Home » Forum » Feedback and Suggestions »
The Apostrophe Situation
GO!

The Apostrophe Situation

Back to forum
posted on #1
Ernie440 Supporter
Posts: 292
Joined: Feb 27, 2016
I've been wondering why this shows up for me and I've noticed this the whole time I've been here but haven't mentioned it until now.

I noticed it today on Cody Tripp's song .. the title:

I Will Never Drink Your Witch's Brew

Somehow the simple ' apostrophe gets replaced with all those other characters and numbers ... it should have been [i]Witch's[/i] not [i]Witch's
[/i]
I've been avoiding using the apostrophe in titles just because that happens.

Or perhaps no one else can see what I am seeing? Someone let me know!!
posted on #2
DannyK
Member
Posts: 213
Joined: Mar 7, 2014
I've tried escaping them ("Witch\'s Brew") and it still doesn't work. Would like Dick's input on this one.
posted on #3
Dick Supporter
Posts: 2735
Joined: Dec 30, 2010
thats one of those bugs...
It shall be gone after the update, and might as well have a run thru the database and fix it on old titles as well.
It has to do with the apostrophe being a very commonly used thing in code language, mostly indicating things like "And here the text ends, and the code starts" -
as you may imagine, I need to prevent the server from believing the post-' text of your title was some kind of code to interpret, which is why apostrophes need to be replaced by something else, in this case by ' , which is another way of writing ' . However, if you edit these titles, the already converted character gets converted a second time, leading to the described issue. I'll fix it...
posted on #4
Ernie440 Supporter
Posts: 292
Joined: Feb 27, 2016
I see, I figured it was something like that, thanks Dick! :)
posted on #5
mpointon Supporter
Posts: 504
Joined: Feb 27, 2015
As Dick said, in code single and double quotes (depending on the language) denote strings of text to the source code. This is especially true of the SQL language which is used to interact with the majority of database engines. Failure to handle these quotes (called 'escaping' ) can result in making it remarkably easy for a hack known as 'SQL injection' allowing an attacker to effectively query the internals of your database from your website via any form which doesn't process quotes properly! You'll be surprised how many websites out there are still susceptible to this very well known attack vector, all due to poor or lazy programming practices.

The fact this bug appears, despite being a bit annoying, is to me a very good sign that Dick takes Wikiloops' security seriously!
Back to forum Back to top
wikiloops online jamsessions are brought to you with friendly support by:
ivax from Spain

"I think that Wikiloops is the dream that every musician had ever... to share ideas and projects, even is a form of collective learning, fusion of styles, good atmosphere among friends, always with respect..."

wikiloops uses Cookies and processes data in compliance with the GDPR,
as stated in our data privacy policy.