Text only | Text with Images

TinyPortal

Development => Bugs/Errors => Feedback => Fixed Bugs => Topic started by: wildenborch on June 30, 2018, 11:42:26 AM

Title: Articles don't like the " in the subject lines
Post by: wildenborch on June 30, 2018, 11:42:26 AM
Hi all,

I just noticed that the article subject lines don't accept "

For example, if my subject line would be: Lurkalot's new single "playing my guitar in the garden" released on 7" 10 & 12" (and which we all want to buy  ;D)

it will be - after saving - reduced to: Lurkalot's new single

Is there a reason for this or is this simply a bug? Since this forum topic accepts the " I assume it's a bug (at least I hope it is and that this can be corrected).


Title: Re: Articles don't not like the " in the subject lines
Post by: tino on June 30, 2018, 12:55:55 PM
That would be a bug...

I'm moving this to a hidden board as I think it means the data isn't escaped properly and therefor could lead to SQL injection.

I can't test atm as I don't have a development box, but will look at it as soon as I can.
Title: Re: Articles don't not like the " in the subject lines
Post by: wildenborch on June 30, 2018, 01:18:32 PM
Thank you Tino for the reply.

I just checked it with older TP versions and also there the problem exists.

Title: Re: Articles don't like the " in the subject lines
Post by: tino on June 30, 2018, 08:01:57 PM
Quote from: wildenborch on June 30, 2018, 01:18:32 PM
Thank you Tino for the reply.

I just checked it with older TP versions and also there the problem exists.



It's not as bad I thought, just need to encode the data before displaying it to the browser, fix done in 1.5.1

https://github.com/tinoest/TinyPortal/commit/40a833936473b4e952ca9addcd1aaebd2839e874#diff-dc090e0c3ea42cad6c933b2407e887a9R1993
Title: Re: Articles don't like the " in the subject lines
Post by: wildenborch on June 30, 2018, 08:40:01 PM
Super!
Title: Re: Articles don't like the " in the subject lines
Post by: lurkalot on July 01, 2018, 10:41:40 AM
Quote from: tino on June 30, 2018, 08:01:57 PM
Quote from: wildenborch on June 30, 2018, 01:18:32 PM
Thank you Tino for the reply.

I just checked it with older TP versions and also there the problem exists.



It's not as bad I thought, just need to encode the data before displaying it to the browser, fix done in 1.5.1

https://github.com/tinoest/TinyPortal/commit/40a833936473b4e952ca9addcd1aaebd2839e874#diff-dc090e0c3ea42cad6c933b2407e887a9R1993

Thank you tino, glad this wasn't as bad as first thought. Surprised it hadn't cropped up before though, especially if it's been there for a while. Thanks also to wildenborch for bringing it to light.
Title: Re: Articles don't like the " in the subject lines
Post by: wildenborch on July 01, 2018, 05:02:02 PM
This is just to confirm that the " issue is indeed solved in TP 1.5.1
Title: Re: Articles don't like the " in the subject lines
Post by: tino on July 01, 2018, 07:56:56 PM
Quote from: wildenborch on July 01, 2018, 05:02:02 PM
This is just to confirm that the " issue is indeed solved in TP 1.5.1

Thanks, moved to Fixed Bugs
Text only | Text with Images