Categories

Bug: setAsWho fails when surname contains a single quote

+4 votes
111 views
How to reproduce:

1. Go to any profile. Click any of "add parent/spouse/child"

2. Input "First Name at Birth" = Jacques Bonaventure

3. Input "Last Name at Birth" = L'Italien

4. Enter "Birth Date" = 1718-11-17

The system will suggest a profile (L'Italien-3) but the link [set as father] will not work.

The HTML generated:

<span class="pseudolink" onclick="setAsWho(&quot;L" italien-3");'="">set as father]</span>
WikiTree profile: Jacques Bonaventure L'Étoile dit L'Italien
in WikiTree Tech by PB Côté G2G4 (4.5k points)
retagged by Jamie Nelson
That looks like the classic SQL gotcha with unescaped single quotes, and I'm amazed that the WikiTree software doesn't catch it. It's a potential security bug.
by Leif Biberg Kristensen G2G6 Pilot (207k points)
edited by Leif Biberg Kristensen

1 Answer

+2 votes
Thanks for reporting this, PB.
by Jamie Nelson G2G6 Pilot (624k points)

Related questions

+2 votes
2 answers
109 views
Bug report - removing Unlisted child fails but no error message appears
asked May 10, 2021 in WikiTree Tech by Matt McNabb G2G6 Mach 3 (36.9k points)
+12 votes
1 answer
259 views
Bug: G2G profile can't be accessed. User name contains an apostrophe.
asked Jun 27, 2017 in WikiTree Tech by Ellen Smith G2G Astronaut (1.5m points)
+11 votes
2 answers
426 views
The watchlist search box fails in 1 case
asked Feb 21, 2022 in WikiTree Tech by Rob Wilson G2G6 Mach 2 (22.7k points)
+12 votes
1 answer
211 views
Possible new bug in variant surname searching
asked Jan 30 in WikiTree Tech by Jim Richardson G2G Astronaut (1.0m points)
+1 vote
4 answers
200 views
OK to put a single quote after a final vowel to indicate an accented vowel? E.g. Nicolo'
asked Mar 16, 2020 in Policy and Style by Jaci Coleman G2G6 Mach 1 (10.7k points)
+3 votes
2 answers
75 views
merge bug, sister has extra profile when on brother's page
asked Mar 16 in WikiTree Tech by LaMyra Morton G2G6 Mach 4 (43.4k points)
+6 votes
1 answer
199 views
Bug: Part of name being replaced when displayed
asked Jul 21, 2023 in WikiTree Tech by Jason Rennie G2G6 Mach 1 (11.5k points)
+2 votes
2 answers
114 views
The email to report a bug?
asked Mar 11 in Policy and Style by Mari-Lyn Harris G2G6 Mach 2 (27.0k points)
+6 votes
1 answer
125 views
Bug: Email address validation
asked Feb 11 in WikiTree Tech by Vojta Miklín G2G Crew (810 points)
+10 votes
2 answers
187 views
BUG: If an @ is in GEDCOM during import
asked Dec 15, 2023 in WikiTree Tech by Kent Smith G2G6 Mach 1 (13.9k points)
Powered by Question2Answer

WikiTree  ~  About  ~  Help Help  ~  Search Person Search  ~  Surname:

disclaimer - terms - copyright

...