Odd character "/" gets inserted when sender name has an apostrophe

deliciousbrains / wp-offload-ses-lite

WP Offload SES Lite sends all outgoing WordPress emails through Amazon Simple Email Service (SES) instead of the local wp_mail() function.

https://wordpress.org/plugins/wp-ses/

13 stars 11 forks source link

Odd character "/" gets inserted when sender name has an apostrophe #21

Open timplaysguitar opened 3 years ago

timplaysguitar commented 3 years ago

Setting the sender name (the one that overrides "Wordpress" as the sender, if I include an apostrophe in there, eg I set that name to "Jim O'Connell" when I hit save this becomes "Jim O\'Connell" and the random "\" appears in the sender name.

Varbaek commented 3 years ago

I think this is actually the \ backslash character you are referring to, which will be inserted on strings that contain the apos / single quote for example to avoid syntax issues. To avoid this, the code should be using prepared statements instead of mysql_real_escape_string or addslashes. https://www.php.net/manual/en/function.mysql-real-escape-string.php https://www.php.net/manual/en/function.addslashes.php