Menu
▾
▴
#31 ea.cgi not handling wiki escapes
closed-out-of-date
5
2017-03-09
2008-08-31
No
When the wiki links to ISFDB such as with the {{a}} author template links containing special characters are escaped by the wiki software to use .xx rather than the more common %xx format. See http://www.isfdb.org/wiki/index.php/Template_talk:A#Broken_Example for examples of links.
This can be handled within ea.cgi by looking for ".xx" where xx is two hex digits and converting that into either %xx or the ASCII character.
Discussion
Anonymous
As per the Wiki discussion, the links that look like http://www.isfdb.org/cgi-bin/ea.cgi?Donald_Macpherson_.28novelist.29 do not work. As per DES, "If you undertake a fix in the code, make sure that it handles all non-alphanumeric characters, because anchorencode purports to convert all such. Tests may be needed to determine what it actually converts".
I believe this problem is actually with the templates as they do not use the correct URL escaping. anchorencode is for encoding fragment anchors within mediawiki--not URLs. It is close and that is why it was used/applied. You will notice other things are not encoded right too and the templates all provide a means to specify the actual link data instead of auto-inferring it with anchorencode. So though this could perhaps be fixed somehow in the ISFDB Python code, I do not think the right place to do such.
This affects more than just templated author links as it seems Template:A links into ea.cgi, Template:Series links into pe.cgi, and Template:PubSeries links into pubseries.cgi all incorrectly using anchorencode and each of those scripts attempts to handle non-numeric string arguments.
Upon researching this, the correct function the wiki templates should be using is urlencode and not anchorencode. Then the Python code needs to correctly handle URL percent encoding correctly and things should be happy. One other issues currently the code uses argv for parsing the query string args for these but argv is no guaranteed to work the same same on each platform (as per the CGI specification; I bet it works rather differently on Windows than Linux/POSIX/Unix) and is designed for use in a system specific shell so basically argv is QUERY_STRING split at "+", url decoded and then reencoded with shell escapes (which we do not need). That has resulted in hacks like biblio/common.py unescapeLink adding code to remove backslashes (added by apache's argv shell escaping).
This bug report is out of date since we now use the "Web pages" field to link Wiki-hosted pages.