From 9a2ff10616aa664120a3f2d56741cd6721c76801 Mon Sep 17 00:00:00 2001
From: xfnw <xfnw@thunix.net>
Date: Thu, 24 Jun 2021 14:00:33 -0400
Subject: [PATCH] fix the double-escaping of htmlspecialchars

---
 index.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/index.php b/index.php
index f213522..a0902bc 100644
--- a/index.php
+++ b/index.php
@@ -67,18 +67,18 @@ if (isset($_GET['q']) && preg_replace('/\s+/', '', $_GET['q']) != '') {
 ?>
 
 <div class='box'>
-<a href="<?php echo htmlspecialchars($row['url']); ?>"><?php echo htmlspecialchars($row['title']); ?></a>
+<a href="<?php echo htmlspecialchars(htmlspecialchars_decode($row['url'])); ?>"><?php echo htmlspecialchars(htmlspecialchars_decode($row['title'])); ?></a>
 <br>
-<small>(score: <?php echo round($row['score']); ?>) <?php echo htmlspecialchars($row['url']); ?></small>
+<small>(score: <?php echo round($row['score']); ?>) <?php echo htmlspecialchars(htmlspecialchars_decode($row['url'])); ?></small>
 <br>
 ...<?php
 		$content = $row['content'];
 		foreach ($terms as $param) {
 			$pos = strpos(strtolower($content), strtolower($param));
 			if ($pos !== false) {
-				echo htmlspecialchars(substr($content,$pos-50,50));
-				echo '<strong>'.htmlspecialchars($param).'</strong>';
-				echo htmlspecialchars(substr($content,$pos+strlen($param),50)).'...';
+				echo htmlspecialchars(htmlspecialchars_decode(substr($content,$pos-50,50)));
+				echo '<strong>'.htmlspecialchars(htmlspecialchars_decode($param)).'</strong>';
+				echo htmlspecialchars(htmlspecialchars_decode(substr($content,$pos+strlen($param),50))).'...';
 			}
 		}