[catagits/Catalyst-Runtime.git] / t / aggregate / live_engine_request_escaped_path.t

\feff#!perl

use strict;
use warnings;

use FindBin;
use lib "$FindBin::Bin/../lib";

use Test::More tests => 6;
use TestApp;
use HTTP::Request::AsCGI;

=pod

This test exposes a problem in the handling of PATH_INFO in C::Engine::CGI (and
other engines) where Catalyst does not un-escape the request correctly.
If a request is URL-encoded then Catalyst fails to decode the request 
and thus will try and match actions using the URL-encoded value.

Can NOT use Catalyst::Test as it uses HTTP::Request::AsCGI which does
correctly unescape the path (by calling $uri = $uri->canonical).

This will fix the problem for the CGI engine, but is probably the
wrong place.  And also does not fix $uri->base, either.

Plus, the same issue is in Engine::Apache* and other engines.

Index: lib/Catalyst/Engine/CGI.pm
===================================================================
--- lib/Catalyst/Engine/CGI.pm  (revision 7821)
+++ lib/Catalyst/Engine/CGI.pm  (working copy)
@@ -157,6 +157,8 @@
     my $query = $ENV{QUERY_STRING} ? '?' . $ENV{QUERY_STRING} : '';
     my $uri   = $scheme . '://' . $host . '/' . $path . $query;
 
+    $uri = URI->new( $uri )->canonical;
+
     $c->request->uri( bless \$uri, $uri_class );
 
     # set the base URI

=cut

# test that un-escaped can be feteched.
{

    my $request = Catalyst::Utils::request( 'http://localhost/args/params/one/two' );
    my $cgi     = HTTP::Request::AsCGI->new( $request, %ENV )->setup;

    TestApp->handle_request;

    ok( my $response = $cgi->restore->response );
    ok( $response->is_success, 'Response Successful 2xx' );
    is( $response->content, 'onetwo' );
}

# test that request with URL-escaped code works.
TODO: {
    local $TODO = 'Actions should match when path parts are url encoded';
    my $request = Catalyst::Utils::request( 'http://localhost/args/param%73/one/two' );
    my $cgi     = HTTP::Request::AsCGI->new( $request, %ENV )->setup;

    # Reset PATH_INFO because AsCGI calls $uri = $uri->canonical which
    # will unencode the path and hide the problem from the test.
    $ENV{PATH_INFO} = '/args/param%73/one/two';


    TestApp->handle_request;

    ok( my $response = $cgi->restore->response );
    ok( $response->is_success, 'Response Successful 2xx' );
    is( $response->content, 'onetwo' );
}
Commit	Line	Data
7665bd7e	1	\feff#!perl
	2
	3	use strict;
	4	use warnings;
	5
	6	use FindBin;
	7	use lib "$FindBin::Bin/../lib";
	8
	9	use Test::More tests => 6;
	10	use TestApp;
	11	use HTTP::Request::AsCGI;
	12
	13	=pod
	14
	15	This test exposes a problem in the handling of PATH_INFO in C::Engine::CGI (and
	16	other engines) where Catalyst does not un-escape the request correctly.
	17	If a request is URL-encoded then Catalyst fails to decode the request
	18	and thus will try and match actions using the URL-encoded value.
	19
	20	Can NOT use Catalyst::Test as it uses HTTP::Request::AsCGI which does
	21	correctly unescape the path (by calling $uri = $uri->canonical).
	22
	23	This will fix the problem for the CGI engine, but is probably the
	24	wrong place. And also does not fix $uri->base, either.
	25
	26	Plus, the same issue is in Engine::Apache* and other engines.
	27
	28	Index: lib/Catalyst/Engine/CGI.pm
	29	===================================================================
	30	--- lib/Catalyst/Engine/CGI.pm (revision 7821)
	31	+++ lib/Catalyst/Engine/CGI.pm (working copy)
	32	@@ -157,6 +157,8 @@
	33	my $query = $ENV{QUERY_STRING} ? '?' . $ENV{QUERY_STRING} : '';
	34	my $uri = $scheme . '://' . $host . '/' . $path . $query;
	35
	36	+ $uri = URI->new( $uri )->canonical;
	37	+
	38	$c->request->uri( bless \$uri, $uri_class );
	39
	40	# set the base URI
	41
	42	=cut
	43
	44	# test that un-escaped can be feteched.
	45	{
	46
	47	my $request = Catalyst::Utils::request( 'http://localhost/args/params/one/two' );
	48	my $cgi = HTTP::Request::AsCGI->new( $request, %ENV )->setup;
	49
	50	TestApp->handle_request;
	51
	52	ok( my $response = $cgi->restore->response );
	53	ok( $response->is_success, 'Response Successful 2xx' );
	54	is( $response->content, 'onetwo' );
	55	}
	56
	57	# test that request with URL-escaped code works.
	58	TODO: {
	59	local $TODO = 'Actions should match when path parts are url encoded';
	60	my $request = Catalyst::Utils::request( 'http://localhost/args/param%73/one/two' );
	61	my $cgi = HTTP::Request::AsCGI->new( $request, %ENV )->setup;
	62
	63	# Reset PATH_INFO because AsCGI calls $uri = $uri->canonical which
	64	# will unencode the path and hide the problem from the test.
65	$ENV{PATH_INFO} = '/args/param%73/one/two';
66
67
68	TestApp->handle_request;
69
70	ok( my $response = $cgi->restore->response );
71	ok( $response->is_success, 'Response Successful 2xx' );
72	is( $response->content, 'onetwo' );
73	}
74