Skip Menu |

This queue is for tickets about the Catalyst-Action-REST CPAN distribution.

Report information
The Basics
Id: 73741
Status: resolved
Priority: 0/
Queue: Catalyst-Action-REST
People
Owner: bobtfish [...] bobtfish.net
Requestors: carl.vincent [...] newcastle.ac.uk
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Wed Jan 04 12:07:17 2012 carl.vincent [...] newcastle.ac.uk - Ticket created
Subject: Serialize::JSONP rejects callback names containing periods
Date: Wed, 4 Jan 2012 17:06:31 +0000
To: "bug-Catalyst-Action-REST [...] rt.cpan.org" <bug-Catalyst-Action-REST [...] rt.cpan.org>
From: Carl Vincent <carl.vincent [...] newcastle.ac.uk>
Hi, I'm using Catalyst::Action::Serialize::JSONP with YUI, and YUI is trying to set a callback of the form "YUI.Env.DataSource.callbacks.yui_3_4_1_1_1325693990990_144". This is falling foul of the regex filter in the module and resulting in an error. I've done a little reading around (though I'm no expert) and it seems that adding the period to the acceptable character list isn't a significant additional risk, so I propose adding it to the filter. I've included a git diff from making that change and adjusting the test to cover a wider range of characters. Cheers Carl diff --git a/lib/Catalyst/Action/Serialize/JSONP.pm b/lib/Catalyst/Action/Serial index f450fde..8886a0c 100644 --- a/lib/Catalyst/Action/Serialize/JSONP.pm +++ b/lib/Catalyst/Action/Serialize/JSONP.pm @@ -19,7 +19,7 @@ after 'execute' => sub { my $callback_value = $c->req->param($callback_key); if ($callback_value) { - if ($callback_value =~ /^\w+$/) { + if ($callback_value =~ /^(\.|\w)+$/) { $c->res->content_type('text/javascript'); $c->res->output($callback_value.'('.$c->res->output().');'); } else { diff --git a/t/jsonp.t b/t/jsonp.t index 97a77cd..bf151bd 100644 --- a/t/jsonp.t +++ b/t/jsonp.t @@ -19,11 +19,12 @@ for ('text/javascript','application/x-javascript','applicati my $t = Test::Rest->new('content_type' => $_); my $monkey_template = { monkey => 'likes chicken!' }; - my $mres = request($t->get(url => '/monkey_get?callback=omnivore')); + my $mres = request($t->get(url => '/monkey_get?callback=My_Animal.omnivore' ok( $mres->is_success, 'GET the monkey succeeded' ); - my ($json_param) = $mres->content =~ /^omnivore\((.*)?\);$/; + my ($json_param) = $mres->content =~ /^My_Animal.omnivore\((.*)?\);$/; is_deeply($json->decode($json_param), $monkey_template, "GET returned the r + } 1; --      -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-      Carl Vincent             http://www.netskills.ac.uk/ (URL)      Systems Manager                       0191 222 5003 (voice)      Netskills, Newcastle University       0191 222 5001  (fax) Netskills is a JISC Advance service      Training  - Development - Research - Innovation
  Wed Jan 04 14:59:13 2012 bobtfish [...] bobtfish.net - Correspondence added
Fixed in the latest release (0.95), thanks for the bug report and patch!
  Wed Jan 04 14:59:15 2012 The RT System itself - Status changed from 'new' to 'open'
  Wed Jan 04 14:59:15 2012 bobtfish [...] bobtfish.net - Status changed from 'open' to 'resolved'
  Wed Jan 04 14:59:23 2012 bobtfish [...] bobtfish.net - Taken