UBB.Developers Forums UBB.threads 6 Bug Reports Nasty problem with poll results [5.3]

Here's a convoluted one. When a user that has a space in their user name creates a poll, the URL for the "View the results for this poll" link looks like:
[:blue]http://SaveTheFreeWeb.com/forum/viewpoll.php?Cat=...&poll=988303666Bill Dimm
Note that the space in the user name after the [:blue]poll= has not been converted to a %20 as it should be (spaces aren't legal in a URL). So, when you click the link you end up with empty poll results if you are using Netscape 4.7 while it looks just fine in Opera (which apparently converts the space automatically). The same problem also occurs when you click the "Submit vote" button for the poll and it attempts to take you to the Poll results page. The problem occurs when viewing the poll in both flat and threaded modes. When you are on the broken viewpoll.php page you can manually fix the URL by changing the space to a %20 and verify that it does then display correctly.

Bill Dimm, MagPortal.com - [:red]free feeds for your site.

Adding in showflat an shwothreaded, just after
[:blue]if ($Poll) //(N.B. instances in the script)

the line

$Poll = rawurlencode($Poll);

fixes the bug.


In fact, each time a variable with possible special chars is an argument of a url we need to urlencode it.

Thanks for the info Bill. I'll use the fix from Sharif (thanks Sharif[]/testimages/icons/wink.gif[/]), to patch this up.

Just curious, but what's the main advantage of using rawurlencode() over urlencode() ?

Administrator, Videogame Music Archive

Thanks Sharif. It seems there is one other change needed to make it show the results properly after the user casts a vote. In "dopoll.php" the line that says:
[:blue]$ref .="&what=$prog&vc=1&poll=$pollname";
should be changed to
[:blue]$ref .="&what=$prog&vc=1&poll=" . rawurlencode($pollname);

Also, just to clarify your fix - it appears that each file has two if-statements that need to be adjusted. Alternatively, you can can look for the line like:
[:blue]list ($Number,$Posted,$Username..., $Poll, ...) = $dbh -> fetch_array($sth);
and add after it:
[:blue]if ($Poll) { $Poll = rawurlencode($Poll); }

Bill Dimm, SaveTheFreeWeb.com

The only thing I can tell you : rawurlencode is safer than urlencode. Variables, like & amp (without space), may match HTML entities and when parsed by the browser, with urlencode, the actual entity is used instead of the variable. I have no idea on the perfomance of the two functions.