diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2025-12-13 11:31:34 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-12-13 11:31:34 +0100 |
| commit | a8a544a2a205b42d2009b5c52d8939e8bc36263c (patch) | |
| tree | 27922ce7e14eec886cb0348aeb2501c3dceecf9c /app/Models | |
| parent | b66d4ade4160b0f13efa4fb48a6c27884ad81804 (diff) | |
Fix search encoding and quoting (#8311)
Revised the encoding approach for searches: the HTML encoding is done just before its use for DB search.
Fix also some cases with wrong quoting.
Fix https://github.com/FreshRSS/FreshRSS/pull/8306#issuecomment-3643865439
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/8293
Diffstat (limited to 'app/Models')
| -rw-r--r-- | app/Models/BooleanSearch.php | 12 | ||||
| -rw-r--r-- | app/Models/Context.php | 2 | ||||
| -rw-r--r-- | app/Models/Search.php | 258 |
3 files changed, 130 insertions, 142 deletions
diff --git a/app/Models/BooleanSearch.php b/app/Models/BooleanSearch.php index 68885cde8..e959f7af9 100644 --- a/app/Models/BooleanSearch.php +++ b/app/Models/BooleanSearch.php @@ -26,16 +26,6 @@ class FreshRSS_BooleanSearch implements \Stringable { if ($input === '') { return; } - if ($level === 0) { - $input = preg_replace('/:"(.*?)"/', ':"\1"', $input); - if (!is_string($input)) { - return; - } - $input = preg_replace('/(?<=[\s(!-]|^)"(.*?)"/', '"\1"', $input); - if (!is_string($input)) { - return; - } - } $this->raw_input = $input; if ($level === 0) { @@ -517,7 +507,7 @@ class FreshRSS_BooleanSearch implements \Stringable { if ($part === '') { continue; } - $operator = $search instanceof FreshRSS_BooleanSearch ? $search->operator() : 'OR'; + $operator = $search instanceof FreshRSS_BooleanSearch ? $search->operator : 'OR'; if ((str_contains($part, ' ') || str_starts_with($part, '-')) && (count($this->searches) > 1 || in_array($operator, ['OR NOT', 'AND NOT'], true))) { $part = '(' . $part . ')'; diff --git a/app/Models/Context.php b/app/Models/Context.php index be4a06cc8..cc1b77026 100644 --- a/app/Models/Context.php +++ b/app/Models/Context.php @@ -248,7 +248,7 @@ final class FreshRSS_Context { } } - self::$search = new FreshRSS_BooleanSearch(Minz_Request::paramString('search')); + self::$search = new FreshRSS_BooleanSearch(Minz_Request::paramString('search', plaintext: true)); $order = Minz_Request::paramString('order', plaintext: true) ?: FreshRSS_Context::userConf()->sort_order; self::$order = in_array($order, ['ASC', 'DESC'], true) ? $order : 'DESC'; $sort = Minz_Request::paramString('sort', plaintext: true) ?: FreshRSS_Context::userConf()->sort; diff --git a/app/Models/Search.php b/app/Models/Search.php index 752e28408..201fed9f9 100644 --- a/app/Models/Search.php +++ b/app/Models/Search.php @@ -155,13 +155,19 @@ class FreshRSS_Search implements \Stringable { } private static function quote(string $s): string { - if (str_contains($s, ' ') || $s === '') { + if (strpbrk($s, ' "\'\\') !== false || $s === '') { return '"' . addcslashes($s, '\\"') . '"'; } return $s; } - private static function dateIntervalToString(?int $min, ?int $max): string { + private static function dateIntervalToString(int|false|null $min, int|false|null $max): string { + if ($min === false) { + $min = null; + } + if ($max === false) { + $max = null; + } if ($min === null && $max === null) { return ''; } @@ -261,184 +267,184 @@ class FreshRSS_Search implements \Stringable { public function __toString(): string { $result = ''; - if ($this->getEntryIds() !== null) { - $result .= ' e:' . implode(',', $this->getEntryIds()); + if ($this->entry_ids !== null) { + $result .= ' e:' . implode(',', $this->entry_ids); } - if ($this->getFeedIds() !== null) { - $result .= ' f:' . implode(',', $this->getFeedIds()); + if ($this->feed_ids !== null) { + $result .= ' f:' . implode(',', $this->feed_ids); } - if ($this->getCategoryIds() !== null) { - $result .= ' c:' . implode(',', $this->getCategoryIds()); + if ($this->category_ids !== null) { + $result .= ' c:' . implode(',', $this->category_ids); } - if ($this->getLabelIds() !== null) { - foreach ($this->getLabelIds() as $ids) { + if ($this->label_ids !== null) { + foreach ($this->label_ids as $ids) { $result .= ' L:' . (is_array($ids) ? implode(',', $ids) : $ids); } } - if ($this->getLabelNames() !== null) { - foreach ($this->getLabelNames() as $names) { + if ($this->label_names !== null) { + foreach ($this->label_names as $names) { $result .= ' labels:' . self::quote(implode(',', $names)); } } - if ($this->getMinUserdate() !== null || $this->getMaxUserdate() !== null) { - $result .= ' userdate:' . self::dateIntervalToString($this->getMinUserdate(), $this->getMaxUserdate()); + if ($this->min_userdate !== null || $this->max_userdate !== null) { + $result .= ' userdate:' . self::dateIntervalToString($this->min_userdate, $this->max_userdate); } - if ($this->getMinPubdate() !== null || $this->getMaxPubdate() !== null) { - $result .= ' pubdate:' . self::dateIntervalToString($this->getMinPubdate(), $this->getMaxPubdate()); + if ($this->min_pubdate !== null || $this->max_pubdate !== null) { + $result .= ' pubdate:' . self::dateIntervalToString($this->min_pubdate, $this->max_pubdate); } - if ($this->getMinDate() !== null || $this->getMaxDate() !== null) { - $result .= ' date:' . self::dateIntervalToString($this->getMinDate(), $this->getMaxDate()); + if ($this->min_date !== null || $this->max_date !== null) { + $result .= ' date:' . self::dateIntervalToString($this->min_date, $this->max_date); } - if ($this->getIntitleRegex() !== null) { - foreach ($this->getIntitleRegex() as $s) { + if ($this->intitle_regex !== null) { + foreach ($this->intitle_regex as $s) { $result .= ' intitle:' . $s; } } - if ($this->getIntitle() !== null) { - foreach ($this->getIntitle() as $s) { + if ($this->intitle !== null) { + foreach ($this->intitle as $s) { $result .= ' intitle:' . self::quote($s); } } - if ($this->getIntextRegex() !== null) { - foreach ($this->getIntextRegex() as $s) { + if ($this->intext_regex !== null) { + foreach ($this->intext_regex as $s) { $result .= ' intext:' . $s; } } - if ($this->getIntext() !== null) { - foreach ($this->getIntext() as $s) { + if ($this->intext !== null) { + foreach ($this->intext as $s) { $result .= ' intext:' . self::quote($s); } } - if ($this->getAuthorRegex() !== null) { - foreach ($this->getAuthorRegex() as $s) { + if ($this->author_regex !== null) { + foreach ($this->author_regex as $s) { $result .= ' author:' . $s; } } - if ($this->getAuthor() !== null) { - foreach ($this->getAuthor() as $s) { + if ($this->author !== null) { + foreach ($this->author as $s) { $result .= ' author:' . self::quote($s); } } - if ($this->getInurlRegex() !== null) { - foreach ($this->getInurlRegex() as $s) { + if ($this->inurl_regex !== null) { + foreach ($this->inurl_regex as $s) { $result .= ' inurl:' . $s; } } - if ($this->getInurl() !== null) { - foreach ($this->getInurl() as $s) { + if ($this->inurl !== null) { + foreach ($this->inurl as $s) { $result .= ' inurl:' . self::quote($s); } } - if ($this->getTagsRegex() !== null) { - foreach ($this->getTagsRegex() as $s) { + if ($this->tags_regex !== null) { + foreach ($this->tags_regex as $s) { $result .= ' #' . $s; } } - if ($this->getTags() !== null) { - foreach ($this->getTags() as $s) { + if ($this->tags !== null) { + foreach ($this->tags as $s) { $result .= ' #' . self::quote($s); } } - if ($this->getSearchRegex() !== null) { - foreach ($this->getSearchRegex() as $s) { + if ($this->search_regex !== null) { + foreach ($this->search_regex as $s) { $result .= ' ' . $s; } } - if ($this->getSearch() !== null) { - foreach ($this->getSearch() as $s) { + if ($this->search !== null) { + foreach ($this->search as $s) { $result .= ' ' . self::quote($s); } } - if ($this->getNotEntryIds() !== null) { - $result .= ' -e:' . implode(',', $this->getNotEntryIds()); + if ($this->not_entry_ids !== null) { + $result .= ' -e:' . implode(',', $this->not_entry_ids); } - if ($this->getNotFeedIds() !== null) { - $result .= ' -f:' . implode(',', $this->getNotFeedIds()); + if ($this->not_feed_ids !== null) { + $result .= ' -f:' . implode(',', $this->not_feed_ids); } - if ($this->getNotCategoryIds() !== null) { - $result .= ' -c:' . implode(',', $this->getNotCategoryIds()); + if ($this->not_category_ids !== null) { + $result .= ' -c:' . implode(',', $this->not_category_ids); } - if ($this->getNotLabelIds() !== null) { - foreach ($this->getNotLabelIds() as $ids) { + if ($this->not_label_ids !== null) { + foreach ($this->not_label_ids as $ids) { $result .= ' -L:' . (is_array($ids) ? implode(',', $ids) : $ids); } } - if ($this->getNotLabelNames() !== null) { - foreach ($this->getNotLabelNames() as $names) { + if ($this->not_label_names !== null) { + foreach ($this->not_label_names as $names) { $result .= ' -labels:' . self::quote(implode(',', $names)); } } - if ($this->getNotMinUserdate() !== null || $this->getNotMaxUserdate() !== null) { - $result .= ' -userdate:' . self::dateIntervalToString($this->getNotMinUserdate(), $this->getNotMaxUserdate()); + if ($this->not_min_userdate !== null || $this->not_max_userdate !== null) { + $result .= ' -userdate:' . self::dateIntervalToString($this->not_min_userdate, $this->not_max_userdate); } - if ($this->getNotMinPubdate() !== null || $this->getNotMaxPubdate() !== null) { - $result .= ' -pubdate:' . self::dateIntervalToString($this->getNotMinPubdate(), $this->getNotMaxPubdate()); + if ($this->not_min_pubdate !== null || $this->not_max_pubdate !== null) { + $result .= ' -pubdate:' . self::dateIntervalToString($this->not_min_pubdate, $this->not_max_pubdate); } - if ($this->getNotMinDate() !== null || $this->getNotMaxDate() !== null) { - $result .= ' -date:' . self::dateIntervalToString($this->getNotMinDate(), $this->getNotMaxDate()); + if ($this->not_min_date !== null || $this->not_max_date !== null) { + $result .= ' -date:' . self::dateIntervalToString($this->not_min_date, $this->not_max_date); } - if ($this->getNotIntitleRegex() !== null) { - foreach ($this->getNotIntitleRegex() as $s) { + if ($this->not_intitle_regex !== null) { + foreach ($this->not_intitle_regex as $s) { $result .= ' -intitle:' . $s; } } - if ($this->getNotIntitle() !== null) { - foreach ($this->getNotIntitle() as $s) { + if ($this->not_intitle !== null) { + foreach ($this->not_intitle as $s) { $result .= ' -intitle:' . self::quote($s); } } - if ($this->getNotIntextRegex() !== null) { - foreach ($this->getNotIntextRegex() as $s) { + if ($this->not_intext_regex !== null) { + foreach ($this->not_intext_regex as $s) { $result .= ' -intext:' . $s; } } - if ($this->getNotIntext() !== null) { - foreach ($this->getNotIntext() as $s) { + if ($this->not_intext !== null) { + foreach ($this->not_intext as $s) { $result .= ' -intext:' . self::quote($s); } } - if ($this->getNotAuthorRegex() !== null) { - foreach ($this->getNotAuthorRegex() as $s) { + if ($this->not_author_regex !== null) { + foreach ($this->not_author_regex as $s) { $result .= ' -author:' . $s; } } - if ($this->getNotAuthor() !== null) { - foreach ($this->getNotAuthor() as $s) { + if ($this->not_author !== null) { + foreach ($this->not_author as $s) { $result .= ' -author:' . self::quote($s); } } - if ($this->getNotInurlRegex() !== null) { - foreach ($this->getNotInurlRegex() as $s) { + if ($this->not_inurl_regex !== null) { + foreach ($this->not_inurl_regex as $s) { $result .= ' -inurl:' . $s; } } - if ($this->getNotInurl() !== null) { - foreach ($this->getNotInurl() as $s) { + if ($this->not_inurl !== null) { + foreach ($this->not_inurl as $s) { $result .= ' -inurl:' . self::quote($s); } } - if ($this->getNotTagsRegex() !== null) { - foreach ($this->getNotTagsRegex() as $s) { + if ($this->not_tags_regex !== null) { + foreach ($this->not_tags_regex as $s) { $result .= ' -#' . $s; } } - if ($this->getNotTags() !== null) { - foreach ($this->getNotTags() as $s) { + if ($this->not_tags !== null) { + foreach ($this->not_tags as $s) { $result .= ' -#' . self::quote($s); } } - if ($this->getNotSearchRegex() !== null) { - foreach ($this->getNotSearchRegex() as $s) { + if ($this->not_search_regex !== null) { + foreach ($this->not_search_regex as $s) { $result .= ' -' . $s; } } - if ($this->getNotSearch() !== null) { - foreach ($this->getNotSearch() as $s) { + if ($this->not_search !== null) { + foreach ($this->not_search as $s) { $result .= ' -' . self::quote($s); } } @@ -486,25 +492,25 @@ class FreshRSS_Search implements \Stringable { return $this->not_label_ids; } /** @return list<list<string>>|null */ - public function getLabelNames(): ?array { - return $this->label_names; + public function getLabelNames(bool $plaintext = false): ?array { + return $plaintext ? $this->label_names : Minz_Helper::htmlspecialchars_utf8($this->label_names, ENT_NOQUOTES); } /** @return list<list<string>>|null */ - public function getNotLabelNames(): ?array { - return $this->not_label_names; + public function getNotLabelNames(bool $plaintext = false): ?array { + return $plaintext ? $this->not_label_names : Minz_Helper::htmlspecialchars_utf8($this->not_label_names, ENT_NOQUOTES); } /** @return list<string>|null */ - public function getIntitle(): ?array { - return $this->intitle; + public function getIntitle(bool $plaintext = false): ?array { + return $plaintext ? $this->intitle : Minz_Helper::htmlspecialchars_utf8($this->intitle, ENT_NOQUOTES); } /** @return list<string>|null */ public function getIntitleRegex(): ?array { return $this->intitle_regex; } /** @return list<string>|null */ - public function getNotIntitle(): ?array { - return $this->not_intitle; + public function getNotIntitle(bool $plaintext = false): ?array { + return $plaintext ? $this->not_intitle : Minz_Helper::htmlspecialchars_utf8($this->not_intitle, ENT_NOQUOTES); } /** @return list<string>|null */ public function getNotIntitleRegex(): ?array { @@ -512,16 +518,16 @@ class FreshRSS_Search implements \Stringable { } /** @return list<string>|null */ - public function getIntext(): ?array { - return $this->intext; + public function getIntext(bool $plaintext = false): ?array { + return $plaintext ? $this->intext : Minz_Helper::htmlspecialchars_utf8($this->intext, ENT_NOQUOTES); } /** @return list<string>|null */ public function getIntextRegex(): ?array { return $this->intext_regex; } /** @return list<string>|null */ - public function getNotIntext(): ?array { - return $this->not_intext; + public function getNotIntext(bool $plaintext = false): ?array { + return $plaintext ? $this->not_intext : Minz_Helper::htmlspecialchars_utf8($this->not_intext, ENT_NOQUOTES); } /** @return list<string>|null */ public function getNotIntextRegex(): ?array { @@ -580,16 +586,16 @@ class FreshRSS_Search implements \Stringable { } /** @return list<string>|null */ - public function getInurl(): ?array { - return $this->inurl; + public function getInurl(bool $plaintext = false): ?array { + return $plaintext ? $this->inurl : Minz_Helper::htmlspecialchars_utf8($this->inurl, ENT_NOQUOTES); } /** @return list<string>|null */ public function getInurlRegex(): ?array { return $this->inurl_regex; } /** @return list<string>|null */ - public function getNotInurl(): ?array { - return $this->not_inurl; + public function getNotInurl(bool $plaintext = false): ?array { + return $plaintext ? $this->not_inurl : Minz_Helper::htmlspecialchars_utf8($this->not_inurl, ENT_NOQUOTES); } /** @return list<string>|null */ public function getNotInurlRegex(): ?array { @@ -597,16 +603,16 @@ class FreshRSS_Search implements \Stringable { } /** @return list<string>|null */ - public function getAuthor(): ?array { - return $this->author; + public function getAuthor(bool $plaintext = false): ?array { + return $plaintext ? $this->author : Minz_Helper::htmlspecialchars_utf8($this->author, ENT_NOQUOTES); } /** @return list<string>|null */ public function getAuthorRegex(): ?array { return $this->author_regex; } /** @return list<string>|null */ - public function getNotAuthor(): ?array { - return $this->not_author; + public function getNotAuthor(bool $plaintext = false): ?array { + return $plaintext ? $this->not_author : Minz_Helper::htmlspecialchars_utf8($this->not_author, ENT_NOQUOTES); } /** @return list<string>|null */ public function getNotAuthorRegex(): ?array { @@ -614,16 +620,16 @@ class FreshRSS_Search implements \Stringable { } /** @return list<string>|null */ - public function getTags(): ?array { - return $this->tags; + public function getTags(bool $plaintext = false): ?array { + return $plaintext ? $this->tags : Minz_Helper::htmlspecialchars_utf8($this->tags, ENT_NOQUOTES); } /** @return list<string>|null */ public function getTagsRegex(): ?array { return $this->tags_regex; } /** @return list<string>|null */ - public function getNotTags(): ?array { - return $this->not_tags; + public function getNotTags(bool $plaintext = false): ?array { + return $plaintext ? $this->not_tags : Minz_Helper::htmlspecialchars_utf8($this->not_tags, ENT_NOQUOTES); } /** @return list<string>|null */ public function getNotTagsRegex(): ?array { @@ -631,16 +637,16 @@ class FreshRSS_Search implements \Stringable { } /** @return list<string>|null */ - public function getSearch(): ?array { - return $this->search; + public function getSearch(bool $plaintext = false): ?array { + return $plaintext ? $this->search : Minz_Helper::htmlspecialchars_utf8($this->search, ENT_NOQUOTES); } /** @return list<string>|null */ public function getSearchRegex(): ?array { return $this->search_regex; } /** @return list<string>|null */ - public function getNotSearch(): ?array { - return $this->not_search; + public function getNotSearch(bool $plaintext = false): ?array { + return $plaintext ? $this->not_search : Minz_Helper::htmlspecialchars_utf8($this->not_search, ENT_NOQUOTES); } /** @return list<string>|null */ public function getNotSearchRegex(): ?array { @@ -672,14 +678,6 @@ class FreshRSS_Search implements \Stringable { } /** - * @param list<string> $strings - * @return list<string> - */ - private static function htmlspecialchars_decodes(array $strings): array { - return array_map(static fn(string $s) => htmlspecialchars_decode($s, ENT_QUOTES), $strings); - } - - /** * Parse the search string to find entry (article) IDs. */ private function parseEntryIds(string $input): string { @@ -890,7 +888,7 @@ class FreshRSS_Search implements \Stringable { */ private function parseIntitleSearch(string $input): string { if (preg_match_all('#\\bintitle:(?P<search>/.*?(?<!\\\\)/[im]*)#', $input, $matches)) { - $this->intitle_regex = self::htmlspecialchars_decodes($matches['search']); + $this->intitle_regex = $matches['search']; $input = str_replace($matches[0], '', $input); } if (preg_match_all('/\\bintitle:(?P<delim>[\'"])(?P<search>.*)(?P=delim)/U', $input, $matches)) { @@ -910,7 +908,7 @@ class FreshRSS_Search implements \Stringable { private function parseNotIntitleSearch(string $input): string { if (preg_match_all('#(?<=[\\s(]|^)[!-]intitle:(?P<search>/.*?(?<!\\\\)/[im]*)#', $input, $matches)) { - $this->not_intitle_regex = self::htmlspecialchars_decodes($matches['search']); + $this->not_intitle_regex = $matches['search']; $input = str_replace($matches[0], '', $input); } if (preg_match_all('/(?<=[\\s(]|^)[!-]intitle:(?P<delim>[\'"])(?P<search>.*)(?P=delim)/U', $input, $matches)) { @@ -933,7 +931,7 @@ class FreshRSS_Search implements \Stringable { */ private function parseIntextSearch(string $input): string { if (preg_match_all('#\\bintext:(?P<search>/.*?(?<!\\\\)/[im]*)#', $input, $matches)) { - $this->intext_regex = self::htmlspecialchars_decodes($matches['search']); + $this->intext_regex = $matches['search']; $input = str_replace($matches[0], '', $input); } if (preg_match_all('/\\bintext:(?P<delim>[\'"])(?P<search>.*)(?P=delim)/U', $input, $matches)) { @@ -953,7 +951,7 @@ class FreshRSS_Search implements \Stringable { private function parseNotIntextSearch(string $input): string { if (preg_match_all('#(?<=[\\s(]|^)[!-]intext:(?P<search>/.*?(?<!\\\\)/[im]*)#', $input, $matches)) { - $this->not_intext_regex = self::htmlspecialchars_decodes($matches['search']); + $this->not_intext_regex = $matches['search']; $input = str_replace($matches[0], '', $input); } if (preg_match_all('/(?<=[\\s(]|^)[!-]intext:(?P<delim>[\'"])(?P<search>.*)(?P=delim)/U', $input, $matches)) { @@ -978,7 +976,7 @@ class FreshRSS_Search implements \Stringable { */ private function parseAuthorSearch(string $input): string { if (preg_match_all('#\\bauthor:(?P<search>/.*?(?<!\\\\)/[im]*)#', $input, $matches)) { - $this->author_regex = self::htmlspecialchars_decodes($matches['search']); + $this->author_regex = $matches['search']; $input = str_replace($matches[0], '', $input); } if (preg_match_all('/\\bauthor:(?P<delim>[\'"])(?P<search>.*)(?P=delim)/U', $input, $matches)) { @@ -998,7 +996,7 @@ class FreshRSS_Search implements \Stringable { private function parseNotAuthorSearch(string $input): string { if (preg_match_all('#(?<=[\\s(]|^)[!-]author:(?P<search>/.*?(?<!\\\\)/[im]*)#', $input, $matches)) { - $this->not_author_regex = self::htmlspecialchars_decodes($matches['search']); + $this->not_author_regex = $matches['search']; $input = str_replace($matches[0], '', $input); } if (preg_match_all('/(?<=[\\s(]|^)[!-]author:(?P<delim>[\'"])(?P<search>.*)(?P=delim)/U', $input, $matches)) { @@ -1022,7 +1020,7 @@ class FreshRSS_Search implements \Stringable { */ private function parseInurlSearch(string $input): string { if (preg_match_all('#\\binurl:(?P<search>/.*?(?<!\\\\)/[im]*)#', $input, $matches)) { - $this->inurl_regex = self::htmlspecialchars_decodes($matches['search']); + $this->inurl_regex = $matches['search']; $input = str_replace($matches[0], '', $input); } if (preg_match_all('/\\binurl:(?P<delim>[\'"])(?P<search>.*)(?P=delim)/U', $input, $matches)) { @@ -1042,7 +1040,7 @@ class FreshRSS_Search implements \Stringable { private function parseNotInurlSearch(string $input): string { if (preg_match_all('#(?<=[\\s(]|^)[!-]inurl:(?P<search>/.*?(?<!\\\\)/[im]*)#', $input, $matches)) { - $this->not_inurl_regex = self::htmlspecialchars_decodes($matches['search']); + $this->not_inurl_regex = $matches['search']; $input = str_replace($matches[0], '', $input); } if (preg_match_all('/(?<=[\\s(]|^)[!-]inurl:(?P<delim>[\'"])(?P<search>.*)(?P=delim)/U', $input, $matches)) { @@ -1146,7 +1144,7 @@ class FreshRSS_Search implements \Stringable { */ private function parseTagsSearch(string $input): string { if (preg_match_all('%#(?P<search>/.*?(?<!\\\\)/[im]*)%', $input, $matches)) { - $this->tags_regex = self::htmlspecialchars_decodes($matches['search']); + $this->tags_regex = $matches['search']; $input = str_replace($matches[0], '', $input); } if (preg_match_all('/#(?P<delim>[\'"])(?P<search>.*)(?P=delim)/U', $input, $matches)) { @@ -1168,7 +1166,7 @@ class FreshRSS_Search implements \Stringable { private function parseNotTagsSearch(string $input): string { if (preg_match_all('%(?<=[\\s(]|^)[!-]#(?P<search>/.*?(?<!\\\\)/[im]*)%', $input, $matches)) { - $this->not_tags_regex = self::htmlspecialchars_decodes($matches['search']); + $this->not_tags_regex = $matches['search']; $input = str_replace($matches[0], '', $input); } if (preg_match_all('/(?<=[\\s(]|^)[!-]#(?P<delim>[\'"])(?P<search>.*)(?P=delim)/U', $input, $matches)) { @@ -1199,7 +1197,7 @@ class FreshRSS_Search implements \Stringable { return ''; } if (preg_match_all('#(?<=[\\s(]|^)(?<![!-\\\\])(?P<search>/.*?(?<!\\\\)/[im]*)#', $input, $matches)) { - $this->search_regex = self::htmlspecialchars_decodes($matches['search']); + $this->search_regex = $matches['search']; //TODO: Replace all those str_replace with PREG_OFFSET_CAPTURE $input = str_replace($matches[0], '', $input); } @@ -1234,7 +1232,7 @@ class FreshRSS_Search implements \Stringable { return ''; } if (preg_match_all('#(?<=[\\s(]|^)[!-](?P<search>(?<!\\\\)/.*?(?<!\\\\)/[im]*)#', $input, $matches)) { - $this->not_search_regex = self::htmlspecialchars_decodes($matches['search']); + $this->not_search_regex = $matches['search']; $input = str_replace($matches[0], '', $input); } if (preg_match_all('/(?<=[\\s(]|^)[!-](?P<delim>[\'"])(?P<search>.*)(?P=delim)/U', $input, $matches)) { |