Home »Forum»Feedback and Suggestions»The Apostrophe Situation

The Apostrophe Situation

posted on #1
Supporter
Posts: 60
Joined: 27.02.16
I've been wondering why this shows up for me and I've noticed this the whole time I've been here but haven't mentioned it until now.

I noticed it today on Cody Tripp's song .. the title:

I Will Never Drink Your Witch's Brew

Somehow the simple ' apostrophe gets replaced with all those other characters and numbers ... it should have been Witch's not Witch's

I've been avoiding using the apostrophe in titles just because that happens.

Or perhaps no one else can see what I am seeing? Someone let me know!!
Edited by Ernie440 on 01-11-2016 22:32
posted on #2
Supporter
Posts: 213
Joined: 07.03.14
I've tried escaping them ("Witch\'s Brew") and it still doesn't work. Would like Dick's input on this one.
Edited by DannyK on 02-11-2016 02:42
posted on #3
Supporter
Posts: 2088
Joined: 30.12.10
thats one of those bugs...
It shall be gone after the update, and might as well have a run thru the database and fix it on old titles as well.
It has to do with the apostrophe being a very commonly used thing in code language, mostly indicating things like "And here the text ends, and the code starts" -
as you may imagine, I need to prevent the server from believing the post-' text of your title was some kind of code to interpret, which is why apostrophes need to be replaced by something else, in this case by ' , which is another way of writing ' . However, if you edit these titles, the already converted character gets converted a second time, leading to the described issue. I'll fix it...
"Sorry - had to do it!" - Les Claypool

yes, you are looking at the administrators signature.
posted on #4
Supporter
Posts: 60
Joined: 27.02.16
I see, I figured it was something like that, thanks Dick! :)
posted on #5
Supporter
Posts: 341
Joined: 27.02.15
As Dick said, in code single and double quotes (depending on the language) denote strings of text to the source code. This is especially true of the SQL language which is used to interact with the majority of database engines. Failure to handle these quotes (called 'escaping' ) can result in making it remarkably easy for a hack known as 'SQL injection' allowing an attacker to effectively query the internals of your database from your website via any form which doesn't process quotes properly! You'll be surprised how many websites out there are still susceptible to this very well known attack vector, all due to poor or lazy programming practices.

The fact this bug appears, despite being a bit annoying, is to me a very good sign that Dick takes Wikiloops' security seriously!
Edited by mpointon on 03-11-2016 12:35
wikiloops online jamsessions are brought to you with friendly support by:
Sandy from New York

"Thanks for this great site! Love finding awesome drum & percussion tracks here for my projects."

wikiloops.com uses Cookies to provide you the best possible browsing experience.
Read more in our data privacy policy.