Re: SECURITY WARNING: stop using Private Messaging plugin
It’s possible because I was testing it on 1.0 that 1.0 automatically escapes the mysql values passed and that 0.9 does not. I can’t remember.
Try adding this before the $bbdb->query
$pmtitle=mysql_real_escape_string($pmtitle);
$message=mysql_real_escape_string($message);
and see if it helps or if it just add slashes to your text instead and breaks it.
It may also be a quote problem but I thought the bbpress pre/post text filters should encode quote or any other problematic characters.