Details
-
Type: Bug
-
Status: Done/Fixed
-
Priority: Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.1.0
-
Fix Version/s: 4.1.1
-
Component/s: Core CiviCRM
-
Labels:None
Description
CiviCRM 4.1 Beta3 as a WordPress plugin adds extra escaping of single quotation marks and double quotation marks. PHP has magic quotes off, and this can be reproduced on the sandbox site.
To reproduce, enter " or ' into a field and save it. Examples of fields:
Contact detail fields
From Email Address Options
Option Groups fields
Re-using a previous CiviMail mailing
The Drupal version of CiviCRM 4.1 Beta3 does not do this.
As pointed out by Donald Lobo, the likely cause is the characteristic of WordPress to addslashes to server variables before they are used by a plugin (http://wordpress.org/support/topic/does-wordpress-escapeadd-slashes-to-_request-fields-in-a-plugin).
A possible fix may be to alter the request input only when using CiviCRM as a WordPress plugin, as it may be all inputs and fields that are affected.
Forum post ref: http://forum.civicrm.org/index.php/topic,23419.0.html