3.0.8 - League News title doesn't escape apostrophe properly

This section contains all the bug reports that have been solved in version 2 or version 3. / Cette section contient tous les rapports d'erreur qui ont été résolu dans la version 2 ou version 3.
Post Reply
ynohtna
The Addict / Le Drogué
Posts: 770
Joined: Mon Aug 14, 2006 5:15 pm
Location: Vancouver, BC
Contact:

3.0.8 - League News title doesn't escape apostrophe properly

Post by ynohtna »

Hi I just tried on your client demo and the apostrophe doesn't escape properly. A bunch of \\\ is there.

http://sths.simont.info/WebsiteDemo/index.php

example:
SIMON3 News
Sorry I didn\\\'t have time to check this when you called for it!
By GM Number 16 On Monday 19th September 2016 / 7:21am
BFHL Admin/Commish
http://www.thebfhl.ca/bfhl
Now in Season 15, using BRHL Player v2.1 Ratings modified.
SimonT
STHS Owner / Propriétaire du STHS
Posts: 14755
Joined: Sat Oct 08, 2005 4:18 pm
Location: Montreal, Canada
Contact:

Re: 3.0.8 - League News title doesn't escape apostrophe properly

Post by SimonT »

Strange, I'm able to reproduced the issue on the live website but not on my development server. I'll have to check why the filter_var give different result.
-SimonT
Forum Administrator / Administrateur du Forum
STHS Owner / Propriètaire du STHS
English V2 & V3 Manual - Manuel V2 & V3 Français
SimonT
STHS Owner / Propriétaire du STHS
Posts: 14755
Joined: Sat Oct 08, 2005 4:18 pm
Location: Montreal, Canada
Contact:

Re: 3.0.8 - League News title doesn't escape apostrophe properly

Post by SimonT »

Hey. What version of PHP are you running? From my research, it's seem my server has the Magic Quote Option in PHP (http://php.net/manual/en/security.magicquotes.php) but this option has been removed since 5.4.

My dev server is running PHP 7.0.7 and that why I don't have this issue over there. I think we need to update php on our server side.
-SimonT
Forum Administrator / Administrateur du Forum
STHS Owner / Propriètaire du STHS
English V2 & V3 Manual - Manuel V2 & V3 Français
ynohtna
The Addict / Le Drogué
Posts: 770
Joined: Mon Aug 14, 2006 5:15 pm
Location: Vancouver, BC
Contact:

Re: 3.0.8 - League News title doesn't escape apostrophe properly

Post by ynohtna »

My host is running PHP 5.6.24 it looks like!
BFHL Admin/Commish
http://www.thebfhl.ca/bfhl
Now in Season 15, using BRHL Player v2.1 Ratings modified.
SimonT
STHS Owner / Propriétaire du STHS
Posts: 14755
Joined: Sat Oct 08, 2005 4:18 pm
Location: Montreal, Canada
Contact:

Re: 3.0.8 - League News title doesn't escape apostrophe properly

Post by SimonT »

And you have the same error?
-SimonT
Forum Administrator / Administrateur du Forum
STHS Owner / Propriètaire du STHS
English V2 & V3 Manual - Manuel V2 & V3 Français
ynohtna
The Addict / Le Drogué
Posts: 770
Joined: Mon Aug 14, 2006 5:15 pm
Location: Vancouver, BC
Contact:

Re: 3.0.8 - League News title doesn't escape apostrophe properly

Post by ynohtna »

Sorry I wasn't thinking, my site is ok indeed!
BFHL Admin/Commish
http://www.thebfhl.ca/bfhl
Now in Season 15, using BRHL Player v2.1 Ratings modified.
SimonT
STHS Owner / Propriétaire du STHS
Posts: 14755
Joined: Sat Oct 08, 2005 4:18 pm
Location: Montreal, Canada
Contact:

Re: 3.0.8 - League News title doesn't escape apostrophe properly

Post by SimonT »

So it's only an issue with PHP 5.3 or below. I'll try to get GoDaddy to update my php version.
-SimonT
Forum Administrator / Administrateur du Forum
STHS Owner / Propriètaire du STHS
English V2 & V3 Manual - Manuel V2 & V3 Français
Gabe
New in Town / Le Ptit Nouveau
Posts: 8
Joined: Fri Oct 14, 2016 9:15 pm

Re: 3.0.8 - League News title doesn't escape apostrophe properly

Post by Gabe »

A bit more work but you can check for the parameter:

Code: Select all

if (get_magic_quotes_gpc())
{
	$var = stripslashes($_POST['field']);
}
else
{
	$var = $_POST['field'];
}
SimonT
STHS Owner / Propriétaire du STHS
Posts: 14755
Joined: Sat Oct 08, 2005 4:18 pm
Location: Montreal, Canada
Contact:

Re: 3.0.8 - League News title doesn't escape apostrophe properly

Post by SimonT »

Hi Gabe.

Since php 5.3 is no longer support (Source : http://php.net/supported-versions.php) and version 5.4 and later doesn't the magic quote information, I won't change the code but I think it's great idea. But the real solution is to upgrade your PHP version.
-SimonT
Forum Administrator / Administrateur du Forum
STHS Owner / Propriètaire du STHS
English V2 & V3 Manual - Manuel V2 & V3 Français
Post Reply