I have a mod that automatically adds a backslash to the title wherever there is a coma, why? How could this be fixed?
A comma or an apostrophe exactly? There is no reason for it to add to a , but there is for a ' (and in fact multiple good reasons, like it being needed for security)
In the case of an apostrophe, probably PHP's crappy magic quotes. Ask your host to disable that.
In the case of a comma, dunno, sorry.
It shouldn't be an apostrophe inside SMF; SMF disables magic quotes if possible. But there are other circumstances it can be added, and some it shouldn't be possible to add an apostrophe, e.g. SMF 1's simplistic anti-SQL injection testing. Also, no need to defend Magic Quotes as not being crappy; it is, and it's being removed from PHP if it hasn't gone already. I'm not sure exactly when it is being removed, but it is at least deprecated in 5.3.
Mind you it might be useful to see this mod since if it's a mod, there's no way to debug it without seeing it.
Quote from: Arantor on January 12, 2013, 04:39:40 PM
A comma or an apostrophe exactly? There is no reason for it to add to a , but there is for a ' (and in fact multiple good reasons, like it being needed for security)
Yeah, stupid me, I meant apostrophe.
So, disabling magic quotes should do the trick?
Maybe, maybe not. As I said... SMF disables magic quotes itself. And there are other times the apostrophe will get escaped automatically.
But it's impossible to diagnose what's going on without actually seeing some code. For all I know you're using addslashes in your code.
I just moved to this server a day ago, and this is brand new behaviour, and I did not notice the magic thing you guys were talking in the previous server. So, I am assume it is it. Will update yall.
Arantor, could you tell me where you find the code that prevents the addition of / when apostrophes are found? In other words, which /Source file contains the code that inhibits this sort of thing?
You mentioned:
QuoteSMF disables magic quotes itself.
My the way, Magic wasn't the cause. :-\
Um, it's incredibly complicated, because it's done in a bunch of places, especially in 1.1.x with its terribly fragile query handling. I can't just tell you one place because that won't mean much to you.
Sorry, can't help you without seeing this code you're using.
Okay, I have run out of ideas :-[
What allows SMF not to escape apostrophes with backslashes?
Which source file should I look into, post.php?
By turning off magic quotes then converting them not to be apostrophes. Each place it is needed, it is done, which is as I told you. Especially as it isn't quite the same every time.
The bug is in your mod but until you show us some of its code, I don't see how you can get help.
I found out that MYSQL is converting apostrophes into html entities (i.e. ').
The table is in UTF-8, and so if my forum. Could there be a mismatch somewhere?
Anyone answer please :)
QuoteI found out that MYSQL is converting apostrophes into html entities (i.e. ').
No it isn't. SMF does that as part of its processing, ref the calls to htmlspecialchars with the ENT_QUOTES parameters, somewhere before calling the preparser. Even in 1.1.x that's how it works. In fact, if you use the raw db_query function in 1.1.x, it should abort a query if it finds a ' in it. Even an escaped one.
MySQL would be in fairly dire shape if it always did that itself, it's the sort of nonsense that magic quotes used to do.
Quote from: Arantor on January 29, 2013, 09:24:53 PM
QuoteI found out that MYSQL is converting apostrophes into html entities (i.e. ').
No it isn't. SMF does that as part of its processing, ref the calls to htmlspecialchars with the ENT_QUOTES parameters, somewhere before calling the preparser. Even in 1.1.x that's how it works. In fact, if you use the raw db_query function in 1.1.x, it should abort a query if it finds a ' in it. Even an escaped one.
MySQL would be in fairly dire shape if it always did that itself, it's the sort of nonsense that magic quotes used to do.
That's what I thought, but the strange thing is (before I switched servers), I looked up the previous entries in the database before this problem ever occurred and the entries with apostrophes surprisingly were not converted into html entities (i.e. '). They were simply apostrophes as I was looking through phpmyadmin.
Which means we're back to the impasse I mentioned before. I can show you exactly where SMF does the conversion - SMF 2.0 does the exact same conversion, albeit in a different place, so we're back to your custom code that you're refusing to post but that is clearly buggy.
Quote from: Arantor on January 30, 2013, 05:42:51 PM
Which means we're back to the impasse I mentioned before. I can show you exactly where SMF does the conversion - SMF 2.0 does the exact same conversion, albeit in a different place, so we're back to your custom code that you're refusing to post but that is clearly buggy.
It's not buggy Arantor because it worked perfectly fine on my previous server (never had this issue), which also had the same operating system (centos 5.8). Perhaps MYSQL was configured differently or apache for that matter.
If you could just show me where it's done, I wouldn't have to get into the details and prolong a solution :(
Just do a search on the source for ENT_QUOTES. There's only about 30 places it's coming in.
I doubt it'll solve your problem, and it'll likely add new bugs plus risk security issues, but hey, knock yourself out.
Quote from: Arantor on January 30, 2013, 10:59:34 PM
Just do a search on the source for ENT_QUOTES. There's only about 30 places it's coming in.
I doubt it'll solve your problem, and it'll likely add new bugs plus risk security issues, but hey, knock yourself out.
What do you mean by "on the source"? I feel like I am begging an answer out of you here ???
Like I said, there's about 30 places across SMF 1.1.x out of the box where ENT_QUOTES is used, which is what SMF uses to convert ' to the #39 form. I'm not about to sit and copy every single one of those places out, when you should be able to find it yourself using a decent text editor and searching all the PHP files in 1.1.x like I just did.
QuoteI feel like I am begging an answer out of you here
Funny you should say that, that's pretty much how I feel about trying to help you. Your mod is adding backslashes, SMF does not do that itself, which means you have code doing potentially insecure things by deliberately and completely bypassing SMF's own protection. The transformation to entities is done very, very deliberately and for good reasons like security.
You want help, I want to help you, but you make it interminably difficult for me to do so.
Quote from: Arantor on January 30, 2013, 11:11:16 PM
Like I said, there's about 30 places across SMF 1.1.x out of the box where ENT_QUOTES is used, which is what SMF uses to convert ' to the #39 form. I'm not about to sit and copy every single one of those places out, when you should be able to find it yourself using a decent text editor and searching all the PHP files in 1.1.x like I just did.
QuoteI feel like I am begging an answer out of you here
Funny you should say that, that's pretty much how I feel about trying to help you. Your mod is adding backslashes, SMF does not do that itself, which means you have code doing potentially insecure things by deliberately and completely bypassing SMF's own protection. The transformation to entities is done very, very deliberately and for good reasons like security.
You want help, I want to help you, but you make it interminably difficult for me to do so.
Then stop responding, your posts are annoying and irritably vague.
And your posts *aren't* vague? It's almost like you don't actually want any help.
But hey, maybe someone else who knows SMF code will be able and willing to help you.
Also: I'd love to know how I'm supposed to help debug code I've *never ever seen before*, i.e. your mod.
I don't know anything about anything, but would like to suggest this. Arantor is rather well-knowledgeable in everything SMF. To suggest something like this (which is obviously subjective):
QuoteThen stop responding, your posts are annoying and irritably vague.
suggests to me that you aren't really interested in his advice and consultation even though he is being rather clear. I've seen this happen quite a few times. And Arantor disappears from SMF for a period of time and rightfully and understandably so. So rather than being stubborn about his advice, why not listen, or maybe read is more appropriate, to his advice? You questioned "on the source". Isn't one of the more important folders named Sources?!? Even if he's suggesting elsewhere, like in Themes, it's not much of a task to open all of the files in something like Notepad++ and search all of them at once.
Quote from: Arantor on January 23, 2013, 11:06:09 AM
The bug is in your mod but until you show us some of its code, I don't see how you can get help.
Where's the code?