From a30a922a641ecdc0720982064a6d3f159b0360d1 Mon Sep 17 00:00:00 2001
From: Maximilian Mader <max@bastelstu.be>
Date: Fri, 12 Dec 2014 21:13:30 +0100
Subject: [PATCH] Properly encode username in Message::getUsername()

---
 file/lib/data/message/Message.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/file/lib/data/message/Message.class.php b/file/lib/data/message/Message.class.php
index ccceb0c..809ea20 100644
--- a/file/lib/data/message/Message.class.php
+++ b/file/lib/data/message/Message.class.php
@@ -128,7 +128,7 @@ public function getUsername($colored = false) {
 				$username = \chat\util\ChatUtil::gradient($username, $this->color1, $this->color2);
 			}
 			else {
-				$username = '<span class="defaultColor">'.$username.'</span>';
+				$username = '<span class="defaultColor">'.\wcf\util\StringUtil::encodeHTML($username).'</span>';
 			}
 		}