Pathologic screws up paths given using tokens

Hmm. Usually, Token and input filters aren't run on the same chunk of text - unless maybe it's an input filter which does Token, of which I'm sure there's at least one, but in that case just rearranging the filters so that Pathologic comes after the Token one ought to fix things…

I have a couple Ubercart installations I can play with, so could you point out where and when exactly this is happening?

Sure. I'm using Ubercart 6.x-2.0-rc3.

Look in uc_cart.module and search for order-url or site-url. Here's one example:

Now go to uc_cart_complete_sale() in the same file. Here's the first place this message is processed:

We now have href="https://host/[order-url]".

Here is where the second place the message is processed:

And we get href="https://host/https://host/....". Or at least I do. This may also require securepages enabled (so that you get an absolute path and not a relative path)—I'm not sure.

Okay, but I meant, what sequence of steps could I take to see this problem happen for myself?

On my system, all it took was placing an order. The error appeared on the Order Completion page. The links to the order and to the home page (in the order completion message) were screwed up.

One more note: you have to be logged in to get the 'completion_logged_in' message.

Aha. Okay, I was able to replicate this.

I'm not sure what to do about it, though. I can see the logic in why Ubercart did it this way, but I'm reluctant to go tweaking with Pathologic's algorithm just for this case. In the meantime, I suggest you create a new input format which does not use Pathologic, then go to the checkout messages screen and switch all the messages over to that input format. It's unrealistic to expect everyone to do that, though…

I've been considering doing some more hacking on Pathologic recently. If/when I do, I'll take this problem into consideration.

The suggestion for switching to another input format had occurred to me, but I'm not sure if that will catch everything. For instance, when a user places an order, a confirmation email is sent. This email contains links back to the Web site. There are other places that Ubercart uses tokens. I don't know if any of those have the same problem, but I'd rather avoid the problem at the source.

My change avoids processing URLs of the form href="[. It seems to me to be low-risk to avoid inserting the base URL in front of the "[". If the token is a relative path, you don't need to do anything. If the token is an absolute path, you can't improve on the results, only make them worse. If it's not a token, neither is it a valid URL (I think), so the text probably has some more processing to go through and the processing will create a relative or absolute path—so we're back to the same cases as before. If "[..." is a valid URL, it would be a relative URL, so we apply the relative URL reasoning.

I can't see how you would go wrong.

Ubercart, on the other hand, ought also deal with this by processing tokens first and then running the results through the input filter. I'll file a bug for them.

The suggestion for switching to another input format had occurred to me, but I'm not sure if that will catch everything. For instance, when a user places an order, a confirmation email is sent.

I highly doubt Ubercart will apply input filters to email. The intention of an input filter is to output HTML.

Ubercart, on the other hand, ought also deal with this by processing tokens first and then running the results through the input filter. I'll file a bug for them.

I don't think it's a bad idea, though, because if you filter the text with input filters first, you can cache that result, then just pass the cached, filtered text through Token. I'm guessing that's why they're doing it that way.

I highly doubt Ubercart will apply input filters to email. The intention of an input filter is to output HTML.

Ubercart email templates (ubercart/uc_order/templates) currently all use HTML. The customer checkout confirmation email is a heavy duty HTML user.

Ubercart uses tokens quite heavily. There are probably other uses besides checkout messages and emails.

I don't think it's a bad idea, though, because if you filter the text with input filters first, you can cache that result, then just pass the cached, filtered text through Token. I'm guessing that's why they're doing it that way.

Good point. I sure don't know what the right answer is for the Ubercart folks, but they need to think hard about what it means to apply an input filter to text with tokens. Removing the tokens after filtering could produce potentially screwy results not just for pathologic, but for a number of other input filters. No point being really fast at getting the wrong answer :-)

By the way, the Ubercart bug is #488886: Tokens should be processed before running text through an input format..

Ubercart email templates (ubercart/uc_order/templates) currently all use HTML. The customer checkout confirmation email is a heavy duty HTML user.

Ah, that's right. I tend to forget because I have my email client configured to only show the text portions of email if available, since HTML HAS NO FRIGGIN' PLACE IN EMAIL GOD ARRRRRAAAGAHGHGHGHGHG (plucks out neckbeard)

Either way, Pathologic won't be affecting it.

I can duplicate this bug. It is very annoying.
Steps to replicate:
1. in "admin/store/settings/checkout/edit/messages" set the "Checkout completion for logged-in users" input format to a format that uses Pathologic filter.
2. Make an order (as an logged in user). On the "Order complete" page the links to order or front page are screwed !

Lowering the priority. I solved my problem by creating a new input format called "UC" that does not have Pathologic enabled. I assigned this filter to the checkout messages and that was all. No patching.