Make WordPress Core

Opened 19 years ago

Closed 19 years ago

Last modified 18 years ago

#2209 closed defect (bug) (fixed)

wp-mail chokes when sender name contains apostrophe, e.g: O'Donahue

Reported by: traderjohn's profile traderjohn Owned by: ryan's profile ryan
Milestone: Priority: normal
Severity: major Version: 2.0
Component: Administration Keywords: email apostrophe bg|has-patch bg|needs-testing
Focuses: Cc:

Description

To replicate, forward an email from someone with an Irish name, e.g: O'Donahue, to your email post address. The apostrophe is not escaped, (by inserting an additional apostrophe), so a SQL syntax error occurs:

WordPress database error: [You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Donahue=20<

Since wp-mail will choke every time it is run, because it has not yet deleted the offending email, no further email posts are possible.

Attachments (1)

possible fix for O'Donahue problem.diff (695 bytes) - added by majelbstoat 19 years ago.
Possible patch, needs testing.

Download all attachments as: .zip

Change History (5)

#1 @majelbstoat
19 years ago

  • Cc wpbugs@… added
  • Keywords bg|has-patch bg|needs-testing added
  • Milestone set to 2.0.1

Possible patch uploaded. Simply calls addslashes() on the author's name before it goes to the database call. The patch also changes $tableusers to $wpdb->users (couldn't see a reason why it was still like that) and also removes the ORDER BY ID DESC restriction on the query, which is unnecessary due to LIMIT 1. I don't use post by email so it's untested and put together after a quick examination, but it might do the trick. Needs someone else to have a look at it though.

@majelbstoat
19 years ago

Possible patch, needs testing.

#2 @ryan
19 years ago

  • Owner changed from anonymous to ryan

#3 @ryan
19 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [3475]) wp-mail quote escaping fix from majelbstoat. fixes #2209

#4 @(none)
18 years ago

  • Milestone 2.0.1 deleted

Milestone 2.0.1 deleted

Note: See TracTickets for help on using tickets.