This discussion has been archived.
No new comments can be posted.
20180501_110533 UTC title_text for story entered by using 'new' on admin bar
|
Log In/Create an Account
| Top
| 1000 moderator points
| 2 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 0) by Anonymous Coward on Thursday July 19 2018, @06:13PM (1 child)
FatPhil thread hijacking in order to test the URL-ification failure mentioned in
https://soylentnews.org/comments.pl?noupdate=1&sid=26657&page=1&cid=709249#709249 [soylentnews.org]
https://logs.sylnt.us/#dev/2018-07-19.html [sylnt.us]
(Score: 0) by Anonymous Coward on Thursday July 19 2018, @06:25PM
Plain Old Text with the wrapper:
https://www.biblegateway.com/passage/?search=Revelation+3:14-22KJV;NKJV [biblegateway.com]
(post-preview: which becomes the link: https://www.biblegateway.com/passage/?search=Revelation+3:14-22KJV;NKJV [biblegateway.com] )
without:
https://www.biblegateway.com/passage/?search=Revelation+3%3A14-22&version=NIV;KJV;NKJV [biblegateway.com]
(post-preview: which becomes the link: https://www.biblegateway.com/passage/?search=Revelation+3:14-22KJV;NKJV [biblegateway.com] )
post-post-preview:
Conclusion, the token ``&v e r s i o n = N I V ;'' is being treated as an entity which gets disappeared.
We could leave unrecognised entities alone, but that might mean we are being fooled into injecting unknown evil into the page.
Note - even with the & expressed as &, the above URL is malformed.
The following query string in a URL:
?search=Revelation+3%3A14-22&version=NIV;KJV;NKJV
Should be interpreted as:
search=Revelation+3:14-22
version=NIV
KJV=
NKJV=
because ';' is exactly the same type of separator as '&' is.
So this particular case is *not* fixable, their webserver's broken.