| Subject: | Wrong request passed to redirect_ok: file scheme allowed |
In LWP::UserAgent of 5.76, the original request, not the redirect one, gets passed to redirect_ok(). Consequently, for example the "file" scheme check there does not work as expected, and UserAgent happily follows redirects to "file:" URIs.
Fix attached, along with a change that makes file: redirects include a Client-Warning header instead of debug-tracing it; this is better IMO.
Index: lib/LWP/UserAgent.pm
===================================================================
RCS file: /cvsroot/libwww-perl/lwp5/lib/LWP/UserAgent.pm,v
retrieving revision 2.24
diff -a -u -r2.24 UserAgent.pm
--- lib/LWP/UserAgent.pm 21 Nov 2003 11:48:13 -0000 2.24
+++ lib/LWP/UserAgent.pm 28 Mar 2004 13:02:22 -0000
@@ -334,7 +334,7 @@
$r = $r->previous;
}
- return $response unless $self->redirect_ok($request, $response);
+ return $response unless $self->redirect_ok($referral, $response);
return $self->request($referral, $arg, $size, $response);
}
@@ -530,7 +530,8 @@
@{ $self->requests_redirectable || [] };
if ($new_request->url->scheme eq 'file') {
- LWP::Debug::trace("Can't redirect to a file:// URL!");
+ $response->header("Client-Warning" =>
+ "Can't redirect to a file:// URL!");
return 0;
}