[issue_tracker] Resolves special characters in titles

[charlottesce]

Brief summary of changes

Resolves how special characters were appearing encoded in the title in the filterable table and the title of the issue itself e.g. &, ", etc. instead of &, ", etc.

Testing instructions (if applicable)

1. Go to Tools -> Issue Tracker
2. Create a new issue and put the special characters &, <, >, " in the title; fill out necessary fields -> click Submit
   a. In the main page, the title of the issue in the table should have the characters above as is, and not "&", etc.
3. Click to Edit the issue you just created
   a. In the edit form, the title of the issue in the table should again have the characters above, and not "&", etc.

Note

This is a CCNA override - https://github.com/aces/CCNA/pull/4032, https://github.com/aces/CCNA/pull/4084

[regisoc]

Tested. LGTM.

[ridz1208]

no no no no no no no no no no no

[ridz1208]

@charlottesce The current solution is only masking the fact that the data is encoded for security but never decoded. The real solution here is that we simply no longer need to encode the data and should instead be saving it with unsafeupdate and unsafeinsert instead.

I can not comment on the specific lines as they are not in the PR but here are the locations

• https://github.com/aces/Loris/blob/main/modules/issue_tracker/php/edit.class.inc#L488
• https://github.com/aces/Loris/blob/main/modules/issue_tracker/php/edit.class.inc#L484
• https://github.com/aces/Loris/blob/main/modules/issue_tracker/php/edit.class.inc#L876

there may be other places I misssed

[ridz1208]

bellissimo !

@driusan please double check the security risk

[driusan]

do we need an unescaping script to fix existing data?