MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > Archived Bug Reports > MyBB 1.2.7 > [F] Recipient field empty when replying to a user with double quote character in username
Full Version: [F] Recipient field empty when replying to a user with double quote character in username
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Asad_Niazi

2007-06-27, 05:18 PM
Ok, this one's a rare bug. But there's a user in my forum with username "^_^". hehe :p ..

Anyways, when replying to any pm of his, the recipient field is empty by default because of the doublequotes character.

See this:
<input type="text" class="textbox" name="to" id="to" size="40" maxlength="30" value=""^_^"" tabindex="1" />

and for some reason, it cannot be fixed using escaping but rather the quotes have to be replaced with &quote;. Fix is to use htmlspecialchars_uni().

Replace in private.php:
$to = $user['username'];

with:
$to = htmlspecialchars_uni($user['username']);

Dennis Tsang

2007-06-27, 06:47 PM
This bug has been fixed in the latest code.

Please note the latest code is not live on the site or for download. An update will be released which contains this fix.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > Archived Bug Reports > MyBB 1.2.7 > [F] Recipient field empty when replying to a user with double quote character in username