Hi there,
there is a serious issue with the way AliDropShip and SocialRabbit handle single quotes in any of the text fields, see screenshots:
https://cl.ly/1P1v023C2v1Z
https://cl.ly/2E0o1D2t1p2j
The site is hosted on AliDropShip servers.
The slashes before the single quotes (') are not added by me, but by the plugins. I checked phpinfo() and it seems magic_quotes are not enabled (which is good, you should never enable magic quotes). I suspect that the field values are passed through addslashes() or similar either before saving to the database or before displaying them. However, this is not a solution to prevent SQL or XSS attacks, as it makes impossible to use single quotes in normal text.
Please fix this and use sanitize_text_field() or similar instead. It's really-really annoying. And please do not tell me to use backticks (`) instead of single quotes (') - this is not a solution, but a workaround to a problem that should not exist in the first place.
there is a serious issue with the way AliDropShip and SocialRabbit handle single quotes in any of the text fields, see screenshots:
https://cl.ly/1P1v023C2v1Z
https://cl.ly/2E0o1D2t1p2j
The site is hosted on AliDropShip servers.
The slashes before the single quotes (') are not added by me, but by the plugins. I checked phpinfo() and it seems magic_quotes are not enabled (which is good, you should never enable magic quotes). I suspect that the field values are passed through addslashes() or similar either before saving to the database or before displaying them. However, this is not a solution to prevent SQL or XSS attacks, as it makes impossible to use single quotes in normal text.
Please fix this and use sanitize_text_field() or similar instead. It's really-really annoying. And please do not tell me to use backticks (`) instead of single quotes (') - this is not a solution, but a workaround to a problem that should not exist in the first place.
