Fix for apostrophe character

March 30, 2014 — BarryK
Christina (forum member efiabruni) is the author of pe_pplog, which I use for the blog that you are now reading.

There was a bug discovered recently. If the apostrophe character (') was used in comment titles, the comment was corrupted.

Efiabruni posted a fix:

...the apostrophe fix is in files and blog/, and is actually found in both of the patches:
blog/ subroutine to replace a ' with &apos Disabled bbcode on comments for security reasons

The latter patch also disables bbcode on comments, however I was uncertain about that and did not implement it.
I will need more feedback as to what the security risk actually is.


