Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 38484
Status: resolved
Worked: 2 min
Priority: 0/
Queue: CGI

People
Owner: MARKSTOS [...] cpan.org
Requestors: dmaszle [...] mendelbio.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: CGI-3.40 url() method still has incorrect behavior with URL-encoded characters
Date: Thu, 14 Aug 2008 08:55:20 -0700
To: bug-CGI.pm [...] rt.cpan.org
From: Don Maszle <dmaszle [...] mendelbio.com>
Download (untitled) / with headers
text/plain 2.5k
This has been reported in early 3.x versions (ref: #18752), but has yet to be addressed in the recent 3.40 release. On our SunOS 5.9 sparc Sun-Fire-V890 using Perl 5.8.5. It appears that (at least) the -query switch of url() is not handled properly if the URI contains encoded characters. The program at the end can be used to demonstrate. When called with http://localhost/cgi-bin/url.cgi?q=abc%0Adef url() incorrectly returns *all* URLs with the query string attached. When called with http://localhost/cgi-bin/url.cgi?q=abc%0Adef url() correctly returns URLs with the query string attached only when the attribute -query=>1 is set. Show quoted text
__________________________________________________________________________ #!/usr/bin/perl -w use CGI; my $Q = new CGI; print $Q->header, $Q->start_html; print "<h1>CGI::url() Test</h1>\n"; print "<br>Apache :<b>'".$ENV{REQUEST_URI}."'</b>\n"; print "<br>No Args:'".$Q->url."'\n"; print "<br>rel1, query0: ".$Q->url(-relative=>1,-query=>0)."\n"; print "<form action=\x22".$Q->url(-relative=>1,-query=>0)."\x22><input type=submit></form>"; print "<h2>Using -key Arguments</h2>\n"; print "Abs : 0:'".$Q->url(-absolute=>0)."'\n"; print "<br>Abs : 1:'".$Q->url(-absolute=>1)."'\n"; print "<br>"; print "<br>Query: 0, Abs : 0:'".$Q->url(-absolute=>0,-query=>0)."'\n"; print "<br>Query: 0, Abs : 1:'".$Q->url(-absolute=>1,-query=>0)."'\n"; print "<br>"; print "<br>Query: 1, Abs : 0:'".$Q->url(-absolute=>0,-query=>1)."'\n"; print "<br>Query: 1, Abs : 1:'".$Q->url(-absolute=>1,-query=>1)."'\n"; print "<br>"; print "<br>Rel : 0:'".$Q->url(-relative=>0)."'\n"; print "<br>Rel : 1:'".$Q->url(-relative=>1)."'\n"; print "<br>"; print "<br>Query: 0, Rel : 0:'".$Q->url(-relative=>0,-query=>0)."'\n"; print "<br>Query: 0, Rel : 1:'".$Q->url(-relative=>1,-query=>0)."'\n"; print "<br>"; print "<br>Query: 1, Rel : 0:'".$Q->url(-relative=>0,-query=>1)."'\n"; print "<br>Query: 1, Rel : 1:'".$Q->url(-relative=>1,-query=>1)."'\n"; print "<br>"; print "<br>Full: 0:'".$Q->url(-full=>0)."'\n"; print "<br>Full: 1:'".$Q->url(-full=>1)."'\n"; print "<br>"; print "<br>Path: 0:'".$Q->url(-path_info=>0)."'\n"; print "<br>Path: 1:'".$Q->url(-path_info=>1)."'\n"; print "<br>"; print "<br>Qury: 0:'".$Q->url(-query=>0)."'\n"; print "<br>Qury: 1:'".$Q->url(-query=>1)."'\n"; print "<br>"; print "<br>Base: 0:'".$Q->url(-base=>0)."'\n"; print "<br>Base: 1:'".$Q->url(-base=>1)."'\n"; print "<br>"; print "<br>Rewr: 0:'".$Q->url(-rewrite=>0)."'\n"; print "<br>Rewr: 1:'".$Q->url(-rewrite=>1)."'\n"; print "<br>"; print $Q->end_html;
Download (untitled) / with headers
text/plain 384b
Ran your script on version 3.40 and was unable to confirm the behavior when the query string contains URL escapes. Perhaps I misunderstand the test condition, since the two URLs that you report have identical (as far as I can see) query strings. Please feel free to reopen the bug report if I have misunderstood and if you can provide a script that generates the incorrect behavior.
Subject: Re: [rt.cpan.org #38484] Resolved: CGI-3.40 url() method still has incorrect behavior with URL-encoded characters
Date: Thu, 14 Aug 2008 10:04:49 -0700
To: bug-CGI.pm [...] rt.cpan.org
From: Don Maszle <dmaszle [...] mendelbio.com>
Download (untitled) / with headers
text/plain 3.4k
Lincoln, thank you for the fast response. I read your note on the report page, and embarrassingly noticed that I had copied and pasted the second url without modification. Removing the '%' gives me different behavior on our systems. Here are the two responses as reported identically by both our SunFire running Perl 5.8.5 with CGI-3.40, Apache 1.3 and Solaris9 and an i686 box running Perl 5.8.8, CGI-3.35, Apache2, and Ubuntu 7.04 (GNU/Linux 2.6.2). Also, I should amend my assertion that the query appears in all cases. I does not appear when either -base=>1 or -rewrite=>0, however the query appears doubled up when query=>1. Thank you for reopening this. Don Maszle +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CGI::url() Test Apache :'/cgi-bin/url.cgi?q=abc%0Adef' No Args:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' rel1, query0: url.cgi?q=abc%0Adef Using -key Arguments Abs : 0:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' Abs : 1:'/cgi-bin/url.cgi?q=abc%0Adef' Query: 0, Abs : 0:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' Query: 0, Abs : 1:'/cgi-bin/url.cgi?q=abc%0Adef' Query: 1, Abs : 0:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef?q=abc%0Adef' Query: 1, Abs : 1:'/cgi-bin/url.cgi?q=abc%0Adef?q=abc%0Adef' Rel : 0:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' Rel : 1:'url.cgi?q=abc%0Adef' Query: 0, Rel : 0:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' Query: 0, Rel : 1:'url.cgi?q=abc%0Adef' Query: 1, Rel : 0:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef?q=abc%0Adef' Query: 1, Rel : 1:'url.cgi?q=abc%0Adef?q=abc%0Adef' Full: 0:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' Full: 1:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' Path: 0:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' Path: 1:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' Qury: 0:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' Qury: 1:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef?q=abc%0Adef' Base: 0:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' Base: 1:'http://localhost' Rewr: 0:'http://localhost/cgi-bin/url.cgi' Rewr: 1:'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CGI::url() Test Apache :'/cgi-bin/url.cgi?q=abc0Adef' No Args:'http://localhost/cgi-bin/url.cgi' rel1, query0: url.cgi Using -key Arguments Abs : 0:'http://localhost/cgi-bin/url.cgi' Abs : 1:'/cgi-bin/url.cgi' Query: 0, Abs : 0:'http://localhost/cgi-bin/url.cgi' Query: 0, Abs : 1:'/cgi-bin/url.cgi' Query: 1, Abs : 0:'http://localhost/cgi-bin/url.cgi?q=abc0Adef' Query: 1, Abs : 1:'/cgi-bin/url.cgi?q=abc0Adef' Rel : 0:'http://localhost/cgi-bin/url.cgi' Rel : 1:'url.cgi' Query: 0, Rel : 0:'http://localhost/cgi-bin/url.cgi' Query: 0, Rel : 1:'url.cgi' Query: 1, Rel : 0:'http://localhost/cgi-bin/url.cgi?q=abc0Adef' Query: 1, Rel : 1:'url.cgi?q=abc0Adef' Full: 0:'http://localhost/cgi-bin/url.cgi' Full: 1:'http://localhost/cgi-bin/url.cgi' Path: 0:'http://localhost/cgi-bin/url.cgi' Path: 1:'http://localhost/cgi-bin/url.cgi' Qury: 0:'http://localhost/cgi-bin/url.cgi' Qury: 1:'http://localhost/cgi-bin/url.cgi?q=abc0Adef' Base: 0:'http://localhost/cgi-bin/url.cgi' Base: 1:'http://localhost' Rewr: 0:'http://localhost/cgi-bin/url.cgi' Rewr: 1:'http://localhost/cgi-bin/url.cgi' +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Lincoln_D_Stein via RT wrote: Show quoted text
> <URL: http://rt.cpan.org/Ticket/Display.html?id=38484 > > > According to our records, your request has been resolved. If you have any > further questions or concerns, please respond to this message.
Download (untitled) / with headers
text/plain 892b
Don, Thanks for the report and the test script. However, from running the test script, it's difficult to know which outputs you consider correct and which ones you consider to be wrong. I've rewritten two details from the test in the Test::More style. This makes it clear which results are intended to be the correct ones. These two tests pass with 3.43. Are there other tests you can write that fail your expectationis when run against 3.43? #### #!/usr/bin/perl -w use Test::More 'no_plan'; $ENV{REQUEST_URI} = '/cgi-bin/url.cgi?q=abc%0Adef'; use CGI; my $Q = CGI->new('q=abc%0Adef'); is($Q->url(-absolute=>0,-query=>0), ,'http://localhost/cgi-bin/url.cgi' ,'abs=>0, query=>0 == http://localhost/cgi-bin/url.cgi'); is($Q->url(-absolute=>0,-query=>1), ,'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' , 'abs=>1, query=>1 == http://localhost/cgi-bin/url.cgi?q=abc%0Adef');
Subject: Re: [rt.cpan.org #38484] Needs Test: CGI-3.40 url() method still has incorrect behavior with URL-encoded characters
Date: Thu, 30 Jul 2009 09:28:28 -0700 (PDT)
To: bug-CGI pm <bug-CGI.pm [...] rt.cpan.org>
From: Don _Franklin_ Maszle <dmaszle [...] mendelbio.com>
Download (untitled) / with headers
text/plain 3.1k
Thanks Mark. I've installed 3.43 and it appears to be correct. The output from my definitively non-unit-like test is given below. All appears to be OK, specifically, the encoded characters are represented correctly and the doubled parameter - value pairs are no longer there. It's a bit difficult for me to define the correct behavior in all circumstances since some semantics don't entirely make sense to me. (For example, I'm not sure why an 'absolute' url is not fully qualified, whereas a non-absolute one is.) The cases below simply helped me to delineate which instances were problematic so I could report on and work around them. all the best, don ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CGI::url() Test 3.43 Apache :'/cgi-bin/test/url.cgi?q=abc%0Adef' No Args:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi' rel1, query0: url.cgi Using -key Arguments Abs : 0:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi' Abs : 1:'/cgi-bin/test/url.cgi' Query: 0, Abs : 0:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi' Query: 0, Abs : 1:'/cgi-bin/test/url.cgi' Query: 1, Abs : 0:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi?q=abc%0Adef' Query: 1, Abs : 1:'/cgi-bin/test/url.cgi?q=abc%0Adef' Rel : 0:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi' Rel : 1:'url.cgi' Query: 0, Rel : 0:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi' Query: 0, Rel : 1:'url.cgi' Query: 1, Rel : 0:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi?q=abc%0Adef' Query: 1, Rel : 1:'url.cgi?q=abc%0Adef' Full: 0:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi' Full: 1:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi' Path: 0:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi' Path: 1:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi' Qury: 0:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi' Qury: 1:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi?q=abc%0Adef' Base: 0:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi' Base: 1:'http://haldane.mendelbio.com' Rewr: 0:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi' Rewr: 1:'http://haldane.mendelbio.com/cgi-bin/test/url.cgi' ----- "MARKSTOS via RT" <bug-CGI.pm@rt.cpan.org> wrote: | <URL: https://rt.cpan.org/Ticket/Display.html?id=38484 > | | Don, | | Thanks for the report and the test script. However, from running the | test script, it's difficult to know which outputs you consider | correct | and which ones you consider to be wrong. I've rewritten two details | from | the test in the Test::More style. This makes it clear which results | are | intended to be the correct ones. | | These two tests pass with 3.43. Are there other tests you can write | that | fail your expectationis when run against 3.43? | | #### | | #!/usr/bin/perl -w | use Test::More 'no_plan'; | | $ENV{REQUEST_URI} = '/cgi-bin/url.cgi?q=abc%0Adef'; | | use CGI; | my $Q = CGI->new('q=abc%0Adef'); | | is($Q->url(-absolute=>0,-query=>0), | ,'http://localhost/cgi-bin/url.cgi' | ,'abs=>0, query=>0 == http://localhost/cgi-bin/url.cgi'); | is($Q->url(-absolute=>0,-query=>1), | ,'http://localhost/cgi-bin/url.cgi?q=abc%0Adef' | , 'abs=>1, query=>1 == | http://localhost/cgi-bin/url.cgi?q=abc%0Adef');


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.