Skip Menu |
 

This queue is for tickets about the CGI.pm CPAN distribution.

Report information
The Basics
Id: 24479
Status: resolved
Priority: 0/
Queue: CGI.pm

People
Owner: Nobody in particular
Requestors: scop [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 3.25
Fixed in: (no value)



Subject: _name_and_path_from_env should disregard query string
Download (untitled) / with headers
text/plain 243b
_name_and_path_from_env does not work properly in case the query string contains a "//", resulting in for example failures to remove the path info from url() in pathological cases such as "script.cgi/%20%20?foo=%2F%2F". Possible fix attached.
Subject: qs.patch
Download qs.patch
text/x-diff 725b
--- CGI.pm~ 2006-09-28 20:04:10.000000000 +0300 +++ CGI.pm 2007-01-21 16:17:57.000000000 +0200 @@ -2778,9 +2778,11 @@ '_name_and_path_from_env' => <<'END_OF_FUNC', sub _name_and_path_from_env { my $self = shift; - my $raw_script_name = $ENV{SCRIPT_NAME} || ''; - my $raw_path_info = $ENV{PATH_INFO} || ''; - my $uri = unescape($self->request_uri) || ''; + my $raw_script_name = $ENV{SCRIPT_NAME} || ''; + my $raw_path_info = $ENV{PATH_INFO} || ''; + my $uri = $self->request_uri || ''; + $uri =~ s/\?.*$//; + $uri = unescape($uri) || ''; my $protected = quotemeta($raw_path_info); $raw_script_name =~ s/$protected$//;
Fixed in 3.40.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.