Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 08:20 am EDT

Geeklog Forums

Comment quotes escaped when they shouldn't


Status: offline

Agent X20

Forum User
Junior
Registered: 06/11/03
Posts: 27
I've just noticed that my GL (1.3.9SR2) site is escaping quote characters when posting a comment. You hit preview and every " is now /" and similarly ' is now /'. (Note: I'm using forward slashes to substitute for backslashes as the forum code strips all backslashes?!)

I've dug into the code a little and it looks like when the commentform method (in comment.php) is passed the $comment valiable any quotes have already been escaped.

Looking further at the call to COM_stripslashes call it seems get_magic_quotes_gpc() is returning zero. This explains why subsequent code in the commentform method doesn't strip quotes as it doesn't think it needs to.

phpinfo() confirms:
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off

but interestingly phpinfo() includes the configuration command "--enable-magic-quotes" which kinda suggests magic quotes should be enabled.

As you can imagine I'm a bit puzzled. magic_quotes look like they're off and GL agrees - but what's coming back from the form is escaped.

Anyone have any tips, pointers or suggestions on how I can get to the bottom of this??

Thanks in advance.
 Quote

Status: offline

Agent X20

Forum User
Junior
Registered: 06/11/03
Posts: 27
Nobody has any thoughts on this?
 Quote

Status: Banned

machinari

Forum User
Full Member
Registered: 03/22/04
Posts: 1512
Your post isn't specific, but did you intend to show backslashes before your quotes?

Are your slashes showing up when the comment is posted or just in preview mode? have they always done that for you? or just since you upgraded to sr2?
 Quote

Status: offline

Agent X20

Forum User
Junior
Registered: 06/11/03
Posts: 27
Yes - looks like the local forum here stripped my backslashes - ARGH! Thanks for pointing that out. Kinda hard to get the point across when that happens. Dammit - I can't even double escape them! I'll edit the post and substitute something in.


I've certainly never seen this behaviour before - but I can't isolate it specifically to the sr2 update (or addition of phpbbbridge software).

What happens is the following:

1. I type in something like:

It's a new feature - "looks like new"

and then hit preview.

2. Preview shows the comment as:

It/'s a new feature - /"looks like new/"

Note: I'm using forward slashes to represent the backslashes!

3. The same text is repeated in the Comment edit box. If I hit Save - then the comment is stored for all time per 2 above.


Now, I dug into the code and put some debug into the commontform() method to dump the $comment text. An echo statement or two and I see exactly what is shown in 2 above. It appears as though the text is being escaped by PHP despite all run-time variables indicating escaping is disabled.
 Quote

Status: offline

Agent X20

Forum User
Junior
Registered: 06/11/03
Posts: 27
Onto something - looks like this is happening in one of my plugins. Probably the new phpbb bridge code.
 Quote

Status: offline

Agent X20

Forum User
Junior
Registered: 06/11/03
Posts: 27
Yup - phpbbbridge is mangling the POST_VARS and adding slashes!

Off to post on the author's site.
 Quote

Status: offline

Blaine

Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
Quote by Agent X20: Yes - looks like the local forum here stripped my backslashes - ARGH! Thanks for pointing that out. Kinda hard to get the point across when that happens. Dammit - I can't even double escape them! I'll edit the post and substitute something in.


Did you try posting your code example in a code block? If not then thats why your quotes or slashes are removed. We filter out any possible hazardous data to prevent cross site scripting attacks and SQL injections via the forum. The same should occur if posting a comment to an article.

Text Formatted Code
 this is an example of one slash \  and this is two slashes \\

 

Geeklog components by PortalParts -- www.portalparts.com
 Quote

Status: offline

Agent X20

Forum User
Junior
Registered: 06/11/03
Posts: 27
Didn't think of that Blaine. Cheers.

Anyway I've isolated the problem within the phpbbbridge and have posted details here:

http://demo.dogcows.net/phpbb/viewtopic.php?p=341#341
 Quote

All times are EDT. The time is now 08:20 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content