Skip Menu |

This queue is for tickets about the libwww-perl CPAN distribution.

Report information
The Basics
Id: 5828
Status: resolved
Priority: 0/
Queue: libwww-perl

Owner: Nobody in particular
Requestors: ville.skytta [...]

Bug Information
Severity: Critical
Broken in: 5.76
Fixed in: (no value)


Subject: Wrong request passed to redirect_ok: file scheme allowed
Download (untitled) / with headers
text/plain 384b
In LWP::UserAgent of 5.76, the original request, not the redirect one, gets passed to redirect_ok(). Consequently, for example the "file" scheme check there does not work as expected, and UserAgent happily follows redirects to "file:" URIs. Fix attached, along with a change that makes file: redirects include a Client-Warning header instead of debug-tracing it; this is better IMO.
Index: lib/LWP/ =================================================================== RCS file: /cvsroot/libwww-perl/lwp5/lib/LWP/,v retrieving revision 2.24 diff -a -u -r2.24 --- lib/LWP/ 21 Nov 2003 11:48:13 -0000 2.24 +++ lib/LWP/ 28 Mar 2004 13:02:22 -0000 @@ -334,7 +334,7 @@ $r = $r->previous; } - return $response unless $self->redirect_ok($request, $response); + return $response unless $self->redirect_ok($referral, $response); return $self->request($referral, $arg, $size, $response); } @@ -530,7 +530,8 @@ @{ $self->requests_redirectable || [] }; if ($new_request->url->scheme eq 'file') { - LWP::Debug::trace("Can't redirect to a file:// URL!"); + $response->header("Client-Warning" => + "Can't redirect to a file:// URL!"); return 0; }

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to