From 6936efd3874ea364fdd90fa97c612c67b875eb0c Mon Sep 17 00:00:00 2001
From: Ivan Nieto Vivanco <inietov@gmail.com>
Date: Sun, 12 Feb 2023 16:27:37 -0600
Subject: [PATCH 1/2] Remove e() function from customfield format input

---
 app/Http/Controllers/CustomFieldsController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/CustomFieldsController.php b/app/Http/Controllers/CustomFieldsController.php
index 4eb31450e..e29cbaa3f 100644
--- a/app/Http/Controllers/CustomFieldsController.php
+++ b/app/Http/Controllers/CustomFieldsController.php
@@ -109,9 +109,9 @@ class CustomFieldsController extends Controller
 
 
         if ($request->filled('custom_format')) {
-            $field->format = e($request->get('custom_format'));
+            $field->format = $request->get('custom_format');
         } else {
-            $field->format = e($request->get('format'));
+            $field->format = $request->get('format');
         }
 
         if ($field->save()) {

From 99122ccb50da8f4d4c742c0191eedfebcce94b09 Mon Sep 17 00:00:00 2001
From: Ivan Nieto Vivanco <inietov@gmail.com>
Date: Sun, 12 Feb 2023 17:40:04 -0600
Subject: [PATCH 2/2] Add migration to fix already escaped formats in the
 database

---
 ...4353_fix_unescaped_customfields_format.php | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 database/migrations/2023_02_12_224353_fix_unescaped_customfields_format.php

diff --git a/database/migrations/2023_02_12_224353_fix_unescaped_customfields_format.php b/database/migrations/2023_02_12_224353_fix_unescaped_customfields_format.php
new file mode 100644
index 000000000..f1779e996
--- /dev/null
+++ b/database/migrations/2023_02_12_224353_fix_unescaped_customfields_format.php
@@ -0,0 +1,33 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+use App\Models\CustomField;
+
+class FixUnescapedCustomfieldsFormat extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        $customfields = CustomField::where('format', 'LIKE', '%&%')->get();
+
+        foreach($customfields as $customfield){
+            $customfield->update(['format' => html_entity_decode($customfield->format)]);
+        }
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        //
+    }
+}