Bug? Possible incorrect escaping of <img> tags in graphs

[Haertig, David F (Dave)]

I think I've encountered a bug in the way <img> tags are created for
graphs.
 From one of my status pages, below is the link to it's graph.  Notice
disp=Lantronix%20sshrseg1 in the <img> tag.
<IMG BORDER=0
SRC="/hobbit-cgi/hobbitgraph.sh?host=sshrseg1&service=incomingdata&a
mp;graph_width=576&graph_height=120&disp=Lantronix%20sshrseg1&am
p;nostale&graph=hourly&action=view" ALT="hobbit graph
incomingdata">
#####
 
After clicking on the graph on the status page to open up the expanded
page with the 48hr, 12day, 48day and 576day graphs
the link below is for the first graph on that resulting page.  Notice
disp=Lantronix sshrseg1
The space was not represented as %20 like you'd expect.
 
<img
src="/hobbit-cgi/hobbitgraph.sh?host=sshrseg1&service=incomingdata&a
mp;graph_height=120&graph_width=576&disp=Lantronix
sshrseg1&nostale&action=view&graph=hourly" alt="hourly
graph">
 
#####
 
Even though the disp= part of that second img tag is not properly
escaped, the graph still displays (I don't know why).
However, it breaks if the text for the disp= was "Lantronix #1" for
example.  Apparently it chokes on the # character.
 
Those disp= entries above came from my bb-hosts file, where the relavent
line looks like this:
 
xxx.xxx.xxx.xxx  sshrseg1  # prefer incoming NAME:"Lantronix sshrseg1"
DESCR:"Terminal Server:Incoming Alarms"
 
That line used to look like the one below, but when it was like that,
the expanded graphs didn't display and zoom was broken:
 
xxx.xxx.xxx.xxx  sshrseg1  # prefer incoming NAME:"Lantronix #1"
DESCR:"Terminal Server:Incoming Alarms"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20070610/fe1391ef/attachment.html>