| Subject: | _name_and_path_from_env should disregard query string |
_name_and_path_from_env does not work properly in case the query string
contains a "//", resulting in for example failures to remove the path
info from url() in pathological cases such as
"script.cgi/%20%20?foo=%2F%2F". Possible fix attached.
| Subject: | qs.patch |
--- CGI.pm~ 2006-09-28 20:04:10.000000000 +0300
+++ CGI.pm 2007-01-21 16:17:57.000000000 +0200
@@ -2778,9 +2778,11 @@
'_name_and_path_from_env' => <<'END_OF_FUNC',
sub _name_and_path_from_env {
my $self = shift;
- my $raw_script_name = $ENV{SCRIPT_NAME} || '';
- my $raw_path_info = $ENV{PATH_INFO} || '';
- my $uri = unescape($self->request_uri) || '';
+ my $raw_script_name = $ENV{SCRIPT_NAME} || '';
+ my $raw_path_info = $ENV{PATH_INFO} || '';
+ my $uri = $self->request_uri || '';
+ $uri =~ s/\?.*$//;
+ $uri = unescape($uri) || '';
my $protected = quotemeta($raw_path_info);
$raw_script_name =~ s/$protected$//;