Tags in group name makes group inaccessible

[Ezd]

There's a problem if you use "?" in your groupname.

The group will not be accessible and the url will look something like this:

​http://domain.com/groups//

Confirmed this on a clean install of 1.2 final.

[Ezd]

Update:

The same problem happens with other tags as well. Just tested using:

• ++

Note: There might be alot more tags that makes the group inaccessible!

[Ezd]

and "" tags.

[Ezd]

Look at the url vs. group name of this group too: ​http://testbp.org/groups/любители-летать/

[cnorris23]

Related: #1974

[DJPaul]

Please can we see if this can be checked for 1.2.4?

[johnjamesjacoby]

The function is:

bp_get_group_name

Which is filtered by:

wptexturize, convert_chars, wp_filter_kses, stripslashes

I've tested this on WordPress trunk and it seems to work fine. Maybe there were changes to one of the filter functions that was causing the problem?

[johnjamesjacoby]

bp_get_group_description and bp_get_group_description_excerpt suffer the same fate, and also seem to work fine on WP trunk.

Windows 7 IIS7, if that matters.

[johnjamesjacoby]

Does anyone know what the accepted standard is for mixed language URL's? Does it even matter?

As a test I made a blog post named "любители-летать" and WordPress handled it without a hiccup; the URL and titles and everything.

[sushkov]

No I don't think it matters since there are Cyrillic/East European characters in some domain names.

I created a group with the name "любители летать" in buddypress and there was no problem with that. The problem was when creating groups with <oOoOoOoOoO(°_°), and I think the best here would be to sanitize on creation of groups names that contain special characters like <. Creating a group with oooooooooo(°_°) results into this slug:
​http://localhost/groups/oooooooooo°_°/
(no parenthesis). Same should be done with <,>.

[apeatling]

The group slug is passed through sanitize_title().

[sushkov]

Not sure if it's allowed to use PHP5 functions, but sanitizing $_POST['group-name'] before applying sanitize_title() does the trick.

[cnorris23]

As apeatling stated, the slug is passed through sanitize_title(). The problem with "<oOoOoOoOoO(°_°)", and Edz's original example of "?", is a reflection of the limitations of sanitize_title() (more specifically PHP's strip_tags()). It's liberally designed to strip HTML and PHP tags, which is why "?" is stripped out. In the case of "<oOoOoOoOoO(°_°)", the issue is that there's no closing bracket. If you changed "<oOoOoOoOoO(°_°)" to "<o>OoOoOoOoO(°_°)", "o" within the brackets, and the brackets themselves, would be removed, but the rest would remain. WP utilizes the $fallback_title parameter of sanitize_title() to account for this scenario. WP uses the post_id as the fallback title, and BP could, respectively, use group_id.

[sushkov]

Yes I agree, and using same approach as wp handles it is a solution, but using the id as a slug won't confuse if somebody want's to create a group with the same title as existent ID, though I know BP handles duplicate slugs by adding random numbers to it?

[sushkov]

previous was using php5 function

[apeatling]

(In [3012]) Fixes #2009 props sushkov