diff --git a/phpmyfaq/admin/report.view.php b/phpmyfaq/admin/report.view.php
index 23c3d025c9..f0f0b9be4d 100644
--- a/phpmyfaq/admin/report.view.php
+++ b/phpmyfaq/admin/report.view.php
@@ -20,6 +20,7 @@
use phpMyFAQ\Filter;
use phpMyFAQ\Report;
+use phpMyFAQ\Strings;
if (!defined('IS_VALID_PHPMYFAQ')) {
http_response_code(400);
@@ -80,12 +81,12 @@
if (0 != $data['category_parent']) {
printf('
%s | ', $data['category_parent']);
} else {
- printf('%s | ', $data['category_name']);
+ printf('%s | ', Strings::htmlentities($data['category_name'] ?? ''));
}
}
if ($useSubcategory) {
if (0 != $data['category_parent']) {
- printf('%s | ', $data['category_name']);
+ printf('%s | ', Strings::htmlentities($data['category_name']));
} else {
echo 'n/a | ';
}
@@ -103,16 +104,16 @@
printf('%s | ', $data['faq_sticky']);
}
if ($useTitle) {
- printf('%s | ', $data['faq_question']);
+ printf('%s | ', Strings::htmlentities($data['faq_question']));
}
if ($useCreationDate) {
printf('%s | ', $data['faq_updated']);
}
if ($useOwner) {
- printf('%s | ', $data['faq_org_author']);
+ printf('%s | ', Strings::htmlentities($data['faq_org_author']));
}
if ($useLastModified) {
- printf('%s | ', $data['faq_last_author']);
+ printf('%s | ', Strings::htmlentities($data['faq_last_author'] ?? ''));
}
if ($useUrl) {
$url = sprintf(
diff --git a/phpmyfaq/src/phpMyFAQ/Report.php b/phpmyfaq/src/phpMyFAQ/Report.php
index 555a123810..7b2df0823a 100644
--- a/phpmyfaq/src/phpMyFAQ/Report.php
+++ b/phpmyfaq/src/phpMyFAQ/Report.php
@@ -145,8 +145,6 @@ public function convertEncoding(string $outputString = ''): string
}
$toBeRemoved = ['=', '+', '-', 'HYPERLINK'];
- $outputString = str_replace($toBeRemoved, '', $outputString);
-
- return $outputString;
+ return str_replace($toBeRemoved, '', $outputString);
}
}