Fix escaping of tag search (#7468)

* Fix escaping of tag search fix https://github.com/FreshRSS/FreshRSS/issues/7466 * Minor clarity
author: Alexandre Alapetite <alexandre@alapetite.fr> 2025-04-01 09:39:16 +0200
committer: GitHub <noreply@github.com> 2025-04-01 09:39:16 +0200
commit: d81dbc44b80c061bcea7efeb778be45082e1dcc6 (patch)
tree: 3e4f35b81d9ac9030db630d17f02be2c5655e150 /app
parent: 426e3054c237c2b98667ebeacbbdb5caa88e7b1f (diff)
download: freshrss-d81dbc44b80c061bcea7efeb778be45082e1dcc6.tar.gz
freshrss-d81dbc44b80c061bcea7efeb778be45082e1dcc6.zip
3 files changed, 16 insertions, 6 deletions
diff --git a/app/Controllers/tagController.php b/app/Controllers/tagController.php
index cb3f164f5..68047656e 100644
--- a/app/Controllers/tagController.php
+++ b/app/Controllers/tagController.php
@@ -204,4 +204,9 @@ class FreshRSS_tag_Controller extends FreshRSS_ActionController {
 		$tagDAO = FreshRSS_Factory::createTagDao();
 		$this->view->tags = $tagDAO->listTags(precounts: true);
 	}
+
+	public static function escapeForSearch(string $tag): string {
+		$tag = htmlspecialchars_decode($tag, ENT_QUOTES);
+		return str_replace([' ', '(', ')'], ['+', '\\(', '\\)'], $tag);
+	}
 }
diff --git a/app/views/helpers/index/normal/entry_bottom.phtml b/app/views/helpers/index/normal/entry_bottom.phtml
index f3c363275..380d00318 100644
--- a/app/views/helpers/index/normal/entry_bottom.phtml
+++ b/app/views/helpers/index/normal/entry_bottom.phtml
@@ -56,7 +56,8 @@
 				<li class="dropdown-header"><?= _t('index.tag.related') ?></li>
 				<?php
 				foreach ($tags as $tag) {
-					?><li class="item"><a href="<?= _url('index', 'index', 'search', '#' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES))) ?>"><?= $tag ?></a></li><?php
+					?><li class="item"><a href="<?= _url('index', 'index', 'search', '#' .
+						FreshRSS_tag_Controller::escapeForSearch($tag)) ?>"><?= $tag ?></a></li><?php
 				} ?>
 			</ul>
 			<a class="dropdown-close" href="#close">❌</a>
diff --git a/app/views/helpers/index/tags.phtml b/app/views/helpers/index/tags.phtml
index 2c5804372..ffb2d6f72 100644
--- a/app/views/helpers/index/tags.phtml
+++ b/app/views/helpers/index/tags.phtml
@@ -11,11 +11,13 @@
 	<?= _i('tag') ?><ul class="list-tags">
 	<?php if (Minz_Request::controllerName() === 'index'): ?>
 		<?php foreach ($firstTags as $tag): ?>
-		<li class="item tag"><a class="link-tag" href="<?= _url('index', 'index', 'search', '#' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES))) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
+		<li class="item tag"><a class="link-tag" href="<?= _url('index', 'index', 'search', '#' .
+			FreshRSS_tag_Controller::escapeForSearch($tag)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
 		<?php endforeach; ?>
 	<?php else: // API public access ?>
 		<?php foreach ($firstTags as $tag): ?>
-		<li class="item tag"><a class="link-tag" href="<?= $this->html_url . '&search=%23' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
+		<li class="item tag"><a class="link-tag" href="<?= $this->html_url . '&search=' .
+			urlencode('#' . FreshRSS_tag_Controller::escapeForSearch($tag)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
 		<?php endforeach; ?>
 	<?php endif; ?>
 
@@ -29,11 +31,13 @@
 					<li class="dropdown-header"><?= _t('index.tag.related') ?></li>
 					<?php if (Minz_Request::controllerName() === 'index'): ?>
 						<?php foreach ($remainingTags as $tag): ?>
-						<li class="item"><a href="<?= _url('index', 'index', 'search', '#' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES))) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
+						<li class="item"><a href="<?= _url('index', 'index', 'search', '#' .
+							FreshRSS_tag_Controller::escapeForSearch($tag)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
 						<?php endforeach; ?>
-					<?php else: ?>
+					<?php else: // API public access ?>
 						<?php foreach ($remainingTags as $tag): ?>
-						<li class="item tag"><a class="link-tag" href="<?= $this->html_url . '&search=%23' . str_replace(' ', '+', htmlspecialchars_decode($tag, ENT_QUOTES)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
+						<li class="item tag"><a class="link-tag" href="<?= $this->html_url . '&search=' .
+							urlencode('#' . FreshRSS_tag_Controller::escapeForSearch($tag)) ?>" title="<?= _t('gen.action.filter') ?>">#<?= $tag ?></a></li>
 						<?php endforeach; ?>
 					<?php endif; ?>
 				</ul>
author	Alexandre Alapetite <alexandre@alapetite.fr>	2025-04-01 09:39:16 +0200
committer	GitHub <noreply@github.com>	2025-04-01 09:39:16 +0200
commit	d81dbc44b80c061bcea7efeb778be45082e1dcc6 (patch)
tree	3e4f35b81d9ac9030db630d17f02be2c5655e150 /app
parent	426e3054c237c2b98667ebeacbbdb5caa88e7b1f (diff)
download	freshrss-d81dbc44b80c061bcea7efeb778be45082e1dcc6.tar.gz freshrss-d81dbc44b80c061bcea7efeb778be45082e1dcc6.zip