I recently 'discovered' a 'bug'. I am able to create an admin username with a ' in it. Then when I try to login it gives me an error. The error is because it is escaped, when inserted into the database.

For example:

Username: Site's Owner

Turns into: Site\'s Owner

When inserted into the database.

When I goto login into the board, whether it be the forum or admin, I put..
Site's Owner and it does NOT work. On the contrary, IF I put:
Site\'s Owner, it works.

I am not sure if this is a valid bug, or if it has been discovered. I just thought that I would post it.

I forgot to mention, this is for a fresh install. I am not sure about other accounts.

I just tried to duplicate this problem on my unhacked 2.2.9 test forum and couldn't. The login worked just fine.

What versions of PHP and MySQL are you running?

Perhaps magic_quotes_gpc is turned on in your PHP configuration?

Originally posted by Chen
Perhaps magic_quotes_gpc is turned on in your PHP configuration?

They were :)

Then this is indeed a bug. :)

Let me make sure I'm not confusing you guys.

The magic_quotes_gpc was turned on, I turned them off now. Should I turn them back on? or leave them off?

It doesn't matter once vBulletin is already installed, but if it was turned on while installing the board the problem you described can appear.

Originally posted by Chen
It doesn't matter once vBulletin is already installed, but if it was turned on while installing the board the problem you described can appear.

So is it a bug or no?

was this account created during install or was it created via the admin control panel at a later date?

Originally posted by Chen
Then this is indeed a bug. :)
Yes, by what Chen said it is.

Originally posted by Scott MacVicar
was this account created during install or was it created via the admin control panel at a later date?

During the install.

I made a mistake in the title of the thread. It is for version 2.2.9 :x

Originally posted by Scott MacVicar
was this account created during install or was it created via the admin control panel at a later date? Scott, apparently only the board's name and URL have their slashes stripped in case magic_quotes_gpc is enabled during installation.

Originally posted by Chen
Scott, apparently only the board's name and URL have their slashes stripped in case magic_quotes_gpc is enabled during installation.

Err, it was the board's name. :x

It was the board's ADMINISTRATOR's username

The board's name is handled correctly, the administrator's username and password are not.

ok fixed in cvs so the installf or any further users will be fine, to fix your problem just edit the admin username in the admin panel.

Originally posted by Scott MacVicar
ok fixed in cvs so the installf or any further users will be fine, to fix your problem just edit the admin username in the admin panel.

Fixed in CVS heh what exactly is that?

The CVS is a place where developers can change the vBulletin code and then get it ready for the next version.

In other words, you will see the changes in the next version :)