Subject: | problem with Apache2::AuthCookie and _get_form_data |
Date: | Thu, 14 Sep 2006 08:38:49 -0400 (EDT) |
To: | bug-Apache-AuthCookie [...] rt.cpan.org |
From: | Paul Raines <raines [...] nmr.mgh.harvard.edu> |
Apache2::AuthCookie does not properly handle data with spaces in it.
Just try using it with an account that has a space in its password.
When the authen_cred handler is called, what should be a space is
instead a "+" sign.
This is due to the use of unescape_url in _get_form_data
Apache2::compat defines unescape_url_info which is supposed to properly
handle the space and is defined as such:
sub unescape_url_info {
my($class, $string) = @_;
Apache2::URI::unescape_url($string);
$string =~ tr/+/ /;
$string;
}
which seems WRONG! It will convert any real "+" signs in the data
to spaces too! The tr/+/ / must come BEFORE unescape_url
So basically to fix this in Apache2::AuthCookie you have to do it yourself
by doing the tr/+/ / before your call to unescape_url in _get_form_data