Recent Topics

Missing stripslashes() in _feedback.php

started by on Dec 15, 2005 – Last touched: Dec 15, 2005

Dec 15, 2005 22:09    

Find the following line in your _feedback.php:

Code

$comment_author = isset($_COOKIE[$cookie_name]) ? trim($_COOKIE[$cookie_name]) : '';

And change it to:

Code

$comment_author = isset($_COOKIE[$cookie_name]) ? stripslashes(trim($_COOKIE[$cookie_name])) : '';

Otherwise apparently stored author names that have single quotes in them end up with lots of backslashes on retrieval.

The same probably happens with the email and URL lines as well, but they are a little less likely to have single quotes anyway.

(v0.9.1)

Dec 15, 2005 22:58

The real fix would be to use remove_magic_quotes(), because stripslashes() should only be used if get_magic_quotes_gpc() returns true.

Dec 16, 2005 20:39

Ahh, well there you go. :)


Form is loading...

blog tool – This forum is powered by b2evolution CMS, a complete engine for your website.