Project

General

Profile

Bug #1201

Wiki : SQL error when discuss textarea had a ' in it

Added by Hubert Borderiou over 9 years ago. Updated over 8 years ago.

Status:
Bug resolved
Priority:
Normal
Category:
-
Target version:
Start date:
03/05/2010
Due date:
% Done:

90%

Estimated time:
Complexity:
Normal
SCRUM pts - complexity:
?

Description

If I had a Discuss comment on a wiki post
and if my comment use the character '
I have a SQL error :
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'plop','4','2010-04-30 14:36:34')' at line 1

History

#1

Updated by Yannick Warnier over 9 years ago

  • Status changed from New to Assigned
  • Assignee set to Julio Montoya
#2

Updated by Julio Montoya over 9 years ago

  • % Done changed from 0 to 20

I confirm this bug
Thanks for reporting it...

#3

Updated by Julio Montoya over 9 years ago

I found doble "cleaning" code when saving in the database:

$_clean['feedback1']=Database::escape_string(Security::remove_XSS($_POST['feedback1']));

this should be replaced to

$_clean['feedback1']=Database::escape_string($_POST['feedback1']);

#4

Updated by Julio Montoya over 9 years ago

  • Status changed from Assigned to Needs testing
  • Assignee changed from Julio Montoya to Hubert Borderiou
  • % Done changed from 20 to 90
#5

Updated by Yannick Warnier over 8 years ago

  • Status changed from Needs testing to Bug resolved

Also available in: Atom PDF