fix: added missing quoting for search terms

Author: thorsten

phpmyfaq/index.php

@@ -549,7 +549,7 @@
     'dir' => $PMF_LANG['dir'],
     'writeSendAdress' => '?' . $sids . 'action=search',
     'searchBox' => $PMF_LANG['msgSearch'],
-    'searchTerm' => Strings::htmlspecialchars($searchTerm),
+    'searchTerm' => Strings::htmlspecialchars($searchTerm, ENT_QUOTES),
     'categoryId' => ($cat === 0) ? '%' : (int)$cat,
     'headerCategories' => $PMF_LANG['msgFullCategories'],
     'msgCategory' => $PMF_LANG['msgCategory'],

phpmyfaq/search.php

@@ -286,7 +286,7 @@
         'searchBoxSection',
         [
             'writeSendAdress' => '?' . $sids . 'action=search',
-            'searchString' => Strings::htmlspecialchars($inputSearchTerm, ENT_QUOTES, 'utf-8'),
+            'searchString' => Strings::htmlspecialchars($inputSearchTerm, ENT_QUOTES),
             'searchOnAllLanguages' => $PMF_LANG['msgSearchOnAllLanguages'],
             'checkedAllLanguages' => $allLanguages ? ' checked' : '',
             'selectCategories' => $PMF_LANG['msgSelectCategories'],

phpmyfaq/src/phpMyFAQ/Strings.php

@@ -305,9 +305,9 @@ public static function htmlspecialchars(
      */
     public static function htmlentities(
         string $string,
-        $quoteStyle = ENT_HTML5,
-        $charset = 'utf-8',
-        $doubleEncode = true
+        int $quoteStyle = ENT_HTML5,
+        string $charset = 'utf-8',
+        bool $doubleEncode = false
     ): string
     {
         return htmlentities(