Skip to:
Content

bbPress.org

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#2185 closed defect (fixed)

MySQL DB error when forum 'Participant" uses @mention with BuddyPress.

Reported by: rossagrant Owned by:
Milestone: 2.3 Priority: normal
Severity: normal Version: 2.2.3
Component: General - Content Creation Keywords: needs-patch
Cc:

Description

Easy to replicate:

BuddyPress must be active
Activity streams must be active
User must not be an admin/super admin

Post an @mention in a BBPress forum whilst logged in as a 'Participant'.

You'll get a syntax error reported in your server's error_log.

Something like this:

[29-Jan-2013 12:51:38 UTC] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.mysite.tv/members/admin/' rel='nofollow'>@admin mentio' at line 1 for query SELECT ID FROM wp_posts WHERE post_type = 'reply' AND post_status != 'trash' AND post_author = 40 AND post_content = 'Now testing @admin mention in a forum post.' AND post_parent = '9865' LIMIT 1 made by require('wp-blog-header.php'), require_once('wp-includes/template-loader.php'), do_action('template_redirect'), call_user_func_array, bbp_template_redirect, do_action('bbp_template_redirect'), call_user_func_array, bbp_post_request, do_action('bbp_post_request'), call_user_func_array, bbp_new_reply_handler, bbp_check_for_duplicate

JJ has confirmed on his local and knows how to rectify!

See this topic for more details:

http://bbpress.org/forums/topic/database-error-whenever-i-use-an-mention-in-a-forum-post/#post-125718

Cheers!

Attachments (1)

2185.patch (1.2 KB) - added by johnjamesjacoby 8 years ago.

Download all attachments as: .zip

Change History (13)

#1 @johnjamesjacoby
8 years ago

  • Milestone changed from Awaiting Review to 2.3

#2 @johnjamesjacoby
8 years ago

(In [4735]) Prepare query in bbp_check_for_duplicate(). See #2185.

#3 @johnjamesjacoby
8 years ago

(In [4736]) Reverse single/double quote usage in bbp_mention_filter(); also use sprintf() to place variable data. See #2185.

#4 @johnjamesjacoby
8 years ago

This looks to be directly related to BuddyPress misbehaving. Without BuddyPress active, bbPress works perfectly on its own. Still tracking down the exact cause and solution while I tidy up some of the surrounding code.

#5 @johnjamesjacoby
8 years ago

(In [4737]) Change topic and reply content filter order to move 'bbp_mention_filter' just behind 'make_clickable' since mentions are an extention of it. See #2185.

#6 @johnjamesjacoby
8 years ago

(In [4738]) Remove "bbp-mention-link" class from bbp_mention_filter() links. Fixes bug where copy/pasting previous post content into TinyMCE causes duplicate topic/reply check to not match correctly. See #2185.

#7 @johnjamesjacoby
8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [4739]) Now that mentions are in bbPress core, remove the extra mention code in the BuddyPress activity extension. Fixes #2185.

#8 @johnjamesjacoby
8 years ago

  • Component changed from Forums to Content Creation
  • Keywords needs-patch added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopening this, as it's breaking the duplicate check.

#9 @johnjamesjacoby
8 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

Fixed in r4832.

#10 @johnjamesjacoby
8 years ago

This is now working identically to the way WordPress handles comments. Much of that code originally came from there. All of the posted topic and reply content is escaped by wp_magic_quotes() in load.php, so issues regarding preparing or escaping this duplicate post check query are incorrect. I added an inline comment to that effect in the bbp_check_for_duplicate() function.

#11 @johnjamesjacoby
8 years ago

(In [4846]) Do a reverse unslashing juke-move when checking topics and replies for duplicates. Even though wp_magic_quotes() may have slashed some things for us, this allows us to properly prepare the query and it's parts with accurately unslashed data. This is mostly to compensate for plugins that may intercept globals or filter query parameters on the fly (like BuddyPress @ mentions.)

See #2185, [WP23973]

#12 @johnjamesjacoby
8 years ago

(In [4847]) In bbp_check_for_duplicate(), run wp_unslash() or stripslashes_deep() on the entire $r array. Remove unslashing on results of get_meta_sql() to allow any previously slashed values to remain slashed. See #2185.

Note: See TracTickets for help on using tickets.