WordPress.org

Ready to get started?Download WordPress

Forums

Events Manager
possible bug: wrong quote escaping when editing ticket description (3 posts)

  1. sergio.marchesini
    Member
    Posted 2 years ago #

    Hi, and thx to all developers for this great plugin.
    I think there is a bug in quote escaping, here's how to reproduce it:
    When editing an event, make it open for booking, create a ticket, enter a description for the ticket that includes single quotes ('), you will see that the description is displayed fine. BUT when you then save the post/event then something goes wrong and (both in back office and front end) the quotes are displayed with a slash in front.

    Anyone know how I can fix this? Or can anyone point me to where in the code that posted data is processed so I can fix it?

    http://wordpress.org/extend/plugins/events-manager/

  2. Marcus
    NetWebLogic Support
    Plugin Author

    Posted 2 years ago #

    hi, thanks for reporting this, will check this out and fix asap

  3. sergio.marchesini
    Member
    Posted 2 years ago #

    Thank you for your attention...

    in classes/em_ticket.php
    around line 77, function save()
    It seems the data set inside the object is already escaped and the call to wpdb::escape adds another level of escaping.
    A quick fix would be:
    $this->description = stripslashes($this->description);
    $this->name = stripslashes($this->name);

    but I think the right way to fix it is that data should be unescaped before setting it in the object... just couldn't find where that takes place :-)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic