#1 Escaping/Deescaping is broken

[Anonymous]

In MAIN the query string gets decoded twice. This is incorrect and will e.g. replace any '+' characters by spaces, effectively making the node string invalid. This can easily be seen when a link with a '+' in it is selected. The corresponding node will not be found.

To fix this in MAIN simply replace:
...
$BaseInfoFile = &DeEscape($1);
$BaseInfoFile =~ s#\.\./##g; # jonh 5/20/97 -- sanitize up-references
$NodeName = &DeEscape($2);
...
with
...
$BaseInfoFile = $1;
$BaseInfoFile =~ s#\.\./##g; # jonh 5/20/97 -- sanitize up-references
$NodeName = $2;
...

to avoid De-Escaping the QUERY_STRING twice.

Also, Escape() and DeEscape() can be stripped down to be simple wrappers for the corresponding CGI functions.
Modify:
...
sub Escape{
local($Tag) = @_;
#-- escaping is not needed anymore KG/28.6.94
$Tag =~ s/ /%20/g; # space
$Tag =~ s/\+/%AB/g; # +
#-- oh yes it is -- jonh 5/16/1997
#$Tag;
return CGI::escape($Tag);
}
...
to
...
sub Escape{
local($Tag) = @_;
return CGI::escape($Tag);
}
...

and
...
sub DeEscape{
local($Tag) = @_;
#-- deescaping is not needed anymore. KG/28.6.94
$Tag =~ s/%AB/+/g;
$Tag =~ s/%20/ /g;
#-- oh yes it is -- jonh 5/16/1997
#$Tag;
return CGI::unescape($Tag);
}
...
to
...
sub DeEscape{
local($Tag) = @_;
return CGI::unescape($Tag);
}
...

Note that using a %AB to encode/decode a '+' is wrong in the first place. It should be %2B.
Furthermore, it does not make much sense to pre-encode the string in Escape() and then encode it. This effectively encodes the '+' and the ' ' twice.

[Anonymous]

Logged In: YES
user_id=1688873
Originator: NO

Sorry, I created the Bug report before I created an account. For any questions feel free to contact me.

[Nobody/Anonymous]

Logged In: NO

An Example URL where this fails can be found in the Zsh info pages. The link to "Jobs & Signals" fails due to the ampersand and space.
http://info2html.sourceforge.net/cgi-bin/info2html-demo/info2html?\(zsh.info.gz)Jobs%2520%26amp%3B%2520Signals