diff options
| -rwxr-xr-x | app/Controllers/configureController.php | 2 | ||||
| -rw-r--r-- | app/views/helpers/configure/query.phtml | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index b2c1b5109..31619bf80 100755 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -347,7 +347,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController { if (Minz_Request::isPost()) { $params = array_filter(Minz_Request::param('query', [])); if (!empty($params['search'])) { - $params['search'] = urldecode($params['search']); + $params['search'] = htmlspecialchars_decode($params['search'], ENT_QUOTES); } if (!empty($params['state'])) { $params['state'] = array_sum($params['state']); diff --git a/app/views/helpers/configure/query.phtml b/app/views/helpers/configure/query.phtml index 7298a0a9a..38a1a715c 100644 --- a/app/views/helpers/configure/query.phtml +++ b/app/views/helpers/configure/query.phtml @@ -19,7 +19,7 @@ <div class="form-group"> <label class="group-name" for=""><?= _t('conf.query.filter.search') ?></label> <div class="group-controls"> - <input type="text" id="query_search" name="query[search]" class="extend" value="<?= urldecode($this->query->getSearch()) ?>"/> + <input type="text" id="query_search" name="query[search]" class="extend" value="<?= htmlspecialchars($this->query->getSearch(), ENT_COMPAT, 'UTF-8') ?>"/> </div> </div> <div class="form-group"> |