Making WordPress.org

#1856 closed defect (fixed)

Attendance UI search does not handle apostrophes

Reported by: johneckman Owned by: kovshenin
Milestone: Priority: normal
Component: WordCamp Site & Plugins Keywords: has-patch


If your attendee name is O'Brien or O'Donnell - you won't be able to find them in the Attendance UI

If you just search for Brien or Donnell it will find them, but if you try to type O'Brien it will not.

Attachments (3)

Screen Shot 2016-07-23 at 12.05.05 PM.png (101.3 KB) - added by johneckman 22 months ago.
showing the o' attendees
Screen Shot 2016-07-23 at 12.04.57 PM.png (49.1 KB) - added by johneckman 22 months ago.
Showing the filter not finding them
fix.diff (806 bytes) - added by jeffSLOfish 21 months ago.
Fix for this bug.

Download all attachments as: .zip

Change History (8)

22 months ago

showing the o' attendees

22 months ago

Showing the filter not finding them

#1 @iandunn
22 months ago

  • Owner set to kovshenin
  • Status changed from new to assigned

#2 @kovshenin
22 months ago

  • Keywords good-first-bug added

#3 @iandunn
22 months ago

  • Keywords needs-patch added

21 months ago

Fix for this bug.

#4 @BandonRandon
19 months ago

  • Keywords has-patch added; good-first-bug needs-patch removed

Tested Patch, works as expected. cc @kovshenin

#5 @coreymckrill
12 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 5531:

WordCamp: Handle apostrophes in Camptix Attendance UI

Apostrophes in the search string are getting escaped when they are first
submitted, which means they are getting escaped again when they go
through $wpdb->prepare etc. So strings that have an apostrophe (like
"O'Brien") will not turn up the expected results in the query.

This fixes the issue by stripping slashes before the string goes through
esc_like and $wpdb->prepare. It uses wp_unslash instead of the
stripslashes in the original patch simply because using WP-specific
versions of functions is a best practice.

Stripping slashes in this instance doesn't cause a vulnerability because
the escaping is handled again later by esc_like and $wpdb->prepare.

Props jeffSLOfish
Fixes #1856

Note: See TracTickets for help on using tickets.