Make WordPress Core

Opened 7 years ago

Last modified 4 years ago

#40319 new defect (bug)

Apostrophe in commenter's name prevents comment_whitelist setting from working.

Reported by: cfinke's profile cfinke Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 4.0
Component: Comments Keywords: has-patch needs-testing has-unit-tests
Focuses: Cc:


If a commenter has an apostrophe in their name, and they have a previously approved comment, and the comment_whitelist setting is enabled ("Comment author must have a previously approved comment"), the commenter's comment will always end up in moderation.

The cause of this can be traced to r38738. If the name has an apostrophe, it will be slashed; the author name was previously included directly in the SQL, with the slash properly escaping the apostrophe, but when the query was updated to use prepare(), the author name was not unslashed.

Affects 4.7, 4.7.1, 4.7.2, 4.7.3, and trunk.

I've attached a patch that addresses the issue by unslashing the two expected_slashed parameters.

Attachments (2)

40319.diff (1008 bytes) - added by cfinke 7 years ago.
40319.patch (1.8 KB) - added by andrinheusser 7 years ago.
Test for #40319

Download all attachments as: .zip

Change History (4)

7 years ago

#1 @johnbillion
7 years ago

  • Keywords has-patch needs-testing needs-unit-tests added
  • Milestone changed from Awaiting Review to Future Release
  • Version changed from trunk to 4.0

Thanks for the patch! This will need some unit tests to verify it's working as intended.

7 years ago

Test for #40319

#2 @sorenbronsted
4 years ago

  • Keywords has-unit-tests added; needs-unit-tests removed
Note: See TracTickets for help on using tickets.