From d6ce47b2ea667524acafda4e539a81695158c07d Mon Sep 17 00:00:00 2001
From: Murtaza Sultani <sultani@data-quest.de>
Date: Tue, 29 Jul 2025 14:55:44 +0200
Subject: Resolve "Forum: Speichern der Inhalte umgeht den HTML-Purifier"

Closes #5758

Merge request studip/studip!4395
---
 app/controllers/course/forum/discussions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/course/forum/discussions.php b/app/controllers/course/forum/discussions.php
index 2463d6d..ee6e1d1 100644
--- a/app/controllers/course/forum/discussions.php
+++ b/app/controllers/course/forum/discussions.php
@@ -188,7 +188,7 @@ class Course_Forum_DiscussionsController extends Forum\BaseController
             Posting::create([
                 'range_id' => $this->range_id,
                 'discussion_id' => $discussion->discussion_id,
-                'content' => Markup::markAsHtml(Request::get('content')),
+                'content' => Markup::purifyHtml(Markup::markAsHtml(Request::get('content'))),
                 'user_id' => User::findCurrent()->user_id
             ]);
         } else {
-- 
cgit v1.0