Author Topic: Backslashes being added to user input around punctuation (Read 2211 times)

Scottyent · « **on:** January 19, 2011, 01:01:05 am »

Hey all, I'm having this issue on my site that causes backslashes to be put into the users text where there is either apostrophes or quotes.

For instance, someone writes in a new item post the word Can't. on the site, can't --> can\'t.... "goal" ---> \"goal\" etc.

Does anyone else have this issue? My developer has been searching and searching but can't find the cause of the backslashes. Any recommendations?

_CONEJO · « **Reply #1 on:** January 19, 2011, 02:17:17 am »

Hi Scottyent,

That shouldn't happen, I'll check that tomorrow, but for your information this is due to the sanitize input functions (at the end of the file oc-load.php

I'm not sure why is this happening now, but Iwe'll fix it tomorrow. Just for information, which version are you using?

Thanks

kingsult · « **Reply #2 on:** January 19, 2011, 04:21:17 pm »

Have the same issue. Working with OSClass version 1.2 beta

Scottyent · « **Reply #3 on:** January 19, 2011, 10:53:16 pm »

We're also running 1.2 Beta! Thanks Juan. Also, is updating from 1.2 B to 1.2 delta easy? do we lose any content? sorry for the newb questions

_CONEJO · « **Reply #4 on:** January 20, 2011, 12:33:16 am »

Umm

That is funny. With the same installation, on my development server is running fine, on Juan's machine the same bug appears!

The SQL sentence escapes the quotes characters (single and double quotes '") for example :
INSERT INTO t_table (text) VALUES ('That\'s right.')

For some reason, on your machines it's saved into the DB as "That\'s right." but it should be "That's right."

Could you tell us which MySQL version are you using? We are not sure why you are experiencing this error, if it's related to OSClass or it's something related which Apache/PHP/MySQL versions.

Anyway, we are working on that, since we consider it a major bug.

For the updating from beta to delta, well it's not difficult, but in my opinion, It's better to wait a little more, since we have some more "deep changes" to do until 1.2 stable release.

Thanks

Juan Ramón · « **Reply #5 on:** January 21, 2011, 09:17:37 pm »

We found the error! It is not necessary to escape get, post, request vars if the magic_quotes_gpc are activated... so we handle it in the addslashes function!

Here you can see the changes: https://github.com/osclass/OSClass/commit/c53daf5cca4bb6f297580da22e965e9168b2832e

Scottyent · « **Reply #6 on:** January 22, 2011, 05:22:20 am »

that did it, thank you so much!

Osclass forums

News:

Author Topic: Backslashes being added to user input around punctuation (Read 2211 times)

Scottyent

Backslashes being added to user input around punctuation

_CONEJO

Re: Backslashes being added to user input around punctuation

kingsult

Re: Backslashes being added to user input around punctuation

Scottyent

Re: Backslashes being added to user input around punctuation

_CONEJO

Re: Backslashes being added to user input around punctuation

Juan Ramón

Re: Backslashes being added to user input around punctuation

Scottyent

Re: Backslashes being added to user input around punctuation