diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2024-09-22 11:05:06 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2024-09-22 11:05:06 +0200 |
| commit | 1c09408c6459eb8d719d94ba593edfa44883cb85 (patch) | |
| tree | 67e8e8e464c2f491aae2a5c16bb8ee46bcb2b41b /app/views/helpers/feed/update.phtml | |
| parent | c599ff4e4b09274f23369706e92b5040aa182038 (diff) | |
Fix HTML encodings in e.g. cURL options (#6821)
* Fix HTML encodings in e.g. cURL options
* Trim headers whitespace
Diffstat (limited to 'app/views/helpers/feed/update.phtml')
| -rw-r--r-- | app/views/helpers/feed/update.phtml | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/app/views/helpers/feed/update.phtml b/app/views/helpers/feed/update.phtml index 5a08d1a3e..5a14eff0f 100644 --- a/app/views/helpers/feed/update.phtml +++ b/app/views/helpers/feed/update.phtml @@ -646,7 +646,7 @@ <label class="group-name" for="curl_params_cookie"><?= _t('sub.feed.css_cookie') ?></label> <div class="group-controls"> <input type="text" name="curl_params_cookie" id="curl_params_cookie" class="w100" value="<?= - !empty($curlParams[CURLOPT_COOKIE]) ? $curlParams[CURLOPT_COOKIE] : '' + htmlspecialchars((string)($curlParams[CURLOPT_COOKIE] ?? ''), ENT_COMPAT, 'UTF-8') ?>" placeholder="<?= _t('gen.short.blank_to_disable') ?>" /> <p class="help"><?= _i('help') ?> <?= _t('sub.feed.css_cookie_help') ?></p> <label for="curl_params_cookiefile"> @@ -684,7 +684,7 @@ <label class="group-name" for="curl_params_useragent"><?= _t('sub.feed.useragent') ?></label> <div class="group-controls"> <input type="text" name="curl_params_useragent" id="curl_params_useragent" class="w100" value="<?= - !empty($curlParams[CURLOPT_USERAGENT]) ? $curlParams[CURLOPT_USERAGENT] : '' + htmlspecialchars((string)($curlParams[CURLOPT_USERAGENT] ?? ''), ENT_COMPAT, 'UTF-8') ?>" placeholder="<?= _t('gen.short.blank_to_disable') ?>" /> <p class="help"><?= _i('help') ?> <?= _t('sub.feed.useragent_help') ?></p> </div> @@ -701,7 +701,7 @@ ?> </select> <input type="text" name="curl_params" id="curl_params" value="<?= - !empty($curlParams[CURLOPT_PROXY]) ? $curlParams[CURLOPT_PROXY] : '' + htmlspecialchars((string)($curlParams[CURLOPT_PROXY] ?? ''), ENT_COMPAT, 'UTF-8') ?>" placeholder="<?= _t('gen.short.blank_to_disable') ?>" /> <p class="help"><?= _i('help') ?> <?= _t('sub.feed.proxy_help') ?></p> </div> @@ -722,8 +722,7 @@ </select> <div class="stick"> <input type="text" name="curl_fields" id="curl_fields" value="<?= - $this->feed->attributeArray('curl_params') !== null && !empty($this->feed->attributeArray('curl_params')[CURLOPT_POSTFIELDS]) ? - htmlentities($this->feed->attributeArray('curl_params')[CURLOPT_POSTFIELDS], ENT_COMPAT) : '' + htmlspecialchars($this->feed->attributeArray('curl_params')[CURLOPT_POSTFIELDS] ?? '', ENT_COMPAT, 'UTF-8') ?>" placeholder="<?= _t('sub.feed.method_postparams') ?>" /> </div> <p class="help"><?= _i('help') ?> <?= _t('sub.feed.method_help') ?></p> @@ -751,7 +750,11 @@ <div class="form-group"> <label class="group-name" for="http_headers"><?= _t('sub.feed.http_headers') ?></label> <div class="group-controls"> - <textarea class="valid-json" id="http_headers" name="http_headers" rows="3" cols="64" spellcheck="false"><?= !empty($this->feed->attributeArray('curl_params')) ? implode(PHP_EOL, $this->feed->attributeArray('curl_params')[CURLOPT_HTTPHEADER]) : '' ?></textarea> + <textarea class="valid-json" id="http_headers" name="http_headers" rows="3" cols="64" spellcheck="false"><?php + foreach ($this->feed->attributeArray('curl_params')[CURLOPT_HTTPHEADER] ?? [] as $header) { + echo htmlspecialchars($header, ENT_NOQUOTES, 'UTF-8'), PHP_EOL; + } + ?></textarea> <p class="help"><?= _i('help') ?> <?= _t('sub.feed.http_headers_help') ?></p> </div> </div> |