[SOLVED]Apostrophes in signature (2.0.20 issue)

[computerskillz]

in reference to this post right here http://integramod.com/forum/viewtopic.php?p=5287#5287

I notice that not only do I have this problem on my site, but it exists on Integramod2 as well.

Has a fix been found yet?

If not, which 2.0.20 manual edit(s) can I safely undo (because I didn't have this problem before until after I upgraded), to temporarily resolve this?

[computerskillz]

Hi,

Is there a planned fix for this now or for the next upgrade? Or are there currently no plans at all for this bug?

[Teelk]

Open profilcp/profilcp_profil_signature.php
FIND

Code: Select all

              $signature = str_replace( '<br>', "n", trim(str_replace("'", "''", $HTTP_POST_VARS['message'])) );

REPLACE WITH

Code: Select all

              $signature = str_replace( '<br>', "n", trim(str_replace("'", "'", $HTTP_POST_VARS['message'])) );

[computerskillz]

That throws the following error when submitting an apostrophe

[code]Could not update user table  DEBUG MODE  SQL Error ]

do we need an escape somewhere?

[Teelk]

Strange... I'm not getting any errors... I'll check it out.

[Master Dwarf]

Hey Teelk, I updated the code per your instruction. Now it turns the single apostrophe into two of them. Just to clarify, it's not quotes but two apostrophes.

Interesting bug.

[Teelk]

Undo the above changes and apply the following...

Open profilcp/profilcp_profil_signature.php
FIND

Code: Select all

         if ($submit)         {             $signature = str_replace( '<br>', "n", trim(str_replace("'", "'", $HTTP_POST_VARS['message'])) );

REPLACE WITH

Code: Select all

         if ($submit)         {             $signature = (isset($HTTP_POST_VARS['message'])) ? str_replace( '<br>', "n", trim(str_replace("'", "'", $HTTP_POST_VARS['message']))) ]
FIND[code]     $signature               = $view_userdata['user_sig'];[/code]REPLACE WITH[code]     $signature               = stripslashes($view_userdata['user_sig']);

[Master Dwarf]

Teelk: Correct me if I'm wrong, the second change had two lines that had the following:

$signature = $view_userdata['user_sig'];

So I changed both.

Good news: it worked, my sig is displayed properly

Bad news: It gives me an error when I hit submit on the signature tab of the user profile page (profile.php)

DEBUG MODE

SQL Error : 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Age of Worms [url=http]Wiki[/url] | [url=http]Blog[/url]', user_sig_bbcode_uid = '13e67c646f' WHERE user_id = 2

Line : 88
File : profilcp_profil_signature.php

Thanks for looking into this. <img>

[Teelk]

Hmmm...

Looks like there may be a problem with the URL in your sig. Can you post exactly what your inputing for your sig plz?

[Master Dwarf]

Here you go:

Sean Kelley
Eberron's Age of Worms
[url=http]Wiki[/url] | [url=http]Blog[/url]

Guess my only question is why would I not get the error before I make the code changes? It works fine with the original code in place, but then I get the double apostrophes.

Update: Something is amuck. I have to check my edits. I tried it all over again and it wouldn't let me into my profile at all.

I'll dedicate some time to checking it out and then get back to you. I think this is a bug in the code, and not just my site. I tried the apostrophe in another updated Integramod-based site and it brought in the slash. Most people probably aren't aware of the issue so they haven't brought it up.

[Teelk]

Ok, undo anything you may have done so far...

I'm pretty sure I've got it this time lol...

Open profilcp/profilcp_profil_signature.php
FIND

Code: Select all

         if ($submit)         {             $signature = str_replace( '<br>', "n", trim(str_replace("'", "''", $HTTP_POST_VARS['message'])) );         }

REPLACE WITH

Code: Select all

        if ($submit)         {            $signature = (isset($HTTP_POST_VARS['message'])) ? str_replace('<br>', "n", $HTTP_POST_VARS['message']) ]
FIND[code]                     user_sig = '" . $signature . "',[/code]
REPLACE WITH[code]                     user_sig = '" . str_replace("'", "''", $signature) . "',[/code]
FIND[code]     $signature               = $view_userdata['user_sig'];[/code]
REPLACE WITH[code]     $signature               = htmlspecialchars(stripslashes($view_userdata['user_sig']));

[Master Dwarf]

I saved the original. I'll start from there and do what you've noted. I'll get back with results.

Update: Nice hack Teelk! It worked fine with your last code changes. The sig displays no problem and there is no error when previewing the sig, submitting it, or viewing a post with it. Thank you. I think the original files need this implemented, many folks may be subjected to the bug but may not be aware of it.

This thread and can be marked [Solved].

[Teelk]

Thanks for testin' it for me.

[Master Dwarf]

Any time.

[gcomfx.com]

Apparently this didn't make it into 2.0.21???

I tried the above fix and it gave me an error on line 49. Have to try it again when I've had more sleep. LOL