| Subject: | Reason for escaping only on output? |
The stringify function will escape on output, allowing you to use
stringify to create a valid query string. But if a field comes in with a
special uri-encoded character and the field is not modified, the
resulting stringify call will return an invalid string. I have included
source code and the resulting output in this description.
I noticed in your documentation that you stated that uri unescaping is
expected to be handled by the caller, however, in this use case the
caller has no reason to unescape.
I think the module should be consistent with how it treats escaping: if
the caller is expected to handle escaping, the module should not escape
on stringify (bad), if the module handles escaping, the module should
unescape on parsing the query string and escape on stringify (preferred).
---Test script:
#!/usr/bin/perl
use URI::Query;
compare_queries('field=1');
compare_queries('field=1%3D1'); # uri encoded this is 'field' with value
'1=1'
sub compare_queries($)
{
my $qstring = shift;
print "Original String: " . $qstring . "\n";
my $qq = URI::Query->new($qstring);
my $qq_mirror = URI::Query->new($qq->stringify());
print "Initial object: " . $qq->stringify() . "\n";
print "Mirrored object: " . $qq_mirror->stringify() . "\n";
if ($qq->stringify() eq $qq_mirror->stringify())
{
print "Strings are equivalent.\n";
}
else
{
print "Strings are NOT equivalent.\n";
}
print "\n";
}
---Output:
Original String: field=1
Initial object: field=1
Mirrored object: field=1
Strings are equivalent.
Original String: field=1%3D1
Initial object: field=1%253D1
Mirrored object: field=1%25253D1
Strings are NOT equivalent.
--Potential change:
Add under line 131:
$key = uri_unescape($key);
$value = uri_unescape($value);