| Subject: | wide character in syswrite() |
Net::HTTPServer-1.1.1 is vulnerable to inhection of unencoded unicode
strings. It handles them allright, until we hit syswrite in
Net::HTTPServer::_send_data(), which fails with an error message like
this:
Wide character in syswrite
at /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/IO/Handle.pm line
460.
The attached fix takes care that the response body is always
utf8::encode()ed properly when needed.
| Subject: | handle_wide_char.diff |
--- Net-HTTPServer-1.1.1/lib/Net/HTTPServer/Response.pm.orig 2005-01-06 04:58:16.000000000 +0100
+++ Net-HTTPServer-1.1.1/lib/Net/HTTPServer/Response.pm 2008-09-12 15:39:09.169964000 +0200
@@ -72,6 +72,9 @@
Returns the current value of the response body. Sets the content of
the response if a value is specified.
+Body() always returns the value as a utf8::encode()ed string.
+As a parameter it accepts both, perl unicode wide character strings
+or utf8 encoded byte strings.
=head2 Clear()
@@ -194,7 +197,11 @@
my $self = shift;
my $body = shift;
- return $self->{BODY} unless defined($body);
+ unless (defined $body)
+ {
+ utf8::encode $self->{BODY} if utf8::is_utf8 $self->{BODY};
+ return $self->{BODY};
+ }
$self->{BODY} = $body;
}
@@ -401,7 +408,7 @@
chomp($header);
$header .= "\r\n\r\n";
- return ($header,$self->{BODY});
+ return ($header,$self->Body());
}