Fix user queries when they contain " (#3037)

Before, the user queries were working filter-wise but they failed at being displayed
properly in the configuration page. Thus they were stored without the search param.
Now, the search is URL encoded to avoid that kind of behavior and keep the search
param through out the user query's life.

app/Controllers/configureController.php

@@ -281,6 +281,9 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 				if (!$query['name']) {
 					$query['name'] = _t('conf.query.number', $key + 1);
 				}
+				if ($query['search']) {
+					$query['search'] = urldecode($query['search']);
+				}
 				$queries[] = new FreshRSS_UserQuery($query, $feed_dao, $category_dao);
 			}
 			FreshRSS_Context::$user_conf->queries = $queries;

app/views/configure/queries.phtml

@@ -15,7 +15,7 @@
 
 			<div class="group-controls">
 				<input type="hidden" id="queries_<?= $key ?>_url" name="queries[<?= $key ?>][url]" value="<?= $query->getUrl() ?>"/>
-				<input type="hidden" id="queries_<?= $key ?>_search" name="queries[<?= $key ?>][search]" value="<?= $query->getSearch() ?>"/>
+				<input type="hidden" id="queries_<?= $key ?>_search" name="queries[<?= $key ?>][search]" value="<?= urlencode($query->getSearch()) ?>"/>
 				<input type="hidden" id="queries_<?= $key ?>_state" name="queries[<?= $key ?>][state]" value="<?= $query->getState() ?>"/>
 				<input type="hidden" id="queries_<?= $key ?>_order" name="queries[<?= $key ?>][order]" value="<?= $query->getOrder() ?>"/>
 				<input type="hidden" id="queries_<?= $key ?>_get" name="queries[<?= $key ?>][get]" value="<?= $query->getGet() ?>"/>
@@ -52,7 +52,7 @@
 
 					<ul>
 						<?php if ($query->hasSearch()) { ?>
-						<li class="item"><?= _t('conf.query.search', $query->getSearch()->getRawInput()) ?></li>
+						<li class="item"><?= _t('conf.query.search', htmlspecialchars($query->getSearch()->getRawInput(), ENT_NOQUOTES, 'UTF-8')) ?></li>
 						<?php } ?>
 
 						<?php if ($query->getState()) { ?>