Bug 53530

Summary: [PATCH] query-pr.cgi doesn't work with urls enclosed in "<>" or containing a "&".
Product: Documentation Reporter: Oliver Eikemeier <eikemeier>
Component: Books & ArticlesAssignee: Ceri Davies <ceri>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
query-pr.cgi.patch none

Description Oliver Eikemeier 2003-06-20 04:40:11 UTC 
query-pr.cgi does not work with links that are enclosed in "<" and ">"
(which is fairly common) and links that contain an ampersand ("&").

Fix: HTML quoting has to be different in HTML text and links. The following patch
replaces fixline with code that splits a line in alternating non-url and url
parts and treats them differently.

The patch tries to mimic the pre-perl5.005 approach of query-pr.cgi, which is
probably not a good idea. query-pr.cgi should be rewritten, but I do not have
the right testing infrastructure. So be it:
How-To-Repeat: 
See for example PR www/48575 or numerous others, like:
 <http://www.freebsd.org/cgi/query-pr.cgi?pr=www/48575>

fixline in query-pr.cgi is broken, try the following excerpt:

#!/usr/bin/perl

sub srcref {
    return shift;
}

sub fixline {
    local($line) = shift;

    $line =~ s/&/&amp;/g;
    $line =~ s/</&lt;/g;
    $line =~ s/>/&gt;/g;
    $line =~ s%((https?|ftp)://[^\s"\)\>,;]+)%<A HREF="$1">$1</A>%gi;
    $line =~ s%(\WPR[:s# \t]+)([a-z3486]+\/)?([0-9]+)%$1<A HREF="query-pr.cgi?pr=$3">$2$3</A>%ig;

    return &srcref($line);
}

sub newfixline {
    local(@splitline) = split(/((?:https?|ftp):\/\/[^\s"\(\)<>,;]+)/, shift);

    local($isurl) = 0;
    foreach (@splitline) {
        if ($isurl) {
            local($href) = local($html) = $_;
            $href =~ s/&/%26/g;
            $html =~ s/&/&amp;/g;
            $_ = "<A HREF=\"$href\">$html</A>";
        } else {
            s/&/&amp;/g;
            s/</&lt;/g;
            s/>/&gt;/g;
            s%(\WPR[:s# \t]+)([a-z3486]+\/)?([0-9]+)%$1<A HREF="query-pr.cgi?pr=$3">$2$3</A>%ig;
        }
        $isurl = ! $isurl;
    }

    return &srcref(join('', @splitline));
}

@urls = (
    '<http://www.freebsd.org/>',
    'http://www.freebsd.org/cgi/query-pr-summary.cgi?multitext=query-pr&sort=lastmod'
);

foreach(@urls) {
    print "Original: ", $_, "\n";
    print "Old: ", fixline ($_), "\n";
    print "New: ", newfixline ($_), "\n";
    print "\n";
}

Its output:

Original: <http://www.freebsd.org/>
Old: &lt;<A HREF="http://www.freebsd.org/&gt">http://www.freebsd.org/&gt</A>;
New: &lt;<A HREF="http://www.freebsd.org/">http://www.freebsd.org/</A>&gt;

Original: http://www.freebsd.org/cgi/query-pr-summary.cgi?multitext=query-pr&so\rt=lastmod
Old: <A HREF="http://www.freebsd.org/cgi/query-pr-summary.cgi?multitext=query-pr&amp">http://www.freebsd.org/cgi/query-pr-summary.cgi?multitext=query-pr&amp</A>;so\rt=lastmod
New: <A HREF="http://www.freebsd.org/cgi/query-pr-summary.cgi?multitext=query-pr%26so\rt=lastmod">http://www.freebsd.org/cgi/query-pr-summary.cgi?multitext=query-pr&amp;so\rt=lastmod</A>
Comment 1 Ceri Davies freebsd_committer freebsd_triage 2003-06-20 10:05:02 UTC 
Responsible Changed
From-To: freebsd-www->ceri

I'm working on something  very similar from www/51607.
Comment 2 Ceri Davies freebsd_committer freebsd_triage 2003-11-12 20:59:13 UTC 
State Changed
From-To: open->closed

Committed in r1.36 of www/en/cgi/query-pr.cgi; thanks!