Fix for apostrophe character
March 30, 2014 —
BarryK
Christina (forum member efiabruni) is the author of pe_pplog, which I use for the blog that you are now reading.
There was a bug discovered recently. If the apostrophe character (') was used in comment titles, the comment was corrupted.
Efiabruni posted a fix:
https://github.com/efiabruni/pe_pplog/commits/comment_registration
...the apostrophe fix is in files pe_pplog.pl and blog/sub.pl, and is actually found in both of the patches:
blog/sub.pl: subroutine to replace a ' with &apos
pe_pplog.pl: Disabled bbcode on comments for security reasons
The latter patch also disables bbcode on comments, however I was uncertain about that and did not implement it.
I will need more feedback as to what the security risk actually is.
Comments
testing with UTF-8"dionicio"Testing with UTF-8: apostrophe: ' apos: " Symbols: Unmatched parentheses sign in regex marked by HERE in m testing single ending parentheses UTF8 dionicio HERE at pepplog pl line 604 FILE line 1 as all parentheses are in pairs (like this one). like this too: (: :) such as this: {url=javascript:alert(String.fromCharCode(88,83,83))}Click!{/url}Tags: general