Explicit quotes decoding (#1947)

* Explicit quotes decoding

* Explicit htmlspecialchars_decode and htmlspecialchars

5 files changed, 8 insertions, 8 deletions

diff --git a/app/views/helpers/export/opml.phtml b/app/views/helpers/export/opml.phtml
index 236cca303..edb4d4eda 100644
--- a/app/views/helpers/export/opml.phtml
+++ b/app/views/helpers/export/opml.phtml
@@ -16,11 +16,11 @@ foreach ($this->categories as $key => $cat) {
 
 	foreach ($cat['feeds'] as $feed) {
 		$opml_array['body'][$key]['@outlines'][] = array(
-			'text' => htmlspecialchars_decode($feed->name()),
+			'text' => htmlspecialchars_decode($feed->name(), ENT_QUOTES),
 			'type' => 'rss',
-			'xmlUrl' => htmlspecialchars_decode($feed->url()),
-			'htmlUrl' => htmlspecialchars_decode($feed->website()),
-			'description' => htmlspecialchars_decode($feed->description()),
+			'xmlUrl' => htmlspecialchars_decode($feed->url(), ENT_QUOTES),
+			'htmlUrl' => htmlspecialchars_decode($feed->website(), ENT_QUOTES),
+			'description' => htmlspecialchars_decode($feed->description(), ENT_QUOTES),
 		);
 	}
 }
diff --git a/app/views/helpers/index/normal/entry_bottom.phtml b/app/views/helpers/index/normal/entry_bottom.phtml
index 793c644f9..6417da4cb 100644
--- a/app/views/helpers/index/normal/entry_bottom.phtml
+++ b/app/views/helpers/index/normal/entry_bottom.phtml
@@ -81,7 +81,7 @@
 			<ul class="dropdown-menu">
 				<li class="dropdown-close"><a href="#close">❌</a></li><?php
 				foreach($tags as $tag) {
-					?><li class="item"><a href="<?php echo _url('index', 'index', 'search', '#' . htmlspecialchars_decode($tag)); ?>"><?php echo $tag; ?></a></li><?php
+					?><li class="item"><a href="<?php echo _url('index', 'index', 'search', '#' . htmlspecialchars_decode($tag, ENT_QUOTES)); ?>"><?php echo $tag; ?></a></li><?php
 				} ?>
 			</ul>
 		</div>
diff --git a/app/views/helpers/javascript_vars.phtml b/app/views/helpers/javascript_vars.phtml
index 1b9b614d2..d7b3e4360 100644
--- a/app/views/helpers/javascript_vars.phtml
+++ b/app/views/helpers/javascript_vars.phtml
@@ -56,4 +56,4 @@ echo htmlspecialchars(json_encode(array(
 	'icons' => array(
 		'close' => _i('close'),
 	),
-), JSON_UNESCAPED_UNICODE), ENT_NOQUOTES);
+), JSON_UNESCAPED_UNICODE), ENT_NOQUOTES, 'UTF-8');
diff --git a/app/views/stats/index.phtml b/app/views/stats/index.phtml
index a36f812a8..2ff3e6c52 100644
--- a/app/views/stats/index.phtml
+++ b/app/views/stats/index.phtml
@@ -88,6 +88,6 @@ echo htmlspecialchars(json_encode(array(
 	'dataCount' => $this->count,
 	'feedByCategory' => $this->feedByCategory,
 	'entryByCategory' => $this->entryByCategory,
-), JSON_UNESCAPED_UNICODE), ENT_NOQUOTES);
+), JSON_UNESCAPED_UNICODE), ENT_NOQUOTES, 'UTF-8');
 ?></script>
 <script src="../scripts/stats.js?<?php echo @filemtime(PUBLIC_PATH . '/scripts/stats.js'); ?>"></script>
diff --git a/app/views/stats/repartition.phtml b/app/views/stats/repartition.phtml
index 5ebcdce5a..4bce418c9 100644
--- a/app/views/stats/repartition.phtml
+++ b/app/views/stats/repartition.phtml
@@ -69,6 +69,6 @@ echo htmlspecialchars(json_encode(array(
 	'days' => $this->days,
 	'repartitionMonth' => $this->repartitionMonth,
 	'months' => $this->months,
-), JSON_UNESCAPED_UNICODE), ENT_NOQUOTES);
+), JSON_UNESCAPED_UNICODE), ENT_NOQUOTES, 'UTF-8');
 ?></script>
 <script src="../scripts/repartition.js?<?php echo @filemtime(PUBLIC_PATH . '/scripts/repartition.js'); ?>"></script>