#45 URLs not linked correctly in the post-approval screen

[Ahasuerus]

If a Title Update submission includes a URL in the Notes field, that URL will have "http://www.isfdb.org/cgi-bin/mod" added and extraneous backslashes and quotes will appear in the Title Update screen (ta_update.cgi), e.g. http://www.isfdb.org/cgi-bin/mod/\"http://www.eapoe.org/works/tales/specsa.htm\"

[Nobody/Anonymous]

I can't reproduce that. More details please?

[Robert Glowczynski]

URL in the A tag, put in the Notes field something like:

sasas <a href="http://aaa.aa">sasas</a>

The < > characters are not escaped, but while on the "Proposed Title Update Submission" page (tv_update.cgi) the Notes field has a working link, "Title Update - SQL Statements" (mod/ta_update.cgi) has link to "http://fed8.roglo.net/cgi-bin/mod/%5C%22http://aaa.aa%5C%22". I guess the <, > should be replaced with &lt; &gt; so that we can see the embedded HTML. Perhaps there is already a function to do this?

(now let's see what Tracker will make of this).

[Robert Glowczynski]

Oh, and the strange form of the URL results from escaping quotes ", the code on the page is:

sasas <a href=\"http://aaa.aa\">sasas</a>'

with the current directory being http://www.isfdb.org/cgi-bin/mod. Perhaps IE shows it in a different way?

Note that there is another bug filed, related to embedded HTML: Field data is not escaped for <> - ID: 2551729

[Ahasuerus]

I guess we could try to fix 2551729 and see if it also fixes this bug?

[Bill Longley]

Well, it's easy to make ta_update.py show a working link like tv_update.py does - just print a non-escape_string-ed version of the queries. Do people want that, or to see the html as text?

[Ahasuerus]

I think a working link would be more useful in case the approver wants to check where it leads.

[Bill Longley]

mod/ta_update.py 1.4 committed, which has the working link.

[Ahasuerus]

Fixed in r2009-03.