#2209 closed defect (bug) (fixed)
wp-mail chokes when sender name contains apostrophe, e.g: O'Donahue
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Administration | Version: | 2.0 |
| Severity: | major | Keywords: | email apostrophe bg|has-patch bg|needs-testing |
| Cc: | wpbugs@… |
Description
To replicate, forward an email from someone with an Irish name, e.g: O'Donahue, to your email post address. The apostrophe is not escaped, (by inserting an additional apostrophe), so a SQL syntax error occurs:
WordPress database error: [You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Donahue=20<
Since wp-mail will choke every time it is run, because it has not yet deleted the offending email, no further email posts are possible.
Attachments (1)
Change History (5)
comment:1
majelbstoat — 7 years ago
- Cc wpbugs@… added
- Keywords bg|has-patch bg|needs-testing added
- Milestone set to 2.0.1
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Possible patch uploaded. Simply calls addslashes() on the author's name before it goes to the database call. The patch also changes $tableusers to $wpdb->users (couldn't see a reason why it was still like that) and also removes the ORDER BY ID DESC restriction on the query, which is unnecessary due to LIMIT 1. I don't use post by email so it's untested and put together after a quick examination, but it might do the trick. Needs someone else to have a look at it though.