Bug: Form data can have values that can get corrupted

if I have a meta-data value (form field value) that contains one of the strings for the "special characters" (used in escaping certain characters in HTML) then I can create the situation where TWiki corrupts the data. For example, if I set the form field "burble" to the value "XX %_N_% XX" this gets saved as

%META:FIELD{name="burble" value="XX %_N_% XX"}%

then, when I re-load the form, the %_N_% has been replaced with a newline.

The reason is that there is no escaping of the percent character. This problem will also impact data tucked away in hidden fields during preview.

I have (mostly) fixed this in the DEVELOP branch, by consolidating all the duplicated code in one place and adding an escape for % (%_P_%). Note that old data will still load correctly, unless it contains the string %_P_%.

This topic is just to document this bug and give objectors a chance to flame.

-- CrawfordCurrie - 02 Jan 2005

In the past I escaped the percent sign, but I had to revert it back because it had undesirable side effects. I can't remember what though. Changes like this should be done carefully.

-- PeterThoeny - 03 Jan 2005

I can only address the problems I can see. Without a testcase that demonstrates undesireable side-effects, I have to assume there are none.

Note that the fix has highlighted that there is a problem with form field values - I can't enter the string %_N_% in a form field.

-- CrawfordCurrie - 03 Jan 2005