Hello,

I have reviewed a few of the posts that say this issue is fixed, but I am unable to get it to work. I have rearranged my filter ordering so that "go" is first. I have enabled full html and a custom filter to include the "go" filter, but no luck getting this to work. Any help would be appreciated.

Thanks,
Marshall

Comments

marshallsalinger’s picture

I should note that this is only an issue when generating go links on the fly with the <go href="http://somewhere.com" title="Somewhere">Somewhere</go> syntax.

hass’s picture

Status: Active » Postponed (maintainer needs more info)

Could you provide a raw example of the code you are trying for repro, please? Links like #1 must work.

hass’s picture

Aside - what case are you referring to that say this issue is fixed?

hass’s picture

Status: Postponed (maintainer needs more info) » Needs review

Looks like I've broken this in the latest release. The reason is check_plain($link[2]). You are able to remove the check_plain() and the issue should be solved. Are you able to verify this, please?

I'm not sure if this may open up the module for a XSS bug... need to think more about it, but I believe it doesn't.

  // Do not return a link if the go link doesn't haven attributes.
  return empty($go_attributes) ? '' : '<a ' . drupal_attributes($go_attributes) . '>' . check_plain($link[2]) . '</a>';

to:

  // Do not return a link if the go link doesn't haven attributes.
  return empty($go_attributes) ? '' : '<a ' . drupal_attributes($go_attributes) . '>' . $link[2] . '</a>';

This should fix such a code:

<go href="http://somewhere.com" title="Somewhere"><img src="foo.png" alt="Somewhere" /></go>
hass’s picture

Looking on this code we should also return $link[2] if the go link have no attributes.

  // Do not return a link if the go link doesn't have attributes.
  return empty($go_attributes) ? $link[2] : '<a ' . drupal_attributes($go_attributes) . '>' . $link[2] . '</a>';

Than we will get for

<go><img src="foo.png" alt="Somewhere" /></go>
<img src="foo.png" alt="Somewhere" />
vOOd’s picture

Priority: Normal » Critical

I set the priority to critical as I mainly use go with img links, and as long as this issue isnt fixed, I cant use this module :|

so here is an example that doesnt work :

<go href="example.com"><img src="xxxxx"></go>

image will be displayed, but u cant click it
I tryed both ur fixes, neither work :(

hass’s picture

@vOOd: can you try above fix in #5 and report back, please? You *need* to upgrade... I can only tell you the bugs fixed in v1.1 are very very critical!

vOOd’s picture

as I said, I already tryed both #4 and #5 and they dont work.
the go tags arent processed. Image cant be clicked and when looking at the source code we have <go href="xxx"><img src...></go> instead of a href ...
btw what do u mean by "you need to upgrade" ?

And tell me if Im doing wrong when trying ur fixes : I edit gotwo.module, then upload it, then create a go link. Do I need to deactivate the module or anything else ?

hass’s picture

Sounds like a brand new install!? You may have missed to enable the gotwo filter for your content types if the go tags are not changed to normal links.

vOOd’s picture

come on, I enabled it... Im not that stupid.
go tags work with that way : <go href="stuff">text</go> WORKING : source code = <a href="stuff">text</a>
but they do NOT work with img tag instead of text : <go href="stuff"><img .../></go> NOT WORKING : source code = <go href="stuff"><img .../></go>
the result is go tag isnt processed, it is displayed in the source code, its not changed with a href instead of go href. is it clear enough ??
try it yourself, you will see...

hass’s picture

Provide a patch for the regex, please.

vOOd’s picture

well Im not a developer, only a user, so I dont know how to fix this.
Im just reporting the bug

hass’s picture

Patch attached needs review, but seems working for me.

hass’s picture

Priority: Critical » Normal
hass’s picture

Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.