fix XSS issues with date formatting, fixes #6277

Closes #6277 Merge request studip/studip!4751
author: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de> 2026-02-27 14:50:39 +0100
committer: David Siegfried <david.siegfried@uni-vechta.de> 2026-02-27 13:50:39 +0000
commit: ce679651ccf784da2e4bf57d53b57d895a4fbea3 (patch)
tree: 5946f87af5fcd461808285488fcfc8258afd863b /lib/models/CourseDate.php
parent: e752624e6621cda3e9821694d0699e2c91224746 (diff)
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/models/CourseDate.php b/lib/models/CourseDate.php
index 87a56e8..91182c6 100644
--- a/lib/models/CourseDate.php
+++ b/lib/models/CourseDate.php
@@ -370,11 +370,7 @@ class CourseDate extends SimpleORMap implements PrivacyObject, Event
             $rooms = $this->getRooms();
             if ($rooms) {
                 foreach ($rooms as $room) {
-                    $string = sprintf('%s <a href="%s" target="_blank">%s</a>',
-                        $string,
-                        $room->getActionURL('booking_plan'),
-                        htmlReady($room->name)
-                    );
+                    $string .= ' ' . $room->name;
                 }
             } elseif ($this->raum) {
                 //Use the freetext room name:
author	Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>	2026-02-27 14:50:39 +0100
committer	David Siegfried <david.siegfried@uni-vechta.de>	2026-02-27 13:50:39 +0000
commit	ce679651ccf784da2e4bf57d53b57d895a4fbea3 (patch)
tree	5946f87af5fcd461808285488fcfc8258afd863b /lib/models/CourseDate.php
parent	e752624e6621cda3e9821694d0699e2c91224746 (diff)