Gossamer Forum
Home : Products : Gossamer Links : Discussions :

escape_url bug in 2.1.2

Quote Reply
escape_url bug in 2.1.2
Hi there,

I just found a bug in CGI.pm for version 2.1.2

It's this:

1. When we call for <%escape_url theurltoescape%> it turns a cgi url into something like this:


when I ask for the escaped url that was sent in from a previous page
it returns (two ?marks instead of just one, and the url becomes useless.)

Here's what the above line returns as:

I fixed the problem by adding the following line to CGI.pm sub unescape { line 448
$str =~ s/\?+/\?/g;

That seems took have taken care of the problem.

Hope that's useful to someone else.



Last edited by:

klangan: Apr 21, 2003, 2:13 PM
Quote Reply
Re: [klangan] escape_url bug in 2.1.2 In reply to
Actually that might help fix a problem I was having in the search_highlight global. Then again, maybe not ;)

It wasn't escaping properly, and was losing something in the toggling back and forth.

PUGDOG´┐Ż Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.
Quote Reply
Re: [klangan] escape_url bug in 2.1.2 In reply to

Hmm, are you sure there is not something else at work here? The line:


only has one question mark in it (a question mark is encoded as %3F). i.e.:

[alex@penguin library]$ perl -MGT::CGI -le 'print GT::CGI::unescape("http%3A%2F%2Fmydomain.com%2Fcgi-bin%2Fsiteman%2Fpage.cgi%3Fd%3D1%3Bcollect%3D54%3BCollection_CatID%3D21")'
[alex@penguin library]$

I can't see where the second question mark is coming from in your example.


Gossamer Threads Inc.
Quote Reply
Re: [Alex] escape_url bug in 2.1.2 In reply to
Hi Alex,

Yeah, I think there's somethin happening during the clean_output when d=1.
When I try you're call from shell it comes out properly as well
But when I embed the variable into a url string it comes out with 2 ??'s

so going to this page: http://mydomain.com/page.cgi?p=test&d=1
and running this template code:
<a href="<%db_cgi_url%>/page.cgi?p=test&url=<%escape_url in_url%>">click here</a>
<a href="http://mydomain.com/cgi-bin/herbman/page.cgi?p=test&url=page.cgi?%3Fp%3Dtest%3Bd%3D1&d=1">here</a>

However ,
<%escape_url in_url%>

Run the global and template below with the d=1 and without d. There is definitely a difference in the value that gets returned.
try this url: (d=1 there's parsing problems)

and this: (d= no parsing problems)

Here the's global for 'in_url'
sub {
return $IN->url;

Here's the template code for a file called 'test.html':
<a href="<%db_cgi_url%>/page.cgi?p=test&url=<%escape_url in_url%>">here</a>
in_url: <%in_url%><br>
url: <%if url%><%url%><%endif%><br>
escape_url: <%escape_url in_url%><br>

The code I posted in my first posting doesn't fix the escape_url, but I guess it automatically gets run when parsing, because the output gets fixed, but this is most likely the wrong location to fix this.

Last edited by:

klangan: Apr 24, 2003, 11:37 AM