From: John Napiorkowski <jjn1056@yahoo.com>
Date: Mon, 18 Jul 2016 21:57:48 +0000 (-0500)
Subject: query not checks unicode like post and args
X-Git-Tag: 5.90110~2
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Runtime.git;a=commitdiff_plain;h=103f2d968b5a1a732c19c39ae03cdd9a44a96a4b;hp=33d3ae66457093bf400181b1a8145460257fc563

query not checks unicode like post and args
---

diff --git a/Changes b/Changes
index 82a2c53..2732ae1 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,18 @@
 # This file documents the revision history for Perl extension Catalyst.
 
+TBD
+  - Better catching of HTTP style exceptions so that you can reliable use one to
+    override many core method.
+  - Documention on better ways to catch and handle Unicode errors
+  - We now check the unicode in your URL request queries and raise an error if the
+    check fails.  This was done to be consistent with what we do in other parts of
+    the code (such as in args, or POSTed parameters).  If this breaks your code in
+    ways you don't want to fix, you may disable this using the global configuration
+    setting, "do_not_check_query_encoding".
+  - Removed configuration setting, "decode_query_using_global_encoding" since it no
+    longer does anything useful.  Query decoding follows from whatever you set the
+    global encoding to, unless you specify an alternative or to not decode.
+
 5.90106 - 2016-07-05
   - Fixed regression in debug screen rendering of the private names in chained
     actions caused by commit 5dd46e24eedec447bdfbc4061ed683b5a17a7b0c.
diff --git a/lib/Catalyst.pm b/lib/Catalyst.pm
index b085a6c..24674b9 100644
--- a/lib/Catalyst.pm
+++ b/lib/Catalyst.pm
@@ -3637,13 +3637,14 @@ sub _handle_unicode_decoding {
 }
 
 sub _handle_param_unicode_decoding {
-    my ( $self, $value ) = @_;
+    my ( $self, $value, $check ) = @_;
     return unless defined $value; # not in love with just ignoring undefs - jnap
     return $value if blessed($value); #don't decode when the value is an object.
 
     my $enc = $self->encoding;
+    $check ||= $self->_encode_check;
     return try {
-      $enc->decode( $value, $self->_encode_check );
+      $enc->decode( $value, $check);
     }
     catch {
         $self->handle_unicode_encoding_exception({
@@ -4347,8 +4348,16 @@ evil clients, this might cause you trouble.  If you find the changes introduced
 in Catalyst version 5.90080+ break some of your query code, you may disable 
 the UTF-8 decoding globally using this configuration.
 
-This setting takes precedence over C<default_query_encoding> and
-C<decode_query_using_global_encoding>
+This setting takes precedence over C<default_query_encoding>
+
+=item *
+
+C<do_not_check_query_encoding>
+
+Catalyst versions 5.90080 - 5.90106 would decode query parts of an incoming
+request but would not raise an exception when the decoding failed due to
+incorrect unicode.  It now does, but if this change is giving you trouble
+you may disable it by setting this configuration to true.
 
 =item *
 
@@ -4359,15 +4368,6 @@ is our reading of the relevant specifications.  This setting allows one to
 specify a fixed value for how to decode your query.  You might need this if
 you are doing a lot of custom encoding of your URLs and not using UTF-8.
 
-This setting take precedence over C<decode_query_using_global_encoding>.
-
-=item *
-
-C<decode_query_using_global_encoding>
-
-Setting this to true will default your query decoding to whatever your
-general global encoding is (the default is UTF-8).
-
 =item *
 
 C<use_chained_args_0_special_case>
diff --git a/lib/Catalyst/Engine.pm b/lib/Catalyst/Engine.pm
index fdd3df9..150c269 100644
--- a/lib/Catalyst/Engine.pm
+++ b/lib/Catalyst/Engine.pm
@@ -574,15 +574,18 @@ sub prepare_query_parameters {
     my ($self, $c) = @_;
     my $env = $c->request->env;
     my $do_not_decode_query = $c->config->{do_not_decode_query};
-    my $default_query_encoding = $c->config->{default_query_encoding} || 
-      ($c->config->{decode_query_using_global_encoding} ?
-        $c->encoding : 'UTF-8');
 
+    my $old_encoding;
+    if(my $new = $c->config->{default_query_encoding}) {
+      $old_encoding = $c->encoding;
+      $c->encoding($new);
+    }
+
+    my $check = $c->config->{do_not_check_query_encoding} ? undef :$c->_encode_check;
     my $decoder = sub {
       my $str = shift;
       return $str if $do_not_decode_query;
-      return $str unless $default_query_encoding;
-      return decode( $default_query_encoding, $str);
+      return $c->_handle_param_unicode_decoding($str, $check);
     };
 
     my $query_string = exists $env->{QUERY_STRING}
@@ -606,6 +609,7 @@ sub prepare_query_parameters {
         split /[&;]+/, $query_string
     );
 
+    $c->encoding($old_encoding) if $old_encoding;
     $c->request->query_parameters( $c->request->_use_hash_multivalue ? $p : $p->mixed );
 }