Fix htmlspecialchars for search (#8306)

Regression from https://github.com/FreshRSS/FreshRSS/pull/8293
author: Alexandre Alapetite <alexandre@alapetite.fr> 2025-12-11 18:18:22 +0100
committer: GitHub <noreply@github.com> 2025-12-11 18:18:22 +0100
commit: 044f066c1c9f08ab41c93e1f065053ad22e4959e (patch)
tree: 3eb5f1538afa3a3e2a2f29f95e6ea4b4218f571a /app
parent: 394411677ea9b3e5bb520c39db6e39f751c35e28 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php
index d914e4eef..3961a3fcd 100644
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@@ -106,7 +106,7 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 		$title = FreshRSS_Context::$name;
 		$search = FreshRSS_Context::$search->__toString();
 		if ($search !== '') {
-			$title = '“' . $search . '”';
+			$title = '“' . htmlspecialchars($search, ENT_COMPAT, 'UTF-8') . '”';
 		}
 		if (FreshRSS_Context::$get_unread > 0) {
 			$title = '(' . FreshRSS_Context::$get_unread . ') ' . $title;
diff --git a/app/layout/header.phtml b/app/layout/header.phtml
index 5c6ea63a4..73dfb3119 100644
--- a/app/layout/header.phtml
+++ b/app/layout/header.phtml
@@ -40,7 +40,7 @@
 			<?php } ?>
 			<div class="stick">
 				<input type="search" name="search" id="search"
-					value="<?= FreshRSS_Context::$search->__toString() ?>"
+					value="<?= htmlspecialchars(FreshRSS_Context::$search->__toString(), ENT_COMPAT, 'UTF-8') ?>"
 					placeholder="<?= _t('gen.menu.search') ?>" />
 				<button class="btn" type="submit"><?= _i('search') ?></button>
 			</div>
author	Alexandre Alapetite <alexandre@alapetite.fr>	2025-12-11 18:18:22 +0100
committer	GitHub <noreply@github.com>	2025-12-11 18:18:22 +0100
commit	044f066c1c9f08ab41c93e1f065053ad22e4959e (patch)
tree	3eb5f1538afa3a3e2a2f29f95e6ea4b4218f571a /app
parent	394411677ea9b3e5bb520c39db6e39f751c35e28 (diff)