diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2025-12-13 11:31:34 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-12-13 11:31:34 +0100 |
| commit | a8a544a2a205b42d2009b5c52d8939e8bc36263c (patch) | |
| tree | 27922ce7e14eec886cb0348aeb2501c3dceecf9c /app/Controllers/entryController.php | |
| parent | b66d4ade4160b0f13efa4fb48a6c27884ad81804 (diff) | |
Fix search encoding and quoting (#8311)
Revised the encoding approach for searches: the HTML encoding is done just before its use for DB search.
Fix also some cases with wrong quoting.
Fix https://github.com/FreshRSS/FreshRSS/pull/8306#issuecomment-3643865439
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/8293
Diffstat (limited to 'app/Controllers/entryController.php')
| -rw-r--r-- | app/Controllers/entryController.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/app/Controllers/entryController.php b/app/Controllers/entryController.php index 6bcf7f49e..c8f4bf8d1 100644 --- a/app/Controllers/entryController.php +++ b/app/Controllers/entryController.php @@ -45,14 +45,14 @@ class FreshRSS_entry_Controller extends FreshRSS_ActionController { * - is_read (default: true) */ public function readAction(): void { - $get = Minz_Request::paramString('get'); - $next_get = Minz_Request::paramString('nextGet') ?: $get; - $id_max = Minz_Request::paramString('idMax'); + $get = Minz_Request::paramString('get', plaintext: true); + $next_get = Minz_Request::paramString('nextGet', plaintext: true) ?: $get; + $id_max = Minz_Request::paramString('idMax', plaintext: true); if (!ctype_digit($id_max)) { $id_max = '0'; } $is_read = Minz_Request::paramTernary('is_read') ?? true; - FreshRSS_Context::$search = new FreshRSS_BooleanSearch(Minz_Request::paramString('search')); + FreshRSS_Context::$search = new FreshRSS_BooleanSearch(Minz_Request::paramString('search', plaintext: true)); $maxPubDate = Minz_Request::paramInt('maxPubDate'); if ($maxPubDate > 0) { $search = new FreshRSS_Search(''); @@ -170,8 +170,8 @@ class FreshRSS_entry_Controller extends FreshRSS_ActionController { } } else { /** @var list<numeric-string> $idArray */ - $idArray = Minz_Request::paramArrayString('id'); - $idString = Minz_Request::paramString('id'); + $idArray = Minz_Request::paramArrayString('id', plaintext: true); + $idString = Minz_Request::paramString('id', plaintext: true); if (count($idArray) > 0) { $ids = $idArray; } elseif (ctype_digit($idString)) { @@ -218,7 +218,7 @@ class FreshRSS_entry_Controller extends FreshRSS_ActionController { * If id is false, nothing happened. */ public function bookmarkAction(): void { - $id = Minz_Request::paramString('id'); + $id = Minz_Request::paramString('id', plaintext: true); $is_favourite = Minz_Request::paramTernary('is_favorite') ?? true; if ($id != '' && ctype_digit($id)) { $entryDAO = FreshRSS_Factory::createEntryDao(); |