45 100644
--- a/phpmyfaq/src/phpMyFAQ/Helper/CategoryHelper.php
+++ b/phpmyfaq/src/phpMyFAQ/Helper/CategoryHelper.php
@@ -20,6 +20,7 @@
 use phpMyFAQ\Database;
 use phpMyFAQ\Helper;
 use phpMyFAQ\Link;
+use phpMyFAQ\Strings;
 use phpMyFAQ\User;
 
 /**
@@ -351,7 +352,8 @@ public function renderStartPageCategories(array $categories): string
             $decks .= '</a>' .
                 '<div class="card-body">' .
                 '<h4 class="card-title text-center">' .
-                '<a href="' . $category['url'] . '">' . $category['name'] . '</a>' .
+                '<a href="' . Strings::htmlentities($category['url']) . '">' .
+                Strings::htmlentities($category['name']) . '</a>' .
                 '</h4>' .
                 '<p class="card-text">' . $category['description'] . '</p>' .
                 '</div>' .