Resolve "Forum: Speichern der Inhalte umgeht den HTML-Purifier"

Closes #5758 Merge request studip/studip!4395
author: Murtaza Sultani <sultani@data-quest.de> 2025-07-29 14:55:44 +0200
committer: Murtaza Sultani <sultani@data-quest.de> 2025-07-29 14:55:44 +0200
commit: d6ce47b2ea667524acafda4e539a81695158c07d (patch)
tree: db6ea9c3a789572948d059300e32678dacffaaac /app/controllers/course
parent: 01c3b1a3c3c4837f267f6c531538a8b57583669a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/course/forum/discussions.php b/app/controllers/course/forum/discussions.php
index 2463d6d..ee6e1d1 100644
--- a/app/controllers/course/forum/discussions.php
+++ b/app/controllers/course/forum/discussions.php
@@ -188,7 +188,7 @@ class Course_Forum_DiscussionsController extends Forum\BaseController
             Posting::create([
                 'range_id' => $this->range_id,
                 'discussion_id' => $discussion->discussion_id,
-                'content' => Markup::markAsHtml(Request::get('content')),
+                'content' => Markup::purifyHtml(Markup::markAsHtml(Request::get('content'))),
                 'user_id' => User::findCurrent()->user_id
             ]);
         } else {
author	Murtaza Sultani <sultani@data-quest.de>	2025-07-29 14:55:44 +0200
committer	Murtaza Sultani <sultani@data-quest.de>	2025-07-29 14:55:44 +0200
commit	d6ce47b2ea667524acafda4e539a81695158c07d (patch)
tree	db6ea9c3a789572948d059300e32678dacffaaac /app/controllers/course
parent	01c3b1a3c3c4837f267f6c531538a8b57583669a (diff)