Fix URI bug masked by HTTP::Request::AsCGI

[catagits/Catalyst-Runtime.git] / lib / Catalyst / Engine / CGI.pm

diff --git a/lib/Catalyst/Engine/CGI.pm b/lib/Catalyst/Engine/CGI.pm
index 4c20c62..c57c8a5 100644 (file)
--- a/lib/Catalyst/Engine/CGI.pm
+++ b/lib/Catalyst/Engine/CGI.pm
@@ -108,6 +108,8 @@ sub prepare_headers {
 
 =cut
 
+# Please don't touch this method without adding tests in
+# t/aggregate/unit_core_engine_cgi-prepare_path.t
 sub prepare_path {
     my ( $self, $c ) = @_;
     local (*ENV) = $self->env || \%ENV;
@@ -115,13 +117,16 @@ sub prepare_path {
     my $scheme = $c->request->secure ? 'https' : 'http';
     my $host      = $ENV{HTTP_HOST}   || $ENV{SERVER_NAME};
     my $port      = $ENV{SERVER_PORT} || 80;
+    my $script_name = $ENV{SCRIPT_NAME};
+    $script_name =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go if $script_name;
+
     my $base_path;
     if ( exists $ENV{REDIRECT_URL} ) {
         $base_path = $ENV{REDIRECT_URL};
         $base_path =~ s/$ENV{PATH_INFO}$//;
     }
     else {
-        $base_path = $ENV{SCRIPT_NAME} || '/';
+        $base_path = $script_name || '/';
     }
 
     # If we are running as a backend proxy, get the true hostname
@@ -143,8 +148,34 @@ sub prepare_path {
         }
     }
 
+    # RFC 3875: "Unlike a URI path, the PATH_INFO is not URL-encoded,
+    # and cannot contain path-segment parameters." This means PATH_INFO
+    # is always decoded, and the script can't distinguish / vs %2F.
+    # See https://issues.apache.org/bugzilla/show_bug.cgi?id=35256
+    # Here we try to resurrect the original encoded URI from REQUEST_URI.
+    my $path_info   = $ENV{PATH_INFO};
+    if (my $req_uri = $ENV{REQUEST_URI}) {
+        $req_uri =~ s/^\Q$base_path\E//;
+        $req_uri =~ s/\?.*$//;
+        if ($req_uri) {
+            # Note that if REQUEST_URI doesn't start with a /, then the user
+            # is probably using mod_rewrite or something to rewrite requests
+            # into a sub-path of their application..
+            # This means that REQUEST_URI needs information from PATH_INFO
+            # prepending to it to be useful, otherwise the sub path which is
+            # being redirected to becomes the app base address which is
+            # incorrect.
+            if (substr($req_uri, 0, 1) ne '/') {
+                my ($match) = $req_uri =~ m|^([^/]+)|;
+                my ($path_info_part) = $path_info =~ m|^(.*?\Q$match\E)|;
+                substr($req_uri, 0, length($match), $path_info_part);
+            }
+            $path_info = $req_uri;
+        }
+    }
+
     # set the request URI
-    my $path = $base_path . ( $ENV{PATH_INFO} || '' );
+    my $path = $base_path . ( $path_info || '' );
     $path =~ s{^/+}{};
 
     # Using URI directly is way too slow, so we construct the URLs manually
@@ -164,7 +195,7 @@ sub prepare_path {
     my $query = $ENV{QUERY_STRING} ? '?' . $ENV{QUERY_STRING} : '';
     my $uri   = $scheme . '://' . $host . '/' . $path . $query;
 
-    $c->request->uri( bless \$uri, $uri_class );
+    $c->request->uri( bless(\$uri, $uri_class)->canonical );
 
     # set the base URI
     # base must end in a slash
@@ -172,7 +203,7 @@ sub prepare_path {
 
     my $base_uri = $scheme . '://' . $host . $base_path;
 
-    $c->request->base( bless \$base_uri, $uri_class );
+    $c->request->base( bless(\$base_uri, $uri_class)->canonical );
 }
 
 =head2 $self->prepare_query_parameters($c)