[wp-trac] [WordPress Trac] #40319: Apostrophe in commenter's name prevents comment_whitelist setting from working.
WordPress Trac
noreply at wordpress.org
Thu Mar 30 18:30:06 UTC 2017
#40319: Apostrophe in commenter's name prevents comment_whitelist setting from
working.
--------------------------+-----------------------------
Reporter: cfinke | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
If a commenter has an apostrophe in their name, and they have a previously
approved comment, and the comment_whitelist setting is enabled ("Comment
author must have a previously approved comment"), the commenter's comment
will always end up in moderation.
The cause of this can be traced to r38738. If the name has an apostrophe,
it will be slashed; the author name was previously included directly in
the SQL, with the slash properly escaping the apostrophe, but when the
query was updated to use `prepare()`, the author name was not unslashed.
Affects 4.7, 4.7.1, 4.7.2, 4.7.3, and trunk.
I've attached a patch that addresses the issue by unslashing the two
`expected_slashed` parameters.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40319>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list