Opened 7 years ago
Last modified 5 years ago
#40319 new defect (bug)
Apostrophe in commenter's name prevents comment_whitelist setting from working.
Reported by: | cfinke | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 4.0 |
Component: | Comments | Keywords: | has-patch needs-testing has-unit-tests |
Focuses: | Cc: |
Description
If a commenter has an apostrophe in their name, and they have a previously approved comment, and the comment_whitelist setting is enabled ("Comment author must have a previously approved comment"), the commenter's comment will always end up in moderation.
The cause of this can be traced to r38738. If the name has an apostrophe, it will be slashed; the author name was previously included directly in the SQL, with the slash properly escaping the apostrophe, but when the query was updated to use prepare()
, the author name was not unslashed.
Affects 4.7, 4.7.1, 4.7.2, 4.7.3, and trunk.
I've attached a patch that addresses the issue by unslashing the two expected_slashed
parameters.
Attachments (2)
Change History (4)
Note: See
TracTickets for help on using
tickets.
Thanks for the patch! This will need some unit tests to verify it's working as intended.