Ticket #1234 (closed: fixed)

Opened 7 weeks ago

Last modified 6 weeks ago

single quotes in discussion thread titles causes parsing error in "Latest Discussions"

Reported by: AlexanderPico Owned by: AlexanderPico
Milestone: milestone_25 Component: WikiPathways website
Severity: major Keywords:
Cc:

Description

The main page of wikipathways is vulnerable to discussion thread titles with single quotes. If such a title is one of the last 3 threads the front page will not load and an ugly php error is shown. If it's one of the last 500 the "more..." link will lead to the same error.

Change History

Changed 7 weeks ago by AlexanderPico

see history of this thread for an example:

 http://www.wikipathways.org/index.php?title=Thread:Pathway_does_not_have_any_gene_annotation_%282%29&action=history

Immediate fix was to alter the namespace of this thread in db so that recentchanges query skipped it.

Changed 6 weeks ago by AlexanderPico

  • status changed from new to closed
  • resolution set to fixed

fixed by replacing single quotes with pairs of single quotes in query variable to make them safe for SQL queries.

Note: See TracTickets for help on using tickets.