Apostrophe saved to database as '

Started by Krashsite, August 14, 2014, 12:08:04 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Sir Osis of Liver

August 14, 2014, 12:08:04 AM
An annoying little problem.  When saving an image title to db, apostrophes (single quotes) are saved as ', i.e., Krash's beer.jpg.  It displays correctly when retrieved from db, but email notifications containing the title show the ' instead of the apostrophe.  Any way to fix this?
Ashes and diamonds, foe and friend,
 we were all equal in the end.
                                     - R. Waters

Illori

#1
August 14, 2014, 05:44:43 AM
which email notifications?

Sir Osis of Liver

#2
August 14, 2014, 05:24:11 PM
It's a gallery mod, I added a comment notification using php mail().  When title string is saved to database, apostrophes are replaced with ', and that's how they appear in the email.  Fixed it with str_replace, but am curious why it is saved that way.
Ashes and diamonds, foe and friend,
 we were all equal in the end.
                                     - R. Waters

Arantor

#3
August 14, 2014, 05:34:21 PM
The standard practice in SMF is to htmlspecialchars everything with the ENT_QUOTES option to neuter any chance of persistent XSS attacks. It's absolutely deliberate that everything in SMF is saved that way. I really hope you did it before the email was sent rather than mashing it up as it goes into the database because it's much better practice to make sure what you have in the database is safe and can be safely displayed under all circumstances and deprotected only when necessary.

butchs

#4
August 14, 2014, 08:16:15 PM
Please stop using that offending neuter word.  :(
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Kindred

#5
August 14, 2014, 09:36:27 PM
What offending neuter word? That is the correct term for the action...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

#6
August 15, 2014, 01:07:15 PM
He's trying to be funny pretending to be a cat.

Sir Osis of Liver

#7
August 15, 2014, 01:48:19 PM
I thought it was security related.  Didn't change db values, fixed it before sending email.  Will see if I can figure out which other characters are affected.
Ashes and diamonds, foe and friend,
 we were all equal in the end.
                                     - R. Waters

Arantor

#8
August 15, 2014, 01:50:50 PM
htmlspecialchars with ENT_QUOTES affects <, >, &, ' and " and replaces them with lt, gt, amp, 039 numeric form and quot entities respectively.

You will also notice the interesting behaviour that at Illori's reply, the entity was parsed as an entity rather than not. Love me some interesting behaviour.

Sir Osis of Liver

#9
August 15, 2014, 02:13:17 PM
If you copy the text of my reply to Illori into post editor and preview, the 'Subject' field and preview title bar display the apostrophe, but the post text displays the ascii code. The title bar of this thread also displays the code.


Ashes and diamonds, foe and friend,
 we were all equal in the end.
                                     - R. Waters
Print
Go Up Pages1
User actions
Advertisement: