diff options
| author |  Alexis Degrugillier <aledeg@users.noreply.github.com>
| 2020-06-06 20:59:53 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2020-06-06 20:59:53 +0200 |
| commit | b2b249d6d6e1339b7a55a61ac06b0520b9dc91b9 (patch) | |
| tree | 6ea3bbf5a0672d5c110e5da64ba909769ce8dbd8 | |
| parent | 1694264e2ca454a0cc51064ed09a6ed1a759cb01 (diff) | |
Fix user queries when they contain " (#3037)
Before, the user queries were working filter-wise but they failed at being displayed
properly in the configuration page. Thus they were stored without the search param.
Now, the search is URL encoded to avoid that kind of behavior and keep the search
param through out the user query's life.
| -rwxr-xr-x | app/Controllers/configureController.php | 3 | ||||
| -rw-r--r-- | app/views/configure/queries.phtml | 4 |
2 files changed, 5 insertions, 2 deletions
diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index 09efef40c..ba7316472 100755 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -281,6 +281,9 @@ class FreshRSS_configure_Controller extends Minz_ActionController { if (!$query['name']) { $query['name'] = _t('conf.query.number', $key + 1); } + if ($query['search']) { + $query['search'] = urldecode($query['search']); + } $queries[] = new FreshRSS_UserQuery($query, $feed_dao, $category_dao); } FreshRSS_Context::$user_conf->queries = $queries; diff --git a/app/views/configure/queries.phtml b/app/views/configure/queries.phtml index a0f600b5d..cebd61547 100644 --- a/app/views/configure/queries.phtml +++ b/app/views/configure/queries.phtml @@ -15,7 +15,7 @@ <div class="group-controls"> <input type="hidden" id="queries_<?= $key ?>_url" name="queries[<?= $key ?>][url]" value="<?= $query->getUrl() ?>"/> - <input type="hidden" id="queries_<?= $key ?>_search" name="queries[<?= $key ?>][search]" value="<?= $query->getSearch() ?>"/> + <input type="hidden" id="queries_<?= $key ?>_search" name="queries[<?= $key ?>][search]" value="<?= urlencode($query->getSearch()) ?>"/> <input type="hidden" id="queries_<?= $key ?>_state" name="queries[<?= $key ?>][state]" value="<?= $query->getState() ?>"/> <input type="hidden" id="queries_<?= $key ?>_order" name="queries[<?= $key ?>][order]" value="<?= $query->getOrder() ?>"/> <input type="hidden" id="queries_<?= $key ?>_get" name="queries[<?= $key ?>][get]" value="<?= $query->getGet() ?>"/> @@ -52,7 +52,7 @@ <ul> <?php if ($query->hasSearch()) { ?> - <li class="item"><?= _t('conf.query.search', $query->getSearch()->getRawInput()) ?></li> + <li class="item"><?= _t('conf.query.search', htmlspecialchars($query->getSearch()->getRawInput(), ENT_NOQUOTES, 'UTF-8')) ?></li> <?php } ?> <?php if ($query->getState()) { ?> |