Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 1933
Status: resolved
Priority: 0/
Queue: CGI

People
Owner: Nobody in particular
Requestors: nic [...] coombs.anu.edu.au
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in: (no value)
Fixed in: (no value)



Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.405 (Entity 5.404)
Subject: '+' converted to space in POST/GET
X-RT-Original-Encoding: iso-8859-1
Content-Length: 1343
Download (untitled) / with headers
text/plain 1.3k
In CGI.pm - a + character passed in a form textfield is converted to a space when you do something like print $queryin->param('crusty'); I suggest that there is at least 1 spurious $foo=~tr/+/ /; or similar statement in CGI.pm - or that the unescape sub is called more than once (which contains that statement). The value of the crusty variable is correctly urlencoded when it gets to the server (tested with Example 19.6: dummyhttpd from the Perl cookbook) I don't think that OS or perl ver are relevant, but it's solaris 8 (discovered on machine running solaris 7) and perl v5.6.0 built for sun4-solaris. Apache 1.3.27, mod_perl 1.27. CGI.pm is ver 2.89 and CGI.pm,v 1.75 2002/10/16 17:48:37 lstein The problem is reproducible with the following form and cgi script - enter a string containing '+' character into the form and watch it disappear! Testform: <HTML> <BODY> <FORM method=post action=cgi-bin/webchange.cgi> <INPUT NAME=crusty type=text> <!-- <INPUT NAME=crusty type=password> --> <INPUT type=submit> </FORM> </BODY> </HTML> CGI script (webchange.cgi): #!/opt/perl/bin/perl # use strict; # use IO::Socket; use CGI; use CGI::Carp qw(fatalsToBrowser); my $queryin = new CGI(); print CGI->header(); print $queryin->param('crusty'); Any questions - feel free to contact me - nic@coombs.anu.edu.au Cheers, nic.
Return-Path: <lstein [...] pesto.lsjs.org>
Delivered-To: cpan-bug+cgi.pm [...] pallas.eruditorum.org
Received: from pesto.lsjs.org (dhcp64-134-94-221.holi.snd.wayport.net [64.134.94.221]) by pallas.eruditorum.org (Postfix) with ESMTP id 80C361114D for <bug-CGI.pm [...] rt.cpan.org>; Mon, 13 Jan 2003 12:13:19 -0500 (EST)
Received: from localhost (localhost [[UNIX: localhost]]) by pesto.lsjs.org (8.11.4/8.11.4) id h0DHDHn00539 for bug-CGI.pm [...] rt.cpan.org; Mon, 13 Jan 2003 09:13:17 -0800
Content-Type: text/plain; charset="iso-8859-1"
From: Lincoln Stein <lstein [...] cshl.org>
Organization: Cold Spring Harbor Laboratory
To: bug-CGI.pm [...] rt.cpan.org
Subject: Re: [cpan #1933] '+' converted to space in POST/GET
Date: Mon, 13 Jan 2003 09:13:14 -0800
User-Agent: KMail/1.4.3
References: <rt-1933-4872.2.00670077032179 [...] cpan.org>
In-Reply-To: <rt-1933-4872.2.00670077032179 [...] cpan.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200301130913.15162.lstein [...] cshl.org>
RT-Send-Cc:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 1738
Download (untitled) / with headers
text/plain 1.6k
Cannot confirm this bug. See detailed response at CPAN. Lincoln On Thursday 09 January 2003 07:45 pm, you wrote: Show quoted text
> This message about CGI.pm was sent to you by guest <> via rt.cpan.org > > Full context and any attached attachments can be found at: > <URL: https://rt.cpan.org/Ticket/Display.html?id=1933 > > > In CGI.pm - a + character passed in a form textfield is converted to a > space when you do something like print $queryin->param('crusty'); > > I suggest that there is at least 1 spurious $foo=~tr/+/ /; or similar > statement in CGI.pm - or that the unescape sub is called more than once > (which contains that statement). The value of the crusty variable is > correctly urlencoded when it gets to the server (tested with Example 19.6: > dummyhttpd from the Perl cookbook) > > > I don't think that OS or perl ver are relevant, but it's solaris 8 > (discovered on machine running solaris 7) and perl v5.6.0 built for > sun4-solaris. Apache 1.3.27, mod_perl 1.27. CGI.pm is ver 2.89 and CGI.pm,v > 1.75 2002/10/16 17:48:37 lstein The problem is reproducible with the > following form and cgi script - enter a string containing '+' character > into the form and watch it disappear! > > Testform: > > <HTML> > <BODY> > <FORM method=post action=cgi-bin/webchange.cgi> > <INPUT NAME=crusty type=text> > <!-- <INPUT NAME=crusty type=password> --> > <INPUT type=submit> > </FORM> > </BODY> > </HTML> > > CGI script (webchange.cgi): > > #!/opt/perl/bin/perl > > # use strict; > # use IO::Socket; > > use CGI; > use CGI::Carp qw(fatalsToBrowser); > > my $queryin = new CGI(); > print CGI->header(); > > > print $queryin->param('crusty'); > > > > Any questions - feel free to contact me - nic@coombs.anu.edu.au > > Cheers, > > nic.
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.405 (Entity 5.404)
From: nic [...] coombs
X-RT-Original-Encoding: iso-8859-1
Content-Length: 245
Download (untitled) / with headers
text/plain 245b
Lincoln, I now cannot reproduce the problem. You may as well close it if you cannot reproduce it either. Cheers, nic. [lstein@cshl.org - Mon Jan 13 12:13:23 2003]: Show quoted text
> Cannot confirm this bug. See detailed response at CPAN. > > Lincoln >
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.405 (Entity 5.404)
X-RT-Original-Encoding: iso-8859-1
Content-Length: 1601
Download (untitled) / with headers
text/plain 1.5k
Fixed in 2.91 [guest - Thu Jan 9 22:45:19 2003]: Show quoted text
> In CGI.pm - a + character passed in a form textfield is converted to
a Show quoted text
> space when you do something like > print $queryin->param('crusty'); > > I suggest that there is at least 1 spurious $foo=~tr/+/ /; or similar > statement in CGI.pm - or that the unescape sub is called more than > once (which contains that statement). The value of the crusty > variable is correctly urlencoded when it gets to the server
(tested Show quoted text
> with > Example 19.6: dummyhttpd from the Perl cookbook) > > > I don't think that OS or perl ver are relevant, but it's solaris 8 > (discovered on machine running solaris 7) and perl v5.6.0 built
for Show quoted text
> sun4-solaris. Apache 1.3.27, mod_perl 1.27. CGI.pm is ver 2.89 and > CGI.pm,v 1.75 2002/10/16 17:48:37 lstein > The problem is reproducible with the following form and cgi script - > enter a string containing '+' character into the form and watch it > disappear! > > Testform: > > <HTML> > <BODY> > <FORM method=post action=cgi-bin/webchange.cgi> > <INPUT NAME=crusty type=text> > <!-- <INPUT NAME=crusty type=password> --> > <INPUT type=submit> > </FORM> > </BODY> > </HTML> > > CGI script (webchange.cgi): > > #!/opt/perl/bin/perl > > # use strict; > # use IO::Socket; > > use CGI; > use CGI::Carp qw(fatalsToBrowser); > > my $queryin = new CGI(); > print CGI->header(); > > > print $queryin->param('crusty'); > > > > Any questions - feel free to contact me - nic@coombs.anu.edu.au > > Cheers, > > nic. >


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.