One of the posters on my forum let me know one of his posts was throwing a 500 when he tried to submit. I had him email me what he was trying to submit and narrowed it down to a line of text that started with a ', had three dashes ---, and ended with a '. So basically this:
Posting that to the forum will throw a 500.
I tried it on this forum and a test forum I have on a different host and it doesn't happen.
Any ideas what might be causing it? I'm not sure if it's a bad interaction with the php code, something to do with SQL (I know '-- is sql code, but not why a third dash could potentially matter), or something specific to the server that's hosting it.
The 500 error is the phpbb specific one and not something from the server.
I'm mostly worried this might be something someone could use to exploit the site.