diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2022-06-11 22:14:46 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2022-06-11 22:14:46 +0200 |
| commit | ec11da4e84c9ef000f05d8ea542e2fb9549d19a1 (patch) | |
| tree | d70bbfdda2af1d74263aa656097cc7e630083883 | |
| parent | a398a135f55f0d8d0e16cfbba36bcc94c0c312e6 (diff) | |
Safer htmlspecialchars_utf8 (#4411)
* Safer htmlspecialchars_utf8
#fix https://github.com/FreshRSS/FreshRSS/issues/4410
* Undefined variable
| -rw-r--r-- | app/Models/Context.php | 3 | ||||
| -rw-r--r-- | app/layout/header.phtml | 5 | ||||
| -rw-r--r-- | lib/Minz/Helper.php | 5 |
3 files changed, 10 insertions, 3 deletions
diff --git a/app/Models/Context.php b/app/Models/Context.php index ce24c8e4c..55607f5c4 100644 --- a/app/Models/Context.php +++ b/app/Models/Context.php @@ -43,6 +43,7 @@ class FreshRSS_Context { public static $state = 0; public static $order = 'DESC'; public static $number = 0; + /** @var FreshRSS_BooleanSearch */ public static $search; public static $first_id = ''; public static $next_id = ''; @@ -114,6 +115,8 @@ class FreshRSS_Context { return false; } + FreshRSS_Context::$search = new FreshRSS_BooleanSearch(''); + //Legacy $oldEntries = (int)FreshRSS_Context::$user_conf->param('old_entries', 0); $keepMin = (int)FreshRSS_Context::$user_conf->param('keep_history_default', -5); diff --git a/app/layout/header.phtml b/app/layout/header.phtml index 94a83894e..21df02788 100644 --- a/app/layout/header.phtml +++ b/app/layout/header.phtml @@ -15,8 +15,9 @@ <?php if (FreshRSS_Auth::hasAccess() || FreshRSS_Context::$system_conf->allow_anonymous) { ?> <form action="<?= _url('index', 'index') ?>" method="get"> <div class="stick"> - <input type="search" name="search" id="search" class="extend" value="<?php - echo htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search, ENT_QUOTES), ENT_COMPAT, 'UTF-8'); ?>" placeholder="<?= _t('gen.menu.search') ?>" /> + <input type="search" name="search" id="search" class="extend" + value="<?= htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search, ENT_QUOTES), ENT_COMPAT, 'UTF-8') ?>" + placeholder="<?= _t('gen.menu.search') ?>" /> <?php $get = Minz_Request::param('get', ''); ?> <?php if ($get != '') { ?> diff --git a/lib/Minz/Helper.php b/lib/Minz/Helper.php index b38292fbe..2c011e1bf 100644 --- a/lib/Minz/Helper.php +++ b/lib/Minz/Helper.php @@ -16,7 +16,10 @@ class Minz_Helper { public static function htmlspecialchars_utf8($var) { if (is_array($var)) { return array_map(array('Minz_Helper', 'htmlspecialchars_utf8'), $var); + } elseif (is_string($var)) { + return htmlspecialchars($var, ENT_COMPAT, 'UTF-8'); + } else { + return $var; } - return htmlspecialchars($var, ENT_COMPAT, 'UTF-8'); } } |