Bug fix: Fix triple HTML encoding

[kamil-tekiela]

Some values were double or even triple encoded in the HTML/JS. This resulted in garbled up text. This PR removed HTML escaping from places where it is not needed.

Cherry-picked from #17246 onto QA_5_1 branch

[codecov]

Codecov Report

Merging #17247 (903afe8) into QA_5_1 (d2cd67f) will decrease coverage by 0.00%.
The diff coverage is 66.66%.

@@             Coverage Diff              @@
##             QA_5_1   #17247      +/-   ##
============================================
- Coverage     57.78%   57.78%   -0.01%     
+ Complexity    15324    15323       -1     
============================================
  Files           471      471              
  Lines         62127    62124       -3     
============================================
- Hits          35899    35896       -3     
  Misses        26228    26228              

Flag	Coverage Δ
arch-7-amd64	61.13% <66.66%> (-0.01%)	⬇️
arch-7-arm32v6	61.02% <66.66%> (-0.01%)	⬇️
arch-7-arm32v7	61.02% <66.66%> (-0.01%)	⬇️
arch-7-arm64v8	61.13% <66.66%> (-0.01%)	⬇️
arch-7-i386	61.02% <66.66%> (-0.01%)	⬇️
arch-7-ppc64le	61.13% <66.66%> (-0.01%)	⬇️
arch-7-s390x	60.99% <66.66%> (-0.01%)	⬇️
dbase-extension	57.47% <66.66%> (-0.01%)	⬇️
recode-extension	57.42% <66.66%> (-0.01%)	⬇️
unit-7.1-ubuntu-latest	57.42% <66.66%> (-0.01%)	⬇️
unit-7.2-ubuntu-latest	57.60% <66.66%> (-0.01%)	⬇️
unit-7.3-ubuntu-latest	61.15% <66.66%> (-0.01%)	⬇️
unit-7.4-ubuntu-latest	61.16% <66.66%> (-0.01%)	⬇️
unit-8.0-ubuntu-latest	61.21% <66.66%> (-0.01%)	⬇️
unit-8.1-ubuntu-latest	61.09% <66.66%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
libraries/classes/Display/Results.php	48.74% <0.00%> (ø)
...s/classes/Controllers/Table/RelationController.php	23.03% <100.00%> (-1.28%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0b9b2c0...903afe8. Read the comment docs.

[williamdes]

I can confirm this part of the fix in the column select to add a foreign key when the column has a strange name

[williamdes]

Could you provide ways to test all the parts of this fix please ?
I could confirm one of the changes

[kamil-tekiela]

1. Create a table with varchar(255) as a primary key. Enter a record with primary key '"<>&a. Press delete button to delete that row. The SQL is garbled.
2. Create a table called '"<>&a with a column called '"<>&a. Create index on the column with the default name. Try to drop that index. The SQL is garbled.
3. Create a table '"<>&a with a column '"<>&a and foo. Create relationship called '"<>&a on the table '"<>&a on the column foo pointing to column '"<>&a. Try to force the value dropdown via AJAX. The column name is garbled and cannot be selected.

There is also 1 more error when you try to delete a column called '"<>&a but I haven't fixed that one.

I hope these steps can be reproduced, let me know if not and I will prepare more detailed steps.