Fix fetching OPML url with special characters (#7843)

* Decode dynamic OPML url during fetch * add ENT_QUOTES * Store as plaintext instead of decoding
author: Inverle <inverle@proton.me> 2025-08-25 10:37:23 +0200
committer: GitHub <noreply@github.com> 2025-08-25 10:37:23 +0200
commit: 1481cf51f74330f2e76ed10de11bc2d80a6c95d4 (patch)
tree: a323bc8976de1179fc430414d53d3e5f0c7ff1d4 /app/views
parent: 339dcb1ea324e19aacfd7be02f75133a70a43d7c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/helpers/category/update.phtml b/app/views/helpers/category/update.phtml
index 3776ffd79..069e5bcf9 100644
--- a/app/views/helpers/category/update.phtml
+++ b/app/views/helpers/category/update.phtml
@@ -51,7 +51,7 @@
 					<label class="group-name" for="opml_url"><?= _t('sub.category.opml_url') ?></label>
 					<div class="group-controls">
 						<div class="stick">
-							<input id="opml_url" name="opml_url" type="url" autocomplete="off" class="long" data-disable-update="refreshOpml" value="<?= $this->category->attributeString('opml_url') ?>" />
+							<input id="opml_url" name="opml_url" type="url" autocomplete="off" class="long" data-disable-update="refreshOpml" value="<?= htmlspecialchars($this->category->attributeString('opml_url') ?? '', ENT_COMPAT, 'UTF-8') ?>" />
 							<button type="submit" class="btn" id="refreshOpml" formmethod="post" formaction="<?= _url('category', 'refreshOpml', 'id', $this->category->id()) ?>">
 								<?= _i('refresh') ?> <?= _t('gen.action.refresh_opml') ?>
 							</button>
author	Inverle <inverle@proton.me>	2025-08-25 10:37:23 +0200
committer	GitHub <noreply@github.com>	2025-08-25 10:37:23 +0200
commit	1481cf51f74330f2e76ed10de11bc2d80a6c95d4 (patch)
tree	a323bc8976de1179fc430414d53d3e5f0c7ff1d4 /app/views
parent	339dcb1ea324e19aacfd7be02f75133a70a43d7c (diff)