Fix inversed encoding logic in paramArray (#6800)

* Fix inversed encoding logic in paramArray https://github.com/FreshRSS/FreshRSS/pull/6797#discussion_r1754661634 Also fix the possibility to use `<'&">` in shortcuts, and some minor encoding bugs in user queries * Forgot paramArrayString
author: Alexandre Alapetite <alexandre@alapetite.fr> 2024-09-12 11:04:49 +0200
committer: GitHub <noreply@github.com> 2024-09-12 11:04:49 +0200
commit: fd1b5e9343b6fe92b4e5dfbbc2f01ddfcd010af9 (patch)
tree: 5cc4e7399212d2fdce401465e3590f2275b16c26 /app/views
parent: d1f1e42c2b180f34276d7ddd1a2bfeaf4e59ed05 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/app/views/configure/shortcut.phtml b/app/views/configure/shortcut.phtml
index 78b659120..b7930f263 100644
--- a/app/views/configure/shortcut.phtml
+++ b/app/views/configure/shortcut.phtml
@@ -16,7 +16,9 @@
 		<?php } ?>
 	</datalist>
 
-	<?php $s = FreshRSS_Context::userConf()->shortcuts; ?>
+	<?php
+		$s = array_map(static fn(string $string) => htmlspecialchars($string, ENT_COMPAT, 'UTF-8'), FreshRSS_Context::userConf()->shortcuts);
+	?>
 
 	<?php if ([] !== $nonStandard = getNonStandardShortcuts($s)): ?>
 		<p class="alert alert-error">
author	Alexandre Alapetite <alexandre@alapetite.fr>	2024-09-12 11:04:49 +0200
committer	GitHub <noreply@github.com>	2024-09-12 11:04:49 +0200
commit	fd1b5e9343b6fe92b4e5dfbbc2f01ddfcd010af9 (patch)
tree	5cc4e7399212d2fdce401465e3590f2275b16c26 /app/views
parent	d1f1e42c2b180f34276d7ddd1a2bfeaf4e59ed05 (diff)