Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 31648
Status: resolved
Priority: 0/
Queue: CGI

People
Owner: Nobody in particular
Requestors: msuchy [...] redhat.com
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)



Subject: [PATCH] url() handle script_name as regex
Download (untitled) / with headers
text/plain 1.8k
I have this url: https://xxxx.redhat.com/satconfig/cgi-bin/fetch_netsaintid.cgi?ssk=xxxxxx&publickey=ssh-dss%20AAAAXXXXXXXXXXXXXXXDi0Qp8%2Bxvt69c3%2FaCiNA5oraeyCRskfsubZ62qSWg4F4LAPxF0jqzDuGM0X8fvnQnDkddK28%2B41BO6Om5R%2Fp%2F%2Fr0Rs9M9yXrsvm%2BomGIgWEOWqxnEL3qtL64Kpf2%2BMX%2Fh0h7LIDeF5z0Bovr2tvT3zcALdFlhj83uJqcWxOPAAAAFQCunhs9qUE5vSAIUDJRLjy0QFmr2QAAAIEAqizqsrAJHiftNrEgjx%2B%2Bwpa9KJg3BBDLWhR%2F8e65UVPhlJQOYrF7ihsWn8zfr1sH%2BXoxzWVJh%2BfaIRkLahAIgh9fP2kd5ZxUViM6Qovgkvp5UKo4Uwg8k8FEJNduu4A4GvvXDFd8nMJVrNDFVdLuwpnPBVSVqdBvt3ATdAcQhYYAAACACwjh7j1kEprwPB29fbtsRpkMLB6M91svTa%2FGKkUhScYCwUd%2Fr%2F3FaT85C6Tb8MySHHk2xZg4EMLNZla0ldy%2FnxWJcBaPd67ooB5TvPO61iPTfuULZbtBCEaTlCp0yYLncX75Oaa2PxvIJD4GvOewu7GdpcFO%2BLblz0QpFD2g6os%3D%20root%40sat4-510%2Eenglab%2Ebrq%2Eredhat%2Ecom%0A and it contains two plus, so I got this error: ==> /var/log/httpd/ssl_error_log <== [Tue Dec 18 13:30:51 2007] [error] [client 172.16.52.154] Nested quantifiers in regex; marked by <-- HERE in m/^/satconfig/cgi-bin/fetch_netsaintid.cgi?ssk=437fc1d69144&publickey=ssh-dss AAAAB3NzaC1kc3MAAAXXXXXXXXXXXXXXiNA5oraeyCRskfsubZ62qSWg4F4LAPxF0jqzDuGM0X8fvnQnDkddK28+41BO6Om5R/p//r0Rs9M9yXrsvm+omGIgWEOWqxnEL3qtL64Kpf2+MX/h0h7LIDeF5z0Bovr2tvT3zcALdFlhj83uJqcWxOPAAAAFQCunhs9qUE5vSAIUDJRLjy0QFmr2QAAAIEAqizqsrAJHiftNrEgjx++ <-- HERE With this patch it works without problem: --- /var/www/lib/CGI.pm.old 2007-12-18 16:22:55.000000000 +0100 +++ /var/www/lib/CGI.pm 2007-12-18 16:23:56.000000000 +0100 @@ -2692,7 +2692,7 @@ my $request_uri = unescape($self->request_uri) || ''; my $query_str = $self->query_string; - my $rewrite_in_use = $request_uri && $request_uri !~ /^$script_name/; + my $rewrite_in_use = $request_uri && $request_uri !~ /^\Q$script_name/; undef $path if $rewrite_in_use && $rewrite; # path not valid when rewriting active my $uri = $rewrite && $request_uri ? $request_uri : $script_name;
From: cpan [...] tobias-tacke.de
Download (untitled) / with headers
text/plain 467b
Hi, there can be the same problem with $path in the url() method. This is even not quoted. $uri =~ s/$path$// if defined $path; # remove path I suggest the same bugfix like for $script_name: $uri =~ s/\Q$path$// if defined $path; # remove path PS: With mod_perl ist's easier to reproduce the described bug with $script_name: sat a Handler for / and call http://url.com/[] You'll get this error: Unmatched [ in regex; marked by <-- HERE in m/^/ [ <-- HERE ]/
Fixed in 3.34, which will be released sometime soon.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.