Search builder stops working after 5.3.1 (due accents on custom set fields titles)

After 5.3.1 upgrade Search Builder jQuery interaction stops working. I could find the reason, seems that custom set title with accents break the Search Builder form.

How to test? On dmaster go to https://dmaster.demo.civicrm.org/civicrm/admin/custom/group?reset=1 and edit a custom set title for example with "Cancelación Suscripción" and save it. Then go to https://dmaster.demo.civicrm.org/civicrm/contact/search/builder?reset=1 and select some -record type- you will notice that no type of operator related to the selected type is suggested.

On the browser console appears this error:

Hi @francescbassas, do you know when this was last working? i.e. which version were you running before upgrading to 5.3.1?

changed the description

The upgrade was from 4.7.22

I can confirm this is a regression caused by the 5.3.2 security update to quick form.

In hierselect we have this chunk

            // create the js function to call
            if (!defined('HTML_QUICKFORM_HIERSELECT_EXISTS')) {
                $this->_js .= "function swapOptions(frm, grpName, eleIndex, nbElements, arName)\n"
                             ."{\n"
                             ."    var n = \"\";\n"
                             ."    var ctl;\n\n"
                             ."    for (var i = 0; i < nbElements; i++) {\n"
                             ."        ctl = frm[grpName+'['+i+']'];\n"
                             ."        if (!ctl) {\n"
                             ."            ctl = frm[grpName+'['+i+'][]'];\n"
                             ."        }\n"
                             ."        if (i <= eleIndex) {\n"
                             ."            n += \"_\"+ctl.value;\n"
                             ."        } else {\n"
                             ."            ctl.length = 0;\n"
                             ."        }\n"
                             ."    }\n\n"
                             ."    var t = eval(\"typeof(\"+arName + n +\")\");\n"
                             ."    if (t != 'undefined') {\n"
                             ."        var the_array = eval(arName+n);\n"
                             ."        var j = 0;\n"
                             ."        n = eleIndex + 1;\n"
                             ."        ctl = frm[grpName+'['+ n +']'];\n"
                             ."        if (!ctl) {\n"
                             ."            ctl = frm[grpName+'['+ n +'][]'];\n"
                             ."        }\n"
                             ."        ctl.style.display = 'inline';\n"
                             ."        for (var i in the_array) {\n"
                             ."            opt = new Option(the_array[i], i, false, false);\n"
                             ."            ctl.options[j++] = opt;\n"
                             ."        }\n"
                             ."    } else {\n"
                             ."        n = eleIndex + 1;\n"
                             ."        ctl = frm[grpName+'['+n+']'];\n"
                             ."        if (!ctl) {\n"
                             ."            ctl = frm[grpName+'['+ n +'][]'];\n"
                             ."        }\n"
                             ."        if (ctl) {\n"
                             ."            ctl.style.display = 'none';\n"
                             ."        }\n"
                             ."    }\n"
                             ."    if (eleIndex+1 < nbElements) {\n"
                             ."        swapOptions(frm, grpName, eleIndex+1, nbElements, arName);\n"
                             ."    }\n"
                             ."}\n";
                define('HTML_QUICKFORM_HIERSELECT_EXISTS', true);
            }
        }

Resulting in the invalid js (on the left) when I use your special char string

@colemanw @seamuslee I can't see how to mend it though.....

added regression sig:bug type:request labels

added triaged label

hmm no it's before that function - $this-_js is wrong before that

OK - it's happening in !line 367 hirerselect

            $js = '';
        } else {
            // $js empty means that we are adding the first element to the JavaScript.
            if ($js != '') {
                $js .= ",\n";
            }
            $js .= '"'.$optValue.'":'.json_encode($options);
        }
    }

This seems to be a regression caused by https://github.com/civicrm/civicrm-packages/commit/7cdbea3e3cb3f9be6d5161c7e44995ace2de13a6 which has been around for a while and related to https://issues.civicrm.org/jira/browse/CRM-21458 Have submitted the following PR https://github.com/civicrm/civicrm-packages/pull/225

@seamuslee re the regression - changing that back didn't fix it for me - I think it's the security release changes?

hmm maybe but json_encode does escape a fair bit. Somehow we must have lost the utf8ness i guess but not sure how

@seamuslee I don't quite know how either - but I was assuming that the removal of all those evals in QF somehow caused it

changed milestone to %5.4.0

changed milestone to %5.5.0

closed

mentioned in issue #508 (closed)