I spent a long time in the last two days tracking down a double unquoteing issue of named entities such as `©` (normally this displays as `©`, but recently it got unquoted twice and displayed as ©).
This was introduced by a recent safety feature: The results of a GetParam call are now always HTML-quoted (to prevent HTML/script injection via parameters). This has an effect on saving, because there used to be a feature that HTML-quoted new text, unquoted entities, processed the page, retrieved the text again and saved it without quoting and unquoting.
Today, there’s a slight difference: When retrieving the text again, it is automatically HTML-quoted. I therefore HTML-unquote it again before saving. The problem is that HTML-quoting still unquotes entities. When saving, this text is unquoted again. So entities are unquoted twice due to a “feature” that no longer serves its purpose.
I think 1.615 should have it fixed. I got distracted because some tests failed, but I think that the tests were wrong. Entities are no longer spared quoting. Instead, there’s a defaul text formatting rule now which does the unquoting for named or numbered entities.
Today I spent a long time tracking down the reason why file uploads no longer seemed to work.
This was a due to a wrong encoding type for forms. For file uploads to work, we need “multipart/form-data” instead of “application/x-www-form-urlencoded”. I removed the manual override from Oddmuse in a recent checkin. The reason was that the manual override triggered a bug in newer versions of CGI.pm: The attribute would be listed twice per form element, resulting in invalid XML. Removing the override relies on defaults, however, which again seem to depend on the exact version of CGI.pm in use.
I’m using start_multipart_form instead of start_form, now. I’m sure this is not supported in all versions of CGI.pm, but at least the versions I am confronted with at the moment seem to know it.
#Oddmuse