gilbertz

This kind of thing should be configurable instead of adding lines to code by default for software that many people don’t use. Just makes things more confusing.

Ditto.

Thanks. If you’d like I can submit tickets instead of messages in the support forum. Do I need to do anything special to get permission?

You aren’t adding slashes to $wp_content. In functions-post.php, go to line 48 and add:
$post_content=addslashes($post_content);
to fix this problem.

This is a security issue in my opinion. It’s bad all around. The wp-mail.php is open to the world and database errors are visible as well. A malicious user can not only send bad data to a query, but even view the query before you ever do. This needs to be patched.

I just tested with wp-mail.php as well and the unescaped apostrophes occur there too. Any ideas?

I added the wpmail addon to wp-cron and that seemed to solve the problem, but it turns out they are not escaping apostrophes and I’m getting database errors. Not sure if they’re using a wordpress function and the bug is with wordpress or if the bug is with their own function.

Anyone else solve this problem?