Explicit quotes decoding (#1947)

* Explicit quotes decoding * Explicit htmlspecialchars_decode and htmlspecialchars
author: Alexandre Alapetite <alexandre@alapetite.fr> 2018-06-22 16:07:48 +0200
committer: GitHub <noreply@github.com> 2018-06-22 16:07:48 +0200
commit: a66b995be7d187a208bf7f66ce4d83911ba5932f (patch)
tree: 87489cdd4591e175ef169de852e319fe3fa3c776 /app/layout/header.phtml
parent: 0dab4f8bce46d6a1d81b4b369e5beaa4d385813f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/layout/header.phtml b/app/layout/header.phtml
index 3eb8b984d..e75a25efa 100644
--- a/app/layout/header.phtml
+++ b/app/layout/header.phtml
@@ -26,7 +26,7 @@ if (FreshRSS_Auth::accessNeedsAction()) {
 		<form action="<?php echo _url('index', 'index'); ?>" method="get">
 			<div class="stick">
 				<input type="search" name="search" id="search" class="extend" value="<?php
-					echo htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search), ENT_COMPAT, 'UTF-8'); ?>" placeholder="<?php echo _t('gen.menu.search'); ?>" />
+					echo htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search, ENT_QUOTES), ENT_COMPAT, 'UTF-8'); ?>" placeholder="<?php echo _t('gen.menu.search'); ?>" />
 
 				<?php $get = Minz_Request::param('get', ''); ?>
 				<?php if ($get != '') { ?>
author	Alexandre Alapetite <alexandre@alapetite.fr>	2018-06-22 16:07:48 +0200
committer	GitHub <noreply@github.com>	2018-06-22 16:07:48 +0200
commit	a66b995be7d187a208bf7f66ce4d83911ba5932f (patch)
tree	87489cdd4591e175ef169de852e319fe3fa3c776 /app/layout/header.phtml
parent	0dab4f8bce46d6a1d81b4b369e5beaa4d385813f (diff)