MT update breaks validation

Today version 2.66 of Movable Type has been released, which addresses amongs others some of the comment spam issues.

I installed the update, and wrote a test comment to see how it works, but the entry did not show up anymore. Mozilla told me that there was a XML parsing error, and since I am serving my pages as application/xhtml+xml, Moz did not parse the page at all. I quickly changed my server settings so that my pages are served as text/html, and looked into the code.

The problem is that MT is now using a proxy script to link to the sites mentioned in comments, so spammers do not receive any ‘Google Karma’ by posting comments. The problem lies in the use of & in the URL, while they should have used &. For example, a link to this site appears as:

http://jeroensangers.com/cgi-bin/mt/mt-cmts.cgi?__mode=red&u=http%3A%2F%2Fjeroensangers.com%2F"

while they should have used:

http://jeroensangers.com/cgi-bin/mt/mt-cmts.cgi?__mode=red&u=http%3A%2F%2Fjeroensangers.com%2F"

I did a quick search in the new files, and found the error in the file lib/MT/Template/Context.pm at line 1189. Just add 4 characters, and MT produces valid HTML again.

[Update 2004.01.16]: Six Apart published MT version 2.661 to fix this problem.

Jeroen Sangers @jeroensangers