[Templates] URI Filter Issues

Robin Smidsrød robin@smidsrod.no
Tue, 20 Feb 2007 14:24:44 +0100 

This is a good example of what is a good use for the uri filter in a 
typical application.

[% read_url = 'http://localhost/?cmd=read&id=1&redirect=somwhere_else %]

<a 
href="http://localhost/?cmd=update&id=1&updated_key=updated_value&redirect=[% 
read_url | uri %]">Updated and read</a>

If uri doesn't correctly escape ALL parts, the redirect value in the 
last anchor is ambigous, and you would get two values for redirect, 
which is obviously wrong. That is why I in old versions of TT with the 
old behaviour had to make a custom callback that call URI::Escape 
instead, because the uri filter was broken.

<a 
href="http://localhost/?cmd=update&id=1&updated_key=updated_value&redirect=[% 
uri_escape(read_url) %]">Updated and read</a>

So my vote is for letting it stay fixed. The old implementation was 
obviously wrong. If your intention was to ONLY escape the query string 
of an URI, and not the entire string, you could very well make a custom 
filter for it that does exactly that, namely escapes the values of each 
query string argument.

-- Robin

Mihai Bazon wrote:
> You're right (except for the "problem understanding" part :p).  I just 
> noticed that I was careless enough not to run my URL-s through any 
> filters, so if I have a page whose URL part contains a slash, 
> everything breaks.
>
> If, however, I apply a complete filter, then it messes up all slashes, 
> which is also not good (i.e. I use urls like 
> /articles/chapter-title/section-title -- each of this 3 parts defines 
> one page in the DB).
>
> Indeed the Right Solution is to run a filter for each URL part.. but 
> this will go so deep in my Perl code that I'll rather use URI::Encode.
>
> So... I still think the uri filter should keep its old behavior.
>
> -M.
>
> Randal L. Schwartz wrote:
>>>>>>> "Mihai" == Mihai Bazon <mihai@bazon.net> writes:
>>
>>>> If we want a uri escape that is that aggressive, can it be put under a
>>>> different name, and the existing uri be modded back to allow : and /
>>>> characters through untouched...
>>
>> Mihai> $votes++
>>
>> You clearly don't understand the problem then, or what uri-escaping 
>> is about.
>> This isn't about "voting".  This is about *doing the right thing*.
>>
>> You *cannot* uri-escape a string that already has a path to it.
>> You can only uri-escape the path steps.
>>
>
>
> _______________________________________________
> templates mailing list
> templates@template-toolkit.org
> http://lists.template-toolkit.org/mailman/listinfo/templates