[buddypress-trac] [BuddyPress] #4758: bp_forums_reply_exists misses to escape in db query

buddypress-trac noreply at wordpress.org
Wed Jan 23 22:10:35 UTC 2013


#4758: bp_forums_reply_exists misses to escape in db query
--------------------------+-----------------------
 Reporter:  wpdennis      |       Owner:
     Type:  defect (bug)  |      Status:  reopened
 Priority:  high          |   Milestone:  1.6.3
Component:  Forums        |     Version:  1.6.1
 Severity:  major         |  Resolution:
 Keywords:  dev-feedback  |
--------------------------+-----------------------
Changes (by imath):

 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 Hi, i think you need to check this ticket again, as if i have a forum
 reply like :

 "l''' ' '''apostrophe"

 then i have "an error in your SQL syntax"

 the problem seems to be that  "l''' ' '''apostrophe" is becoming
 {{{
  l \\' apostrophe
 }}}

 if i stripslashes the $text before $wpdb->escape( $text ) then the error
 disappears...

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4758#comment:4>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list