Add ENT_SUBSTITUTE flag for safer HTML entity decoding

Copilot · thorsten · thorsten · commit 1504ff12271c · 2025-10-29T18:13:54.000+01:00
Co-authored-by: thorsten &lt;45284+thorsten@users.noreply.github.com&gt;
diff --git a/phpmyfaq/src/phpMyFAQ/User/UserData.php b/phpmyfaq/src/phpMyFAQ/User/UserData.php
@@ -79,7 +79,11 @@ public function get(mixed $field): mixed
 
         // Decode HTML entities in display_name for backward compatibility
         if (isset($array['display_name'])) {
-            $array['display_name'] = html_entity_decode($array['display_name'], ENT_QUOTES | ENT_HTML5, 'UTF-8');
+            $array['display_name'] = html_entity_decode(
+                $array['display_name'],
+                ENT_QUOTES | ENT_HTML5 | ENT_SUBSTITUTE,
+                'UTF-8'
+            );
         }
 
         return $singleReturn && $field != '*' ? $array[$field] : $array;
