XSS Lücke behoben

Author: Hanashi

files/lib/system/gridView/admin/DiscordWebhookGridView.class.php

@@ -17,6 +17,7 @@
 use wcf\system\view\filter\TextFilter;
 use wcf\system\view\filter\TimeFilter;
 use wcf\system\WCF;
+use wcf\util\StringUtil;
 
 final class DiscordWebhookGridView extends AbstractGridView
 {
@@ -41,7 +42,11 @@ public function render(mixed $value, DatabaseObject $row): string
                                 return $value;
                             }
 
-                            return \sprintf('%s<br>(%s)', $channels[$row->botID][$value]['name'], $value);
+                            return \sprintf(
+                                '%s<br>(%s)',
+                                StringUtil::encodeHTML($channels[$row->botID][$value]['name']),
+                                StringUtil::encodeHTML($value)
+                            );
                         }
                     },
                 ])

package.xml

@@ -7,7 +7,7 @@
 		<packagedescription>API to cummincate with Discord.</packagedescription>
 		<packagedescription language="de">API um mit Discord zu kommunizieren.</packagedescription>
 		<version>2.8.0</version>
-		<date>2025-11-12</date>
+		<date>2025-11-14</date>
 		<license>https://creativecommons.org/publicdomain/zero/1.0/deed.en</license>
 	</packageinformation>
 	<authorinformation>