Reply button with usernames containing quotes

[euantorano]

When using the reply button to quote a post, the quote MyCode inserted in the editor is wrong if the quoted user has an apostrophe in their username.

Example: Username: "Fardel's Bear"
Action: Click Reply on a post by the user
Created quote code in the full editor:

[quote=Fardel pid='1' dateline='1421574511']
This is a test post for testing MyAlerts...
[/quote]

I've not looked at the code, but I can confirm this on a fresh install of the current dev version of MyBB 1.8 and a live forum running 1.8.3.

Original thread: Reply button with usernames containing quotes

[euantorano]

Fix:

inc/functions_posting.php line 218: add before return:

$quoted_post['username'] = addslashes($quoted_post['username']);

[Eldenroot]

This should be fixed in MyBB 1.8.4 - because this bugs affects some plugins

[Sama34]

Which plugins?

[Eldenroot]

@Sama34 - for example all plugins for quick (fast) quotes

[Destroy666x]

It doesn't matter that it affects plugins too.. The biggest problem which might move this issue to 1.8.4 is that it affects the core itself. The fix above (if it's valid, it looks like it is) could be made into PR to ensure that.

[euantorano]

@Destroy666x the above fix is not complete. Unfortunately when the quote is saved, some other processing seems to happen. I haven't had a chance to look at what else is going wrong yet.

[Sama34]

If this is a SCEditor issue we can probably ask the developers.

[JN-Jones]

@euantorano Have you ever looked into this?

[euantorano]

I had a brief look and couldn't work out where it was going wrong. I'll have a look this weekend.

[WildcardSearch]

The problem is that in functions_posting.php's parse_quoted_message, single quotes are used without checking to see if the user name contains single quotes.

[WildcardSearch]

This is a simple fix. Can anyone test #2624 ?