Opened 15 years ago
Closed 14 years ago
#2009 closed defect (bug) (fixed)
Tags in group name makes group inaccessible
Reported by: | Ezd | Owned by: | sushkov |
---|---|---|---|
Milestone: | 1.2.4 | Priority: | normal |
Severity: | Version: | ||
Component: | Core | Keywords: | has-patch, needs-testing |
Cc: | stas@… |
Description
There's a problem if you use "?" in your groupname.
The group will not be accessible and the url will look something like this:
Confirmed this on a clean install of 1.2 final.
Attachments (1)
Change History (15)
#1
@
15 years ago
- Summary changed from "?" tag in group name makes group inaccessible to Tags in group name makes group inaccessible
#3
@
15 years ago
Look at the url vs. group name of this group too: http://testbp.org/groups/любители-летать/
#5
@
15 years ago
- Component set to Core
- Milestone changed from 1.3 to 1.2.4
- Priority changed from major to normal
Please can we see if this can be checked for 1.2.4?
#6
@
15 years ago
The function is:
bp_get_group_name
Which is filtered by:
wptexturize, convert_chars, wp_filter_kses, stripslashes
I've tested this on WordPress trunk and it seems to work fine. Maybe there were changes to one of the filter functions that was causing the problem?
#7
@
15 years ago
bp_get_group_description and bp_get_group_description_excerpt suffer the same fate, and also seem to work fine on WP trunk.
Windows 7 IIS7, if that matters.
#8
@
15 years ago
Does anyone know what the accepted standard is for mixed language URL's? Does it even matter?
As a test I made a blog post named "любители-летать" and WordPress handled it without a hiccup; the URL and titles and everything.
#9
@
15 years ago
- Cc stas@… added
No I don't think it matters since there are Cyrillic/East European characters in some domain names.
I created a group with the name "любители летать" in buddypress and there was no problem with that. The problem was when creating groups with <oOoOoOoOoO(°_°)
, and I think the best here would be to sanitize on creation of groups names that contain special characters like <
. Creating a group with oooooooooo(°_°)
results into this slug:
http://localhost/groups/oooooooooo°_°/
(no parenthesis). Same should be done with <,>
.
#11
@
15 years ago
- Keywords has-patch needs-testing added; needs-patch removed
- Owner set to sushkov
- Status changed from new to assigned
Not sure if it's allowed to use PHP5 functions, but sanitizing $_POST['group-name']
before applying sanitize_title()
does the trick.
#12
@
15 years ago
As apeatling stated, the slug is passed through sanitize_title(). The problem with "<oOoOoOoOoO(°_°)", and Edz's original example of "?", is a reflection of the limitations of sanitize_title() (more specifically PHP's strip_tags()). It's liberally designed to strip HTML and PHP tags, which is why "?" is stripped out. In the case of "<oOoOoOoOoO(°_°)", the issue is that there's no closing bracket. If you changed "<oOoOoOoOoO(°_°)" to "<o>OoOoOoOoO(°_°)", "o" within the brackets, and the brackets themselves, would be removed, but the rest would remain. WP utilizes the $fallback_title parameter of sanitize_title() to account for this scenario. WP uses the post_id as the fallback title, and BP could, respectively, use group_id.
Update:
The same problem happens with other tags as well. Just tested using:
Note: There might be alot more tags that makes the group inaccessible!