Skip Menu |

This queue is for tickets about the CGI-Simple CPAN distribution.

Report information
The Basics
Id: 41339
Status: resolved
Priority: 0/
Queue: CGI-Simple

People
Owner: Nobody in particular
Requestors: m-uchino [...] yetipapa.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: CGI-Simple unescapeHTML
Date: Mon, 1 Dec 2008 19:29:50 +0900
To: <bug-Cgi-Simple [...] rt.cpan.org>
From: "uchino" <m-uchino [...] yetipapa.com>
Sorry, my English is poor. I hope that unescapeHTML does not edit 'not escaped text'. ex. my $text = 'http://xxx.yyy.com/foo.cgi?aaa&bbb&ccc/111/222/333/xxx;yyy;zzz;'; # Yes, this is strange URL, but I found it. $text = unescapeHTML($text); resalt: http://xxx.yyy.com/foo.cgi?aaabbb&ccc/111/222/333/xxxyyy;zzz; unescapeHTML mistakes '&bbb&ccc/111/222/333/xxx;' for escaped text. I think line 154 in Util.pm $_ ----------> "&$_;" M-Uchino
Subject: PATCH: CGI-Simple unescapeHTML (fix)
I have confirmed this bug with a new automated test, and have also prepared a patch to fix it. The "fall-through" option for unescapeHTML was failing to "put things back how it found them" when no match was found. CGI.pm 3.42 still has the same bug as well. Mark
Sat Dec 6 10:20:34 EST 2008 Mark Stosberg <mark@summersault.com> * Fixed bug when calling unescapeHTML on HTML that wasn't properly escaped in the first place. diff -rN -u old-CGI-Simple-1.106/Changes new-CGI-Simple-1.106/Changes --- old-CGI-Simple-1.106/Changes 2008-12-06 10:21:52.000000000 -0500 +++ new-CGI-Simple-1.106/Changes 2008-12-06 10:21:52.000000000 -0500 @@ -136,4 +136,7 @@ to RSAVAGE. - Applied BEROV's patch for UTF-8 form data handling. Refs #12481. Thanks to BEROV. +1.107 2008-12-06 + - Fixed bug when calling unescapeHTML on HTML that wasn't properly escaped in the first place. + Thanks to M-Uchino and Mark Stosberg. diff -rN -u old-CGI-Simple-1.106/lib/CGI/Simple/Util.pm new-CGI-Simple-1.106/lib/CGI/Simple/Util.pm --- old-CGI-Simple-1.106/lib/CGI/Simple/Util.pm 2008-12-06 10:21:52.000000000 -0500 +++ new-CGI-Simple-1.106/lib/CGI/Simple/Util.pm 2008-12-06 10:21:52.000000000 -0500 @@ -152,7 +152,7 @@ /^#(\d+)$/ && $ebcdic ? chr($UTIL->{'a2e'}->[$1]) : /^#x([0-9a-f]+)$/i && $latin ? chr(hex($1)) : /^#x([0-9a-f]+)$/i && $ebcdic ? chr($UTIL->{'a2e'}->[hex $1]) : - $_ + "\&$_;" }gex; return $unescape; } diff -rN -u old-CGI-Simple-1.106/t/050.simple.t new-CGI-Simple-1.106/t/050.simple.t --- old-CGI-Simple-1.106/t/050.simple.t 2008-12-06 10:21:52.000000000 -0500 +++ new-CGI-Simple-1.106/t/050.simple.t 2008-12-06 10:21:52.000000000 -0500 @@ -1,4 +1,4 @@ -use Test::More tests => 331; +use Test::More tests => 332; use Carp; use strict; use warnings; @@ -756,6 +756,8 @@ $sv = $q->unescapeHTML( "&lt;&gt;&amp;&quot;&#10;&#13;&lt;&gt;&amp;&quot;&#10;&#13;" ); is( $sv, "<>&\"\012\015<>&\"\012\015", 'unescapeHTML(), 2' ); +$sv = $q->unescapeHTML('Jack & Jill went up the hill; to get a pail of water'); +is( $sv, 'Jack & Jill went up the hill; to get a pail of water', 'unescapeHTML(), 3 ' ); # put() is( $q->put( '' ), 1, 'put(), 1' );
Patch applied as r4448. Thanks both!