Bug #75595 for CGI: Unexpected behaviour with partially encoded url in redirect

When performing a redirect with a url that contains both escaped and non escaped ampersands the location that the browser is sent to is not what would be expected. $ perl -e 'use CGI; my $c = CGI->new; print $c->redirect(-url => q{http://localhost/? param1=value&param2=value2&amp;param3=another_value})' gives: Status: 302 Found Location: http://localhost/?param1=valueparam2=value2&ampparam3=another_value rather than: Status: 302 Found Location: http://localhost/?param1=value&param2=value2&param3=another_value as I would expect. I tracked this down to the unescapeHTML functionality which looks for '&[stuff];' which correctly replaces '&amp;' with '&', '&lt;' with '<' etc, but if it hits something that it doesn't recognise (in the above example 'param2=value2&amp' is what it sees as the [stuff] component) it keeps this section but throws away the leading ampersand and the trailing semicolon. Is there any reason that the unescapeHTML function couldn't keep the entire unrecognised section (including the ampersand and semicolon) in a case like this?