diff options
| -rwxr-xr-x | app/Controllers/configureController.php | 3 | ||||
| -rw-r--r-- | app/views/configure/queries.phtml | 4 |
2 files changed, 5 insertions, 2 deletions
diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index 09efef40c..ba7316472 100755 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -281,6 +281,9 @@ class FreshRSS_configure_Controller extends Minz_ActionController { if (!$query['name']) { $query['name'] = _t('conf.query.number', $key + 1); } + if ($query['search']) { + $query['search'] = urldecode($query['search']); + } $queries[] = new FreshRSS_UserQuery($query, $feed_dao, $category_dao); } FreshRSS_Context::$user_conf->queries = $queries; diff --git a/app/views/configure/queries.phtml b/app/views/configure/queries.phtml index a0f600b5d..cebd61547 100644 --- a/app/views/configure/queries.phtml +++ b/app/views/configure/queries.phtml @@ -15,7 +15,7 @@ <div class="group-controls"> <input type="hidden" id="queries_<?= $key ?>_url" name="queries[<?= $key ?>][url]" value="<?= $query->getUrl() ?>"/> - <input type="hidden" id="queries_<?= $key ?>_search" name="queries[<?= $key ?>][search]" value="<?= $query->getSearch() ?>"/> + <input type="hidden" id="queries_<?= $key ?>_search" name="queries[<?= $key ?>][search]" value="<?= urlencode($query->getSearch()) ?>"/> <input type="hidden" id="queries_<?= $key ?>_state" name="queries[<?= $key ?>][state]" value="<?= $query->getState() ?>"/> <input type="hidden" id="queries_<?= $key ?>_order" name="queries[<?= $key ?>][order]" value="<?= $query->getOrder() ?>"/> <input type="hidden" id="queries_<?= $key ?>_get" name="queries[<?= $key ?>][get]" value="<?= $query->getGet() ?>"/> @@ -52,7 +52,7 @@ <ul> <?php if ($query->hasSearch()) { ?> - <li class="item"><?= _t('conf.query.search', $query->getSearch()->getRawInput()) ?></li> + <li class="item"><?= _t('conf.query.search', htmlspecialchars($query->getSearch()->getRawInput(), ENT_NOQUOTES, 'UTF-8')) ?></li> <?php } ?> <?php if ($query->getState()) { ?> |