Home »Forum»Feedback and Suggestions»The Apostrophe Situation
GO!

The Apostrophe Situation

Back to forum
posted on #1
User Avatar Supporter
Posts: 169
Joined: 27.02.16
I've been wondering why this shows up for me and I've noticed this the whole time I've been here but haven't mentioned it until now.

I noticed it today on Cody Tripp's song .. the title:

I Will Never Drink Your Witch's Brew

Somehow the simple ' apostrophe gets replaced with all those other characters and numbers ... it should have been Witch's not Witch's

I've been avoiding using the apostrophe in titles just because that happens.

Or perhaps no one else can see what I am seeing? Someone let me know!!
Edited by Ernie440 on November 01 2016 22:32
posted on #2
User Avatar
Moderator
Posts: 213
Joined: 07.03.14
I've tried escaping them ("Witch\'s Brew") and it still doesn't work. Would like Dick's input on this one.
Edited by DannyK on November 02 2016 02:42
posted on #3
User Avatar
Founder
Posts: 2552
Joined: 30.12.10
thats one of those bugs...
It shall be gone after the update, and might as well have a run thru the database and fix it on old titles as well.
It has to do with the apostrophe being a very commonly used thing in code language, mostly indicating things like "And here the text ends, and the code starts" -
as you may imagine, I need to prevent the server from believing the post-' text of your title was some kind of code to interpret, which is why apostrophes need to be replaced by something else, in this case by ' , which is another way of writing ' . However, if you edit these titles, the already converted character gets converted a second time, leading to the described issue. I'll fix it...
posted on #4
User Avatar Supporter
Posts: 169
Joined: 27.02.16
I see, I figured it was something like that, thanks Dick! :)
posted on #5
User Avatar Supporter
Posts: 468
Joined: 27.02.15
As Dick said, in code single and double quotes (depending on the language) denote strings of text to the source code. This is especially true of the SQL language which is used to interact with the majority of database engines. Failure to handle these quotes (called 'escaping' ) can result in making it remarkably easy for a hack known as 'SQL injection' allowing an attacker to effectively query the internals of your database from your website via any form which doesn't process quotes properly! You'll be surprised how many websites out there are still susceptible to this very well known attack vector, all due to poor or lazy programming practices.

The fact this bug appears, despite being a bit annoying, is to me a very good sign that Dick takes Wikiloops' security seriously!
Edited by mpointon on November 03 2016 12:35
Back to forum Back to top
wikiloops online jamsessions are brought to you with friendly support by:
TomasFoe from Slovakia

"Thanks to this bunch of musicians I have became an active trumpetist again! With an international auditorium. Support the best website for musicians!"

wikiloops uses Cookies and processes data in compliance with the GDPR,
as stated in our data privacy policy ..