fix: added missing quoting for search terms

thorsten · Oct 21, 2022 · c7904f2 · c7904f2
1 parent 372428d
commit c7904f2
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/phpmyfaq/index.php b/phpmyfaq/index.php
@@ -549,7 +549,7 @@
     'dir' => $PMF_LANG['dir'],
     'writeSendAdress' => '?' . $sids . 'action=search',
     'searchBox' => $PMF_LANG['msgSearch'],
-    'searchTerm' => Strings::htmlspecialchars($searchTerm),
+    'searchTerm' => Strings::htmlspecialchars($searchTerm, ENT_QUOTES),
     'categoryId' => ($cat === 0) ? '%' : (int)$cat,
     'headerCategories' => $PMF_LANG['msgFullCategories'],
     'msgCategory' => $PMF_LANG['msgCategory'],

diff --git a/phpmyfaq/search.php b/phpmyfaq/search.php
@@ -286,7 +286,7 @@
         'searchBoxSection',
         [
             'writeSendAdress' => '?' . $sids . 'action=search',
-            'searchString' => Strings::htmlspecialchars($inputSearchTerm, ENT_QUOTES, 'utf-8'),
+            'searchString' => Strings::htmlspecialchars($inputSearchTerm, ENT_QUOTES),
             'searchOnAllLanguages' => $PMF_LANG['msgSearchOnAllLanguages'],
             'checkedAllLanguages' => $allLanguages ? ' checked' : '',
             'selectCategories' => $PMF_LANG['msgSelectCategories'],

diff --git a/phpmyfaq/src/phpMyFAQ/Strings.php b/phpmyfaq/src/phpMyFAQ/Strings.php
@@ -305,9 +305,9 @@ public static function htmlspecialchars(
      */
     public static function htmlentities(
         string $string,
-        $quoteStyle = ENT_HTML5,
-        $charset = 'utf-8',
-        $doubleEncode = true
+        int $quoteStyle = ENT_HTML5,
+        string $charset = 'utf-8',
+        bool $doubleEncode = false
     ): string
     {
         return htmlentities(