Cohérence htmlspecialchars

Le texte dans la base de données est en htmlspecialchars(UTF-8)
(c'est-à-dire avec `<>&'"` encodés) mais maintenant sans autre entité
HTML depuis
https://github.com/marienfressinaud/FreshRSS/commit/a4fc7becb8553198d132633d775989c89c8116cd
Ce patch supprime les htmlspecialchars qui faisaient du double-encodage,
et en modifie d'autres en entrée.

app/layout/aside_feed.phtml

@@ -54,7 +54,7 @@
 	<li class="item<?php echo ($this->flux && $this->flux->id () == $feed->id ()) ? ' active' : ''; ?><?php echo $feed->inError () ? ' error' : ''; ?><?php echo $nbEntries == 0 ? ' empty' : ''; ?>">
 		<a href="<?php echo _url ('configure', 'feed', 'id', $feed->id ()); ?>">
 			<img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" />
-			<?php echo htmlspecialchars($feed->name (), ENT_NOQUOTES, 'UTF-8'); ?>
+			<?php echo $feed->name (); ?>
 		</a>
 	</li>
 	<?php } ?>

app/layout/aside_flux.phtml

@@ -35,7 +35,7 @@
 		<li>
 			<?php $c_active = false; if ($this->get_c == $cat->id ()) { $c_active = true; } ?>
 			<div class="category stick<?php echo $c_active ? ' active' : ''; ?>">
-				<a data-unread="<?php echo $cat->nbNotRead (); ?>" class="btn<?php echo $c_active ? ' active' : ''; ?>" href="<?php echo _url ('index', 'index', 'get', 'c_' . $cat->id ()); ?>"><?php echo htmlspecialchars($cat->name (), ENT_NOQUOTES, 'UTF-8'); ?></a>
+				<a data-unread="<?php echo $cat->nbNotRead (); ?>" class="btn<?php echo $c_active ? ' active' : ''; ?>" href="<?php echo _url ('index', 'index', 'get', 'c_' . $cat->id ()); ?>"><?php echo $cat->name (); ?></a>
 				<a class="btn dropdown-toggle" href="#"><i class="icon <?php echo $c_active ? 'i_up' : 'i_down'; ?>"></i></a>
 			</div>
 
@@ -51,7 +51,7 @@
 <?php /* feed_config_template */ ?>
 					</div>
 					<img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" />
-					<a class="feed" data-unread="<?php echo $feed->nbNotRead (); ?>" data-priority="<?php echo $feed->priority (); ?>" href="<?php echo _url ('index', 'index', 'get', 'f_' . $feed_id); ?>"><?php echo htmlspecialchars($feed->name(), ENT_NOQUOTES, 'UTF-8'); ?></a>
+					<a class="feed" data-unread="<?php echo $feed->nbNotRead (); ?>" data-priority="<?php echo $feed->priority (); ?>" href="<?php echo _url ('index', 'index', 'get', 'f_' . $feed_id); ?>"><?php echo $feed->name(); ?></a>
 				</li>
 				<?php } ?>
 			</ul>

app/layout/layout.phtml

@@ -19,7 +19,7 @@
 <?php } ?>
 		<link rel="icon" href="<?php echo Url::display ('/favicon.ico'); ?>" />
 <?php if (isset ($this->rss_url)) { ?>
-		<link rel="alternate" type="application/rss+xml" title="<?php echo htmlspecialchars($this->rss_title, ENT_COMPAT, 'UTF-8'); ?>" href="<?php echo Url::display ($this->rss_url); ?>" />
+		<link rel="alternate" type="application/rss+xml" title="<?php echo $this->rss_title; ?>" href="<?php echo Url::display ($this->rss_url); ?>" />
 <?php } ?>
 	</head>
 	<body>

app/models/Entry.php

@@ -409,7 +409,7 @@ class EntryDAO extends Model_pdo {
 		}
 
 		$sql = 'SELECT e.* FROM ' . $this->prefix . 'entry e'
-		     . ' INNER JOIN  ' . $this->prefix . 'feed f ON e.id_feed = f.id' . $where
+		     . ' INNER JOIN ' . $this->prefix . 'feed f ON e.id_feed = f.id' . $where
 		     . ' ORDER BY e.date' . $order . ', e.id' . $order;
 
 		if (empty($limitCount)) {

app/views/helpers/view/global_view.phtml

@@ -10,7 +10,7 @@
 	<div class="category">
 		<div class="cat_header">
 			<a href="<?php echo _url ('index', 'index', 'get', 'c_' . $cat->id (), 'output', 'normal'); ?>">
-			<?php echo htmlspecialchars($cat->name(), ENT_NOQUOTES, 'UTF-8'); ?><?php echo $catNotRead > 0 ? ' (' . $catNotRead . ')' : ''; ?>
+			<?php echo $cat->name(); ?><?php echo $catNotRead > 0 ? ' (' . $catNotRead . ')' : ''; ?>
 			</a>
 		</div>
 
@@ -22,7 +22,7 @@
 
 				<a href="<?php echo _url ('index', 'index', 'get', 'f_' . $feed->id (), 'output', 'normal'); ?>">
 				<?php echo $not_read > 0 ? '<b>' : ''; ?>
-				<?php echo htmlspecialchars($feed->name(), ENT_NOQUOTES, 'UTF-8'); ?>
+				<?php echo $feed->name(); ?>
 				<?php echo $not_read > 0 ? ' (' . $not_read . ')' : ''; ?>
 				<?php echo $not_read > 0 ? '</b>' : ''; ?>
 				</a>

app/views/helpers/view/normal_view.phtml

@@ -46,7 +46,7 @@ if (isset ($this->entryPaginator) && !$this->entryPaginator->isEmpty ()) {
 				$feed = HelperCategory::findFeed($this->cat_aside, $item->feed ());	//We most likely already have the feed object in cache
 				if (empty($feed)) $feed = $item->feed (true);
 			?>
-			<li class="item website"><a href="<?php echo _url ('index', 'index', 'get', 'f_' . $feed->id ()); ?>"><img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" /> <span><?php echo htmlspecialchars($feed->name(), ENT_NOQUOTES, 'UTF-8'); ?></span></a></li>
+			<li class="item website"><a href="<?php echo _url ('index', 'index', 'get', 'f_' . $feed->id ()); ?>"><img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" /> <span><?php echo $feed->name(); ?></span></a></li>
 			<li class="item title"><a target="_blank" href="<?php echo $item->link (); ?>"><?php echo $item->title (); ?></a></li>
 			<?php if ($this->conf->toplineDate ()) { ?><li class="item date"><?php echo $item->date (); ?> </li><?php } ?>
 			<?php if ($this->conf->toplineLink ()) { ?><li class="item link"><a target="_blank" href="<?php echo $item->link (); ?>"> </a></li><?php } ?>
@@ -65,7 +65,6 @@ if (isset ($this->entryPaginator) && !$this->entryPaginator->isEmpty ()) {
 					}
 				?>
 			</div>
-
 			<ul class="horizontal-list bottom">
 				<?php if (!login_is_conf ($this->conf) || is_logged ()) { ?>
 					<?php if ($this->conf->bottomlineRead ()) { ?><li class="item manage"><a class="read" href="<?php echo _url ('entry', 'read', 'id', $item->id (), 'is_read', $item->isRead () ? 0 : 1); ?>"> </a></li><?php } ?>

app/views/helpers/view/reader_view.phtml

@@ -16,7 +16,7 @@ if (isset ($this->entryPaginator) && !$this->entryPaginator->isEmpty ()) {
 					if (empty($feed)) $feed = $item->feed (true);
 				?>
 				<a href="<?php echo $item->link (); ?>">
-					<img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" /> <span><?php echo htmlspecialchars($feed->name(), ENT_NOQUOTES, 'UTF-8'); ?></span>
+					<img class="favicon" src="<?php echo $feed->favicon (); ?>" alt="✇" /> <span><?php echo $feed->name(); ?></span>
 				</a>
 				<h1 class="title"><?php echo $item->title (); ?></h1>
 

app/views/helpers/view/rss_view.phtml

@@ -12,7 +12,7 @@ $items = $this->entryPaginator->items ();
 foreach ($items as $item) {
 ?>
 		<item>
-			<title><?php echo htmlspecialchars(html_entity_decode($item->title (), ENT_NOQUOTES, 'UTF-8'), ENT_NOQUOTES, 'UTF-8'); ?></title>
+			<title><?php echo $item->title (); ?></title>
 			<link><?php echo $item->link (); ?></link>
 			<?php $author = $item->author (); ?>
 			<?php if ($author != '') { ?>

lib/minz/Request.php

@@ -29,15 +29,18 @@ class Request {
 	public static function params () {
 		return self::$params;
 	}
+	static function htmlspecialchars_utf8 ($p) {
+		return htmlspecialchars($p, ENT_QUOTES, 'UTF-8');
+	}
 	public static function param ($key, $default = false, $specialchars = false) {
 		if (isset (self::$params[$key])) {
 			$p = self::$params[$key];
 			if(is_object($p) || $specialchars) {
 				return $p;
 			} elseif(is_array($p)) {
-				return array_map('htmlspecialchars', $p);	//TODO: Should use explicit UTF-8
+				return array_map('self::htmlspecialchars_utf8', $p);
 			} else {
-				return htmlspecialchars($p, ENT_NOQUOTES, 'UTF-8');
+				return self::htmlspecialchars_utf8($p);
 			}
 		} else {
 			return $default;