Fix user queries when they contain " (#3037)

Before, the user queries were working filter-wise but they failed at being displayed
properly in the configuration page. Thus they were stored without the search param.
Now, the search is URL encoded to avoid that kind of behavior and keep the search
param through out the user query's life.

1 files changed, 2 insertions, 2 deletions

diff --git a/app/views/configure/queries.phtml b/app/views/configure/queries.phtml
index a0f600b5d..cebd61547 100644
--- a/app/views/configure/queries.phtml
+++ b/app/views/configure/queries.phtml
@@ -15,7 +15,7 @@
 
 			<div class="group-controls">
 				<input type="hidden" id="queries_<?= $key ?>_url" name="queries[<?= $key ?>][url]" value="<?= $query->getUrl() ?>"/>
-				<input type="hidden" id="queries_<?= $key ?>_search" name="queries[<?= $key ?>][search]" value="<?= $query->getSearch() ?>"/>
+				<input type="hidden" id="queries_<?= $key ?>_search" name="queries[<?= $key ?>][search]" value="<?= urlencode($query->getSearch()) ?>"/>
 				<input type="hidden" id="queries_<?= $key ?>_state" name="queries[<?= $key ?>][state]" value="<?= $query->getState() ?>"/>
 				<input type="hidden" id="queries_<?= $key ?>_order" name="queries[<?= $key ?>][order]" value="<?= $query->getOrder() ?>"/>
 				<input type="hidden" id="queries_<?= $key ?>_get" name="queries[<?= $key ?>][get]" value="<?= $query->getGet() ?>"/>
@@ -52,7 +52,7 @@
 
 					<ul>
 						<?php if ($query->hasSearch()) { ?>
-						<li class="item"><?= _t('conf.query.search', $query->getSearch()->getRawInput()) ?></li>
+						<li class="item"><?= _t('conf.query.search', htmlspecialchars($query->getSearch()->getRawInput(), ENT_NOQUOTES, 'UTF-8')) ?></li>
 						<?php } ?>
 
 						<?php if ($query->getState()) { ?>