A mod that i made automatically adds backslash after a post

[stylusss]

I have a mod that automatically adds a backslash to the title wherever there is a coma, why? How could this be fixed?

[Arantor]

A comma or an apostrophe exactly? There is no reason for it to add to a , but there is for a ' (and in fact multiple good reasons, like it being needed for security)

[NanoSector]

In the case of an apostrophe, probably PHP's crappy magic quotes. Ask your host to disable that.
In the case of a comma, dunno, sorry.

[Arantor]

It shouldn't be an apostrophe inside SMF; SMF disables magic quotes if possible. But there are other circumstances it can be added, and some it shouldn't be possible to add an apostrophe, e.g. SMF 1's simplistic anti-SQL injection testing. Also, no need to defend Magic Quotes as not being crappy; it is, and it's being removed from PHP if it hasn't gone already. I'm not sure exactly when it is being removed, but it is at least deprecated in 5.3.

Mind you it might be useful to see this mod since if it's a mod, there's no way to debug it without seeing it.

[stylusss]

A comma or an apostrophe exactly? There is no reason for it to add to a , but there is for a ' (and in fact multiple good reasons, like it being needed for security)

Yeah, stupid me, I meant apostrophe.

So, disabling magic quotes should do the trick?

[Arantor]

Maybe, maybe not. As I said... SMF disables magic quotes itself. And there are other times the apostrophe will get escaped automatically.

But it's impossible to diagnose what's going on without actually seeing some code. For all I know you're using addslashes in your code.

[stylusss]

I just moved to this server a day ago, and this is brand new behaviour, and I did not notice the magic thing you guys were talking in the previous server. So, I am assume it is it. Will update yall.

[stylusss]

Arantor, could you tell me where you find the code that prevents the addition of / when apostrophes are found? In other words, which /Source file contains the code that inhibits this sort of thing?

You mentioned:

SMF disables magic quotes itself.

My the way, Magic wasn't the cause.

[Arantor]

Um, it's incredibly complicated, because it's done in a bunch of places, especially in 1.1.x with its terribly fragile query handling. I can't just tell you one place because that won't mean much to you.

Sorry, can't help you without seeing this code you're using.

[stylusss]

Okay, I have run out of ideas

What allows SMF not to escape apostrophes with backslashes?

Which source file should I look into, post.php?

[Arantor]

By turning off magic quotes then converting them not to be apostrophes. Each place it is needed, it is done, which is as I told you. Especially as it isn't quite the same every time.

The bug is in your mod but until you show us some of its code, I don't see how you can get help.

[stylusss]

I found out that MYSQL is converting apostrophes into html entities (i.e. ').

The table is in UTF-8, and so if my forum. Could there be a mismatch somewhere?

Anyone answer please

[Arantor]

I found out that MYSQL is converting apostrophes into html entities (i.e. ').

No it isn't. SMF does that as part of its processing, ref the calls to htmlspecialchars with the ENT_QUOTES parameters, somewhere before calling the preparser. Even in 1.1.x that's how it works. In fact, if you use the raw db_query function in 1.1.x, it should abort a query if it finds a ' in it. Even an escaped one.

MySQL would be in fairly dire shape if it always did that itself, it's the sort of nonsense that magic quotes used to do.

[stylusss]

I found out that MYSQL is converting apostrophes into html entities (i.e. ').

No it isn't. SMF does that as part of its processing, ref the calls to htmlspecialchars with the ENT_QUOTES parameters, somewhere before calling the preparser. Even in 1.1.x that's how it works. In fact, if you use the raw db_query function in 1.1.x, it should abort a query if it finds a ' in it. Even an escaped one.

MySQL would be in fairly dire shape if it always did that itself, it's the sort of nonsense that magic quotes used to do.

That's what I thought, but the strange thing is (before I switched servers), I looked up the previous entries in the database before this problem ever occurred and the entries with apostrophes surprisingly were not converted into html entities (i.e. '). They were simply apostrophes as I was looking through phpmyadmin.

[Arantor]

Which means we're back to the impasse I mentioned before. I can show you exactly where SMF does the conversion - SMF 2.0 does the exact same conversion, albeit in a different place, so we're back to your custom code that you're refusing to post but that is clearly buggy.

[stylusss]

Which means we're back to the impasse I mentioned before. I can show you exactly where SMF does the conversion - SMF 2.0 does the exact same conversion, albeit in a different place, so we're back to your custom code that you're refusing to post but that is clearly buggy.

It's not buggy Arantor because it worked perfectly fine on my previous server (never had this issue), which also had the same operating system (centos 5.. Perhaps MYSQL was configured differently or apache for that matter.

If you could just show me where it's done, I wouldn't have to get into the details and prolong a solution

[Arantor]

Just do a search on the source for ENT_QUOTES. There's only about 30 places it's coming in.

I doubt it'll solve your problem, and it'll likely add new bugs plus risk security issues, but hey, knock yourself out.

[stylusss]

Just do a search on the source for ENT_QUOTES. There's only about 30 places it's coming in.

I doubt it'll solve your problem, and it'll likely add new bugs plus risk security issues, but hey, knock yourself out.

What do you mean by "on the source"? I feel like I am begging an answer out of you here

[Arantor]

Like I said, there's about 30 places across SMF 1.1.x out of the box where ENT_QUOTES is used, which is what SMF uses to convert ' to the #39 form. I'm not about to sit and copy every single one of those places out, when you should be able to find it yourself using a decent text editor and searching all the PHP files in 1.1.x like I just did.

I feel like I am begging an answer out of you here

Funny you should say that, that's pretty much how I feel about trying to help you. Your mod is adding backslashes, SMF does not do that itself, which means you have code doing potentially insecure things by deliberately and completely bypassing SMF's own protection. The transformation to entities is done very, very deliberately and for good reasons like security.

You want help, I want to help you, but you make it interminably difficult for me to do so.

[stylusss]

Like I said, there's about 30 places across SMF 1.1.x out of the box where ENT_QUOTES is used, which is what SMF uses to convert ' to the #39 form. I'm not about to sit and copy every single one of those places out, when you should be able to find it yourself using a decent text editor and searching all the PHP files in 1.1.x like I just did.

I feel like I am begging an answer out of you here

Funny you should say that, that's pretty much how I feel about trying to help you. Your mod is adding backslashes, SMF does not do that itself, which means you have code doing potentially insecure things by deliberately and completely bypassing SMF's own protection. The transformation to entities is done very, very deliberately and for good reasons like security.

You want help, I want to help you, but you make it interminably difficult for me to do so.

Then stop responding, your posts are annoying and irritably vague.