From 31ec17d279f490d1fdcd56fb1c8d9d173ebb34ed Mon Sep 17 00:00:00 2001
From: Sarjuuk <junkdump@gmx.net>
Date: Sun, 26 Aug 2018 16:49:29 +0200
Subject: [PATCH] Pages/Quest  * escape placeholder tags in quest name for
 display

---
 includes/types/quest.class.php | 2 +-
 pages/quest.php                | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/includes/types/quest.class.php b/includes/types/quest.class.php
index f730222d..2c219a96 100644
--- a/includes/types/quest.class.php
+++ b/includes/types/quest.class.php
@@ -313,7 +313,7 @@ class QuestList extends BaseType
         if (!$this->curTpl)
             return null;
 
-        $title = Util::jsEscape($this->getField('name', true));
+        $title = Util::jsEscape(htmlentities($this->getField('name', true)));
         $level = $this->curTpl['level'];
         if ($level < 0)
             $level = 0;
diff --git a/pages/quest.php b/pages/quest.php
index 36124c8b..f1a6c3e7 100644
--- a/pages/quest.php
+++ b/pages/quest.php
@@ -33,7 +33,8 @@ class QuestPage extends GenericPage
         if ($this->subject->error)
             $this->notFound();
 
-        $this->name = $this->subject->getField('name', true);
+        // may contain htmlesque tags
+        $this->name = htmlentities($this->subject->getField('name', true));
     }
 
     protected function generatePath()
@@ -46,7 +47,8 @@ class QuestPage extends GenericPage
 
     protected function generateTitle()
     {
-        array_unshift($this->title, $this->name, Util::ucFirst(Lang::game('quest')));
+        // page title already escaped
+        array_unshift($this->title, $this->subject->getField('name', true), Util::ucFirst(Lang::game('quest')));
     }
 
     protected function generateContent()