mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-05-14 18:23:52 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix search encoding and quoting (#8311)

Browse Source 
Revised the encoding approach for searches: the HTML encoding is done just before its use for DB search.
Fix also some cases with wrong quoting.
Fix https://github.com/FreshRSS/FreshRSS/pull/8306#issuecomment-3643865439
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/8293
This commit is contained in:
Alexandre Alapetite
2025-12-13 11:31:34 +01:00
committed by GitHub
parent b66d4ade41
commit a8a544a2a2
7 changed files with 157 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/Controllers/entryController.php
View File

@@ -45,14 +45,14 @@ class FreshRSS_entry_Controller extends FreshRSS_ActionController {
* - is_read (default: true)
*/
public function readAction(): void {
$get = Minz_Request::paramString('get');
$next_get = Minz_Request::paramString('nextGet') ?: $get;
$id_max = Minz_Request::paramString('idMax');
$get = Minz_Request::paramString('get', plaintext: true);
$next_get = Minz_Request::paramString('nextGet', plaintext: true) ?: $get;
$id_max = Minz_Request::paramString('idMax', plaintext: true);
if (!ctype_digit($id_max)) {
$id_max = '0';
}
$is_read = Minz_Request::paramTernary('is_read') ?? true;
FreshRSS_Context::$search = new FreshRSS_BooleanSearch(Minz_Request::paramString('search'));
FreshRSS_Context::$search = new FreshRSS_BooleanSearch(Minz_Request::paramString('search', plaintext: true));
$maxPubDate = Minz_Request::paramInt('maxPubDate');
if ($maxPubDate > 0) {
$search = new FreshRSS_Search('');
@@ -170,8 +170,8 @@ class FreshRSS_entry_Controller extends FreshRSS_ActionController {
}
} else {
/** @var list<numeric-string> $idArray */
$idArray = Minz_Request::paramArrayString('id');
$idString = Minz_Request::paramString('id');
$idArray = Minz_Request::paramArrayString('id', plaintext: true);
$idString = Minz_Request::paramString('id', plaintext: true);
if (count($idArray) > 0) {
$ids = $idArray;
} elseif (ctype_digit($idString)) {
@@ -218,7 +218,7 @@ class FreshRSS_entry_Controller extends FreshRSS_ActionController {
* If id is false, nothing happened.
*/
public function bookmarkAction(): void {
$id = Minz_Request::paramString('id');
$id = Minz_Request::paramString('id', plaintext: true);
$is_favourite = Minz_Request::paramTernary('is_favorite') ?? true;
if ($id != '' && ctype_digit($id)) {
$entryDAO = FreshRSS_Factory::createEntryDao();