This file documents the revision history for Perl extension HTTP::Request::AsCGI.
+ - Change how PATH_INFO is decoded so that everything is decoded, including
+ URI reserved characters (RT#50082)
+
0.9 2009-04-27
- unescape PATH_INFO more safely
@_
};
- $environment->{PATH_INFO} = _uri_safe_unescape($environment->{PATH_INFO});
+ # RFC 3875 says PATH_INFO is not URI-encoded. That's really
+ # annoying for applications that you can't tell "%2F" vs "/", but
+ # doing the partial decoding then makes it impossible to tell
+ # "%252F" vs "%2F". Encoding everything is more compatible to what
+ # web servers like Apache or lighttpd do, anyways.
+ $environment->{PATH_INFO} = URI::Escape::uri_unescape($environment->{PATH_INFO});
foreach my $field ( $request->headers->header_field_names ) {
is( $ENV{GATEWAY_INTERFACE}, 'CGI/1.1', 'GATEWAY_INTERFACE' );
is( $ENV{HTTP_HOST}, 'www.host.com:80', 'HTTP_HOST' );
is( $ENV{HTTP_X_TEST}, 'Test', 'HTTP_X_TEST' );
-is( decode('UTF-8', $ENV{PATH_INFO}), '/foo%2FБЯ陰茎', 'PATH_INFO');
+is( decode('UTF-8', $ENV{PATH_INFO}), '/foo/БЯ陰茎', 'PATH_INFO');
is( $ENV{QUERY_STRING}, 'a=1&b=2', 'QUERY_STRING' );
is( $ENV{SCRIPT_NAME}, '/cgi-bin/script.cgi', 'SCRIPT_NAME' );
is( $ENV{REQUEST_METHOD}, 'GET', 'REQUEST_METHOD' );