An annoying little problem. When saving an image title to db, apostrophes (single quotes) are saved as ', i.e., Krash's beer.jpg. It displays correctly when retrieved from db, but email notifications containing the title show the ' instead of the apostrophe. Any way to fix this?
which email notifications?
It's a gallery mod, I added a comment notification using php mail(). When title string is saved to database, apostrophes are replaced with ', and that's how they appear in the email. Fixed it with str_replace, but am curious why it is saved that way.
The standard practice in SMF is to htmlspecialchars everything with the ENT_QUOTES option to neuter any chance of persistent XSS attacks. It's absolutely deliberate that everything in SMF is saved that way. I really hope you did it before the email was sent rather than mashing it up as it goes into the database because it's much better practice to make sure what you have in the database is safe and can be safely displayed under all circumstances and deprotected only when necessary.
Please stop using that offending neuter word. :(
What offending neuter word? That is the correct term for the action...
He's trying to be funny pretending to be a cat.
I thought it was security related. Didn't change db values, fixed it before sending email. Will see if I can figure out which other characters are affected.
htmlspecialchars with ENT_QUOTES affects <, >, &, ' and " and replaces them with lt, gt, amp, 039 numeric form and quot entities respectively.
You will also notice the interesting behaviour that at Illori's reply, the entity was parsed as an entity rather than not. Love me some interesting behaviour.
If you copy the text of my reply to Illori into post editor and preview, the 'Subject' field and preview title bar display the apostrophe, but the post text displays the ascii code. The title bar of this thread also displays the code.
(https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fwww.thekrashsite.com%2Fpics%2Fidk.gif&hash=9ac7acf13f4cfaa1b58390444a38dea11e5473d2)