www/53530: [PATCH] query-pr.cgi doesn't work with urls enclosed in
"<>" or containing a "&".
Oliver Eikemeier
eikemeier at fillmore-labs.com
Thu Jun 19 20:40:15 PDT 2003
>Number: 53530
>Category: www
>Synopsis: [PATCH] query-pr.cgi doesn't work with urls enclosed in "<>" or containing a "&".
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-www
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jun 19 20:40:11 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Oliver Eikemeier
>Release: FreeBSD 4.8-STABLE i386
>Organization:
Fillmore Labs - http://www.fillmore-labs.com
>Environment:
System: FreeBSD nuuk.fillmore-labs.com 4.8-STABLE
>Description:
query-pr.cgi does not work with links that are enclosed in "<" and ">"
(which is fairly common) and links that contain an ampersand ("&").
>How-To-Repeat:
See for example PR www/48575 or numerous others, like:
<http://www.freebsd.org/cgi/query-pr.cgi?pr=www/48575>
fixline in query-pr.cgi is broken, try the following excerpt:
#!/usr/bin/perl
sub srcref {
return shift;
}
sub fixline {
local($line) = shift;
$line =~ s/&/&/g;
$line =~ s/</</g;
$line =~ s/>/>/g;
$line =~ s%((https?|ftp)://[^\s"\)\>,;]+)%<A HREF="$1">$1</A>%gi;
$line =~ s%(\WPR[:s# \t]+)([a-z3486]+\/)?([0-9]+)%$1<A HREF="query-pr.cgi?pr=$3">$2$3</A>%ig;
return &srcref($line);
}
sub newfixline {
local(@splitline) = split(/((?:https?|ftp):\/\/[^\s"\(\)<>,;]+)/, shift);
local($isurl) = 0;
foreach (@splitline) {
if ($isurl) {
local($href) = local($html) = $_;
$href =~ s/&/%26/g;
$html =~ s/&/&/g;
$_ = "<A HREF=\"$href\">$html</A>";
} else {
s/&/&/g;
s/</</g;
s/>/>/g;
s%(\WPR[:s# \t]+)([a-z3486]+\/)?([0-9]+)%$1<A HREF="query-pr.cgi?pr=$3">$2$3</A>%ig;
}
$isurl = ! $isurl;
}
return &srcref(join('', @splitline));
}
@urls = (
'<http://www.freebsd.org/>',
'http://www.freebsd.org/cgi/query-pr-summary.cgi?multitext=query-pr&sort=lastmod'
);
foreach(@urls) {
print "Original: ", $_, "\n";
print "Old: ", fixline ($_), "\n";
print "New: ", newfixline ($_), "\n";
print "\n";
}
Its output:
Original: <http://www.freebsd.org/>
Old: <<A HREF="http://www.freebsd.org/>">http://www.freebsd.org/></A>;
New: <<A HREF="http://www.freebsd.org/">http://www.freebsd.org/</A>>
Original: http://www.freebsd.org/cgi/query-pr-summary.cgi?multitext=query-pr&so\rt=lastmod
Old: <A HREF="http://www.freebsd.org/cgi/query-pr-summary.cgi?multitext=query-pr&">http://www.freebsd.org/cgi/query-pr-summary.cgi?multitext=query-pr&</A>;so\rt=lastmod
New: <A HREF="http://www.freebsd.org/cgi/query-pr-summary.cgi?multitext=query-pr%26so\rt=lastmod">http://www.freebsd.org/cgi/query-pr-summary.cgi?multitext=query-pr&so\rt=lastmod</A>
>Fix:
HTML quoting has to be different in HTML text and links. The following patch
replaces fixline with code that splits a line in alternating non-url and url
parts and treats them differently.
The patch tries to mimic the pre-perl5.005 approach of query-pr.cgi, which is
probably not a good idea. query-pr.cgi should be rewritten, but I do not have
the right testing infrastructure. So be it:
--- query-pr.cgi.patch begins here ---
--- query-pr.cgi.orig Mon Jun 9 16:58:00 2003
+++ query-pr.cgi Fri Jun 20 04:52:47 2003
@@ -219,13 +219,23 @@
}
sub fixline {
- local($line) = shift;
-
- $line =~ s/&/&/g;
- $line =~ s/</</g;
- $line =~ s/>/>/g;
- $line =~ s%((http|ftp)://[^\s"\)\>,;]+)%<A HREF="$1">$1</A>%gi;
- $line =~ s%(\WPR[:s# \t]+)([a-z3486]+\/)?([0-9]+)%$1<A HREF="query-pr.cgi?pr=$3">$2$3</A>%ig;
-
- return &srcref($line);
+ local(@splitline) = split(/((?:https?|ftp):\/\/[^\s"\(\)<>,;]+)/, shift);
+
+ local($isurl) = 0;
+ foreach (@splitline) {
+ if ($isurl) {
+ local($href) = local($html) = $_;
+ $href =~ s/&/%26/g;
+ $html =~ s/&/&/g;
+ $_ = "<A HREF=\"$href\">$html</A>";
+ } else {
+ s/&/&/g;
+ s/</</g;
+ s/>/>/g;
+ s%(\WPR[:s# \t]+)([a-z3486]+\/)?([0-9]+)%$1<A HREF="query-pr.cgi?pr=$3">$2$3</A>%ig;
+ }
+ $isurl = ! $isurl;
+ }
+
+ return &srcref(join('', @splitline));
}
--- query-pr.cgi.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-www
mailing list