#2209 closed defect (bug) (fixed)
wp-mail chokes when sender name contains apostrophe, e.g: O'Donahue
Reported by: | traderjohn | Owned by: | ryan |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | major | Version: | 2.0 |
Component: | Administration | Keywords: | email apostrophe bg|has-patch bg|needs-testing |
Focuses: | Cc: |
Description
To replicate, forward an email from someone with an Irish name, e.g: O'Donahue, to your email post address. The apostrophe is not escaped, (by inserting an additional apostrophe), so a SQL syntax error occurs:
WordPress database error: [You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Donahue=20<
Since wp-mail will choke every time it is run, because it has not yet deleted the offending email, no further email posts are possible.
Attachments (1)
Change History (5)
Note: See
TracTickets for help on using
tickets.
Possible patch uploaded. Simply calls addslashes() on the author's name before it goes to the database call. The patch also changes $tableusers to $wpdb->users (couldn't see a reason why it was still like that) and also removes the ORDER BY ID DESC restriction on the query, which is unnecessary due to LIMIT 1. I don't use post by email so it's untested and put together after a quick examination, but it might do the trick. Needs someone else to have a look at it though.