Merge pull request #2001 from FreshRSS/dev1.11.2

FreshRSS 1.11.2
author: Alexandre Alapetite <alexandre@alapetite.fr> 2018-09-09 13:03:51 +0200
committer: GitHub <noreply@github.com> 2018-09-09 13:03:51 +0200
commit: 44bd07e506ade204151c276fdc05994d51efdd7a (patch)
tree: 2efe48133d2c874c65a99ae3a6cd92bb0dff4fe8 /app/layout/header.phtml
parent: 3306a1679c2570c30d4b662c887b4a71ce147398 (diff)
parent: 1802c1e9ae7d3d55a0e37e1cc2e7c0acc25f70ba (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/app/layout/header.phtml b/app/layout/header.phtml
index e589ed7ef..e75a25efa 100644
--- a/app/layout/header.phtml
+++ b/app/layout/header.phtml
@@ -25,7 +25,8 @@ if (FreshRSS_Auth::accessNeedsAction()) {
 		<?php if (FreshRSS_Auth::hasAccess() || FreshRSS_Context::$system_conf->allow_anonymous) { ?>
 		<form action="<?php echo _url('index', 'index'); ?>" method="get">
 			<div class="stick">
-				<input type="search" name="search" id="search" class="extend" value="<?php echo FreshRSS_Context::$search; ?>" placeholder="<?php echo _t('gen.menu.search'); ?>" />
+				<input type="search" name="search" id="search" class="extend" value="<?php
+					echo htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search, ENT_QUOTES), ENT_COMPAT, 'UTF-8'); ?>" placeholder="<?php echo _t('gen.menu.search'); ?>" />
 
 				<?php $get = Minz_Request::param('get', ''); ?>
 				<?php if ($get != '') { ?>
author	Alexandre Alapetite <alexandre@alapetite.fr>	2018-09-09 13:03:51 +0200
committer	GitHub <noreply@github.com>	2018-09-09 13:03:51 +0200
commit	44bd07e506ade204151c276fdc05994d51efdd7a (patch)
tree	2efe48133d2c874c65a99ae3a6cd92bb0dff4fe8 /app/layout/header.phtml
parent	3306a1679c2570c30d4b662c887b4a71ce147398 (diff)
parent	1802c1e9ae7d3d55a0e37e1cc2e7c0acc25f70ba (diff)