Fix search param encoding in user query (#3541)

Before, the chosen encoding was not the best for the task since some part
of the value was truncated when used with quotes.
Now, the encoding allows to work smoothly with quotes.

See #3538

2 files changed, 2 insertions, 2 deletions

diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php
index b2c1b5109..31619bf80 100755
--- a/app/Controllers/configureController.php
+++ b/app/Controllers/configureController.php
@@ -347,7 +347,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 		if (Minz_Request::isPost()) {
 			$params = array_filter(Minz_Request::param('query', []));
 			if (!empty($params['search'])) {
-				$params['search'] = urldecode($params['search']);
+				$params['search'] = htmlspecialchars_decode($params['search'], ENT_QUOTES);
 			}
 			if (!empty($params['state'])) {
 				$params['state'] = array_sum($params['state']);
diff --git a/app/views/helpers/configure/query.phtml b/app/views/helpers/configure/query.phtml
index 7298a0a9a..38a1a715c 100644
--- a/app/views/helpers/configure/query.phtml
+++ b/app/views/helpers/configure/query.phtml
@@ -19,7 +19,7 @@
 		<div class="form-group">
 			<label class="group-name" for=""><?= _t('conf.query.filter.search') ?></label>
 			<div class="group-controls">
-				<input type="text" id="query_search" name="query[search]"  class="extend" value="<?= urldecode($this->query->getSearch()) ?>"/>
+				<input type="text" id="query_search" name="query[search]"  class="extend" value="<?= htmlspecialchars($this->query->getSearch(), ENT_COMPAT, 'UTF-8') ?>"/>
 			</div>
 		</div>
 		<div class="form-group">