diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2018-06-22 16:07:48 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2018-06-22 16:07:48 +0200 |
| commit | a66b995be7d187a208bf7f66ce4d83911ba5932f (patch) | |
| tree | 87489cdd4591e175ef169de852e319fe3fa3c776 /app/layout | |
| parent | 0dab4f8bce46d6a1d81b4b369e5beaa4d385813f (diff) | |
Explicit quotes decoding (#1947)
* Explicit quotes decoding
* Explicit htmlspecialchars_decode and htmlspecialchars
Diffstat (limited to 'app/layout')
| -rw-r--r-- | app/layout/header.phtml | 2 | ||||
| -rw-r--r-- | app/layout/nav_menu.phtml | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/app/layout/header.phtml b/app/layout/header.phtml index 3eb8b984d..e75a25efa 100644 --- a/app/layout/header.phtml +++ b/app/layout/header.phtml @@ -26,7 +26,7 @@ if (FreshRSS_Auth::accessNeedsAction()) { <form action="<?php echo _url('index', 'index'); ?>" method="get"> <div class="stick"> <input type="search" name="search" id="search" class="extend" value="<?php - echo htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search), ENT_COMPAT, 'UTF-8'); ?>" placeholder="<?php echo _t('gen.menu.search'); ?>" /> + echo htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search, ENT_QUOTES), ENT_COMPAT, 'UTF-8'); ?>" placeholder="<?php echo _t('gen.menu.search'); ?>" /> <?php $get = Minz_Request::param('get', ''); ?> <?php if ($get != '') { ?> diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml index f8a2376ec..d1f3bed43 100644 --- a/app/layout/nav_menu.phtml +++ b/app/layout/nav_menu.phtml @@ -163,7 +163,7 @@ <div class="item search"> <form action="<?php echo _url('index', 'index'); ?>" method="get"> <input type="search" name="search" class="extend" value="<?php - echo htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search), ENT_COMPAT, 'UTF-8'); ?>" placeholder="<?php echo _t('index.menu.search_short'); ?>" /> + echo htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search, ENT_QUOTES), ENT_COMPAT, 'UTF-8'); ?>" placeholder="<?php echo _t('index.menu.search_short'); ?>" /> <?php $get = Minz_Request::param('get', ''); ?> <?php if($get != '') { ?> |