Posted by sun on
- The internal identifier for a blacklist term (returned by Mollom) may contain slashes (i.e., when the blacklisted term contains slashes).
- The identifier is properly escaped, except for the potentially contained slashes, since Drupal's URL path and query parameter encoding functions intentionally revert escaped slashes back to unescaped slashes (beautification of URLs).
- Given a blacklist term "
http://foo", the delete link URL being output is
- We cannot avoid the unescaping, unless we'd double-escape slashes.
- The actual cause however is that we're placing the blacklist term ID into the path, instead of a query parameter.
- We're using a path parameter, since that is what Drupal is normally using. In this case, Drupal core's built-in beautification of path parameters produces a problem though (the same problem is known for autocomplete callbacks in D7 already).
- Use a query parameter to pass the blacklist ID.
|PASSED: [[SimpleTest]]: [MySQL] 4,292 pass(es).|
|FAILED: [[SimpleTest]]: [MySQL] 3,845 pass(es), 14 fail(s), and 2 exception(s).|
|PASSED: [[SimpleTest]]: [MySQL] 4,883 pass(es).|