Make WordPress Core

Opened 20 years ago

Closed 20 years ago

Last modified 20 months ago

#4 closed defect (bug) (fixed)

Saving edited comments from admin when magic quotes are turned off

Reported by: shelleyp's profile shelleyp Owned by: ryan's profile ryan
Milestone: Priority: normal
Severity: critical Version:
Component: General Keywords:
Focuses: Cc:

Description

When automatic magic quotes is turned off using .htaccess or some other server level technique, editing a comment in the admin page causes the SQL to fail -- the quotes are not escaped.

Change History (12)

#3 @ryan
20 years ago

  • Owner changed from anonymous to rboren
  • Status changed from new to assigned

#4 @ryan
20 years ago

  • Resolution changed from 10 to 20
  • Status changed from assigned to closed

#5 @shelleyp
20 years ago

  • Resolution changed from 20 to 30
  • Status changed from closed to assigned

Sorry, but this doesn't mean a thing to me. This won't mean a thing to anyone who is not a coder. I haven't a clue of why you pointed this out.

You need an English language description acknowledging the problem, and what you see is the resolution, and that you feel based on what I've said and what you know is has been changed in the code for code bug fix 1.2.1 to fix this problem and how people can download such and such to fix.

#6 @matt
20 years ago

Shelley, does changing that line of code fix the problem for you? It's line 689 of post.php.

edited on: 06-11-04 12:54

#7 @ryan
20 years ago

  • Resolution changed from 30 to 20
  • Status changed from assigned to closed

I am not providing individual patches against 1.2 for every bug I fix. That is not tenable. Test with CVS or wait for the next release. It is fixed. Confirmed by others.

#8 @shelleyp
20 years ago

  • Resolution changed from 20 to 30
  • Status changed from closed to assigned

Doesn't matter if it answered my question or not, Does it Matt?

I think I've been told to take it or leave it and piss off.

Thank you.

#9 @matt
20 years ago

What do you mean it doesn't matter? I see no question marks in your bug report or subsequent comments. If what you're asking for is a release to fix this bug, then yes you'll have to wait like everyone else for the next release.

#10 @ryan
20 years ago

  • Resolution changed from 30 to 20
  • Status changed from assigned to closed

Please do not bounce bug status. This has been confirmed as fixed by three people. We've had this tracker up one day and we already have someone bouncing bugs to make a point. If you want a file to apply against 1.2, ask nicely. If it is still a problem after you test it, then reopen.

#11 @shelleyp
20 years ago

Matt, I was trying to make a point -- unless Wordpress is for coders only, you have to respond with ENGLISH. Not pointing at a piece of code that isn't reflected in the current release.

So I had to download the nightly, and then open POST.php to see that line in context. Then I have to try and guess if this fixes the fact that the content isn't escaped before it's uploaded to the database. The change reflects that the posted content needs to be included in a function call to balanceTags. By itself, my first thought was -- well, if the content isn't even being accessed from the post, then how could it work at all?

So I'm trying to look through the code to see if this did fix it, and try and determine the logic that led to this pointer to the CVS entry as a response--but at least I can download the nightly and look in the code. Now, imagine I'm a person who doesn't know any PHP.

Wouldn't it have been better to reply:

A change was made to such a such PHP file on such and such a day. This change was to pull the text for the comment from the POST and then.... The reason this was done was.... It was tested by opening an existing comment in wp-admin, making a small change and then saving it, all the while knowing that magic quotes was turned off by ....

You can download the CVS nightly, now. Or you can wait until bug fix such and such, to be release on such and such a day. If you do decide to wait, you can post your problem on the support line and see if someone has a bug workaround you can use now on the existing 1.2 release.

---

Note: See TracTickets for help on using tickets.