From 627af2c236bf4a370a5d31641757b69d679513f6 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 16 Feb 2021 15:36:40 +0300 Subject: [PATCH] amend previous to fix actual underlying problem (double escaping) --- classes/pref/filters.php | 8 ++------ include/controls.php | 2 +- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/classes/pref/filters.php b/classes/pref/filters.php index 36357234b..caefb1ea7 100755 --- a/classes/pref/filters.php +++ b/classes/pref/filters.php @@ -388,11 +388,9 @@ class Pref_Filters extends Handler_Protected { if (!$line["inverse"]) unset($line["inverse"]); unset($line["match_on"]); - $data = htmlspecialchars((string)json_encode($line)); - print "
  • ".$this->_get_rule_name($line)."". - \Controls\hidden_tag("rule[]", $data)."
    • "; + \Controls\hidden_tag("rule[]", (string)json_encode($line)).""; } } @@ -430,11 +428,9 @@ class Pref_Filters extends Handler_Protected { unset($line["filter_id"]); unset($line["id"]); - $data = htmlspecialchars((string)json_encode($line)); - print "
  • ".$this->_get_action_name($line)."". - \Controls\hidden_tag("action[]", $data)."
    • "; + \Controls\hidden_tag("action[]", (string)json_encode($line)).""; } } diff --git a/include/controls.php b/include/controls.php index 6d3cfc417..b351a9449 100755 --- a/include/controls.php +++ b/include/controls.php @@ -61,7 +61,7 @@ function hidden_tag(string $name, string $value) { return ""; + name=\"".htmlspecialchars($name)."\" value=\"".htmlspecialchars($value)."\">"; } function checkbox_tag(string $name, bool $checked = false, string $value = "", string $attributes = "", string $id = "") {