Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 60813
Status: resolved
Priority: 0/
Queue: CGI

People
Owner: MARKSTOS [...] cpan.org
Requestors: hanenkamp [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)



Subject: query_string includes POSTDATA when recreating the query string
Download (untitled) / with headers
text/plain 693b
If you receive a POST that is not URL encoded or a multipart form and then call query_string(). It will create a query string containing: POSTDATA=... Weak sauce. It is my opinion that the query_string ought to be generated using url_param() rather than param() or at least a notice be stated in the documentation that query_string() might do strange things on anything other than a GET. The workaround is something like: my @pairs; for my $key ($q->url_param) { my @values = $q->url_param($key); push @pairs, join '=', uri_escape($key), uri_escape($_) for @values; } my $query_string = join ';', @pairs; # or '&' if you prefer Or something similar using URI->new->query_form.
RT-Send-CC: yanick-cpan [...] babyl.dyndns.org
Download (untitled) / with headers
text/plain 1.1k
On Fri Aug 27 16:36:49 2010, HANENKAMP wrote: Show quoted text
> If you receive a POST that is not URL encoded or a multipart form and > then call query_string(). > It will create a query string containing: > > POSTDATA=... > > Weak sauce. > > It is my opinion that the query_string ought to be generated using > url_param() rather than > param() or at least a notice be stated in the documentation that > query_string() might do > strange things on anything other than a GET. > > The workaround is something like: > > my @pairs; > for my $key ($q->url_param) { > my @values = $q->url_param($key); > push @pairs, join '=', uri_escape($key), uri_escape($_) for > @values; > } > my $query_string = join ';', @pairs; # or '&' if you prefer > > Or something similar using URI->new->query_form.
I agree the current behavior seems buggy. POST requests are not intended to redirected, and translating arbitrary input, like file uploads, into a query string is not reasonable. I like the idea of using url_param() as proposed, but it will surely break some applications that translated simple POST requests into a query_string() without running into this bug. Yanick, what do you think?
Download (untitled) / with headers
text/plain 256b
Thanks for the feedback. This is resolved in 3.58 by clarifying the documentation. I'm concerned if we change the code at this point we'd only discover that it breaks more things than it fixes. Subclassing CGI.pm is one alternative for your own use.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.