From 894ed12f37349c39a1e736bf4fb42d4d00164703 Mon Sep 17 00:00:00 2001
From: dattaz <taz@dattaz.fr>
Date: Sat, 21 Oct 2017 13:17:13 +0200
Subject: [PATCH] escape the & character of humanReadableBookId  to not be
 interpreted in urls as a new argument

---
 src/server/kiwix-serve.cpp      | 5 ++---
 static/server/include.html.part | 2 +-
 static/server/taskbar.html.part | 2 +-
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/server/kiwix-serve.cpp b/src/server/kiwix-serve.cpp
index 32f2790..b75b5d1 100644
--- a/src/server/kiwix-serve.cpp
+++ b/src/server/kiwix-serve.cpp
@@ -162,9 +162,7 @@ void introduceTaskbar(string& content, const string& humanReadableBookId)
     content = appendToFirstOccurence(
         content,
         "<head>",
-        replaceRegex(
-            RESOURCE::include_html_part, humanReadableBookId, "__CONTENT__")
-        + (noLibraryButtonFlag
+            RESOURCE::include_html_part + (noLibraryButtonFlag
             ? "<style>#kiwix_serve_taskbar_library_button { display: none }</style>"
             : "")
     );
@@ -183,6 +181,7 @@ void introduceTaskbar(string& content, const string& humanReadableBookId)
              "__CONTENT__"));
     }
     content = replaceRegex(content, rootLocation, "__ROOT_LOCATION__");
+    content = replaceRegex(content,replaceRegex(humanReadableBookId, "%26", "&"), "__CONTENT_ESCAPE__");
   }
   pthread_mutex_unlock(&regexLock);
 }
diff --git a/static/server/include.html.part b/static/server/include.html.part
index 061ad4e..57d3ed4 100644
--- a/static/server/include.html.part
+++ b/static/server/include.html.part
@@ -8,7 +8,7 @@
   jk(function() {
   jk( "#kiwixsearchbox" ).autocomplete({
 
-  source: "__ROOT_LOCATION__/suggest?content=__CONTENT__",
+  source: "__ROOT_LOCATION__/suggest?content=__CONTENT_ESCAPE__",
   dataType: "json",
   cache: false,
 
diff --git a/static/server/taskbar.html.part b/static/server/taskbar.html.part
index ec367f5..7cc0972 100644
--- a/static/server/taskbar.html.part
+++ b/static/server/taskbar.html.part
@@ -4,7 +4,7 @@
       <div class="kiwix_button_wrapper">
         <a id="kiwix_serve_taskbar_library_button" href="__ROOT_LOCATION__/"><button>Library</button></a>
         <a id="kiwix_serve_taskbar_home_button" href="__ROOT_LOCATION__/__CONTENT__/"><button>Home</button></a>
-        <a id="kiwix_serve_taskbar_random_button" href="__ROOT_LOCATION__/random?content=__CONTENT__"><button>Random</button></a>
+        <a id="kiwix_serve_taskbar_random_button" href="__ROOT_LOCATION__/random?content=__CONTENT_ESCAPE__"><button>Random</button></a>
       </div>
       <div class="kiwix_searchform">
         <form class="kiwixsearch" method="GET" action="__ROOT_LOCATION__/search" id="kiwixsearchform">