Supressed player

This is the best news I’ve heard all day. You mean to tell me I can finally email Josh to change my last name and he won’t tell me no??

5 Likes

Sorry dude, not yet it seems :slight_smile:

@Shep?

I’ll take “Incorrect HTML Escaping” for $200, Alex!

“100% probability this person is male” shows when the box is checked… I want to see the code that runs if the box is unchecked…

Yeah, I just never promoted the the changes. Whoops. Brian’s back to O’Neill. He’ll be the test case.

1 Like

The message doesn’t have anything to do with the setting. We pass first name to genderize.io to get a general score, just to catch possible mismatches.

https://api.genderize.io/?name=Larry

Nah, this is for SQL injection protection, not HTML escaping. Leftover trouble from the times of PHP’s magic quotes.

1 Like

Little Bobby tables we call him.

5 Likes

I would have thought that should be taken care of on the backend with bindvars, but I admit I don’t know the architecture here. Seems strange that the frontend would show escapes. In my experience, Wordpess modules aren’t always the best.

Odds are addslashes() (see also magic quotes as Andreas mentioned) is getting called on the form input before any sanitizing the db driver might be doing. I’d wager the db holds the fully escaped string.

Yay! Thanks!

So if taking option two, a player-opt-out, how do you expect the results to be handled? Remove that player and bump everyone else up a position? How about where the opt-out player makes a difference in TGP? For example, three strike tournament and he is the 24th player. Results only show 23 players, so that calcs to 80% instead of 88%.

Yes

You would use 80%. TGP would be based on the player count submitted into us.