From a66b995be7d187a208bf7f66ce4d83911ba5932f Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Fri, 22 Jun 2018 16:07:48 +0200
Subject: Explicit quotes decoding (#1947)

* Explicit quotes decoding

* Explicit htmlspecialchars_decode and htmlspecialchars
---
 app/FreshRSS.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/FreshRSS.php')

diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index 25fd429a2..2bd5135a9 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -66,7 +66,7 @@ class FreshRSS extends Minz_FrontController {
 				403,
 				array('error' => array(
 					_t('feedback.access.denied'),
-					' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']'
+					' [HTTP_REFERER=' . htmlspecialchars($http_referer, ENT_NOQUOTES, 'UTF-8') . ']'
 				))
 			);
 		}
-- 
cgit v1.2.3