500 Internal Server Error when creating new pull request

[fatjola]

• Log gist:

2019/12/03 19:03:30 .../xorm/session_raw.go:178:exec() [I] [SQL] INSERT INTO `issue` (`repo_id`,`poster_id`,`original_author`,`original_author_id`,`name`,`content`,`milestone_id`,`priority`,`is_closed`,`is_pull`,`num_comments`,`ref`,`deadline_unix`,`created_unix`,`updated_unix`,`closed_unix`,`is_locked`,`index`) SELECT 168,1,'',0,'fix: hide 'dati di pagamento' from user profile','',0,0,false,true,0,'',0,1575399810,1575399810,0,false,coalesce(MAX(`index`),0)+1 FROM `issue` WHERE (repo_id=?) []interface {}{168} - took: 199.058µs
2019/12/03 19:03:30 routers/repo/pull.go:797:CompareAndPullRequestPost() [E] NewPullRequest: newIssue: Error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'di pagamento' from user profile','',0,0,false,true,0,'',0,1575399810,1575399810,' at line 1

Description

Not escaping single quotes in Pull Request Title

Screenshots

[jolheiser]

What version of Gitea are you using? Gives me a 500 page and I don't even look at it. Nevermind me.
This is not reproducible on try, and iirc this was introduced and fixed between releases.
It would be a XORM bug that has since been patched. (assuming this is the same issue I remember)

[fatjola]

What version of Gitea are you using? Gives me a 500 page and I don't even look at it. Nevermind me.
This is not reproducible on try, and iirc this was introduced and fixed between releases.
It would be a XORM bug that has since been patched. (assuming this is the same issue I remember)

Gitea Version
1.10.0+dev-325-gb19db40ea built with GNU Make 4.2.1, go1.13 : bindata, sqlite, sqlite_unlock_notify

[jolheiser]

This was fixed by #8286