xfnw/searpl
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

fix the double-escaping of htmlspecialchars

Browse source
This commit is contained in:
xfnw 2021-06-24 14:00:33 -04:00
parent 826e3c2b7c
commit 9a2ff10616
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
index.php
View file

@ -67,18 +67,18 @@ if (isset($_GET['q']) && preg_replace('/\s+/', '', $_GET['q']) != '') {
?>
<div class='box'>
<a href="<?php echo htmlspecialchars($row['url']); ?>"><?php echo htmlspecialchars($row['title']); ?></a>
<a href="<?php echo htmlspecialchars(htmlspecialchars_decode($row['url'])); ?>"><?php echo htmlspecialchars(htmlspecialchars_decode($row['title'])); ?></a>
<br>
<small>(score: <?php echo round($row['score']); ?>) <?php echo htmlspecialchars($row['url']); ?></small>
<small>(score: <?php echo round($row['score']); ?>) <?php echo htmlspecialchars(htmlspecialchars_decode($row['url'])); ?></small>
<br>
...<?php
$content = $row['content'];
foreach ($terms as $param) {
$pos = strpos(strtolower($content), strtolower($param));
if ($pos !== false) {
echo htmlspecialchars(substr($content,$pos-50,50));
echo '<strong>'.htmlspecialchars($param).'</strong>';
echo htmlspecialchars(substr($content,$pos+strlen($param),50)).'...';
echo htmlspecialchars(htmlspecialchars_decode(substr($content,$pos-50,50)));
echo '<strong>'.htmlspecialchars(htmlspecialchars_decode($param)).'</strong>';
echo htmlspecialchars(htmlspecialchars_decode(substr($content,$pos+strlen($param),50))).'...';
}
}