| Subject: | Re: CGI.pm bug (since v3.12): url(-rewrite=>1) assumes identical url-{en,de}coded status for REQUEST_URI and PATH_INFO |
| Date: | Tue, 4 Apr 2006 23:11:12 +0000 |
| To: | lstein [...] cshl.edu, bug-CGI.pm [...] rt.cpan.org |
| From: | Julian Mehnle <julian [...] mehnle.net> |
Message body not shown because it is not plain text.
Lincoln Stein wrote:
Show quoted text
> Sorry about the url rewrite bug. If you can suggest a working patch, I
> would be most grateful. I have had great difficulty getting this to work
> reliably in all circumstances.
Try the attached patch against v3.17, it passes the attached test script.
The patch does essentially the following:
In both url() and _name_and_path_from_env(), REQUEST_URI is now unescaped
before any comparisons with unescaped URIs/paths are performed on it (per
the CGI spec, PATH_INFO and SCRIPT_NAME are always URL-unescaped). As a
side effect, the local URL-escaping of $path_info_search in
_name_and_path_from_env() is now unnecessary.
The patch also reduces a redundant if-match-then-substitute in
_name_and_path_from_env() to a simple substitute, which is equivalent.
Julian.
Message body is not shown because sender requested not to inline it.
Message body is not shown because sender requested not to inline it.