Hi there,

I just found a bug in CGI.pm for version 2.1.2

It's this:

1. When we call for <%escape_url theurltoescape%> it turns a cgi url into something like this:

url=http%3A%2F%2Fmydomain.com%2Fcgi-bin%2Fsiteman%2Fpage.cgi%3Fd%3D1%3Bcollect%3D54%3BCollection_CatID%3D21

when I ask for the escaped url that was sent in from a previous page
it returns (two ?marks instead of just one, and the url becomes useless.)

Here's what the above line returns as:
http://mydomain.com/...;Collection_CatID=21

I fixed the problem by adding the following line to CGI.pm sub unescape { line 448
$str =~ s/\?+/\?/g;

That seems took have taken care of the problem.

Hope that's useful to someone else.

peace.

klangan

Actually that might help fix a problem I was having in the search_highlight global. Then again, maybe not ;)

It wasn't escaping properly, and was losing something in the toggling back and forth.


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.

Hi,

Hmm, are you sure there is not something else at work here? The line:

http%3A%2F%2Fmydomain.com%2Fcgi-bin%2Fsiteman%2Fpage.cgi%3Fd%3D1%3Bcollect%3D54%3BCollection_CatID%3D21

only has one question mark in it (a question mark is encoded as %3F). i.e.:

[alex@penguin library]$ perl -MGT::CGI -le 'print GT::CGI::unescape("http%3A%2F%2Fmydomain.com%2Fcgi-bin%2Fsiteman%2Fpage.cgi%3Fd%3D1%3Bcollect%3D54%3BCollection_CatID%3D21")'
http://mydomain.com/cgi-bin/siteman/page.cgi?d=1;collect=54;Collection_CatID=21
[alex@penguin library]$

I can't see where the second question mark is coming from in your example.

Cheers,

Alex
--
Gossamer Threads Inc.

Hi Alex,

Yeah, I think there's somethin happening during the clean_output when d=1.
When I try you're call from shell it comes out properly as well
But when I embed the variable into a url string it comes out with 2 ??'s

so going to this page: http://mydomain.com/page.cgi?p=test&d=1
and running this template code:
<a href="<%db_cgi_url%>/page.cgi?p=test&url=<%escape_url in_url%>">click here</a>
returns:
<a href="http://mydomain.com/cgi-bin/herbman/page.cgi?p=test&url=page.cgi?%3Fp%3Dtest%3Bd%3D1&d=1">here</a>

However ,
<%escape_url in_url%>
returns
page.cgi%3Fp%3Dtest%3Bd%3D1

Run the global and template below with the d=1 and without d. There is definitely a difference in the value that gets returned.
try this url: (d=1 there's parsing problems)
http://yourdomain.com/page.cgi?p=test&d=1

and this: (d= no parsing problems)
http://yourdomain.com/page.cgi?p=test

Here the's global for 'in_url'
sub {
return $IN->url;
}

Here's the template code for a file called 'test.html':
<html>
<head>
<body>
<a href="<%db_cgi_url%>/page.cgi?p=test&url=<%escape_url in_url%>">here</a>
<P>
in_url: <%in_url%><br>
url: <%if url%><%url%><%endif%><br>
escape_url: <%escape_url in_url%><br>
</body>
</html>


The code I posted in my first posting doesn't fix the escape_url, but I guess it automatically gets run when parsing, because the output gets fixed, but this is most likely the wrong location to fix this.