Skip Menu |
 

This queue is for tickets about the CGI-Simple CPAN distribution.

Report information
The Basics
Id: 41339
Status: resolved
Priority: 0/
Queue: CGI-Simple

People
Owner: Nobody in particular
Requestors: m-uchino [...] yetipapa.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: CGI-Simple unescapeHTML
Date: Mon, 1 Dec 2008 19:29:50 +0900
To: <bug-Cgi-Simple [...] rt.cpan.org>
From: "uchino" <m-uchino [...] yetipapa.com>
Download (untitled) / with headers
text/plain 445b
Sorry, my English is poor. I hope that unescapeHTML does not edit 'not escaped text'. ex. my $text = 'http://xxx.yyy.com/foo.cgi?aaa&bbb&ccc/111/222/333/xxx;yyy;zzz;'; # Yes, this is strange URL, but I found it. $text = unescapeHTML($text); resalt: http://xxx.yyy.com/foo.cgi?aaabbb&ccc/111/222/333/xxxyyy;zzz; unescapeHTML mistakes '&bbb&ccc/111/222/333/xxx;' for escaped text. I think line 154 in Util.pm $_ ----------> "&$_;" M-Uchino
Subject: PATCH: CGI-Simple unescapeHTML (fix)
Download (untitled) / with headers
text/plain 269b
I have confirmed this bug with a new automated test, and have also prepared a patch to fix it. The "fall-through" option for unescapeHTML was failing to "put things back how it found them" when no match was found. CGI.pm 3.42 still has the same bug as well. Mark
Download unescapeHTML.patch
text/x-diff 1.9k
Sat Dec 6 10:20:34 EST 2008 Mark Stosberg <mark@summersault.com> * Fixed bug when calling unescapeHTML on HTML that wasn't properly escaped in the first place. diff -rN -u old-CGI-Simple-1.106/Changes new-CGI-Simple-1.106/Changes --- old-CGI-Simple-1.106/Changes 2008-12-06 10:21:52.000000000 -0500 +++ new-CGI-Simple-1.106/Changes 2008-12-06 10:21:52.000000000 -0500 @@ -136,4 +136,7 @@ to RSAVAGE. - Applied BEROV's patch for UTF-8 form data handling. Refs #12481. Thanks to BEROV. +1.107 2008-12-06 + - Fixed bug when calling unescapeHTML on HTML that wasn't properly escaped in the first place. + Thanks to M-Uchino and Mark Stosberg. diff -rN -u old-CGI-Simple-1.106/lib/CGI/Simple/Util.pm new-CGI-Simple-1.106/lib/CGI/Simple/Util.pm --- old-CGI-Simple-1.106/lib/CGI/Simple/Util.pm 2008-12-06 10:21:52.000000000 -0500 +++ new-CGI-Simple-1.106/lib/CGI/Simple/Util.pm 2008-12-06 10:21:52.000000000 -0500 @@ -152,7 +152,7 @@ /^#(\d+)$/ && $ebcdic ? chr($UTIL->{'a2e'}->[$1]) : /^#x([0-9a-f]+)$/i && $latin ? chr(hex($1)) : /^#x([0-9a-f]+)$/i && $ebcdic ? chr($UTIL->{'a2e'}->[hex $1]) : - $_ + "\&$_;" }gex; return $unescape; } diff -rN -u old-CGI-Simple-1.106/t/050.simple.t new-CGI-Simple-1.106/t/050.simple.t --- old-CGI-Simple-1.106/t/050.simple.t 2008-12-06 10:21:52.000000000 -0500 +++ new-CGI-Simple-1.106/t/050.simple.t 2008-12-06 10:21:52.000000000 -0500 @@ -1,4 +1,4 @@ -use Test::More tests => 331; +use Test::More tests => 332; use Carp; use strict; use warnings; @@ -756,6 +756,8 @@ $sv = $q->unescapeHTML( "&lt;&gt;&amp;&quot;&#10;&#13;&lt;&gt;&amp;&quot;&#10;&#13;" ); is( $sv, "<>&\"\012\015<>&\"\012\015", 'unescapeHTML(), 2' ); +$sv = $q->unescapeHTML('Jack & Jill went up the hill; to get a pail of water'); +is( $sv, 'Jack & Jill went up the hill; to get a pail of water', 'unescapeHTML(), 3 ' ); # put() is( $q->put( '' ), 1, 'put(), 1' );
Patch applied as r4448. Thanks both!


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.