27.14. How to deal with quotes in the site's name

What if O'Reilly decided to use PHP-Nuke for an "O'Reilly website"? He might find out the single quote in his name made it impossible to save the site's name in the Preferences of the administration panel (see Section 7.2). Inline graphic

Single quotes ('), double quotes (") and backslashes (\) need to be quoted in strings that will be entered in a database. This is done by the PHP addslashes function. Conversely, the PHP stripslashes function returns a string with backslashes stripped off (\' becomes ' and so on). To enable the use of single quotes in the site's name, do the following:

Add the line

$sitename = stripslashes($sitename);

in mainfile.php, after the line that computes $sitename. According to your PHP-Nuke version, this line may be

$sitename = $row[sitename];

(for version 6.8) or

list($sitename, $nukeurl, $site_logo, $slogan, $startdate, $adminmail, $anonpost, $Default_Theme, $foot1, $foot2, $foot3, $commentlimit, $anonymous, $minpass, 
$pollcomm, $articlecomm, $broadcast_msg, $my_headlines, $top, $storyhome, 
$user_news, $oldnum, $ultramode, $banners, $backend_title, $backend_language, 
$language, $locale, $multilingual, $useflags, $notify, $notify_email, 
$notify_subject, $notify_message, $notify_from, $footermsgtxt, $email_send, 
$attachmentdir, $attachments, $attachments_view, $download_dir, $defaultpopserver,
$singleaccount, $singleaccountname, $numaccounts, $imgpath, $filter_forward, 
$moderate, $admingraphic, $httpref, $httprefmax, $CensorMode, $CensorReplace, 
$copyright, $Version_Num) = sql_fetch_row($result, $dbi);

(for earlier 6.x versions). Repeat this for the file admin/modules/settings.php. While you are in this file, search for the line

.""._SITENAME.":</td><td><input type='text' name='xsitename' 
value='$sitename' size='40' maxlength='255'>"

and change it to

.""._SITENAME.":</td><td><input type=\"text\" name=\"xsitename\" 
value=\"$sitename\" size=\"40\" maxlength=\"255\">"

(we basically replace single quotes with escaped double ones in the above line, so that the single quote(s) in $sitename don't mess up the code). Finally , while still in admin/modules/settings.php, find the line

global $prefix, $dbi;

in function ConfigSave and add the following line after it:

$xsitename = addslashes($xsitename);

Help us make a better PHP-Nuke HOWTO!

Want to contribute to this HOWTO? Have a suggestion or a solution to a problem that was not treated here? Post your comments on my PHP-Nuke Forum!

Chris Karakas, Maintainer PHP-Nuke HOWTO