Input box does not generate correct URL containing ampersand
Closed, ResolvedPublic

Description

Author: RLUllmann

Description:
If the page title contains an ampersand, Inputbox generates the edit url with %26amp%3B instead of just %26, usually resulting in a server error; but has been reported as generating the page title truncated at the ampersand.

E.g. on en.wikt, enter foo&bar and "Go", then pick the "Noun" button; generated URL contains &title=foo%26amp%3Bbar :

go to http://en.wiktionary.org/w/index.php?title=Special:Search&search=foo%26bar
press "Noun"

I have not tested other things that might be escaped in a URL or other cases, code needs looking at.


Version: unspecified
Severity: normal

bzimport added a subscriber: wikibugs-l.
bzimport set Reference to bz15564.
bzimport created this task.Via LegacySep 11 2008, 3:43 PM
Umherirrender added a comment.Via ConduitMar 20 2009, 5:50 PM

should works with #tag:

{{#tag:inputbox|
type=create
editintro=Template:new_en_noun_intro
preload=Template:new_en_noun
default=$1
break=no
width=1
hidden=true
buttonlabel=Noun
}}

MarkAHershberger added a comment.Via ConduitJun 14 2011, 12:22 AM

unassigned Trevor from Inputbox extension.

brion added a comment.Via ConduitSep 23 2011, 12:02 AM

(In reply to comment #1)

should works with #tag:

Actually that doesn't seem to do any different.

Hmm...

The parameter with the search term on the searchmenu-new message in Special:Search is escaped ahead of time so that it won't trigger wiki syntax in the output: eg a title containing "''" shouldn't trigger italics.

So the inputbox's parameters contain "default=foo&bar" (or on 1.18/trunk, "default=foo&bar" which fails in a similar but slightly different way).

Inputbox dutifully accepts that and sticks it in the value of its (hidden) input element -- of course escaping all of its output so the & and whatnot are preserved across the form submission.

Possibly inputbox should do normalization on the input to pre-convert any character references... though of course if anybody is *deliberately* putting character references into the inputbox input values they'd need to update to double-escape.

bzimport added a comment.Via ConduitOct 25 2011, 12:15 AM

mcdevitd wrote:

Marking as duplicate of bug 29066, with a more general name, since ampersands are not the only problematic characters.

*** This bug has been marked as a duplicate of bug 29066 ***

Add Comment

Column Prototype
This is a very early prototype of a persistent column. It is not expected to work yet, and leaving it open will activate other new features which will break things. Press "\" (backslash) on your keyboard to close it now.