[buddypress-trac] [BuddyPress] #4758: bp_forums_reply_exists misses to escape in db query
buddypress-trac
noreply at wordpress.org
Wed Jan 23 22:10:35 UTC 2013
#4758: bp_forums_reply_exists misses to escape in db query
--------------------------+-----------------------
Reporter: wpdennis | Owner:
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 1.6.3
Component: Forums | Version: 1.6.1
Severity: major | Resolution:
Keywords: dev-feedback |
--------------------------+-----------------------
Changes (by imath):
* status: closed => reopened
* resolution: fixed =>
Comment:
Hi, i think you need to check this ticket again, as if i have a forum
reply like :
"l''' ' '''apostrophe"
then i have "an error in your SQL syntax"
the problem seems to be that "l''' ' '''apostrophe" is becoming
{{{
l \\' apostrophe
}}}
if i stripslashes the $text before $wpdb->escape( $text ) then the error
disappears...
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4758#comment:4>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list