[imp] htmlspecialchars (was Re: [imp] IMP HEAD CVS: error innewmail popup)

mays@optonline.net mays@optonline.net
Thu, 06 Dec 2001 16:38:18 -0500 

Jan Schneider wrote:

> Encoding the & in an url as & is necessary in xhmtl. And Horde is xhtml
> compliant.
>
> But it only seem to cause problems with some browsers (namely Netscape and
> Mozilla) if used in a javascript call.
>
> Jan.
>
> Zitat von mays@optonline.net:
>
> >
> > I notice a similar problem when using imp authentication with horde.  On
> log
> > out, a user is redirected to something similar to
> >
> >
> >
> http://example.com/horde/imp/login.php?reason=logout&redirect_url=http%3A%2F%2Fexample.com%2Fhorde%2Flogin.php

That make s sense, however, in this case, it is not part of a javascript
call.  In fact, with the example url above, $GLOBALS['HTTP_POST_VARS'] has two
elements:

    ['reason']=logout
    ['amp;redirect_url']=http%3A%2F%2Fexample.com%2Fhorde%2Flogin.php

Notice the leading 'amp;'.  The code in login.php does a
getFormData('redirect_url'), which returns nothing as it can't find
'redirect_url'.  Changing to getFormData('amp;redirect_url'), while obviously
incorrect, returns the desired info.

In case it is relevant, I do happen to be using Netscape 4.77.  But I also get
the same behavior with IE6.

If passing the url through htmlentities is being done for xhtml, then perhaps
it is a problem with my version of PHP (4.0.6 plus PEAR from cvs).

Mark



>From liamr@umich.edu Date: Thu,  6 Dec 2001 16:38:24 -0500
Return-Path: <liamr@umich.edu>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 27143 invoked from network); 6 Dec 2001 21:38:26 -0000
Received: from donkeykong.gpcc.itd.umich.edu (smtp@141.211.2.163)
  by clark.horde.org with SMTP; 6 Dec 2001 21:38:26 -0000
Received: from esperanto.web.itd.umich.edu (smtp@esperanto.web.itd.umich.edu [141.213.231.69])
        by donkeykong.gpcc.itd.umich.edu (8.8.8/4.3-mailhub) with ESMTP id QAA25822
        for <imp@lists.horde.org>; Thu, 6 Dec 2001 16:38:25 -0500 (EST)
Received: (from nobody@localhost)
	by esperanto.web.itd.umich.edu (8.8.8/4.9.1-cyrus) id QAA14092
	for imp@lists.horde.org; Thu, 6 Dec 2001 16:38:24 -0500 (EST)
X-Authentication-Warning: esperanto.web.itd.umich.edu: nobody set sender to liamr@umich.edu using -f
Received: from 141.213.231.63 ( [141.213.231.63])
	as user liamr@l.imap.itd.umich.edu by mail-test.www.umich.edu with HTTP;
	Thu,  6 Dec 2001 16:38:24 -0500
Message-ID: <1007674704.3c0fe5507030f@mail-test.www.umich.edu>
Date: Thu,  6 Dec 2001 16:38:24 -0500
From: Liam Hoekenga <liamr@umich.edu>
To: imp@lists.horde.org
References: <1007672250.3c0fdbba85c33@mail-test.www.umich.edu> <1007672670.3c0fdd5e3c6a0@marina.horde.org> <1007674338.3c0fe3e2ce9d0@mail-test.www.umich.edu> <1007674509.3c0fe48d4653b@marina.horde.org>
In-Reply-To: <1007674509.3c0fe48d4653b@marina.horde.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.0
X-Originating-IP: 141.213.231.63
Subject: Re: [imp] $conf['user']['redirect_on_logout'] urls getting appened w/ ?reason=logout

> Your CGI really just doesn't like an extra GET parameter?
> 
> -chuck

Not a problem.  I figured out how to work around it.

thanks
liam