Skip Menu |

This queue is for tickets about the Apache-AuthCookie CPAN distribution.

Report information
The Basics
Id: 21481
Status: rejected
Priority: 0/
Queue: Apache-AuthCookie

People
Owner: Nobody in particular
Requestors: raines [...] nmr.mgh.harvard.edu
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: problem with Apache2::AuthCookie and _get_form_data
Date: Thu, 14 Sep 2006 08:38:49 -0400 (EDT)
To: bug-Apache-AuthCookie [...] rt.cpan.org
From: Paul Raines <raines [...] nmr.mgh.harvard.edu>
Apache2::AuthCookie does not properly handle data with spaces in it. Just try using it with an account that has a space in its password. When the authen_cred handler is called, what should be a space is instead a "+" sign. This is due to the use of unescape_url in _get_form_data Apache2::compat defines unescape_url_info which is supposed to properly handle the space and is defined as such: sub unescape_url_info { my($class, $string) = @_; Apache2::URI::unescape_url($string); $string =~ tr/+/ /; $string; } which seems WRONG! It will convert any real "+" signs in the data to spaces too! The tr/+/ / must come BEFORE unescape_url So basically to fix this in Apache2::AuthCookie you have to do it yourself by doing the tr/+/ / before your call to unescape_url in _get_form_data
On Thu Sep 14 08:39:12 2006, raines@nmr.mgh.harvard.edu wrote: Show quoted text
> > Apache2::AuthCookie does not properly handle data with spaces in it. > Just try using it with an account that has a space in its password. > When the authen_cred handler is called, what should be a space is > instead a "+" sign.
This was fixed in v3.09. Current stable version available from CPAN is 3.10. You need to update your Apache::AuthCookie. Regards, Michael Schout