MyBB Community Forums
[F] Recipient field empty when replying to a user with double quote character in username - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Community Archive (https://community.mybb.com/forum-106.html)
+--- Forum: Archived Forums (https://community.mybb.com/forum-143.html)
+---- Forum: Archived Development and Support (https://community.mybb.com/forum-155.html)
+----- Forum: Archived Bug Reports (https://community.mybb.com/forum-74.html)
+------ Forum: MyBB 1.2.7 (https://community.mybb.com/forum-55.html)
+------ Thread: [F] Recipient field empty when replying to a user with double quote character in username (/thread-20423.html)



[F] Recipient field empty when replying to a user with double quote character in username - Asad_Niazi - 06-27-2007

Ok, this one's a rare bug. But there's a user in my forum with username "^_^". hehe :p ..

Anyways, when replying to any pm of his, the recipient field is empty by default because of the doublequotes character.

See this:
<input type="text" class="textbox" name="to" id="to" size="40" maxlength="30" value=""^_^"" tabindex="1" />

and for some reason, it cannot be fixed using escaping but rather the quotes have to be replaced with &quote;. Fix is to use htmlspecialchars_uni().

Replace in private.php:
$to = $user['username'];

with:
$to = htmlspecialchars_uni($user['username']);



RE: Recipient field empty when replying to a user with double quote character in username - Dennis Tsang - 06-27-2007

This bug has been fixed in the latest code.

Please note the latest code is not live on the site or for download. An update will be released which contains this fix.