Coranto is parsing hex code in Submit News

[Vince C]

Coranto seems to be parsing %20 and such as spaces, or whatever character the hex code corresponds to. How can I make Coranto NOT parse hex code?

[Parahead]

From the top of my head I don´t have a good solution, but you could replace % in the submission post with the corresponding %XX code instead. This would make Coranto (or any other webscript) handle the %XX20 as %20 when handling the submission...

[Vince C]

Para, I'm not sure what you mean. A hex code is a percent sign, followed by some 2 digit hexidecimal number. For example, %20 corresponds to a space, and %3F corresponds to a question mark. These hex codes are used to sanitize user input, and to assist in passing variables in a URL.

Here is a good example of the problem at hand. phpBB uses hex code to encode it's URLs properly. So if you go to Search, and search for "search*", that string is actually "search%2A", because %2A is the asterisk. Now, here is a page URL that results from that search: http://coranto.org/forum/viewtopic.php? ... =search%2A

Now what coranto will do, is change %2A in to * . Technically, if you use http://coranto.org/forum/viewtopic.php? ... ht=search* then it actually still works.

However, here is where the problem compounds. Let's say I wanted to pass that URL, within a URL, as I am doing. You know, something like domain.com?referrer=http://coranto.org/forum/viewtopic.php?t=5887&highlight=search%2A . Well, there are several problems. As soon as the ampersand is read, "highlight" is going to be considered as another variable, and not actually part of the URL. So we have to change ampersand to the appropriate hex code. But what I am saying is that as soon as you replace & with %26, coranto changes it right back to & when you edit or submit the news.

I'm not sure what you meant by using %xx26. No browser or PHP method will be able to recognize what that actually is. What did you mean by that?

[Vince C]

Is it possible to just comment out the code that is causing this to happen? Does anyone know where in the Coranto files this code is?

[Parahead]

Para, I'm not sure what you mean. A hex code is a percent sign, followed by some 2 digit hexidecimal number. For example, %20 corresponds to a space, and %3F corresponds to a question mark. These hex codes are used to sanitize user input, and to assist in passing variables in a URL.

Thanks for letting me know, but I do know both about this and the problem with "nested" URL's which you explain...

My suggestion to use %XX20 was ment that %XX is the % equivalent in the ISO-8859-1 character set, thus using %3720 would be translated at submission time to %20. That was what I ment but I hadn´t really tested this which I have now. The thing is that I have found some interesting things. I have a clean 1.24 installation where I can submit your example URL just fine, but on another installation with a bunch of addons this doesn´t work and the %2A (for example) *is* substituted to *.

The %XX approach doesn´t work, but one can also use &#XX; and I have found some interesting things. (In the examples from here on I will use ##XX; instead of &#XX; because the forum messes things up otherwise.) In Coranto when submitting news, using ##37; is not substituted to % when entering Modify News, but using ##42; is substituted to * when entering Modify News. So something fishy is going on here...

I don´t currently have the time to dig that deep into this so here is a workaround for you that uses the technique I first mentioned, but in a way that actually do work. If you would like to submit the URL:
http://coranto.org/forum/viewtopic.php? ... =search%2A
Replace the % with ##37; instead, making the URL looking like this:
http://coranto.org/forum/viewtopic.php? ... ht=search##37;2A

[Vince C]

I appreciate your analysis of this. As soon as I get free time (ah college) I will check this out!

[Jackanape]

If you're using "TextField" to reference your field, it still parses it?