Remove the double-quote custom validation

Rails has had SQL injection prevention since at least 2009 so we don't
need our version of it anymore.

Fixes ticket #1237

app/models/todo.rb

@@ -129,7 +129,6 @@ class Todo < ActiveRecord::Base
     if !show_from.blank? && show_from < user.date
       errors.add("show_from", I18n.t('models.todo.error_date_must_be_future'))
     end
-    errors.add(:description, "may not contain \" characters") if /\"/.match(self.description)
     unless @predecessor_array.nil? # Only validate predecessors if they changed
       @predecessor_array.each do |todo|
         errors.add("Depends on:", "Adding '#{h(todo.specification)}' would create a circular dependency") if is_successor?(todo)

test/functional/todos_controller_test.rb

@@ -220,11 +220,12 @@ class TodosControllerTest < ActionController::TestCase
 
     start_count = Todo.count
     put :create, :_source_view => 'todo', "context_name"=>"library", "project_name"=>"Build a working time machine", "todo"=>{
-      :multiple_todos=>"a\nb"}
+      :multiple_todos=>"a\nb\nmuch \"ado\" about \'nothing\'"}
 
     assert_equal start_count+2, Todo.count, "two todos should have been added"
   end
 
+
   def test_add_multiple_dependent_todos
     login_as(:admin_user)
 

test/unit/todo_test.rb

@@ -75,6 +75,13 @@ class TodoTest < ActiveSupport::TestCase
     assert_equal "must be a date in the future", t.errors.on(:show_from)
   end
 
+  def test_validate_description_can_contain_quote
+    t = @not_completed2
+    t[:description] = "much \"ado\" about nothing"
+    assert t.save
+    assert_equal 0, t.errors.count
+  end
+
   def test_defer_an_existing_todo
     @not_completed2
     assert_equal :active, @not_completed2.aasm_current_state