Title.module does not strip slashes in one place, adds unnecessary slashes in another [#5531]

In the title_filter function, the $replacement expression would be better as:
$replacement = 'l(stripslashes("$2" ? "$2" : "$1"), "title/". urlencode("$1"))';
Since preg_replace appears to escape the quotes in the evaluated pattern.

Since this is happening to the urlencode() link text, that makes the call to check_query($title) in title_page's second query cause an unfortunate doubling.
"that\'s all folks" becomes LIKE '%that \\\\'s all folks%' in the query

Comments

Comment #1

kyber commented 30 January 2004 at 18:51

Priority:

Minor

» Normal

Changed priority since the query problem made this break stuff, not just cosmetic.
Also:
$result = db_query("SELECT n.*, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.title LIKE '%%%s%%' AND n.status = 1 ORDER BY n.created DESC", $title);

This seemed good solution to query problem.
%% seems to escape %, just like in printf()

Comment #2

kyber commented 2 February 2004 at 01:29

UnConeD says he took care of it. Closed.

Comment #3

(not verified) commented 16 February 2004 at 02:20

Title.module does not strip slashes in one place, adds unnecessary slashes in another

Comments

Comment #1

Comment #2

Comment #3

News items

Our community

Documentation

Drupal code base

Governance of community