Can't post or update an article with apostrophe ( ' ) in title

Question

Can't post or update an article with apostrophe ( ' ) in title

Opened this issue 9 years ago · 3 comments

Hello,

I test it with all type of browser (chrom, firefox, edge,... in windows 10), We can't post or update any article with the (') apostrophe sign in the title. This action is detected by Protector as "SQL Injection".

my xoops config:
xoops: 2.5.8
rmcommon: 2.3.2.8
mywords: 2.2.5.5
php: 7.0.7
mysql: 5.6.30

Thanks
with the best.

Answer 1 · 2016-07-28T06:43:19.000Z

Hello,

I'd updated mywords modules to the last version, 2.2.5.7 but this probleme still appeal. I can't post the article with the apostrophe in article Title (see in the pic):

As I told you before; this action was detected by Protector in "SQL Injection" (see in the pic):

My xoops config:
xoops: 2.5.8
rmcommon: 2.3.2.8
mywords: 2.2.5.7
php: 7.0.7
mysql: 5.6.30

Thanks
With the best.

Answer 2 · 2016-07-29T16:06:29.000Z

Have you tried similar action with other modules? I could not reproduce this error in my environments using protector with default preferences.

Answer 3 · 2016-07-31T10:27:25.000Z

Hello,
I'd installed only Mywords, RMcommon, Systeme, and Protector in my xoops config for test. I found also this probleme when I try to post in Title as Unicode sentence.

This is the errors in debug mode, for the page: "modules/mywords/admin/posts.php?op=new"

Errors
Unknown: Methods with the same name as their class will not be constructors in a future version of PHP; gettext_reader has a deprecated constructor in file /modules/rmcommon/class/gettext/gettext.php line 36
Unknown: Methods with the same name as their class will not be constructors in a future version of PHP; StringReader has a deprecated constructor in file /modules/rmcommon/class/gettext/streams.php line 48
Unknown: Methods with the same name as their class will not be constructors in a future version of PHP; FileReader has a deprecated constructor in file /modules/rmcommon/class/gettext/streams.php line 84
Unknown: Methods with the same name as their class will not be constructors in a future version of PHP; CachedFileReader has a deprecated constructor in file /modules/rmcommon/class/gettext/streams.php line 146
Unknown: Non-static method AdvformPluginRmcommonPreload::eventRmcommonFormLoader() should not be called statically in file /modules/rmcommon/api/events.php line 122
Warning: Invalid argument supplied for foreach() in file /modules/rmcommon/class/template.php line 161
Notice: Undefined property: RMFormUser::$multi in file /modules/rmcommon/class/fields/formuser.class.php line 105
Unknown: Non-static method MWFunctions::get_tags() should not be called statically in file /modules/mywords/widgets/widget-tags.php line 61
Unknown: Non-static method OnfocusThemeRmcommonPreload::eventRmcommonGetStyles() should not be called statically in file /modules/rmcommon/api/events.php line 122

My xoops config:
xoops: 2.5.8
rmcommon: 2.3.2.9
mywords: 2.2.5.7
php: 7.0.7
mysql: 5.6.30