As I thought they would, Six Apart released a minor upgrade to yesterday's 2.66 release:
Update: We've released 2.661, an update to 2.66, to fix a problem with invalid XHTML in the comment redirect script, along with using comment IDs instead of URLs to fix an open redirect problem.
The update does incorporate the change to Context.pm I noted in my previous post, so the comment author links are now valid XHTML.
Update: It seems that there are problems with this version as well.
1. When a comment is previewed, a HASH error is displayed at the bottom of the window:
Use of uninitialized value in sprintf at lib/MT/Template/Context.pm line 1187.
MT 2.661 changed comment author redirect URLs to use the comment ID instead of the actual author URL in the redirect link. The HASH error is occurring when comments are previewed because the comment has not been stored in the MT database yet and it does not yet have an ID number (it is "undefined" by definition).
- It appears that the author URL saved by MT in a local cookie is somehow mangled when MT 2.661 is first installed. I have always used http://tweezersedge.com/ as the URL to my weblog, and this is where the comment author redirect URL should take me to. I posted a couple of test comments today and found out my comment author URL preference had changed to http://tweezersedge.com/mt/.
Once I realized this was occurring, I edited the URL on the comment form and posted another comment. This appears to have fixed the problem - my comment author URL is remaining correct. I had posted a couple of test comments with the bad URL, and I had to edit the data in the MT comments database to correct the stored URL.
I am seriously considering downgrading to MT 2.65, or writing up some template code that emulates the <$MTCommentAuthorLink$> tag without using redirected URLs.