Domů Procházet Nápověda
Přihlásit se
LBP
/
FressRSS
zrcadlo https://github.com/FreshRSS/FreshRSS.git
4
0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Procházet zdrojové kódy

Explicit quotes decoding (#1947)

* Explicit quotes decoding

* Explicit htmlspecialchars_decode and htmlspecialchars
Alexandre Alapetite před 7 roky
rodič
0dab4f8bce
revize
a66b995be7
8 změnil soubory, kde provedl 11 přidání a 11 odebrání
Rozdělené zobrazení Ukázat statistiku rozdílových dat
  1. 1 1
      app/FreshRSS.php
  2. 1 1
      app/layout/header.phtml
  3. 1 1
      app/layout/nav_menu.phtml
  4. 4 4
      app/views/helpers/export/opml.phtml
  5. 1 1
      app/views/helpers/index/normal/entry_bottom.phtml
  6. 1 1
      app/views/helpers/javascript_vars.phtml
  7. 1 1
      app/views/stats/index.phtml
  8. 1 1
      app/views/stats/repartition.phtml

+ 1 - 1
app/FreshRSS.php
Zobrazit soubor 

@@ -66,7 +66,7 @@ class FreshRSS extends Minz_FrontController {
 
 				403,
 
 				array('error' => array(
 
 					_t('feedback.access.denied'),
 
-					' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']'
 
+					' [HTTP_REFERER=' . htmlspecialchars($http_referer, ENT_NOQUOTES, 'UTF-8') . ']'
 
 				))
 
 			);
 
 		}

+ 1 - 1
app/layout/header.phtml
Zobrazit soubor 

@@ -26,7 +26,7 @@ if (FreshRSS_Auth::accessNeedsAction()) {
 
 		<form action="<?php echo _url('index', 'index'); ?>" method="get">
 
 			<div class="stick">
 
 				<input type="search" name="search" id="search" class="extend" value="<?php
 
-					echo htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search), ENT_COMPAT, 'UTF-8'); ?>" placeholder="<?php echo _t('gen.menu.search'); ?>" />
 
+					echo htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search, ENT_QUOTES), ENT_COMPAT, 'UTF-8'); ?>" placeholder="<?php echo _t('gen.menu.search'); ?>" />
 
 
 				<?php $get = Minz_Request::param('get', ''); ?>
 
 				<?php if ($get != '') { ?>

+ 1 - 1
app/layout/nav_menu.phtml
Zobrazit soubor 

@@ -163,7 +163,7 @@
 
 	<div class="item search">
 
 		<form action="<?php echo _url('index', 'index'); ?>" method="get">
 
 			<input type="search" name="search" class="extend" value="<?php
 
-				echo htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search), ENT_COMPAT, 'UTF-8'); ?>" placeholder="<?php echo _t('index.menu.search_short'); ?>" />
 
+				echo htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search, ENT_QUOTES), ENT_COMPAT, 'UTF-8'); ?>" placeholder="<?php echo _t('index.menu.search_short'); ?>" />
 
 
 			<?php $get = Minz_Request::param('get', ''); ?>
 
 			<?php if($get != '') { ?>

+ 4 - 4
app/views/helpers/export/opml.phtml
Zobrazit soubor 

@@ -16,11 +16,11 @@ foreach ($this->categories as $key => $cat) {
 
 
 	foreach ($cat['feeds'] as $feed) {
 
 		$opml_array['body'][$key]['@outlines'][] = array(
 
-			'text' => htmlspecialchars_decode($feed->name()),
 
+			'text' => htmlspecialchars_decode($feed->name(), ENT_QUOTES),
 
 			'type' => 'rss',
 
-			'xmlUrl' => htmlspecialchars_decode($feed->url()),
 
-			'htmlUrl' => htmlspecialchars_decode($feed->website()),
 
-			'description' => htmlspecialchars_decode($feed->description()),
 
+			'xmlUrl' => htmlspecialchars_decode($feed->url(), ENT_QUOTES),
 
+			'htmlUrl' => htmlspecialchars_decode($feed->website(), ENT_QUOTES),
 
+			'description' => htmlspecialchars_decode($feed->description(), ENT_QUOTES),
 
 		);
 
 	}
 
 }

+ 1 - 1
app/views/helpers/index/normal/entry_bottom.phtml
Zobrazit soubor 

@@ -81,7 +81,7 @@
 
 			<ul class="dropdown-menu">
 
 				<li class="dropdown-close"><a href="#close">❌</a></li><?php
 
 				foreach($tags as $tag) {
 
-					?><li class="item"><a href="<?php echo _url('index', 'index', 'search', '#' . htmlspecialchars_decode($tag)); ?>"><?php echo $tag; ?></a></li><?php
 
+					?><li class="item"><a href="<?php echo _url('index', 'index', 'search', '#' . htmlspecialchars_decode($tag, ENT_QUOTES)); ?>"><?php echo $tag; ?></a></li><?php
 
 				} ?>
 
 			</ul>
 
 		</div>

+ 1 - 1
app/views/helpers/javascript_vars.phtml
Zobrazit soubor 

@@ -56,4 +56,4 @@ echo htmlspecialchars(json_encode(array(
 
 	'icons' => array(
 
 		'close' => _i('close'),
 
 	),
 
-), JSON_UNESCAPED_UNICODE), ENT_NOQUOTES);
 
+), JSON_UNESCAPED_UNICODE), ENT_NOQUOTES, 'UTF-8');

+ 1 - 1
app/views/stats/index.phtml
Zobrazit soubor 

@@ -88,6 +88,6 @@ echo htmlspecialchars(json_encode(array(
 
 	'dataCount' => $this->count,
 
 	'feedByCategory' => $this->feedByCategory,
 
 	'entryByCategory' => $this->entryByCategory,
 
-), JSON_UNESCAPED_UNICODE), ENT_NOQUOTES);
 
+), JSON_UNESCAPED_UNICODE), ENT_NOQUOTES, 'UTF-8');
 
 ?></script>
 
 <script src="../scripts/stats.js?<?php echo @filemtime(PUBLIC_PATH . '/scripts/stats.js'); ?>"></script>

+ 1 - 1
app/views/stats/repartition.phtml
Zobrazit soubor 

@@ -69,6 +69,6 @@ echo htmlspecialchars(json_encode(array(
 
 	'days' => $this->days,
 
 	'repartitionMonth' => $this->repartitionMonth,
 
 	'months' => $this->months,
 
-), JSON_UNESCAPED_UNICODE), ENT_NOQUOTES);
 
+), JSON_UNESCAPED_UNICODE), ENT_NOQUOTES, 'UTF-8');
 
 ?></script>
 
 <script src="../scripts/repartition.js?<?php echo @filemtime(PUBLIC_PATH . '/scripts/repartition.js'); ?>"></script>