I tested the http:BL plugin by editing the statements in function httpbl_check() to simulate a greylist and blacklist IP. The generated messages did not showed the replacements for %ipurl and %whitelisturl but resolved to /%25ipurl and /httpbl/%25writelisturl. Switching to source editing of the messages in http:BL 'Advanced' settings did not resolve the problem.

I fixed the problem by excluding admin/settings/httpbl.edit-httpbl-message-* in the CKeditor Global Profile. The % symbols had already been replaced with %25 - I edited the message to restore the 'bare' %.

Comments

nhoeller’s picture

nhoeller CreditAttribution: nhoeller commented
Status: Postponed (maintainer needs more info) » Active

See http://drupal.org/node/1877574#comment-6990138 for further problem determination. It appears that HTML Purifier (included in the default input filter) is replacing any % inside a link reference with %25. I can get around this issue by switching to an input filter that does not include HTML Purifier. Excluding the httpbl configuration field from being processed by CKEDitor seems to be the best option.

bryrock’s picture

bryrock CreditAttribution: bryrock commented
Status: Active » Postponed (maintainer needs more info)

Are you requesting documentation or volunteering documentation? Not clear on the objective of this issue.

nhoeller’s picture

nhoeller CreditAttribution: nhoeller commented
Status: Active » Postponed (maintainer needs more info)

@bryrock, I ran into a problem, identified a bypass and posted it here for others who might run into the same issue. Given that this is a problem involving the interaction of three modules, I am not sure what the 'Drupal way' would be. I have seen cases where it seemed that the module install process added a CKEditor exclusion for configuration fields.

bryrock’s picture

bryrock CreditAttribution: bryrock as a volunteer commented
Issue summary: View changes
Status: Postponed (maintainer needs more info) » Closed (outdated)