Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 79027
Status: rejected
Priority: 0/
Queue: CGI

People
Owner: Nobody in particular
Requestors: lpsolit [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



From lpsolit [...] gmail.com Thu Aug 16 19: 32:03 2012
MIME-Version: 1.0
X-Spam-Status: No, score=-6.22 tagged_above=-99.9 required=10 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, SPF_NEUTRAL=0.779] autolearn=ham
X-Spam-Flag: NO
content-type: text/plain; charset="utf-8"
Message-ID: <502D82E6.6030509 [...] gmail.com>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
X-Spam-Score: -6.22
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 9133F240761 for <cpan-bug+CGI.pm [...] hipster.bestpractical.com>; Thu, 16 Aug 2012 19:32:03 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gUGhmzCrvcCF for <cpan-bug+CGI.pm [...] hipster.bestpractical.com>; Thu, 16 Aug 2012 19:32:02 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id CF2D5240585 for <bug-CGI.pm [...] rt.cpan.org>; Thu, 16 Aug 2012 19:32:01 -0400 (EDT)
Received: (qmail 7331 invoked by uid 103); 16 Aug 2012 23:32:00 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 16 Aug 2012 23:32:00 -0000
Received: from mail-wi0-f174.google.com (HELO mail-wi0-f174.google.com) (209.85.212.174) by 16.mx.develooper.com (qpsmtpd/0.80/v0.80-19-gf52d165) with ESMTP; Thu, 16 Aug 2012 16:31:57 -0700
Received: by wibhr14 with SMTP id hr14so1034814wib.3 for <bug-CGI.pm [...] rt.cpan.org>; Thu, 16 Aug 2012 16:31:54 -0700 (PDT)
Received: by 10.180.93.8 with SMTP id cq8mr6951551wib.16.1345159914249; Thu, 16 Aug 2012 16:31:54 -0700 (PDT)
Received: from [192.168.0.2] (222-240.104-92.cust.bluewin.ch. [92.104.240.222]) by mx.google.com with ESMTPS id bc2sm9692255wib.0.2012.08.16.16.31.51 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 16 Aug 2012 16:31:52 -0700 (PDT)
Authentication-Results: hipster.bestpractical.com (amavisd-new); dkim=pass header.i= [...] gmail.com
Delivered-To: cpan-bug+CGI.pm [...] hipster.bestpractical.com
Subject: PATH_INFO is not removed if it contains a double slash
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20120713 Thunderbird/14.0
Return-Path: <lpsolit [...] gmail.com>
X-RT-Mail-Extension: cgi.pm
X-Original-To: cpan-bug+CGI.pm [...] hipster.bestpractical.com
X-Spam-Check-BY: 16.mx.develooper.com
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :x-enigmail-version:content-type:content-transfer-encoding; bh=4AoHX8hrxzYIFSGXe85zKH+tVUrxZu3a53XWI8KXtjA=; b=YL6npscY0NhuFRYzoJJhuu1BsmJfYV5uqQNZsOv8On/ANYabmNfm7SPNlxqqiWKAOs K+0VIh+FmsFb5BspoDSz9R1OBO9Mz5Q0HDlilbFAjco+uP66nqa09Zeg0+Px5xCNMned NYNSy0fPxVIPcRDMRw+L8NM6FWZeOoDPvYZfo79aHW/GI+e/LlndTftq6jYQAQ6njL6a ADWH5iyQ2p3cZgh6zRboen9YJUJ1KYuQgxyuybkpG+cKzFL9AXsib8V8aLowTZafv+0g 0vbw1hE69POyCpYvaBOEylboVk10V9MrUmY5aIN8KdhLRr1Dd37kmta0CBM+1lxqxFy+ i60w==
Date: Fri, 17 Aug 2012 01:31:50 +0200
X-Spam-Level:
To: bug-CGI.pm [...] rt.cpan.org
Content-Transfer-Encoding: 7bit
X-Enigmail-Version: 1.4.3
From: "Frédéric Buclin" <lpsolit [...] gmail.com>
X-RT-Original-Encoding: ISO-8859-1
Content-Length: 745
Download (untitled) / with headers
text/plain 745b
I use the following code to remove PATH_INFO if present: if ($self->path_info) { print $self->redirect($self->url(-path => 0, -query => 1)); } When the URL is https://localhost/bugzilla/index.cgi/plop.cgi/tudu//id=98/klkjlk $self->path_info returns /plop.cgi/tudu//id=98/klkjlk as expected. So I could expect $self->url(-path => 0, -query => 1) to return https://localhost/bugzilla/index.cgi only, but in fact it returns the full URL again. This makes the web application to enter an infinite loop. If I replace the double // by a single one, then CGI redirects the user to the expected URL. As CGI is aware of what PATH_INFO is, it should be able to correctly remove this part from the URL and avoid the infinite loop mentioned above.
From lpsolit [...] gmail.com Thu Aug 16 19: 41:33 2012
MIME-Version: 1.0
X-Spam-Status: No, score=-6.22 tagged_above=-99.9 required=10 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, SPF_NEUTRAL=0.779] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-24808-1345159924-302.79027-3-0 [...] rt.cpan.org>
X-Spam-Flag: NO
References: <RT-Ticket-79027 [...] rt.cpan.org> <502D82E6.6030509 [...] gmail.com> <rt-3.8.HEAD-24808-1345159924-302.79027-3-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <502D8522.10004 [...] gmail.com>
Content-Type: text/plain; charset=UTF-8
X-RT-Original-Encoding: utf-8
X-Spam-Score: -6.22
Authentication-Results: hipster.bestpractical.com (amavisd-new); dkim=pass header.i= [...] gmail.com
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id E934324075D for <cpan-bug+CGI.pm [...] hipster.bestpractical.com>; Thu, 16 Aug 2012 19:41:32 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bz50DsID6KjS for <cpan-bug+CGI.pm [...] hipster.bestpractical.com>; Thu, 16 Aug 2012 19:41:31 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 95E2D240585 for <bug-CGI.pm [...] rt.cpan.org>; Thu, 16 Aug 2012 19:41:31 -0400 (EDT)
Received: (qmail 7855 invoked by uid 103); 16 Aug 2012 23:41:30 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 16 Aug 2012 23:41:30 -0000
Received: from mail-wi0-f174.google.com (HELO mail-wi0-f174.google.com) (209.85.212.174) by 16.mx.develooper.com (qpsmtpd/0.80/v0.80-19-gf52d165) with ESMTP; Thu, 16 Aug 2012 16:41:28 -0700
Received: by wibhr14 with SMTP id hr14so1039553wib.3 for <bug-CGI.pm [...] rt.cpan.org>; Thu, 16 Aug 2012 16:41:25 -0700 (PDT)
Received: by 10.180.105.130 with SMTP id gm2mr35140wib.6.1345160485130; Thu, 16 Aug 2012 16:41:25 -0700 (PDT)
Received: from [192.168.0.2] (222-240.104-92.cust.bluewin.ch. [92.104.240.222]) by mx.google.com with ESMTPS id bc2sm9747184wib.0.2012.08.16.16.41.23 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 16 Aug 2012 16:41:24 -0700 (PDT)
Delivered-To: cpan-bug+CGI.pm [...] hipster.bestpractical.com
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20120713 Thunderbird/14.0
Subject: Re: [rt.cpan.org #79027] AutoReply: PATH_INFO is not removed if it contains a double slash
Return-Path: <lpsolit [...] gmail.com>
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=iD3LFOeAy1UG3CNLHCjQOOtZJbQH2z+LuLxUR/aG0NI=; b=fPENAwLVTSZq/nvfYi26OKOwETH0OVhYcMDRp6yfJi+23N+sJOlxLtMKQ9dNHdomZh s6BbA/sTbPc+6VSVI0grRWzWO1SSZ8aMJYsaQxCKHHFRObCU8elNXE9vGwX+NZALDQiJ T+78lIcqCwrfkwhLTlp+q/XjUVIRmREHBNIn0Yo99l5eDZ1Vi/sgSXa/57VQN5m87gP1 FjkUNMsPNx8KNmu414QltArtKEgML/g4wQo+E5Y6PJr8zA5c6zi4No3tkhFOG55HIeqK ghSOJEr4UIYG+dM0yJOl5nnvXunx+RQVDBRcGoOL4bMBAKKDFm8wQpZf1qsMFOvODNBs WQoQ==
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+CGI.pm [...] hipster.bestpractical.com
X-RT-Mail-Extension: cgi.pm
Date: Fri, 17 Aug 2012 01:41:22 +0200
X-Spam-Level:
To: bug-CGI.pm [...] rt.cpan.org
X-Enigmail-Version: 1.4.3
Content-Transfer-Encoding: 7bit
From: "Frédéric Buclin" <lpsolit [...] gmail.com>
RT-Message-ID: <rt-3.8.HEAD-32679-1345160493-528.79027-0-0 [...] rt.cpan.org>
Content-Length: 186
Download (untitled) / with headers
text/plain 186b
Note that this problem is reproducible with Apache 2.2.22, but not with IIS 7.5 where the double // is automatically(?) converted into a single one, and so the redirect works correctly.
From lpsolit [...] gmail.com Thu Aug 16 20: 08:23 2012
MIME-Version: 1.0
X-Spam-Status: No, score=-6.22 tagged_above=-99.9 required=10 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, SPF_NEUTRAL=0.779] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-24808-1345159924-302.79027-3-0 [...] rt.cpan.org>
X-Spam-Flag: NO
References: <RT-Ticket-79027 [...] rt.cpan.org> <502D82E6.6030509 [...] gmail.com> <rt-3.8.HEAD-24808-1345159924-302.79027-3-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <502D8B69.60000 [...] gmail.com>
Content-Type: text/plain; charset=UTF-8
X-RT-Original-Encoding: utf-8
X-Spam-Score: -6.22
Authentication-Results: hipster.bestpractical.com (amavisd-new); dkim=pass header.i= [...] gmail.com
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 097BB24075D for <cpan-bug+CGI.pm [...] hipster.bestpractical.com>; Thu, 16 Aug 2012 20:08:23 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cL4V5yNkRkRp for <cpan-bug+CGI.pm [...] hipster.bestpractical.com>; Thu, 16 Aug 2012 20:08:19 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id AC06B240585 for <bug-CGI.pm [...] rt.cpan.org>; Thu, 16 Aug 2012 20:08:19 -0400 (EDT)
Received: (qmail 9304 invoked by uid 103); 17 Aug 2012 00:08:19 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 17 Aug 2012 00:08:19 -0000
Received: from mail-we0-f178.google.com (HELO mail-we0-f178.google.com) (74.125.82.178) by 16.mx.develooper.com (qpsmtpd/0.80/v0.80-19-gf52d165) with ESMTP; Thu, 16 Aug 2012 17:08:15 -0700
Received: by weyu7 with SMTP id u7so2319025wey.9 for <bug-CGI.pm [...] rt.cpan.org>; Thu, 16 Aug 2012 17:08:12 -0700 (PDT)
Received: by 10.180.81.165 with SMTP id b5mr119733wiy.17.1345162092157; Thu, 16 Aug 2012 17:08:12 -0700 (PDT)
Received: from [192.168.0.2] (222-240.104-92.cust.bluewin.ch. [92.104.240.222]) by mx.google.com with ESMTPS id ef5sm9896718wib.3.2012.08.16.17.08.10 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 16 Aug 2012 17:08:11 -0700 (PDT)
Delivered-To: cpan-bug+CGI.pm [...] hipster.bestpractical.com
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20120713 Thunderbird/14.0
Subject: Re: [rt.cpan.org #79027] AutoReply: PATH_INFO is not removed if it contains a double slash
Return-Path: <lpsolit [...] gmail.com>
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=vpa9nmPzbZF0952bqXusP0lpLFdXjDo5Hj89FeUZgZ8=; b=MEamJL1YSkBCL0jQvCP0DzjMJiIAtCfAr5HfWuwV/5NCHfDtIawV5otpZCLa0/ISTD SK5fJKvEMROtvbpLXaDWtGTBzemeZju67KSwLQtUzjfuqRxMttcABkPYE9RzNdsI7ZUk 2WkT5hWYdy86dLnUv2u6OJKYuHSmZMeTfr5B3MkE50MWTUYVEoYDV2T5iao72Pbw464B X/Qh70NwUQXOmhA8DoOL5TrnAD8QQ2KuDKcrBHBYiVn4922bLGHTg+ibxINxP3UvbRXo 5JIUB5h0QY/c7fi+LPdjbwZ4tyg/c8aBqw2yhBtyEUt04ANeqHvG7J2vkD5ckX6pqXpx pQzg==
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+CGI.pm [...] hipster.bestpractical.com
X-RT-Mail-Extension: cgi.pm
Date: Fri, 17 Aug 2012 02:08:09 +0200
X-Spam-Level:
To: bug-CGI.pm [...] rt.cpan.org
X-Enigmail-Version: 1.4.3
Content-Transfer-Encoding: 7bit
From: "Frédéric Buclin" <lpsolit [...] gmail.com>
RT-Message-ID: <rt-3.8.HEAD-19388-1345162103-1789.79027-0-0 [...] rt.cpan.org>
Content-Length: 833
Download (untitled) / with headers
text/plain 833b
OK, I found what's wrong in CGI.pm (3.59, but I'm pretty sure 3.60 is affected too). In the url() subroutine, $self->path_info and $ENV{PATH_INFO} do not return the same string: $self->path_info returns the correct string, with the double //, while $ENV{PATH_INFO} returns the incorrect string, with the double // replaced by a single one. And so this code no longer does its job (line 2813 in CGI.pm 3.59): $uri =~ s/\Q$ENV{PATH_INFO}\E$// if defined $ENV{PATH_INFO}; If you replace this line by: $uri =~ s/\Q$path\E$// if defined $path; then everything works as expected. As you already defined $path at the top of url(), you should use it anyway. While you are on it (and unrelated to this issue), you have a useless $rewrite_in_use variable in the url() subroutine too. ;) I hope you can apply the change above asap. :)
From lpsolit [...] gmail.com Thu Aug 16 20: 17:45 2012
MIME-Version: 1.0
X-Spam-Status: No, score=-6.22 tagged_above=-99.9 required=10 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, SPF_NEUTRAL=0.779] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-24808-1345159924-302.79027-3-0 [...] rt.cpan.org>
X-Spam-Flag: NO
References: <RT-Ticket-79027 [...] rt.cpan.org> <502D82E6.6030509 [...] gmail.com> <rt-3.8.HEAD-24808-1345159924-302.79027-3-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <502D8D9D.9090609 [...] gmail.com>
Content-Type: text/plain; charset=UTF-8
X-RT-Original-Encoding: utf-8
X-Spam-Score: -6.22
Authentication-Results: hipster.bestpractical.com (amavisd-new); dkim=pass header.i= [...] gmail.com
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 6905D24077B for <cpan-bug+CGI.pm [...] hipster.bestpractical.com>; Thu, 16 Aug 2012 20:17:45 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7zFcHg8DwTLp for <cpan-bug+CGI.pm [...] hipster.bestpractical.com>; Thu, 16 Aug 2012 20:17:44 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 02405240585 for <bug-CGI.pm [...] rt.cpan.org>; Thu, 16 Aug 2012 20:17:43 -0400 (EDT)
Received: (qmail 9818 invoked by uid 103); 17 Aug 2012 00:17:43 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 17 Aug 2012 00:17:43 -0000
Received: from mail-wi0-f180.google.com (HELO mail-wi0-f180.google.com) (209.85.212.180) by 16.mx.develooper.com (qpsmtpd/0.80/v0.80-19-gf52d165) with ESMTP; Thu, 16 Aug 2012 17:17:39 -0700
Received: by wibhm6 with SMTP id hm6so1055041wib.3 for <bug-CGI.pm [...] rt.cpan.org>; Thu, 16 Aug 2012 17:17:36 -0700 (PDT)
Received: by 10.180.20.204 with SMTP id p12mr248319wie.7.1345162656473; Thu, 16 Aug 2012 17:17:36 -0700 (PDT)
Received: from [192.168.0.2] (222-240.104-92.cust.bluewin.ch. [92.104.240.222]) by mx.google.com with ESMTPS id t8sm6747349wiy.3.2012.08.16.17.17.34 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 16 Aug 2012 17:17:35 -0700 (PDT)
Delivered-To: cpan-bug+CGI.pm [...] hipster.bestpractical.com
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20120713 Thunderbird/14.0
Subject: Re: [rt.cpan.org #79027] AutoReply: PATH_INFO is not removed if it contains a double slash
Return-Path: <lpsolit [...] gmail.com>
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=dlggbDrqKAloGUxu+O65NJONT/54MyGFCquKazpdDec=; b=C1nF76F0gTlem6YZfL418P5Pk1hgofeH7/brHTUiYULatDo/ROqGJFi4phyZDpun1/ jDtYZSInhDI06Z6HGaHIoiYHgpuhGJV75ZTX5LQv9G8yBkWlxoCAMz/Y4ABxQB5McgzD bR64eCEd1waiEcTsuJLygBIqB+RU0Wmtt/Geh93VVn+c73u6vcCrYdHPX8pHB5l4KJ/x cDPrbwPUj7qf3cdWsHWTj+qKT0mG5i64mJWgv1qaS1NiN5cOc+k/u/xK3S8usGSsp+/X /ZPSmkqfzONJ8RRxfPxo55GYuLPjBzkbrSbjLZXbN+bNYaBzmnv8xvtPKfLc9JSFctIC XM8Q==
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+CGI.pm [...] hipster.bestpractical.com
X-RT-Mail-Extension: cgi.pm
Date: Fri, 17 Aug 2012 02:17:33 +0200
X-Spam-Level:
To: bug-CGI.pm [...] rt.cpan.org
X-Enigmail-Version: 1.4.3
Content-Transfer-Encoding: 7bit
From: "Frédéric Buclin" <lpsolit [...] gmail.com>
RT-Message-ID: <rt-3.8.HEAD-19388-1345162666-1642.79027-0-0 [...] rt.cpan.org>
Content-Length: 200
Download (untitled) / with headers
text/plain 200b
I see that CGI 3.40 had the correct code, and it has been changed in 3.41 despite the goal was to fix the query string, not path_info: http://search.cpan.org/diff?from=CGI.pm-3.40&to=CGI.pm-3.41&w=1
From mark [...] summersault.com Wed Aug 22 09: 26:20 2012
MIME-Version: 1.0
X-Spam-Status: No, score=-6.195 tagged_above=-99.9 required=10 tests=[AWL=0.040, BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_SOFTFAIL=0.665] autolearn=ham
In-Reply-To: <rt-3.8.HEAD-24808-1345159924-410.79027-4-0 [...] rt.cpan.org>
X-Spam-Flag: NO
References: <RT-Ticket-79027 [...] rt.cpan.org> <502D82E6.6030509 [...] gmail.com> <rt-3.8.HEAD-24808-1345159924-410.79027-4-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <5034DDDE.5020403 [...] summersault.com>
Content-Type: text/plain; charset=UTF-8
X-RT-Original-Encoding: utf-8
X-Spam-Score: -6.195
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 6C1A924061A for <cpan-bug+cgi.pm [...] hipster.bestpractical.com>; Wed, 22 Aug 2012 09:26:20 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R8z3CEYZ2U0f for <cpan-bug+cgi.pm [...] hipster.bestpractical.com>; Wed, 22 Aug 2012 09:26:16 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id AD8E0240616 for <bug-cgi.pm [...] rt.cpan.org>; Wed, 22 Aug 2012 09:26:15 -0400 (EDT)
Received: (qmail 25208 invoked by uid 103); 22 Aug 2012 13:26:15 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 22 Aug 2012 13:26:15 -0000
Received: from tanagra.summersault.com (HELO tanagra.summersault.com) (12.161.105.149) by 16.mx.develooper.com (qpsmtpd/0.80/v0.80-19-gf52d165) with ESMTP; Wed, 22 Aug 2012 06:26:09 -0700
Received: (qmail 75327 invoked from network); 22 Aug 2012 13:26:05 -0000
Received: from simba.summersault.com (HELO ?192.168.97.182?) (192.168.97.182) by tanagra.summersault.com with SMTP; 22 Aug 2012 13:26:05 -0000
Delivered-To: cpan-bug+cgi.pm [...] hipster.bestpractical.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0
Subject: Re: [rt.cpan.org #79027] PATH_INFO is not removed if it contains a double slash
Return-Path: <mark [...] summersault.com>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: cpan-bug+cgi.pm [...] hipster.bestpractical.com
X-RT-Mail-Extension: cgi.pm
Date: Wed, 22 Aug 2012 09:25:50 -0400
X-Spam-Level:
To: bug-cgi.pm [...] rt.cpan.org
Content-Transfer-Encoding: 7bit
From: Mark Stosberg <mark [...] summersault.com>
RT-Message-ID: <rt-3.8.HEAD-23465-1345641981-923.79027-0-0 [...] rt.cpan.org>
Content-Length: 127
Download (untitled) / with headers
text/plain 127b
Thanks for the report. Please submit a "Test::More" style test for the test case, and also a patch if you are able. Mark
X-RT-Interface: REST
MIME-Version: 1.0
X-Mailer: MIME-tools 5.504 (Entity 5.504)
RT-Message-ID: <rt-4.0.18-25657-1400760854-1338.79027-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Length: 240
Download (untitled) / with headers
text/plain 240b
This issue has been copied to: https://github.com/leejo/CGI.pm/issues/99 please take all future correspondence there. This ticket will remain open but please do not reply here. This ticket will be closed when the github issue is dealt with.
MIME-Version: 1.0
In-Reply-To: <502D82E6.6030509 [...] gmail.com>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <502D82E6.6030509 [...] gmail.com>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-24779-1411224014-1872.79027-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 1810
Download (untitled) / with headers
text/plain 1.7k
Rejecting. This is a backward compatibility hack, as per the comments in the module: 2966 # This function returns a potentially modified version of SCRIPT_NAME 2967 # and PATH_INFO. Some HTTP servers do sanitise the paths in those 2968 # variables. It is the case of at least Apache 2. If for instance the 2969 # user requests: /path/./to/script.cgi/x//y/z/../x?y, Apache will set: 2970 # REQUEST_URI=/path/./to/script.cgi/x//y/z/../x?y 2971 # SCRIPT_NAME=/path/to/env.cgi 2972 # PATH_INFO=/x/y/x 2973 # 2974 # This is all fine except that some bogus CGI scripts expect 2975 # PATH_INFO=/http://foo when the user requests 2976 # http://xxx/script.cgi/http://foo 2977 # 2978 # Old versions of this module used to accomodate with those scripts, so 2979 # this is why we do this here to keep those scripts backward compatible. 2980 # Basically, we accomodate with those scripts but within limits, that is 2981 # we only try to preserve the number of / that were provided by the user 2982 # if $REQUEST_URI and "$SCRIPT_NAME$PATH_INFO" only differ by the number 2983 # of consecutive /. 2984 # 2985 # So for instance, in: http://foo/x//y/script.cgi/a//b, we'll return a 2986 # script_name of /x//y/script.cgi and a path_info of /a//b, but in: 2987 # http://foo/./x//z/script.cgi/a/../b//c, we'll return the versions 2988 # possibly sanitised by the HTTP server, so in the case of Apache 2: 2989 # script_name == /foo/x/z/script.cgi and path_info == /b/c. 2990 # 2991 # Future versions of this module may no longer do that, so one should 2992 # avoid relying on the browser, proxy, server, and CGI.pm preserving the 2993 # number of consecutive slashes as no guarantee can be made there. If you can supply a automated test along with patch i will consider apply it. Otherwise i'm considering this a "won't fix".


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.