Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 18752
Status: resolved
Priority: 0/
Queue: CGI

Owner: Nobody in particular
Requestors: cpan [...]

Bug Information
Severity: Critical
Broken in: (no value)
Fixed in: (no value)

Subject: url() returns incorrect results if PATH_INFO contains URL-encoded characters
Download (untitled) / with headers
text/plain 1.2k
This code in's url() routine is incorrect: my $uri = $rewrite && $request_uri ? $request_uri : $script_name; $uri =~ s/\?.*$//; # remove query string $uri =~ s/$path$// if defined $path; # remove path For the example URL <http://site/script.cgi/x%2By>, PATH_INFO will contain "/x+y", not "/x%2By". PATH_INFO is documented as a decoded version of the string appearing in the path info section of the URL (e.g. at <> and <>). However, Apache's REQUEST_URI environment variable contains the URL without any special decoding done (documentation such as <> says nothing about any decoding, and this can be experimentally verified for Apache 1.x at places like <> and for Apache 2.x at <>). Therefore, if there are any URL-encoded characters in the PATH_INFO part of the URL, the $uri =~ s/$path$// code will unexpectedly fail to remove the path info and it will incorrectly be appended to the URL in the value returned by url().
From: Dan Harkless <cpan [...]>
Thanks -- looks like this was fixed in 3.19.

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to