Home »Forum»Feedback and Suggestions»The Apostrophe Situation

The Apostrophe Situation

posted on #1
User Avatar Supporter
Posts: 159
Joined: 27.02.16
I've been wondering why this shows up for me and I've noticed this the whole time I've been here but haven't mentioned it until now.

I noticed it today on Cody Tripp's song .. the title:

I Will Never Drink Your Witch's Brew

Somehow the simple ' apostrophe gets replaced with all those other characters and numbers ... it should have been Witch's not Witch's

I've been avoiding using the apostrophe in titles just because that happens.

Or perhaps no one else can see what I am seeing? Someone let me know!!
Edited by Ernie440 on November 01 2016 22:32
posted on #2
User Avatar
Moderator
Posts: 213
Joined: 07.03.14
I've tried escaping them ("Witch\'s Brew") and it still doesn't work. Would like Dick's input on this one.
Edited by DannyK on November 02 2016 02:42
posted on #3
User Avatar
Founder
Posts: 2528
Joined: 30.12.10
thats one of those bugs...
It shall be gone after the update, and might as well have a run thru the database and fix it on old titles as well.
It has to do with the apostrophe being a very commonly used thing in code language, mostly indicating things like "And here the text ends, and the code starts" -
as you may imagine, I need to prevent the server from believing the post-' text of your title was some kind of code to interpret, which is why apostrophes need to be replaced by something else, in this case by ' , which is another way of writing ' . However, if you edit these titles, the already converted character gets converted a second time, leading to the described issue. I'll fix it...
posted on #4
User Avatar Supporter
Posts: 159
Joined: 27.02.16
I see, I figured it was something like that, thanks Dick! :)
posted on #5
User Avatar Supporter
Posts: 464
Joined: 27.02.15
As Dick said, in code single and double quotes (depending on the language) denote strings of text to the source code. This is especially true of the SQL language which is used to interact with the majority of database engines. Failure to handle these quotes (called 'escaping' ) can result in making it remarkably easy for a hack known as 'SQL injection' allowing an attacker to effectively query the internals of your database from your website via any form which doesn't process quotes properly! You'll be surprised how many websites out there are still susceptible to this very well known attack vector, all due to poor or lazy programming practices.

The fact this bug appears, despite being a bit annoying, is to me a very good sign that Dick takes Wikiloops' security seriously!
Edited by mpointon on November 03 2016 12:35
wikiloops online jamsessions are brought to you with friendly support by:
allfeel from United States

"Just a Basement hobbyist but the hours of entertainment wikiloops has brought me and my guitar rig are worth so much more than my (father of 2 little ones) butt can give! Thanks Wikiloops keep up the great work (all of you musicians as well!)."

wikiloops uses Cookies and processes data in compliance with the GDPR,
as stated in our data privacy policy ..