Skip Menu |
 

This queue is for tickets about the URI CPAN distribution.

Report information
The Basics
Id: 4909
Status: open
Priority: 0/
Queue: URI

People
Owner: Nobody in particular
Requestors: roal [...] anet.at
Cc: Sergiy.Borodych [...] gmail.com
AdminCc:

Bug Information
Severity: Normal
Broken in:
  • 1.18
  • 1.19
Fixed in: (no value)

Attachments


Subject: correctly resolve 'subdir/../index.html' to 'index.html'
Download (untitled) / with headers
text/plain 1.6k
Hi, you can test the bug by executing the test script given below: perl URI.pl gives Test with URI 1.29 on MSWin32 with Perl 5.8.2 Base: http://www.someDomain.tld/subdir/ URL: NotHere/../index.html -> http://www.somedomain.tld/subdir/index.html URL: http://www.someDomain.tld/subdir/NotHere/../index.html -> http://www.somedomain.tld/subdir/NotHere/../index.html with the original URI 1.2(?:8|9) and Test with URI 1.29 on MSWin32 with Perl 5.8.2 Base: http://www.someDomain.tld/subdir/ URL: NotHere/../index.html -> http://www.somedomain.tld/subdir/index.html URL: http://www.someDomain.tld/subdir/NotHere/../index.html -> http://www.somedomain.tld/subdir/index.html after applying my patch. The patch can be applied by patch -b _generic.pm _generic.patch The patched URI/_generic.pm does exactly behave as before *unless* $URI::ABS_REMOTE_LEADING_DOTS is set to true, to stay compatible with the previous behaviour. best, rob. ########## test script URI.pl begin ########## $^W = 1; use strict; require URI; my $base = "http://www.someDomain.tld/subdir/"; my $url; printf "Test with URI " . URI -> VERSION . " on $^O with Perl %vd\n", $^V; print "Base: $base\n\n"; &fullurl("NotHere/../index.html"); &fullurl("http://www.someDomain.tld/subdir/NotHere/../index.html"); exit 0; sub fullurl { my $url = shift; my $uri = URI -> new($url, $base); local $URI::ABS_REMOTE_LEADING_DOTS = 1; # required for the patched abs method in URI/_generic.pm # to clean URLs like "dir/../index.html" if the URL is absolute print "URL: $url\n -> ", $uri -> abs($base) -> canonical, "\n\n"; } ########## test script end ##########
Download _generic.patch
text/x-diff 1.1k
124a125,127 > # modifications by roal to allow URLs like "dir/../index.html" to be cleaned *also if the base is absolute* > # are marked with "ABS_REMOTE_DOTS" > # ABS_REMOTE_LEADING_DOTS must be set to true to apply that 130c133,135 < return $self unless $URI::ABS_ALLOW_RELATIVE_SCHEME; --- > # ABS_REMOTE_DOTS > # return $self unless $URI::ABS_ALLOW_RELATIVE_SCHEME; > return $self unless ($URI::ABS_ALLOW_RELATIVE_SCHEME || $URI::ABS_REMOTE_LEADING_DOTS); 138c143,148 < return $abs if $$self =~ m,^(?:$URI::scheme_re:)?//,o; --- > # ABS_REMOTE_DOTS > # return $abs if $$self =~ m,^(?:$URI::scheme_re:)?//,o; > if ($$self =~ m,^(?:$URI::scheme_re:)?//,o) { > return $abs unless ($URI::ABS_REMOTE_LEADING_DOTS && lc($self->host_port) eq lc($base->host_port)); > } > 142c152,154 < return $abs if $path =~ m,^/,; --- > # ABS_REMOTE_DOTS > # return $abs if $path =~ m,^/,; > return $abs if ($path =~ m,^/, && !$URI::ABS_REMOTE_LEADING_DOTS); 154c166,170 < $p .= $path; --- > > # ABS_REMOTE_DOTS > # $p .= $path; > $p = $path =~ m,^/, ? $path : $p . $path; >
From: daniel.frett [...] ccci.org
Download (untitled) / with headers
text/plain 326b
are there any plans to fix this problem with correctly resolving/removing ../ inside URI's, here is another example where the .. in the middle of the URI is not correctly removed. URI->new_abs('/test/../a', 'http://localhost'); which yields the URI: http://localhost/test/../a instead of the URI: http://localhost/a -Daniel
A also clash this problem :( Please fix it. -- Sergiy Borodych


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.