Posted on: 10/29/04 04:48am
By: Agent X20
I've just noticed that my GL (1.3.9SR2) site is escaping quote characters when posting a comment. You hit preview and every " is now /" and similarly ' is now /'. (Note: I'm using forward slashes to substitute for backslashes as the forum code strips all backslashes?!)
I've dug into the code a little and it looks like when the commentform method (in comment.php) is passed the $comment valiable any quotes have already been escaped.
Looking further at the call to COM_stripslashes call it seems get_magic_quotes_gpc() is returning zero. This explains why subsequent code in the commentform method doesn't strip quotes as it doesn't think it needs to.
phpinfo() confirms:
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
but interestingly phpinfo() includes the configuration command "--enable-magic-quotes" which kinda suggests magic quotes should be enabled.
As you can imagine I'm a bit puzzled. magic_quotes look like they're off and GL agrees - but what's coming back from the form is escaped.
Anyone have any tips, pointers or suggestions on how I can get to the bottom of this??
Thanks in advance.
Comment quotes escaped when they shouldn't
Posted on: 10/31/04 04:52pm
By: Agent X20
Nobody has any thoughts on this?
Comment quotes escaped when they shouldn't
Posted on: 10/31/04 10:44pm
By: machinari
Your post isn't specific, but did you intend to show backslashes before your quotes?
Are your slashes showing up when the comment is posted or just in preview mode? have they always done that for you? or just since you upgraded to sr2?
Comment quotes escaped when they shouldn't
Posted on: 10/31/04 11:15pm
By: Agent X20
Yes - looks like the local forum here stripped my backslashes - ARGH! Thanks for pointing that out. Kinda hard to get the point across when that happens. Dammit - I can't even double escape them! I'll edit the post and substitute something in.
I've certainly never seen this behaviour before - but I can't isolate it specifically to the sr2 update (or addition of phpbbbridge software).
What happens is the following:
1. I type in something like:
It's a new feature - "looks like new"
and then hit preview.
2. Preview shows the comment as:
It/'s a new feature - /"looks like new/"
Note: I'm using forward slashes to represent the backslashes!
3. The same text is repeated in the Comment edit box. If I hit Save - then the comment is stored for all time per 2 above.
Now, I dug into the code and put some debug into the commontform() method to dump the $comment text. An echo statement or two and I see exactly what is shown in 2 above. It appears as though the text is being escaped by PHP despite all run-time variables indicating escaping is disabled.
Comment quotes escaped when they shouldn't
Posted on: 10/31/04 11:46pm
By: Agent X20
Onto something - looks like this is happening in one of my plugins. Probably the new phpbb bridge code.
Comment quotes escaped when they shouldn't
Posted on: 10/31/04 11:54pm
By: Agent X20
Yup - phpbbbridge is mangling the POST_VARS and adding slashes!
Off to post on the author's site.
Comment quotes escaped when they shouldn't
Posted on: 10/31/04 11:59pm
By: Blaine
[QUOTE BY= Agent X20] Yes - looks like the local forum here stripped my backslashes - ARGH! Thanks for pointing that out. Kinda hard to get the point across when that happens. Dammit - I can't even double escape them! I'll edit the post and substitute something in.
[/QUOTE]
Did you try posting your code example in a code block? If not then thats why your quotes or slashes are removed. We filter out any possible hazardous data to prevent cross site scripting attacks and SQL injections via the forum. The same should occur if posting a comment to an article.
this is an example of one slash \ and this is two slashes \\
Comment quotes escaped when they shouldn't
Posted on: 11/01/04 12:03am
By: Agent X20