|Subject:||url() returns incorrect results if PATH_INFO contains URL-encoded characters|
This code in CGI.pm's url() routine is incorrect: my $uri = $rewrite && $request_uri ? $request_uri : $script_name; $uri =~ s/\?.*$//; # remove query string $uri =~ s/$path$// if defined $path; # remove path For the example URL <>, PATH_INFO will contain "/x+y", not "/x%2By". PATH_INFO is documented as a decoded version of the string appearing in the path info section of the URL (e.g. at < > and < . However, Apache's REQUEST_URI environment variable contains the URL without any special decoding done (documentation such as < > says nothing about any decoding, and this can be experimentally verified for Apache 1.x at places like < > and for Apache 2.x at < >). Therefore, if there are any URL-encoded characters in the PATH_INFO part of the URL, the $uri =~ s/$path$// code will unexpectedly fail to remove the path info and it will incorrectly be appended to the URL in the value returned by url().