WordPress.org

Make WordPress Core

Opened 14 months ago

Last modified 14 months ago

#40319 new defect (bug)

Apostrophe in commenter's name prevents comment_whitelist setting from working.

Reported by: cfinke Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 4.0
Component: Comments Keywords: has-patch needs-testing needs-unit-tests
Focuses: Cc:

Description

If a commenter has an apostrophe in their name, and they have a previously approved comment, and the comment_whitelist setting is enabled ("Comment author must have a previously approved comment"), the commenter's comment will always end up in moderation.

The cause of this can be traced to r38738. If the name has an apostrophe, it will be slashed; the author name was previously included directly in the SQL, with the slash properly escaping the apostrophe, but when the query was updated to use prepare(), the author name was not unslashed.

Affects 4.7, 4.7.1, 4.7.2, 4.7.3, and trunk.

I've attached a patch that addresses the issue by unslashing the two expected_slashed parameters.

Attachments (2)

40319.diff (1008 bytes) - added by cfinke 14 months ago.
40319.patch (1.8 KB) - added by andrinheusser 9 months ago.
Test for #40319

Download all attachments as: .zip

Change History (3)

@cfinke
14 months ago

#1 @johnbillion
14 months ago

  • Keywords has-patch needs-testing needs-unit-tests added
  • Milestone changed from Awaiting Review to Future Release
  • Version changed from trunk to 4.0

Thanks for the patch! This will need some unit tests to verify it's working as intended.

@andrinheusser
9 months ago

Test for #40319

Note: See TracTickets for help on using tickets.