MyBB Community Forums

Full Version: [F] Recipient field empty when replying to a user with double quote character in username
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Ok, this one's a rare bug. But there's a user in my forum with username "^_^". hehe :p ..

Anyways, when replying to any pm of his, the recipient field is empty by default because of the doublequotes character.

See this:
<input type="text" class="textbox" name="to" id="to" size="40" maxlength="30" value=""^_^"" tabindex="1" />

and for some reason, it cannot be fixed using escaping but rather the quotes have to be replaced with &quote;. Fix is to use htmlspecialchars_uni().

Replace in private.php:
$to = $user['username'];

$to = htmlspecialchars_uni($user['username']);
This bug has been fixed in the latest code.

Please note the latest code is not live on the site or for download. An update will be released which contains this fix.