CGI.pm Escaping query strings - ampersand issue

[Matthew Salerno]

I have a cgi/mod_perl script that at one point it generates url's based on
directories:

foreach (@dirs){
my $lnk = qq|<A HREF="index.cgi?List=$_&TestID=$testid" TARGET="$testid"
ONCLICK="window.open('index.cgi?List=$_&testid=$testid',
'$testid','toolbar=no,location=no,directories=no,status=no,menubar=no,scroll
bars=yes,resizable=yes, width=450,height=230,left=100,top=100'); return
false">|;
print "$lnk1 here </a><br>";
}

The problem is that some of the directories contain ampersands "&".

If there is an ampersand in the directory name, the the rest of the query
string gets all messed up.

ex.
If the directory is titled:
Paperwork_&_Cover
The URL becomes
http://testserv/index.cgi?List=Paperwork_&_Cover&testID=70821

Before the print statement, I have tried the following:

escape($lnk);
Gives me:
Software error:
/TestDocs/70822/Paperwork_ No Documents in this system No such file or
directory at /docs/index.cgi line 345.

$_ =~ s/\&/\&amp\;/g;
Gives me:
Software error:
/TestDocs/70822/Paperwork_ No Documents in this system No such file or
directory at /docs/index.cgi line 345.

$_ =~ s/\&/%26/g;
Gives me:
Software error:
/TestDocs/70822/Paperwork_%26_Cover No Documents in this system No such file
or directory at /docs/index.cgi line 345.

I am going nuts trying to figure out how to get this to work. Can anyone
offer up a bit of wisdom.

Thanks,

Matt

 

[Matthew Salerno]

I have a cgi/mod_perl script that at one point it generates url's based on
directories:

foreach (@dirs){
my $lnk = qq|<A HREF="index.cgi?List=$_&TestID=$testid" TARGET="$testid"
'$testid','toolbar=no,location=no,directories=no,status=no,menubar=no,scroll
bars=yes,resizable=yes, width=450,height=230,left=100,top=100'); return
false">|;
print "$lnk1 here </a><br>";
}

My apologiex, obvious typo:

print "$lnk1 here </a><br>";

Should be:
print "$lnk here </a><br>";

 

[Gunnar Hjalmarsson]

I have a cgi/mod_perl script that at one point it generates url's
based on directories:

The problem is that some of the directories contain ampersands "&".

$_ =~ s/\&/%26/g;
Gives me:
Software error:
/TestDocs/70822/Paperwork_%26_Cover No Documents in this system No
such file or directory at /docs/index.cgi line 345.

URI-escaping the directory name, i.e. converting the '&' character to
'%26', should do the trick. I don't understand what kind of test you
are doing to conclude that that does not work.

It is a URL, right? If you submit

http://testserv/index.cgi?List=Paperwork_&_Cover&testID=70821

with the browser, doesn't CGI.pm unescape the directory name back to
Paperwork_&_Cover?

 

[gnari]

[ query string ]

The problem is that some of the directories contain ampersands "&".

If there is an ampersand in the directory name, the the rest of the query
string gets all messed up.

...
$_ =~ s/\&/%26/g;
Gives me:
Software error:
/TestDocs/70822/Paperwork_%26_Cover No Documents in this system No such file
or directory at /docs/index.cgi line 345.

you are using CGI.pm are you not?

by the way, you should properly urlencode your querystring parameters,
as there are more characters that may appear in filenames but are
not valid in querystrings.

gnari

 

[Bob Walton]

I have a cgi/mod_perl script that at one point it generates url's based on
directories:

foreach (@dirs){
my $lnk = qq|<A HREF="index.cgi?List=$_&TestID=$testid" TARGET="$testid"
ONCLICK="window.open('index.cgi?List=$_&testid=$testid',
'$testid','toolbar=no,location=no,directories=no,status=no,menubar=no,scroll
bars=yes,resizable=yes, width=450,height=230,left=100,top=100'); return
false">|;
print "$lnk1 here </a><br>";
}

The problem is that some of the directories contain ampersands "&".

If there is an ampersand in the directory name, the the rest of the query
string gets all messed up.

ex.
If the directory is titled:
Paperwork_&_Cover
The URL becomes
http://testserv/index.cgi?List=Paperwork_&_Cover&testID=70821

Before the print statement, I have tried the following:

escape($lnk);
Gives me:
Software error:
/TestDocs/70822/Paperwork_ No Documents in this system No such file or
directory at /docs/index.cgi line 345.

$_ =~ s/\&/\&amp\;/g;
Gives me:
Software error:
/TestDocs/70822/Paperwork_ No Documents in this system No such file or
directory at /docs/index.cgi line 345.

$_ =~ s/\&/%26/g;
Gives me:
Software error:
/TestDocs/70822/Paperwork_%26_Cover No Documents in this system No such file
or directory at /docs/index.cgi line 345.

I am going nuts trying to figure out how to get this to work. Can anyone
offer up a bit of wisdom. ....
Matt

Just a WAG: Try something like:

for(@dirs){
my $i=$_;
$i=s/&/%26/g;
... #using $i instead of $_
}

It looks like the errors might possibly be coming from something you are
doing with array @dir later on, and the code you have is placing the
escape codes into @dir, which then means @dir won't work when used for
other stuff later. I say this mostly because the errors you are getting
don't appear to be from a browser, but from Perl.

 

[pkent]

I have a cgi/mod_perl script that at one point it generates url's based on
directories:

foreach (@dirs){
my $lnk = qq|<A HREF="index.cgi?List=$_&TestID=$testid" TARGET="$testid"

You can't just put any old string into a query string value, or key, and
expect it to work. Only certain characters are safe - in particular you
noticed that & is special, because that's the thing used to separate
key-value pairs! [There are other specials, of course, but you can read
the RFC for them]

So, you need to url-escape $_ _before_ you whack it into a query string
value or key. Look at the URI::Escape module.

And then, don't forget that '&' itself is a special character in HTML
and needs to be escaped there too.

P