Skip to:
Content

BuddyPress.org

Opened 14 years ago

Closed 14 years ago

#1657 closed defect (bug) (fixed)

Double-escaping in groups_notification_group_invites() and other places

Reported by: djpaul's profile DJPaul Owned by:
Milestone: 1.2 Priority: minor
Severity: Version:
Component: Keywords: encoding, groups, dev-feedback
Cc:

Description

In groups_notification_group_invites() and possibly in other similar functions, the group name is being double-escaped. This was tested on 1.1.3 but looks like it will affect trunk. To recreate, just change the name of a group to something containing an apostrophe, i.e. "Bob's Famous Tomatoes's".

Invite someone, and look at the text of that email. Those apostrophes will be escaped still.

This is because the group names are being escaped by wpdb->prepare, and then they are used in this routine like so, causing a double-escape situation.

stripslashes( attribute_escape( $group->name ) )

A fix is to remove the attribute_escape calls. This is probably safe as when the group name is set, it is filtered with kses and force_balance_tags.

Change History (2)

#1 @DJPaul
14 years ago

  • Keywords dev-feedback added

#2 @apeatling
14 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [2512]) Fixes #1657 props DJPaul

Note: See TracTickets for help on using tickets.