fix XSS issues with date formatting, fixes #6277

Closes #6277 Merge request studip/studip!4751
author: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de> 2026-02-27 14:50:39 +0100
committer: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de> 2026-02-27 15:35:14 +0100
commit: ebf0ebe0e6bf25f75f669e98cf7e887a5098987a (patch)
tree: da34672501ce5e258c0fdf468e536dbb6414d0fd /lib/models/CourseDate.php
parent: f8860fc2bd306b6eb57c541d26d220ec0b5b8cb2 (diff)
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/models/CourseDate.php b/lib/models/CourseDate.php
index 2cf6d99..fd6bc80 100644
--- a/lib/models/CourseDate.php
+++ b/lib/models/CourseDate.php
@@ -342,11 +342,7 @@ class CourseDate extends SimpleORMap implements PrivacyObject, Event
         if (in_array($format, ['include-room', 'long-include-room'])) {
             $room = $this->getRoom();
             if ($room) {
-                $string = sprintf('%s <a href="%s" target="_blank">%s</a>',
-                    $string,
-                    $room->getActionURL('booking_plan'),
-                    htmlReady($room->name)
-                );
+                $string .= ' ' . $room->name;
             } elseif ($this->raum) {
                 //Use the freetext room name:
                 $string .= ' ' . $this->raum;
author	Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>	2026-02-27 14:50:39 +0100
committer	Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>	2026-02-27 15:35:14 +0100
commit	ebf0ebe0e6bf25f75f669e98cf7e887a5098987a (patch)
tree	da34672501ce5e258c0fdf468e536dbb6414d0fd /lib/models/CourseDate.php
parent	f8860fc2bd306b6eb57c541d26d220ec0b5b8cb2 (diff)