Opened 4 years ago
Closed 4 years ago
#942 closed Defect (fixed)
Apostrophes in newly registered names are backslashed
| Reported by: | kevinjardine | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | Core | Version: | 1.5 |
| Severity: | major | Keywords: | |
| Cc: | brettp | Difficulty: |
Description
If a user with an apostrophe in his/her name (eg. O'Reily) registers, a backslash is inserted before the apostrophe in the name when it is stored in the users_entity table.
However, if a user *later* changes his or her name to one with an apostrophe, the backslash is not added.
I don't think that the backslash should ever be added.
Change History (2)
comment:1 Changed 4 years ago by cash
- Priority changed from minor to major
comment:2 Changed 4 years ago by brettp
- Resolution set to fixed
- Status changed from new to closed
(In [svn:3424]) Fixes #942: In register_user, replaced sanitise_string() call with a simple trim(). Not a problem because all SQL sanitation is handled elsewhere.
Note: See
TracTickets for help on using
tickets.
I'm bumping the priority up on this. The problem is that the string is being double escaped which makes this a security hole.
O'Reily is inserted as O
'Reily