Bug/15992 using expression manager with double quotes fails for end u…

…rl field (#2112)

* Fixed issue #15992: Using Expression Manager with double quotes fails for end URL field

* Fixed issue #15992: Using Expression Manager with double quotes fails for end URL field

- Remove html_entity_decode() from url filter

Co-authored-by: encuestabizdevgit <devgit@encuesta.biz>

application/controllers/admin/database.php

@@ -957,7 +957,7 @@ protected function saveSurveyLanguageSettings($iSurveyID, $languagelist)
                     $data['surveyls_policy_notice_label'] = $dataseclabel;
                 }
                 if ($sURL !== null) {
-                    $data['surveyls_url'] = htmlspecialchars($sURL);
+                    $data['surveyls_url'] = $sURL;
                 }
                 if ($sURLDescription !== null) {
                     $data['surveyls_urldescription'] = htmlspecialchars($sURLDescription);

application/core/LSYii_Validators.php

@@ -58,7 +58,7 @@ protected function validateAttribute($object, $attribute)
         if ($this->xssfilter) {
             $object->$attribute = $this->xssFilter($object->$attribute);
             if ($this->isUrl) {
-                $object->$attribute = str_replace('javascript:', '', html_entity_decode($object->$attribute, ENT_QUOTES, "UTF-8"));
+                $object->$attribute = str_replace('javascript:', '', $object->$attribute);
             }
         }
         // Note that URL checking only checks basic URL properties. As a URL can contain EM expression there needs to be a lot of freedom.