Home »Forum»Feedback and Suggestions»The Apostrophe Situation

The Apostrophe Situation

posted on #1
User Avatar Supporter
Posts: 69
Joined: 27.02.16
I've been wondering why this shows up for me and I've noticed this the whole time I've been here but haven't mentioned it until now.

I noticed it today on Cody Tripp's song .. the title:

I Will Never Drink Your Witch's Brew

Somehow the simple ' apostrophe gets replaced with all those other characters and numbers ... it should have been Witch's not Witch's

I've been avoiding using the apostrophe in titles just because that happens.

Or perhaps no one else can see what I am seeing? Someone let me know!!
Edited by Ernie440 on November 01 2016 22:32
posted on #2
User Avatar
Posts: 213
Joined: 07.03.14
I've tried escaping them ("Witch\'s Brew") and it still doesn't work. Would like Dick's input on this one.
Edited by DannyK on November 02 2016 02:42
posted on #3
User Avatar
Posts: 2224
Joined: 30.12.10
thats one of those bugs...
It shall be gone after the update, and might as well have a run thru the database and fix it on old titles as well.
It has to do with the apostrophe being a very commonly used thing in code language, mostly indicating things like "And here the text ends, and the code starts" -
as you may imagine, I need to prevent the server from believing the post-' text of your title was some kind of code to interpret, which is why apostrophes need to be replaced by something else, in this case by ' , which is another way of writing ' . However, if you edit these titles, the already converted character gets converted a second time, leading to the described issue. I'll fix it...
"Sorry - had to do it!" - Les Claypool

yes, you are looking at the administrators signature.
posted on #4
User Avatar Supporter
Posts: 69
Joined: 27.02.16
I see, I figured it was something like that, thanks Dick! :)
posted on #5
User Avatar Supporter
Posts: 364
Joined: 27.02.15
As Dick said, in code single and double quotes (depending on the language) denote strings of text to the source code. This is especially true of the SQL language which is used to interact with the majority of database engines. Failure to handle these quotes (called 'escaping' ) can result in making it remarkably easy for a hack known as 'SQL injection' allowing an attacker to effectively query the internals of your database from your website via any form which doesn't process quotes properly! You'll be surprised how many websites out there are still susceptible to this very well known attack vector, all due to poor or lazy programming practices.

The fact this bug appears, despite being a bit annoying, is to me a very good sign that Dick takes Wikiloops' security seriously!
Edited by mpointon on November 03 2016 12:35
wikiloops online jamsessions are brought to you with friendly support by:
6stringvin from Canada


Please note: As you are visiting wikiloops, any personal data that is being processed is treated in compliance to the European General Data Protection Regulation.
You may review our data privacy policy to learn how and why we are using Cookies and other techniques as we are providing our service to you.