Bug #54768 for CGI: CGI: test t/http.t fails, when HTTPS

Thu Feb 18 14:02:48 2010 winfree [...] gmx.de - Ticket created

Subject:

CGI: test t/http.t fails, when HTTPS_PROXY is set

I ran into this when trying to upgrade the CGI module via CPAN shell. Simply said, CGI's method https() returns every key of %ENV which matches the regex /^HTTPS(?:_|$)/ . So, HTTPS_PROXY is also returned, which breaks the test for https(), because it only expects HTTPS and HTTPS_KEYSIZE to be returned. Localizing %ENV at the beginning of the affected test block might fix this. See attached patch file for a fix. This issue exists at least since 3.47 (and also in 3.49, which wasn't available in the "broken in" list). I couldn't check 3.46, because I didn't find a package for that version. 3.45 is not affected, as it doesn't contain a test file t/http.t . I didn't check any other versions. This issue was already mentioned in the CGI queue: https://rt.cpan.org/Public/Bug/Display.html?id=53326 As it is the only ticket there (without any further action or comment), I thought to open this one in this queue. Forgive me, if I am wrong in doing so. Distribution: CGI-3.49 Perl Version: 5.10.1 OS: Gentoo Linux, CentOS 5.4

Subject:

http.t-patch

Download http.t-patch
application/octet-stream 653b

Message body not shown because it is not plain text.

Sat Feb 20 12:41:56 2010 yanick [...] babyl.dyndns.org - Correspondence added

Subject:	Re: [rt.cpan.org #54768] CGI: test t/http.t fails, when HTTPS_PROXY is set
Date:	Sat, 20 Feb 2010 12:41:43 -0500
To:	bug-CGI.pm [...] rt.cpan.org
From:	Yanick Champoux <yanick [...] babyl.dyndns.org>

Show quoted text

> As it is the only ticket there (without any further action or comment), > I thought to open this one in this queue. Forgive me, if I am wrong in > doing so.

No, you did exactly the right thing. Thanks for the report and the patch! Repo branch with the fix: http://github.com/markstos/CGI.pm/tree/rt-54768

Sat Feb 20 12:42:02 2010 The RT System itself - Status changed from 'new' to 'open'

Mon Feb 22 10:29:47 2010 MARKSTOS [...] cpan.org - Taken

Mon Feb 22 10:30:31 2010 MARKSTOS [...] cpan.org - Correspondence added

Thank you both for your work on this. This patch is now in the "master" branch and will appear in the next release.

Mon Feb 22 10:30:44 2010 MARKSTOS [...] cpan.org - Status changed from 'open' to 'patched'

Mon May 17 07:29:59 2010 smueller [...] cpan.org - Correspondence added

This fix is still not in any CPAN release. It is causing spurious perl core test failures for me. May I kindly request a new CGI.pm release so we can fix this issue in the core, too? Best regards, Steffen Müller

Mon May 17 07:30:03 2010 The RT System itself - Status changed from 'patched' to 'open'

Mon May 17 10:38:13 2010 MARKSTOS [...] cpan.org - Correspondence added

Subject:

CGI.pm: stable for release?

Yanick, Do you agree that the "master" branch is in a good state for a release? The only changes I see in "Changes" are this issue and a documentation fix: "Correcting/clarifying documentation for param_fetch()." Mark

Tue May 18 10:32:01 2010 yanick+cpan [...] babyl.dyndns.org - Correspondence added

On Mon May 17 10:38:13 2010, MARKSTOS wrote: Show quoted text

> Do you agree that the "master" branch is in a good state for a release?

Yup. The churn has been minimal, and mostly on the documentation. I give my +1 for a release.

Tue May 18 10:47:12 2010 MARKSTOS [...] cpan.org - Correspondence added

RT-Send-CC:

lincoln.stein [...] gmail.com

Lincoln, The Perl core team is asking for a new release of CGI.pm to address a test failure, and Yanick and I support the request. There have been minimal changes since the last release. See here for the minimal list of proposed changes: http://github.com/markstos/CGI.pm/blob/master/Changes It looks like you may need to update the version in the "Changes" file in CGI.pm for the release. This ticket history also has some more context. Thanks for your help! Mark

Sun Oct 17 15:20:47 2010 $_ = 'spro^^*%*^6ut# [...] &$%*c>#!^!#&!pan.org'; y/a-z.@//cd; print - Correspondence added

On Sat Feb 20 12:41:56 2010, yanick@babyl.dyndns.org wrote: Show quoted text

> > As it is the only ticket there (without any further action or comment), > > I thought to open this one in this queue. Forgive me, if I am wrong in > > doing so.

> > No, you did exactly the right thing. Thanks for the report and the patch! > > Repo branch with the fix: http://github.com/markstos/CGI.pm/tree/rt-54768 >

That patch, unfortunately, does not work on VMS, as %ENV cannot be cleared on that system. Attached is a patch, to be applied to the version on GitHub, which restores VMS compatibility.

Subject:

open_yLainsJi.txt

diff --git a/t/http.t b/t/http.t index 324da26..2ed3863 100644 --- a/t/http.t +++ b/t/http.t @@ -34,8 +34,11 @@ my $cgi = CGI->new(); # https() # The same as http(), but operates on the HTTPS environment variables present when the SSL protocol is in # effect. Can be used to determine whether SSL is turned on. - local %ENV; - @ENV{qw/ HTTPS HTTPS_KEYSIZE /} = ('ON', 512); + my @expect = grep /^HTTPS/, keys %ENV; + push @expect, 'HTTPS' if not exists $ENV{HTTPS}; + push @expect, 'HTTPS_KEYSIZE' if not exists $ENV{HTTPS_KEYSIZE}; + local $ENV{'HTTPS'} = 'ON'; + local $ENV{'HTTPS_KEYSIZE'} = 512; is $cgi->https(), 'ON', 'scalar context to check SSL is on'; - ok eq_set( [$cgi->https()], [qw(HTTPS HTTPS_KEYSIZE)]), 'list context returns https keys'; + ok eq_set( [$cgi->https()], \@expect), 'list context returns https keys'; }

Sun Nov 14 20:55:15 2010 $_ = 'spro^^*%*^6ut# [...] &$%*c>#!^!#&!pan.org'; y/a-z.@//cd; print - Correspondence added

RT-Send-CC:

lincoln.stein [...] gmail.com

On Sun Oct 17 15:20:47 2010, SPROUT wrote: Show quoted text

> On Sat Feb 20 12:41:56 2010, yanick@babyl.dyndns.org wrote:

> > > As it is the only ticket there (without any further action or comment), > > > I thought to open this one in this queue. Forgive me, if I am wrong in > > > doing so.

> > > > No, you did exactly the right thing. Thanks for the report and the patch! > > > > Repo branch with the fix: http://github.com/markstos/CGI.pm/tree/rt-54768 > >

> > That patch, unfortunately, does not work on VMS, as %ENV cannot be > cleared on that system. > > Attached is a patch, to be applied to the version on GitHub, which > restores VMS compatibility. >

Unfortunately, there appears to have been a new CGI.pm release (3.50) that did not include this patch. This will stop perl from passing its tests on VMS if 3.50 is integrated into the perl repository.

Mon Nov 15 11:31:23 2010 mark [...] summersault.com - Correspondence added

Subject:	Re: [rt.cpan.org #54768] CGI: test t/http.t fails, when HTTPS_PROXY is set
Date:	Mon, 15 Nov 2010 11:31:08 -0500
To:	bug-CGI.pm [...] rt.cpan.org
From:	Mark Stosberg <mark [...] summersault.com>

Show quoted text

> Unfortunately, there appears to have been a new CGI.pm release (3.50) that did not include > this patch. This will stop perl from passing its tests on VMS if 3.50 is integrated into the perl > repository.

Thanks for the nudge. The 3.50 release focused on some important security updates. We'll continue to work on integrating this patch. Mark

Mon Nov 15 19:54:57 2010 MARKSTOS [...] cpan.org - Correspondence added

RT-Send-CC:

mark [...] summersault.com

Your latest patch has now been applied to the git repo. Thanks, Mark

Mon Nov 15 19:54:58 2010 MARKSTOS [...] cpan.org - Status changed from 'open' to 'patched'

Sun Jan 23 20:45:33 2011 MARKSTOS [...] cpan.org - Correspondence added

Subject:

patch released for CGI.pm

Thanks for the bug report. A patch for it appeared in 3.51, if not sooner. Resolving. Mark

Sun Jan 23 20:45:34 2011 The RT System itself - Status changed from 'patched' to 'open'

Sun Jan 23 20:45:34 2011 MARKSTOS [...] cpan.org - Status changed from 'open' to 'resolved'

Fri May 23 14:29:35 2014 The RT System itself - Queue changed from CGI.pm to CGI

Bug #54768 for CGI: CGI: test t/http.t fails, when HTTPS_PROXY is set

Preferred bug tracker