Bläddra i källkod

Fix search param encoding in user query (#3541)

Before, the chosen encoding was not the best for the task since some part
of the value was truncated when used with quotes.
Now, the encoding allows to work smoothly with quotes.

See #3538
Alexis Degrugillier 5 år sedan
förälder
incheckning
789a166496
2 ändrade filer med 2 tillägg och 2 borttagningar
  1. 1 1
      app/Controllers/configureController.php
  2. 1 1
      app/views/helpers/configure/query.phtml

+ 1 - 1
app/Controllers/configureController.php

@@ -347,7 +347,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 		if (Minz_Request::isPost()) {
 			$params = array_filter(Minz_Request::param('query', []));
 			if (!empty($params['search'])) {
-				$params['search'] = urldecode($params['search']);
+				$params['search'] = htmlspecialchars_decode($params['search'], ENT_QUOTES);
 			}
 			if (!empty($params['state'])) {
 				$params['state'] = array_sum($params['state']);

+ 1 - 1
app/views/helpers/configure/query.phtml

@@ -19,7 +19,7 @@
 		<div class="form-group">
 			<label class="group-name" for=""><?= _t('conf.query.filter.search') ?></label>
 			<div class="group-controls">
-				<input type="text" id="query_search" name="query[search]"  class="extend" value="<?= urldecode($this->query->getSearch()) ?>"/>
+				<input type="text" id="query_search" name="query[search]"  class="extend" value="<?= htmlspecialchars($this->query->getSearch(), ENT_COMPAT, 'UTF-8') ?>"/>
 			</div>
 		</div>
 		<div class="form-group">