X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FEngine%2FCGI.pm;h=8fa1fca72f0b51ede9a287d09972621b124b9e81;hb=5a7d7e5ca9ae30bef341cb8de22840f5491d6b9e;hp=ef8aa2a59e355342110452f0a8fea5b48a6bd697;hpb=64d1c3cd4b64ae7018ec3b555cc1a97b589a83ca;p=catagits%2FCatalyst-Runtime.git

diff --git a/lib/Catalyst/Engine/CGI.pm b/lib/Catalyst/Engine/CGI.pm
index ef8aa2a..8fa1fca 100644
--- a/lib/Catalyst/Engine/CGI.pm
+++ b/lib/Catalyst/Engine/CGI.pm
@@ -57,9 +57,9 @@ sub prepare_connection {
 
   PROXY_CHECK:
     {
-        unless ( $c->config->{using_frontend_proxy} ) {
+        unless ( ref($c)->config->{using_frontend_proxy} ) {
             last PROXY_CHECK if $ENV{REMOTE_ADDR} ne '127.0.0.1';
-            last PROXY_CHECK if $c->config->{ignore_frontend_proxy};
+            last PROXY_CHECK if ref($c)->config->{ignore_frontend_proxy};
         }
         last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_FOR};
 
@@ -85,6 +85,7 @@ sub prepare_connection {
     if ( $ENV{SERVER_PORT} == 443 ) {
         $request->secure(1);
     }
+    binmode(STDOUT); # Ensure we are sending bytes.
 }
 
 =head2 $self->prepare_headers($c)
@@ -114,21 +115,24 @@ sub prepare_path {
     my $scheme = $c->request->secure ? 'https' : 'http';
     my $host      = $ENV{HTTP_HOST}   || $ENV{SERVER_NAME};
     my $port      = $ENV{SERVER_PORT} || 80;
+    my $script_name = $ENV{SCRIPT_NAME};
+    $script_name =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go if $script_name;
+
     my $base_path;
     if ( exists $ENV{REDIRECT_URL} ) {
         $base_path = $ENV{REDIRECT_URL};
         $base_path =~ s/$ENV{PATH_INFO}$//;
     }
     else {
-        $base_path = $ENV{SCRIPT_NAME} || '/';
+        $base_path = $script_name || '/';
     }
 
     # If we are running as a backend proxy, get the true hostname
   PROXY_CHECK:
     {
-        unless ( $c->config->{using_frontend_proxy} ) {
+        unless ( ref($c)->config->{using_frontend_proxy} ) {
             last PROXY_CHECK if $host !~ /localhost|127.0.0.1/;
-            last PROXY_CHECK if $c->config->{ignore_frontend_proxy};
+            last PROXY_CHECK if ref($c)->config->{ignore_frontend_proxy};
         }
         last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_HOST};
 
@@ -142,8 +146,22 @@ sub prepare_path {
         }
     }
 
+    # RFC 3875: "Unlike a URI path, the PATH_INFO is not URL-encoded,
+    # and cannot contain path-segment parameters." This means PATH_INFO
+    # is always decoded, and the script can't distinguish / vs %2F.
+    # See https://issues.apache.org/bugzilla/show_bug.cgi?id=35256
+    # Here we try to resurrect the original encoded URI from REQUEST_URI.
+    my $path_info   = $ENV{PATH_INFO};
+    if (my $req_uri = $ENV{REQUEST_URI}) {
+        if (defined $script_name) {
+            $req_uri =~ s/^\Q$script_name\E//;
+        }
+        $req_uri =~ s/\?.*$//;
+        $path_info = $req_uri if $req_uri;
+    }
+
     # set the request URI
-    my $path = $base_path . ( $ENV{PATH_INFO} || '' );
+    my $path = $base_path . ( $path_info || '' );
     $path =~ s{^/+}{};
 
     # Using URI directly is way too slow, so we construct the URLs manually