Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 30504
Status: resolved
Priority: 0/
Queue: CGI
People
Owner: MARKSTOS [...] cpan.org
Requestors: alech [...] cpan.org
andy [...] hexten.net
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Nov 05 16:40:04 2007 andy [...] hexten.net - Ticket created
In Mac OS 10.5 (Leopard) the temporary directory may have a '+' in its name - which breaks a couple of checks in CGI.pm. The attached patch allows all tests to pass on Leopard.
Subject: cgi-pm-leopard.patch
--- CGI.pm-3.29-orig/CGI.pm 2007-11-05 21:26:33.000000000 +0000 +++ CGI.pm-3.29/CGI.pm 2007-11-05 21:37:01.000000000 +0000 @@ -3696,7 +3696,7 @@ (my $safename = $name) =~ s/([':%])/ sprintf '%%%02X', ord $1 /eg; my $fv = ++$FH . $safename; my $ref = \*{"Fh::$fv"}; - $file =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return; + $file =~ m!^([a-zA-Z0-9_ \'\":/.\$\\\+-]+)$! || return; my $safe = $1; sysopen($ref,$safe,Fcntl::O_RDWR()|Fcntl::O_CREAT()|Fcntl::O_EXCL(),0600) || return; unlink($safe) if $delete; @@ -4035,7 +4035,7 @@ last if ! -f ($filename = sprintf("${TMPDIRECTORY}${SL}CGItemp%d",$sequence++)); } # check that it is a more-or-less valid filename - return unless $filename =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$!; + return unless $filename =~ m!^([a-zA-Z0-9_ \'\":/.\$\\\+-]+)$!; # this used to untaint, now it doesn't # $filename = $1; return bless \$filename;
  Fri Nov 30 11:11:58 2007 alech [...] cpan.org - Ticket #31106: Ticket created
Subject: [PATCH] file upload fails on Mac OS X 10.5 ($ENV{TMPDIR} contains '+')
After updating to Mac OS X Leopard, my file uploads in Jifty failed. I've investigated that the problem comes from CGI's handling of temporary filenames. $ENV{TMPDIR} looks like the following on my freshly installed system: trinidad:~ klink$ echo $TMPDIR /var/folders/RB/RBdqb0lZG2iU541e-bUIyU+++yg/-Tmp-/ This does not match the regex check in CGI.pm, because of the '+'s. The attached patch solves this problem by adding + as an allowed character to the regular expressions.
Subject: CGI.patch
diff --git a/CGI.pm b/CGI.pm index 0d5ef00..d01e18d 100644 --- a/CGI.pm +++ b/CGI.pm @@ -3696,7 +3696,7 @@ sub new { (my $safename = $name) =~ s/([':%])/ sprintf '%%%02X', ord $1 /eg; my $fv = ++$FH . $safename; my $ref = \*{"Fh::$fv"}; - $file =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return; + $file =~ m!^([a-zA-Z0-9_\+ \'\":/.\$\\-]+)$! || return; my $safe = $1; sysopen($ref,$safe,Fcntl::O_RDWR()|Fcntl::O_CREAT()|Fcntl::O_EXCL(),0600) || return; unlink($safe) if $delete; @@ -4035,7 +4035,7 @@ sub new { last if ! -f ($filename = sprintf("${TMPDIRECTORY}${SL}CGItemp%d",$sequence++)); } # check that it is a more-or-less valid filename - return unless $filename =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$!; + return unless $filename =~ m!^([a-zA-Z0-9_\+ \'\":/.\$\\-]+)$!; # this used to untaint, now it doesn't # $filename = $1; return bless \$filename;
  Wed Jul 22 19:11:44 2009 MARKSTOS [...] cpan.org - Taken
  Wed Jul 22 19:12:15 2009 MARKSTOS [...] cpan.org - Subject changed from (no value) to 'PATCH: allow "+" in file names'
  Wed Jul 22 19:13:14 2009 MARKSTOS [...] cpan.org - Correspondence added
On Mon Nov 05 16:40:04 2007, ANDYA wrote: Show quoted text
> In Mac OS 10.5 (Leopard) the temporary directory may have a '+' in its > name - which breaks a > couple of checks in CGI.pm. The attached patch allows all tests to > pass on Leopard.
Andy, Thanks for the patch. I see it has still not been applied in 3.43. It looks reasonable to me, and I recommend that the patch be applied. Mark
  Wed Jul 22 19:13:15 2009 The RT System itself - Status changed from 'new' to 'open'
  Sat Jul 25 15:07:40 2009 MARKSTOS [...] cpan.org - Ticket #31106: Merged into ticket #30504
  Sat Jul 25 15:07:40 2009 MARKSTOS [...] cpan.org - Merged into ticket #30504
  Sat Aug 01 21:38:47 2009 MARKSTOS [...] cpan.org - Correspondence added
Thanks, this patch has been applied in my git repo now.
  Sat Aug 01 21:38:49 2009 MARKSTOS [...] cpan.org - Status changed from 'open' to 'patched'
  Fri Aug 14 21:41:30 2009 MARKSTOS [...] cpan.org - Correspondence added
Subject: released, thanks.
I believe this change was released today as part of CGI.pm 3.45. Thanks for the contribution.
  Fri Aug 14 21:41:31 2009 The RT System itself - Status changed from 'patched' to 'open'
  Fri Aug 14 21:41:32 2009 MARKSTOS [...] cpan.org - Status changed from 'open' to 'resolved'
  Fri May 23 14:28:47 2014 The RT System itself - Queue changed from CGI.pm to CGI