WordPress.org

Ready to get started?Download WordPress

Forums

I use apostrophes - unescaped characters in mail handling mechanisms (7 posts)

  1. cefn
    Member
    Posted 8 years ago #

    Using apostrophes in your posts seems to break WordPress mail mechanisms and is not properly escaped. Note below I used the illegal phrase "I've" which contains an apostrophe.

    WordPress database error: [You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 've missed it haven't I. Reb, is your pebble now released for sh]

    I don't have any fancy plugins related to mail (the only one I've installed makes the search mechanisms index pages as well as posts).

    Any email, inbound or outbound, which contains an apostrophe breaks the SQL query used to store the transaction, as in the example above of a comment being sent for review.

    Had the same problem previously with an inbound blog post and gave up on that email mechanism for my own blogging, but I can't really ask my users to avoid apostrophes when adding comments!!

    Is it really that the coder has forgotten to escape the text in a SQL query, or have I got to change some config somewhere.

    Using version 1.5.2

  2. skippy
    Member
    Posted 8 years ago #

    Apostrophes in the body of posts and comments submitted through the (regular) web-based interface of WordPress have worked fine for me for all versions.

    The SQL query used to prepare the email notifications ought not choke on an apostrophe in a comment. WordPress should properly escape the apostrophe before inserting the comment into the database. If you can see the comment in your moderation queue, then you can verify that the apostrophe was not problematic.

    The only issue I know of is the one you identify with wp-mail.php.

  3. cefn
    Member
    Posted 8 years ago #

    I think there was a cyclic mail problem which created the 'outbound' issue. In other words it turned into an inbound issue.

    The moderation queue outbound mail queue was coming back into the blog posts inbound mail queue. Perhaps the apostrophe bug saved my system. :)

    Actually I had changed the admin email address to fix this cyclic mailing before even running wp-mail.php but apparently it had cached the old address when the mails were queued for sending, so it wouldn't have been an endless loop.

    Is there anything I can do to fix this unescaped text in the wp-mail inbound case?

    It has to be escaped for SQL text, is there a natural function for this within php/wordpress?

  4. skippy
    Member
    Posted 8 years ago #

    You need to call stripslashes() on the content.

    Around line 115 in wp-mail.php you should see:
    $content = trim($content);

    Replace that with:
    $content = stripslashes(trim($content));
    and see if it fixes your problem.

  5. cefn
    Member
    Posted 8 years ago #

    Still face the same problem from apostrophes with the stripslashes call, as shown below, but if I call addslashes instead, it will at least complete the transaction, though the content comes through pretty munged as you can see.

    WITH STRIPSLASHES

    WordPress database error: [You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 't=20 complete the actions, we'd rather see you there anyway an]
    INSERT INTO wp_posts (post_author, post_date, post_date_gmt, post_modified, post_modified_gmt, post_content, post_title, post_excerpt, post_category, post_status, post_name, comment_status, ping_status, post_parent) VALUES ('1', '2005-08-31 14:56:15', '2005-08-31 13:56:15', '2005-08-31 14:56:15', '2005-08-31 13:56:15', 'Message

    WITH ADDSLASHES (content is added from mail - database call doesn't fail) but content looks pretty messed up - this is the source text from the posting directly from the admin panel.

    Message

    @font-face {
    font-family: Tahoma;
    }
    @page Section1 {size: 612.0pt 792.0pt; margin: 72.0pt 90.0pt 72.0pt =
    90.0pt; mso-header-margin: 35.4pt; mso-footer-margin: 35.4pt; =
    mso-paper-source: 0; }
    P.MsoNormal {
    FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; =
    mso-style-parent: ""; mso-pagination: widow-orphan; =
    mso-fareast-font-family: "Times New Roman"
    }
    LI.MsoNormal {
    FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; =
    mso-style-parent: ""; mso-pagination: widow-orphan; =
    mso-fareast-font-family: "Times New Roman"
    }
    DIV.MsoNormal {
    FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; =
    mso-style-parent: ""; mso-pagination: widow-orphan; =
    mso-fareast-font-family: "Times New Roman"
    }
    A:link {
    COLOR: blue; TEXT-DECORATION: underline; text-underline: single
    }
    SPAN.MsoHyperlink {
    COLOR: blue; TEXT-DECORATION: underline; text-underline: single
    }
    A:visited {
    COLOR: blue; TEXT-DECORATION: underline; text-underline: single
    }
    SPAN.MsoHyperlinkFollowed {
    COLOR: blue; TEXT-DECORATION: underline; text-underline: single
    }
    SPAN.EmailStyle17 {
    COLOR: navy; FONT-FAMILY: Arial; mso-style-type: personal-reply; =
    mso-style-noshow: yes; mso-ansi-font-size: 10.0pt; mso-bidi-font-size: =
    10.0pt; mso-ascii-font-family: Arial; mso-hansi-font-family: Arial; =
    mso-bidi-font-family: Arial
    }
    SPAN.SpellE {
    mso-style-name: ""; mso-spl-e: yes
    }
    DIV.Section1 {
    page: Section1
    }

    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =
    size=3D2>Gavin=20
    wrote...</FONT></SPAN></DIV>
    <DIV><SPAN class=3D055575815-31082005>
    <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2>Hi Cefn</SPAN>, is there any chance that this could be moved =
    to a=20
    Thursday slot? I’m very interested in this but simply cannot make=20
    Wednesdays.</SPAN></FONT></P></SPAN></DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =

    size=3D2></FONT></SPAN> </DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =
    size=3D2>I=20
    think this is a good discussion to raise with everyone. =
    </FONT></SPAN><FONT face=3DArial color=3D#0000ff =
    size=3D2>Hopefully we can=20
    all agree a change of meeting day for the next time around (in a =
    fortnight). Too=20
    late for this one I think. The meeting day just stuck at Wednesday for =
    reasons=20
    of randomness. </FONT></SPAN><SPAN class=3D055575815-31082005><FONT =
    face=3DArial=20
    color=3D#0000ff size=3D2>Been meaning to raise it because Faye couldn't =
    make it on=20
    Weds, but they are now leaving the country, so the urgency went=20
    away.</FONT></SPAN></DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =

    size=3D2></FONT></SPAN> </DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =

    size=3D2>Everyone who's interested in being involved, can you mail back =
    with X=20
    against the days you can regularly make, and we'll see which one=20
    sticks.</FONT></SPAN></DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =

    size=3D2></FONT></SPAN> </DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =

    size=3D2>Monday</FONT></SPAN></DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =

    size=3D2>Tuesday</FONT></SPAN></DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =

    size=3D2>Wednesday</FONT></SPAN></DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =

    size=3D2>Thursday</FONT></SPAN></DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =

    size=3D2>Friday</FONT></SPAN></DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =

    size=3D2>Saturday</FONT></SPAN></DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =

    size=3D2>Sunday</FONT></SPAN></DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =

    size=3D2></FONT></SPAN> </DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =

    size=3D2>Cefn</FONT></SPAN></DIV>
    <DIV><SPAN class=3D055575815-31082005><FONT face=3DArial color=3D#0000ff =
    size=3D2>http://cefn.com/curiosity/=20
    </FONT></SPAN></DIV>

  6. skippy
    Member
    Posted 8 years ago #

    Good catch, you need addslashes(), and not stripslashes(). Don't know what I was thinking.

    The content looks the way it does because you've sent an HTML email. Try sending plaing text instead.

  7. cefn
    Member
    Posted 8 years ago #

    Thanks, Skippy.

    Plaintext of course.

    Good call, but it's a bit hard because I'm feeding in mail from a mailing list, so I can't always control the content, but at least I can send plaintext mails myself, and mop up the others.

    If the html content is itself a valid page, I should presumably be able to pass the content through automatically somehow.

    My theories for why this is a problem...

    * wordpress only accepts a defined subset of html
    * the content needs to be unescaped (stripslashed) the other end to turn it back into proper html
    * both

Topic Closed

This topic has been closed to new replies.

About this Topic