diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2025-04-01 09:39:16 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-04-01 09:39:16 +0200 |
| commit | d81dbc44b80c061bcea7efeb778be45082e1dcc6 (patch) | |
| tree | 3e4f35b81d9ac9030db630d17f02be2c5655e150 /app/views | |
| parent | 426e3054c237c2b98667ebeacbbdb5caa88e7b1f (diff) | |
Fix escaping of tag search (#7468)
* Fix escaping of tag search
fix https://github.com/FreshRSS/FreshRSS/issues/7466
* Minor clarity
Diffstat (limited to 'app/views')
| -rw-r--r-- | app/views/helpers/index/normal/entry_bottom.phtml | 3 | ||||
| -rw-r--r-- | app/views/helpers/index/tags.phtml | 14 |
2 files changed, 11 insertions, 6 deletions
diff --git a/app/views/helpers/index/normal/entry_bottom.phtml b/app/views/helpers/index/normal/entry_bottom.phtml index f3c363275..380d00318 100644 --- a/app/views/helpers/index/normal/entry_bottom.phtml +++ b/app/views/helpers/index/normal/entry_bottom.phtml @@ -56,7 +56,8 @@ <li class="dropdown-header"><?= _t('index.tag.related') ?></li> <?php foreach ($tags as $tag) { - ?><li class="item"><a href="<?= _url('index', 'index', 'search', '#' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES))) ?>"><?= $tag ?></a></li><?php + ?><li class="item"><a href="<?= _url('index', 'index', 'search', '#' . + FreshRSS_tag_Controller::escapeForSearch($tag)) ?>"><?= $tag ?></a></li><?php } ?> </ul> <a class="dropdown-close" href="#close">❌</a> diff --git a/app/views/helpers/index/tags.phtml b/app/views/helpers/index/tags.phtml index 2c5804372..ffb2d6f72 100644 --- a/app/views/helpers/index/tags.phtml +++ b/app/views/helpers/index/tags.phtml @@ -11,11 +11,13 @@ <?= _i('tag') ?><ul class="list-tags"> <?php if (Minz_Request::controllerName() === 'index'): ?> <?php foreach ($firstTags as $tag): ?> - <li class="item tag"><a class="link-tag" href="<?= _url('index', 'index', 'search', '#' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES))) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li> + <li class="item tag"><a class="link-tag" href="<?= _url('index', 'index', 'search', '#' . + FreshRSS_tag_Controller::escapeForSearch($tag)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li> <?php endforeach; ?> <?php else: // API public access ?> <?php foreach ($firstTags as $tag): ?> - <li class="item tag"><a class="link-tag" href="<?= $this->html_url . '&search=%23' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li> + <li class="item tag"><a class="link-tag" href="<?= $this->html_url . '&search=' . + urlencode('#' . FreshRSS_tag_Controller::escapeForSearch($tag)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li> <?php endforeach; ?> <?php endif; ?> @@ -29,11 +31,13 @@ <li class="dropdown-header"><?= _t('index.tag.related') ?></li> <?php if (Minz_Request::controllerName() === 'index'): ?> <?php foreach ($remainingTags as $tag): ?> - <li class="item"><a href="<?= _url('index', 'index', 'search', '#' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES))) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li> + <li class="item"><a href="<?= _url('index', 'index', 'search', '#' . + FreshRSS_tag_Controller::escapeForSearch($tag)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li> <?php endforeach; ?> - <?php else: ?> + <?php else: // API public access ?> <?php foreach ($remainingTags as $tag): ?> - <li class="item tag"><a class="link-tag" href="<?= $this->html_url . '&search=%23' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li> + <li class="item tag"><a class="link-tag" href="<?= $this->html_url . '&search=' . + urlencode('#' . FreshRSS_tag_Controller::escapeForSearch($tag)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li> <?php endforeach; ?> <?php endif; ?> </ul> |