diff options
| author |  Inverle <inverle@proton.me>
| 2025-08-25 10:37:23 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-08-25 10:37:23 +0200 |
| commit | 1481cf51f74330f2e76ed10de11bc2d80a6c95d4 (patch) | |
| tree | a323bc8976de1179fc430414d53d3e5f0c7ff1d4 | |
| parent | 339dcb1ea324e19aacfd7be02f75133a70a43d7c (diff) | |
Fix fetching OPML url with special characters (#7843)
* Decode dynamic OPML url during fetch
* add ENT_QUOTES
* Store as plaintext instead of decoding
| -rw-r--r-- | app/Controllers/categoryController.php | 4 | ||||
| -rw-r--r-- | app/views/helpers/category/update.phtml | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/app/Controllers/categoryController.php b/app/Controllers/categoryController.php index 956a462e1..316136b11 100644 --- a/app/Controllers/categoryController.php +++ b/app/Controllers/categoryController.php @@ -59,7 +59,7 @@ class FreshRSS_category_Controller extends FreshRSS_ActionController { Minz_Request::bad(_t('feedback.tag.name_exists', $cat->name()), $url_redirect); } - $opml_url = checkUrl(Minz_Request::paramString('opml_url')); + $opml_url = checkUrl(Minz_Request::paramString('opml_url', plaintext: true)); if ($opml_url != '') { $cat->_kind(FreshRSS_Category::KIND_DYNAMIC_OPML); $cat->_attribute('opml_url', $opml_url); @@ -137,7 +137,7 @@ class FreshRSS_category_Controller extends FreshRSS_ActionController { $position = Minz_Request::paramInt('position') ?: null; $category->_attribute('position', $position); - $opml_url = checkUrl(Minz_Request::paramString('opml_url')); + $opml_url = checkUrl(Minz_Request::paramString('opml_url', plaintext: true)); if ($opml_url != '') { $category->_kind(FreshRSS_Category::KIND_DYNAMIC_OPML); $category->_attribute('opml_url', $opml_url); diff --git a/app/views/helpers/category/update.phtml b/app/views/helpers/category/update.phtml index 3776ffd79..069e5bcf9 100644 --- a/app/views/helpers/category/update.phtml +++ b/app/views/helpers/category/update.phtml @@ -51,7 +51,7 @@ <label class="group-name" for="opml_url"><?= _t('sub.category.opml_url') ?></label> <div class="group-controls"> <div class="stick"> - <input id="opml_url" name="opml_url" type="url" autocomplete="off" class="long" data-disable-update="refreshOpml" value="<?= $this->category->attributeString('opml_url') ?>" /> + <input id="opml_url" name="opml_url" type="url" autocomplete="off" class="long" data-disable-update="refreshOpml" value="<?= htmlspecialchars($this->category->attributeString('opml_url') ?? '', ENT_COMPAT, 'UTF-8') ?>" /> <button type="submit" class="btn" id="refreshOpml" formmethod="post" formaction="<?= _url('category', 'refreshOpml', 'id', $this->category->id()) ?>"> <?= _i('refresh') ?> <?= _t('gen.action.refresh_opml') ?> </button> |