Serendipity Forums

When I try to hotlink external images to the media
library, which have query-string like URLs
(including ? and & characters), the hotlink does not work.

When hitting the "Go!" button, just nothing happens. It works with
plain URLs.

I tried to look into the code, since JScript is used I got nowhere
(was there a particular reason to use JavaScript for the upload/hotlink
form? Appears like straightforward form to me, so I wonder why it
was done so complicated).

Please advise how to debug this further, maybe this needs to be
escaped in some special way?

Cheers,
Daniel

Can you try to hotlink an image only with a "?" character, and without a "&" character? I have not created the hotlink code and have never used it, but we'll surely get it fixed.

If it works with "?" but not with"&" you might want to try using "&" instead of "&" to escape it...?

Best regards,
Garvin

I just tried, and it works if just a ? is part of the URL.

With escaping & by & it works, I tried manually.

If this could be fixed, that would be great. Some galleries
have lots of & in them, and to escape them all by hand would
become a bit inconvienent.

Thanks for your help already!

Sadly automatically replacing "&" with "&amp" can cause a lot of trouble - because if people use the propper "&amp" in their URLs, it would get changed to "&". The regular expression magic to get this is very hard and we've not yet got a proper version of this.

Best regards,
Garvin

Hmm,

sorry I am not sure if we mean the same thing.

In an URL String, "&" is defined to be the query string
parameter separator. So for any form data, that is
submitted via GET and urlencoded, the URL will have
one ? and possibly many & in them, which is perfectly legal
for URLs and very common for dynamic pages.

There is hardly any other reason for having & in an URL.

If one really really wants to have a literal & in an URL string,
it must be escaped with %26 not with &

& is the HTML entity to encode an & within an HTML
document. It is out of place in an URL, too.

I am very sure, if one enters an URL in the form to hotlink
a remote image, and this URL happens to include & characters,
it is certainly because, the remote webpage requires this
to have query-string parameters passed to it in order to display
the image (as said, many galleries work that way), and not because
someone did an utterly strange thing to put a literal & in his URL because
he liked it.

Now, I am a bit curious why actually replacing the & with & did work....

In the beginning I thought the problem is, because the form to submit
the hotlink URL uses GET and passes all parameters via URL to the
server, so the URL would be part of an URL and this may of course fail,
because the & would get intermixed. In this case I would have expected
that & would have failed, but %26 may have worked.
Since & worked, maybe you do some more stuff before
passing the parameter in the Jscripts. Somewhere there, there might
be a function, that interprets HTML entities like & and escapes them
differently before actually passing the submit request to the webserver....

My suggestions would be, that the string entered in the
URL-Field should be url-endoded as a whole, so it can be
easily passed as a parameter in the outer URL.

This means replacing all special characters with their %<hexcode>
counterpart.

What do you think?

Cheers,
Daniel

Uhm. It might be too late for me to get this, but I think you'Re right on track.

You sound like if you've got a solid knowledge of coding, so you may just want to look at the include/admin/images.inc.php and include/functions_images.inc.php files and check out our code?

For requesting an URL we're using the PEAR:HTTP_Request, maybe there is some entity decoding going on...?!

Regards,
Garvin

Hmm, I cannot reproduce the problem any more.
Everything seems to work fine now, even with unescaped &
in the URL. I did not change anything in my s9y installation,
except upgrade of the event_statistics module (which is obviously
unrelated).

Sorry for the hassle. Maybe neutrino storm or something.....