Bug #21481 for Apache-AuthCookie: problem with Apache2::AuthCookie and _get_form

Thu Sep 14 08:39:12 2006 raines [...] nmr.mgh.harvard.edu - Ticket created

Subject:	problem with Apache2::AuthCookie and _get_form_data
Date:	Thu, 14 Sep 2006 08:38:49 -0400 (EDT)
To:	bug-Apache-AuthCookie [...] rt.cpan.org
From:	Paul Raines <raines [...] nmr.mgh.harvard.edu>

Apache2::AuthCookie does not properly handle data with spaces in it. Just try using it with an account that has a space in its password. When the authen_cred handler is called, what should be a space is instead a "+" sign. This is due to the use of unescape_url in _get_form_data Apache2::compat defines unescape_url_info which is supposed to properly handle the space and is defined as such: sub unescape_url_info { my($class, $string) = @_; Apache2::URI::unescape_url($string); $string =~ tr/+/ /; $string; } which seems WRONG! It will convert any real "+" signs in the data to spaces too! The tr/+/ / must come BEFORE unescape_url So basically to fix this in Apache2::AuthCookie you have to do it yourself by doing the tr/+/ / before your call to unescape_url in _get_form_data

Thu Sep 14 11:08:28 2006 MSCHOUT [...] cpan.org - Correspondence added

On Thu Sep 14 08:39:12 2006, raines@nmr.mgh.harvard.edu wrote: Show quoted text

> > Apache2::AuthCookie does not properly handle data with spaces in it. > Just try using it with an account that has a space in its password. > When the authen_cred handler is called, what should be a space is > instead a "+" sign.

This was fixed in v3.09. Current stable version available from CPAN is 3.10. You need to update your Apache::AuthCookie. Regards, Michael Schout

Thu Sep 14 11:08:29 2006 The RT System itself - Status changed from 'new' to 'open'

Thu Sep 14 11:08:30 2006 MSCHOUT [...] cpan.org - Status changed from 'open' to 'rejected'

Bug #21481 for Apache-AuthCookie: problem with Apache2::AuthCookie and _get_form_data