xfnw/searpl
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

fix the double-escaping of htmlspecialchars

Browse source
This commit is contained in:
xfnw 2021-06-24 14:00:33 -04:00
parent 826e3c2b7c
commit 9a2ff10616
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
index.php
View file

@ -67,18 +67,18 @@ if (isset($_GET['q']) && preg_replace('/\s+/', '', $_GET['q']) != '') {
?> ?>
<div class='box'> <div class='box'>
<a href="<?php echo htmlspecialchars($row['url']); ?>"><?php echo htmlspecialchars($row['title']); ?></a> <a href="<?php echo htmlspecialchars(htmlspecialchars_decode($row['url'])); ?>"><?php echo htmlspecialchars(htmlspecialchars_decode($row['title'])); ?></a>
<br> <br>
<small>(score: <?php echo round($row['score']); ?>) <?php echo htmlspecialchars($row['url']); ?></small> <small>(score: <?php echo round($row['score']); ?>) <?php echo htmlspecialchars(htmlspecialchars_decode($row['url'])); ?></small>
<br> <br>
...<?php ...<?php
$content = $row['content']; $content = $row['content'];
foreach ($terms as $param) { foreach ($terms as $param) {
$pos = strpos(strtolower($content), strtolower($param)); $pos = strpos(strtolower($content), strtolower($param));
if ($pos !== false) { if ($pos !== false) {
echo htmlspecialchars(substr($content,$pos-50,50)); echo htmlspecialchars(htmlspecialchars_decode(substr($content,$pos-50,50)));
echo '<strong>'.htmlspecialchars($param).'</strong>'; echo '<strong>'.htmlspecialchars(htmlspecialchars_decode($param)).'</strong>';
echo htmlspecialchars(substr($content,$pos+strlen($param),50)).'...'; echo htmlspecialchars(htmlspecialchars_decode(substr($content,$pos+strlen($param),50))).'...';
} }
} }