| CC: | perl5-porters [...] perl.org |
| Subject: | hash order dependency bugs in CGI tests and code |
I have been working on making it possible to add new hash algorithms to
perl core and on making the hash seed random per process for security
reasons.
In my work on this I have encountered some hash order dependency bugs in
the tests for CGI involving tags with more than one attribute. Making
tag order optionally deterministic and then using the option in the
tests solved the problem. The attached patch contains this fix. I left
the new behavior undocumented as currently it exists only to make the
tests happy.
There was a similar bug related to the positioning of the following
code:
#### Method: endform
# This method is DEPRECATED
*endform = \&end_form; # deprecated!
This was being executed before any subs were generated. Changing hash
order would somehow cause subs to be loaded in an order such that this
would not do the right thing and would fall through to an auto generated
"end_form" tag. I moved the declaration to be part of the code for
"end_form" and the bug went away.
It would be really nice if the attached patch or moral equivalent could
get applied to CGI sometime soon as I would like to merge my hash
changes to core soon and this is a roadblock.
Thanks,
Yves
| Subject: | cgi.patch |
commit 02b13840587691a7f1e1d88ccc6ddaf7980e1b87
Author: Yves Orton <demerphq@gmail.com>
Date: Mon Aug 27 08:57:19 2012 +0200
fix hash key ordering dependencies in cpan/CGI/.. tests
Hash seed randomization makes various tests fail as they depend
on a particular hash key ordering.
Note this is not a patch that has been pushed upstream.
diff --git a/cpan/CGI/Changes b/cpan/CGI/Changes
index 68ef980..4e88b06 100644
--- a/cpan/CGI/Changes
+++ b/cpan/CGI/Changes
@@ -1,3 +1,11 @@
+Version 3.61 Oct 20th, 2012 [CORE internal "bugfix" release (non-cpan)]
+
+ [TEST FIXES]
+ - Made it possible to force a sorted order for things like hash
+ attributes so that tests are not dependent on a particular hash
+ ordering. This will be required in modern perls which will
+ change the ordering per process.
+
Version 3.60 Aug 15th, 2012
[BUG FIXES]
diff --git a/cpan/CGI/lib/CGI.pm b/cpan/CGI/lib/CGI.pm
index f510680..e200f23 100644
--- a/cpan/CGI/lib/CGI.pm
+++ b/cpan/CGI/lib/CGI.pm
@@ -20,7 +20,7 @@ use Carp 'croak';
# The revision is no longer being updated since moving to git.
$CGI::revision = '$Id: CGI.pm,v 1.266 2009/07/30 16:32:34 lstein Exp $';
-$CGI::VERSION='3.60';
+$CGI::VERSION = '3.61';
# HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
# UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
@@ -129,9 +129,6 @@ sub initialize_globals {
# ------------------ START OF THE LIBRARY ------------
-#### Method: endform
-# This method is DEPRECATED
-*endform = \&end_form;
# make mod_perlhappy
initialize_globals();
@@ -1974,6 +1971,9 @@ sub end_form {
}
}
}
+#### Method: endform
+# This method is DEPRECATED
+*endform = \&end_form; # deprecated!
END_OF_FUNC
#### Method: end_multipart_form
diff --git a/cpan/CGI/lib/CGI/Util.pm b/cpan/CGI/lib/CGI/Util.pm
index b059281..2a98184 100644
--- a/cpan/CGI/lib/CGI/Util.pm
+++ b/cpan/CGI/lib/CGI/Util.pm
@@ -6,9 +6,10 @@ our @ISA = qw(Exporter);
our @EXPORT_OK = qw(rearrange rearrange_header make_attributes unescape escape
expires ebcdic2ascii ascii2ebcdic);
-our $VERSION = '3.53';
+our $VERSION = '3.54';
use constant EBCDIC => "\t" ne "\011";
+our $SORT_ATTRIBUTES;
# (ord('^') == 95) for codepage 1047 as on os390, vmesa
our @A2E = (
@@ -132,8 +133,12 @@ sub make_attributes {
my $quote = $do_not_quote ? '' : '"';
+ my @attr_keys= keys %$attr;
+ if ($SORT_ATTRIBUTES) {
+ @attr_keys= sort @attr_keys;
+ }
my(@att);
- foreach (keys %{$attr}) {
+ foreach (@attr_keys) {
my($key) = $_;
$key=~s/^\-//; # get rid of initial - if present
diff --git a/cpan/CGI/t/autoescape.t b/cpan/CGI/t/autoescape.t
index 41172982..3a25c2d 100644
--- a/cpan/CGI/t/autoescape.t
+++ b/cpan/CGI/t/autoescape.t
@@ -6,6 +6,7 @@ use warnings;
use Test::More tests => 18;
use CGI qw/ autoEscape escapeHTML button textfield password_field textarea popup_menu scrolling_list checkbox_group optgroup checkbox radio_group submit image_button button /;
+$CGI::Util::SORT_ATTRIBUTES = 1;
is (button(-name => 'test<'), '<input type="button" name="test<" value="test<" />', "autoEscape defaults to On");
diff --git a/cpan/CGI/t/function.t b/cpan/CGI/t/function.t
index e0c0845..7082a79 100644
--- a/cpan/CGI/t/function.t
+++ b/cpan/CGI/t/function.t
@@ -5,6 +5,7 @@ END {print "not ok 1\n" unless $loaded;}
use Config;
use CGI (':standard','keywords');
$loaded = 1;
+$CGI::Util::SORT_ATTRIBUTES = 1;
print "ok 1\n";
######################### End of black magic.
@@ -103,4 +104,4 @@ test(30, !charset("") && header() eq "Content-Type: text/html${CRLF}${CRLF}", "E
test(31, header(-foo=>'bar') eq "Foo: bar${CRLF}Content-Type: text/html${CRLF}${CRLF}", "Custom header");
-test(32, start_form(-action=>'one',name=>'two',onsubmit=>'three') eq qq(<form method="post" action="one" enctype="multipart/form-data" onsubmit="three" name="two">), "initial dash followed by undashed arguments");
+test(32, start_form(-action=>'one',name=>'two',onsubmit=>'three') eq qq(<form method="post" action="one" enctype="multipart/form-data" name="two" onsubmit="three">), "initial dash followed by undashed arguments");
diff --git a/cpan/CGI/t/html.t b/cpan/CGI/t/html.t
index 09a3e33..efa2f03 100644
--- a/cpan/CGI/t/html.t
+++ b/cpan/CGI/t/html.t
@@ -5,6 +5,7 @@ use Test::More tests => 33;
END { ok $loaded; }
use CGI ( ':standard', '-no_debug', '*h3', 'start_table' );
$loaded = 1;
+$CGI::Util::SORT_ATTRIBUTES= 1;
ok 1;
BEGIN {
@@ -98,7 +99,7 @@ is start_html(
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>The world of foo</title>
-<script src="foo.js" charset="utf-8" type="text/javascript"></script>
+<script charset="utf-8" src="foo.js" type="text/javascript"></script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>