Articles don't like the " in the subject lines

[wildenborch]

Hi all,

I just noticed that the article subject lines don't accept "

For example, if my subject line would be: Lurkalot's new single "playing my guitar in the garden" released on 7" 10 & 12" (and which we all want to buy  )

it will be - after saving - reduced to: Lurkalot's new single

Is there a reason for this or is this simply a bug? Since this forum topic accepts the " I assume it's a bug (at least I hope it is and that this can be corrected).

[tino]

That would be a bug...

I'm moving this to a hidden board as I think it means the data isn't escaped properly and therefor could lead to SQL injection.

I can't test atm as I don't have a development box, but will look at it as soon as I can.

[wildenborch]

Thank you Tino for the reply.

I just checked it with older TP versions and also there the problem exists.

[tino]

Thank you Tino for the reply.

I just checked it with older TP versions and also there the problem exists.

It's not as bad I thought, just need to encode the data before displaying it to the browser, fix done in 1.5.1

https://github.com/tinoest/TinyPortal/commit/40a833936473b4e952ca9addcd1aaebd2839e874#diff-dc090e0c3ea42cad6c933b2407e887a9R1993

[wildenborch]

Super!

[lurkalot]

Thank you Tino for the reply.

I just checked it with older TP versions and also there the problem exists.

It's not as bad I thought, just need to encode the data before displaying it to the browser, fix done in 1.5.1

https://github.com/tinoest/TinyPortal/commit/40a833936473b4e952ca9addcd1aaebd2839e874#diff-dc090e0c3ea42cad6c933b2407e887a9R1993

Thank you tino, glad this wasn't as bad as first thought. Surprised it hadn't cropped up before though, especially if it's been there for a while. Thanks also to wildenborch for bringing it to light.

[wildenborch]

This is just to confirm that the " issue is indeed solved in TP 1.5.1

[tino]

This is just to confirm that the " issue is indeed solved in TP 1.5.1

Thanks, moved to Fixed Bugs