Fix escaping of tag search (#7468)

* Fix escaping of tag search
fix https://github.com/FreshRSS/FreshRSS/issues/7466

* Minor clarity

app/Controllers/tagController.php

@@ -204,4 +204,9 @@ class FreshRSS_tag_Controller extends FreshRSS_ActionController {
 		$tagDAO = FreshRSS_Factory::createTagDao();
 		$this->view->tags = $tagDAO->listTags(precounts: true);
 	}
+
+	public static function escapeForSearch(string $tag): string {
+		$tag = htmlspecialchars_decode($tag, ENT_QUOTES);
+		return str_replace([' ', '(', ')'], ['+', '\\(', '\\)'], $tag);
+	}
 }

app/views/helpers/index/normal/entry_bottom.phtml

@@ -56,7 +56,8 @@
 				<li class="dropdown-header"><?= _t('index.tag.related') ?></li>
 				<?php
 				foreach ($tags as $tag) {
-					?><li class="item"><a href="<?= _url('index', 'index', 'search', '#' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES))) ?>"><?= $tag ?></a></li><?php
+					?><li class="item"><a href="<?= _url('index', 'index', 'search', '#' .
+						FreshRSS_tag_Controller::escapeForSearch($tag)) ?>"><?= $tag ?></a></li><?php
 				} ?>
 			</ul>
 			<a class="dropdown-close" href="#close">❌</a>

app/views/helpers/index/tags.phtml

@@ -11,11 +11,13 @@
 	<?= _i('tag') ?><ul class="list-tags">
 	<?php if (Minz_Request::controllerName() === 'index'): ?>
 		<?php foreach ($firstTags as $tag): ?>
-		<li class="item tag"><a class="link-tag" href="<?= _url('index', 'index', 'search', '#' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES))) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
+		<li class="item tag"><a class="link-tag" href="<?= _url('index', 'index', 'search', '#' .
+			FreshRSS_tag_Controller::escapeForSearch($tag)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
 		<?php endforeach; ?>
 	<?php else: // API public access ?>
 		<?php foreach ($firstTags as $tag): ?>
-		<li class="item tag"><a class="link-tag" href="<?= $this->html_url . '&search=%23' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
+		<li class="item tag"><a class="link-tag" href="<?= $this->html_url . '&search=' .
+			urlencode('#' . FreshRSS_tag_Controller::escapeForSearch($tag)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
 		<?php endforeach; ?>
 	<?php endif; ?>
 
@@ -29,11 +31,13 @@
 					<li class="dropdown-header"><?= _t('index.tag.related') ?></li>
 					<?php if (Minz_Request::controllerName() === 'index'): ?>
 						<?php foreach ($remainingTags as $tag): ?>
-						<li class="item"><a href="<?= _url('index', 'index', 'search', '#' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES))) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
+						<li class="item"><a href="<?= _url('index', 'index', 'search', '#' .
+							FreshRSS_tag_Controller::escapeForSearch($tag)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
 						<?php endforeach; ?>
-					<?php else: ?>
+					<?php else: // API public access ?>
 						<?php foreach ($remainingTags as $tag): ?>
-						<li class="item tag"><a class="link-tag" href="<?= $this->html_url . '&search=%23' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
+						<li class="item tag"><a class="link-tag" href="<?= $this->html_url . '&search=' .
+							urlencode('#' . FreshRSS_tag_Controller::escapeForSearch($tag)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
 						<?php endforeach; ?>
 					<?php endif; ?>
 				</ul>