Skip to:

Opened 14 years ago

Closed 14 years ago

#2009 closed defect (bug) (fixed)

Tags in group name makes group inaccessible

Reported by: ezd's profile Ezd Owned by: sushkov's profile sushkov
Milestone: 1.2.4 Priority: normal
Severity: Version:
Component: Core Keywords: has-patch, needs-testing
Cc: stas@…


There's a problem if you use "?" in your groupname.

The group will not be accessible and the url will look something like this:

Confirmed this on a clean install of 1.2 final.

Attachments (1)

bp_2009_stas.diff (1.2 KB) - added by sushkov 14 years ago.
previous was using php5 function

Download all attachments as: .zip

Change History (15)

#1 @Ezd
14 years ago

  • Summary changed from "?" tag in group name makes group inaccessible to Tags in group name makes group inaccessible


The same problem happens with other tags as well. Just tested using:

  • ++

Note: There might be alot more tags that makes the group inaccessible!

#2 @Ezd
14 years ago

and "" tags.

#3 @Ezd
14 years ago

Look at the url vs. group name of this group too:любители-летать/

#4 @cnorris23
14 years ago

  • Keywords needs-patch added

Related: #1974

#5 @DJPaul
14 years ago

  • Component set to Core
  • Milestone changed from 1.3 to 1.2.4
  • Priority changed from major to normal

Please can we see if this can be checked for 1.2.4?

#6 @johnjamesjacoby
14 years ago

The function is:


Which is filtered by:

wptexturize, convert_chars, wp_filter_kses, stripslashes

I've tested this on WordPress trunk and it seems to work fine. Maybe there were changes to one of the filter functions that was causing the problem?

#7 @johnjamesjacoby
14 years ago

bp_get_group_description and bp_get_group_description_excerpt suffer the same fate, and also seem to work fine on WP trunk.

Windows 7 IIS7, if that matters.

#8 @johnjamesjacoby
14 years ago

Does anyone know what the accepted standard is for mixed language URL's? Does it even matter?

As a test I made a blog post named "любители-летать" and WordPress handled it without a hiccup; the URL and titles and everything.

#9 @sushkov
14 years ago

  • Cc stas@… added

No I don't think it matters since there are Cyrillic/East European characters in some domain names.

I created a group with the name "любители летать" in buddypress and there was no problem with that. The problem was when creating groups with <oOoOoOoOoO(°_°), and I think the best here would be to sanitize on creation of groups names that contain special characters like <. Creating a group with oooooooooo(°_°) results into this slug:
(no parenthesis). Same should be done with <,>.

#10 @apeatling
14 years ago

The group slug is passed through sanitize_title().

#11 @sushkov
14 years ago

  • Keywords has-patch needs-testing added; needs-patch removed
  • Owner set to sushkov
  • Status changed from new to assigned

Not sure if it's allowed to use PHP5 functions, but sanitizing $_POST['group-name'] before applying sanitize_title() does the trick.

#12 @cnorris23
14 years ago

As apeatling stated, the slug is passed through sanitize_title(). The problem with "<oOoOoOoOoO(°_°)", and Edz's original example of "?", is a reflection of the limitations of sanitize_title() (more specifically PHP's strip_tags()). It's liberally designed to strip HTML and PHP tags, which is why "?" is stripped out. In the case of "<oOoOoOoOoO(°_°)", the issue is that there's no closing bracket. If you changed "<oOoOoOoOoO(°_°)" to "<o>OoOoOoOoO(°_°)", "o" within the brackets, and the brackets themselves, would be removed, but the rest would remain. WP utilizes the $fallback_title parameter of sanitize_title() to account for this scenario. WP uses the post_id as the fallback title, and BP could, respectively, use group_id.

#13 @sushkov
14 years ago

Yes I agree, and using same approach as wp handles it is a solution, but using the id as a slug won't confuse if somebody want's to create a group with the same title as existent ID, though I know BP handles duplicate slugs by adding random numbers to it?

14 years ago

previous was using php5 function

#14 @apeatling
14 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [3012]) Fixes #2009 props sushkov

Note: See TracTickets for help on using tickets.