Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 36538
Status: resolved
Priority: 0/
Queue: CGI

People
Owner: Nobody in particular
Requestors: jianing [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: bug in _name_and_path_from_env
Date: Fri, 6 Jun 2008 10:50:39 -0700
To: bug-CGI.pm [...] rt.cpan.org
From: "Jianing Hu" <jianing [...] gmail.com>
Download (untitled) / with headers
text/plain 887b
Hi, There seems to be a bug in the _name_and_path_from_env function when it checks for the apache double slashes bug. This is in version 3.37 What the code does is it first counts double slashes in request_uri, then counts in $raw_script_name and $raw_path_info combined. If the two counts are not the same it handles the situation as if the apache bug exists. However when rewriting is in place there's a legitimate case where these two counts are not the same. Consider the request http://foo.com/bar/http://foobar.com, and a rewrite rule that rewrites this to be http://foo.com/bar?url=http://foobar.com. In this case request_uri is "bar/http://foobar.com", which contains one double-slash. $raw_script_name would be "bar" because of the rewrite, and $raw_path_info would be empty. This will trigger the apache bug handling and return the full request_uri as script name. - Jianing
Fixed in 3.40.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.