MySQL DB error when forum 'Participant" uses @mention with BuddyPress.

[rossagrant]

Easy to replicate:

BuddyPress must be active
Activity streams must be active
User must not be an admin/super admin

Post an @mention in a BBPress forum whilst logged in as a 'Participant'.

You'll get a syntax error reported in your server's error_log.

Something like this:

[29-Jan-2013 12:51:38 UTC] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.mysite.tv/members/admin/' rel='nofollow'>@admin mentio' at line 1 for query SELECT ID FROM wp_posts WHERE post_type = 'reply' AND post_status != 'trash' AND post_author = 40 AND post_content = 'Now testing @admin mention in a forum post.' AND post_parent = '9865' LIMIT 1 made by require('wp-blog-header.php'), require_once('wp-includes/template-loader.php'), do_action('template_redirect'), call_user_func_array, bbp_template_redirect, do_action('bbp_template_redirect'), call_user_func_array, bbp_post_request, do_action('bbp_post_request'), call_user_func_array, bbp_new_reply_handler, bbp_check_for_duplicate

JJ has confirmed on his local and knows how to rectify!

See this topic for more details:

http://bbpress.org/forums/topic/database-error-whenever-i-use-an-mention-in-a-forum-post/#post-125718

Cheers!

[johnjamesjacoby]

(In [4735]) Prepare query in bbp_check_for_duplicate(). See #2185.

[johnjamesjacoby]

(In [4736]) Reverse single/double quote usage in bbp_mention_filter(); also use sprintf() to place variable data. See #2185.

[johnjamesjacoby]

This looks to be directly related to BuddyPress misbehaving. Without BuddyPress active, bbPress works perfectly on its own. Still tracking down the exact cause and solution while I tidy up some of the surrounding code.

[johnjamesjacoby]

(In [4737]) Change topic and reply content filter order to move 'bbp_mention_filter' just behind 'make_clickable' since mentions are an extention of it. See #2185.

[johnjamesjacoby]

(In [4738]) Remove "bbp-mention-link" class from bbp_mention_filter() links. Fixes bug where copy/pasting previous post content into TinyMCE causes duplicate topic/reply check to not match correctly. See #2185.

[johnjamesjacoby]

(In [4739]) Now that mentions are in bbPress core, remove the extra mention code in the BuddyPress activity extension. Fixes #2185.

[johnjamesjacoby]

Reopening this, as it's breaking the duplicate check.

[johnjamesjacoby]

Fixed in r4832.

[johnjamesjacoby]

This is now working identically to the way WordPress handles comments. Much of that code originally came from there. All of the posted topic and reply content is escaped by wp_magic_quotes() in load.php, so issues regarding preparing or escaping this duplicate post check query are incorrect. I added an inline comment to that effect in the bbp_check_for_duplicate() function.

[johnjamesjacoby]

(In [4846]) Do a reverse unslashing juke-move when checking topics and replies for duplicates. Even though wp_magic_quotes() may have slashed some things for us, this allows us to properly prepare the query and it's parts with accurately unslashed data. This is mostly to compensate for plugins that may intercept globals or filter query parameters on the fly (like BuddyPress @ mentions.)

See #2185, ​[WP23973]

[johnjamesjacoby]

(In [4847]) In bbp_check_for_duplicate(), run wp_unslash() or stripslashes_deep() on the entire $r array. Remove unslashing on results of get_meta_sql() to allow any previously slashed values to remain slashed. See #2185.