Broken Social Engine Comments

Posted by Jeremy on October 6, 2009

Tags: social engine, blog, comments

Recently, as we were wrapping up work on a Social Engine project (stay tuned for more info on that!), we noticed that people who put colorful text art (see below), were unintentionally (or maybe not) breaking the blog comments display.  Really, what it came down to was the over exuberant use of special characters in the word art, specifically single quotes and double quotes. Looking into this a bit further, we noticed if we escaped the incoming text using PHP's htmlspecialchars() function, we'd no longer have this problem. So, for all of you looking for the answer to this question, here you go!

Around line 530, update $comment_info to read (you'll notice the only difference is the htmlspecialchars() around $_POST['comment_body']):

  // POST COMMENT
 $comment_info = $comment->comment_post(htmlspecialchars($_POST['comment_body']), $_POST['comment_secure'], $object_title, $object_owner, $object_owner_id, $permission['object_privacy']);

Word art tank (because this is my blog and I live for examples):

         ___
      __(   )====::
     /~~~~~~~~~\
     \O.O.O.O.O/