Skip to:

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#2185 closed defect (bug) (fixed)

MySQL DB error when forum 'Participant" uses @mention with BuddyPress.

Reported by: rossagrant's profile rossagrant Owned by:
Milestone: 2.3 Priority: normal
Severity: normal Version: 2.2.3
Component: General - Content Creation Keywords: needs-patch


Easy to replicate:

BuddyPress must be active
Activity streams must be active
User must not be an admin/super admin

Post an @mention in a BBPress forum whilst logged in as a 'Participant'.

You'll get a syntax error reported in your server's error_log.

Something like this:

[29-Jan-2013 12:51:38 UTC] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' rel='nofollow'>@admin mentio' at line 1 for query SELECT ID FROM wp_posts WHERE post_type = 'reply' AND post_status != 'trash' AND post_author = 40 AND post_content = 'Now testing @admin mention in a forum post.' AND post_parent = '9865' LIMIT 1 made by require('wp-blog-header.php'), require_once('wp-includes/template-loader.php'), do_action('template_redirect'), call_user_func_array, bbp_template_redirect, do_action('bbp_template_redirect'), call_user_func_array, bbp_post_request, do_action('bbp_post_request'), call_user_func_array, bbp_new_reply_handler, bbp_check_for_duplicate

JJ has confirmed on his local and knows how to rectify!

See this topic for more details:


Attachments (1)

2185.patch (1.2 KB) - added by johnjamesjacoby 10 years ago.

Download all attachments as: .zip

Change History (13)

#1 @johnjamesjacoby
10 years ago

  • Milestone changed from Awaiting Review to 2.3

#2 @johnjamesjacoby
10 years ago

(In [4735]) Prepare query in bbp_check_for_duplicate(). See #2185.

#3 @johnjamesjacoby
10 years ago

(In [4736]) Reverse single/double quote usage in bbp_mention_filter(); also use sprintf() to place variable data. See #2185.

#4 @johnjamesjacoby
10 years ago

This looks to be directly related to BuddyPress misbehaving. Without BuddyPress active, bbPress works perfectly on its own. Still tracking down the exact cause and solution while I tidy up some of the surrounding code.

#5 @johnjamesjacoby
10 years ago

(In [4737]) Change topic and reply content filter order to move 'bbp_mention_filter' just behind 'make_clickable' since mentions are an extention of it. See #2185.

#6 @johnjamesjacoby
10 years ago

(In [4738]) Remove "bbp-mention-link" class from bbp_mention_filter() links. Fixes bug where copy/pasting previous post content into TinyMCE causes duplicate topic/reply check to not match correctly. See #2185.

#7 @johnjamesjacoby
10 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [4739]) Now that mentions are in bbPress core, remove the extra mention code in the BuddyPress activity extension. Fixes #2185.

#8 @johnjamesjacoby
10 years ago

  • Component changed from Forums to Content Creation
  • Keywords needs-patch added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopening this, as it's breaking the duplicate check.

#9 @johnjamesjacoby
10 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

Fixed in r4832.

#10 @johnjamesjacoby
10 years ago

This is now working identically to the way WordPress handles comments. Much of that code originally came from there. All of the posted topic and reply content is escaped by wp_magic_quotes() in load.php, so issues regarding preparing or escaping this duplicate post check query are incorrect. I added an inline comment to that effect in the bbp_check_for_duplicate() function.

#11 @johnjamesjacoby
10 years ago

(In [4846]) Do a reverse unslashing juke-move when checking topics and replies for duplicates. Even though wp_magic_quotes() may have slashed some things for us, this allows us to properly prepare the query and it's parts with accurately unslashed data. This is mostly to compensate for plugins that may intercept globals or filter query parameters on the fly (like BuddyPress @ mentions.)

See #2185, [WP23973]

#12 @johnjamesjacoby
10 years ago

(In [4847]) In bbp_check_for_duplicate(), run wp_unslash() or stripslashes_deep() on the entire $r array. Remove unslashing on results of get_meta_sql() to allow any previously slashed values to remain slashed. See #2185.

Note: See TracTickets for help on using tickets.