reimplement PATH_INFO unescaping

diff --git a/Changes b/Changes
index 67a83ce..397041e 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,5 +1,8 @@
 This file documents the revision history for Perl extension HTTP::Request::AsCGI.
 
+0.9
+    - unescape PATH_INFO more safely
+
 0.8 2009-04-27
     - revert PATH_INFO change, Catalyst tests were failing
 

diff --git a/lib/HTTP/Request/AsCGI.pm b/lib/HTTP/Request/AsCGI.pm
index ff9849a..841f033 100644 (file)
--- a/lib/HTTP/Request/AsCGI.pm
+++ b/lib/HTTP/Request/AsCGI.pm
@@ -9,6 +9,7 @@ use Carp;
 use HTTP::Response;
 use IO::Handle;
 use IO::File;
+use URI ();
 use URI::Escape ();
 
 __PACKAGE__->mk_accessors(qw[ environment request stdin stdout stderr ]);
@@ -24,6 +25,13 @@ __PACKAGE__->mk_accessors(qw[ environment request stdin stdout stderr ]);
 
 *enviroment = \&environment;
 
+my %reserved = map { sprintf('%02x', ord($_)) => 1 } split //, $URI::reserved;
+sub _uri_safe_unescape {
+    my ($s) = @_;
+    $s =~ s/%([a-fA-F0-9]{2})/$reserved{lc($1)} ? "%$1" : chr(hex($1))/ge;
+    $s;
+}
+
 sub new {
     my $class   = shift;
     my $request = shift;
@@ -50,8 +58,7 @@ sub new {
         GATEWAY_INTERFACE => 'CGI/1.1',
         HTTP_HOST         => $uri->host_port,
         HTTPS             => ( $uri->scheme eq 'https' ) ? 'ON' : 'OFF',  # not in RFC 3875
-#        PATH_INFO         => URI::Escape::uri_unescape($uri->path),
-        PATH_INFO         => $uri->path,
+        PATH_INFO         => _uri_safe_unescape($uri->path),
         QUERY_STRING      => $uri->query || '',
         SCRIPT_NAME       => '/',
         SERVER_NAME       => $uri->host,

diff --git a/t/02unescape.t b/t/02unescape.t
new file mode 100644 (file)
index 0000000..a1d1d21
--- /dev/null
+++ b/t/02unescape.t
@@ -0,0 +1,10 @@
+use strict;
+use warnings;
+use HTTP::Request::AsCGI;
+use Test::More tests => 1;
+
+is(
+  HTTP::Request::AsCGI::_uri_safe_unescape('%2Fhello%20there'),
+  '%2Fhello there',
+  'do not unescape reserved characters',
+);

diff --git a/t/05env.t b/t/05env.t
index 34cc0be..19e8df4 100644 (file)
--- a/t/05env.t
+++ b/t/05env.t
@@ -8,7 +8,7 @@ use warnings;
 use HTTP::Request;
 use HTTP::Request::AsCGI;
 
-my $r = HTTP::Request->new( GET => 'http://www.host.com/cgi-bin/script.cgi/my%20path/?a=1&b=2', [ 'X-Test' => 'Test' ] );
+my $r = HTTP::Request->new( GET => 'http://www.host.com/cgi-bin/script.cgi/my%20path%2F?a=1&b=2', [ 'X-Test' => 'Test' ] );
 my %e = ( SCRIPT_NAME => '/cgi-bin/script.cgi' );
 my $c = HTTP::Request::AsCGI->new( $r, %e );
 $c->stdout(undef);
@@ -18,10 +18,7 @@ $c->setup;
 is( $ENV{GATEWAY_INTERFACE}, 'CGI/1.1', 'GATEWAY_INTERFACE' );
 is( $ENV{HTTP_HOST}, 'www.host.com:80', 'HTTP_HOST' );
 is( $ENV{HTTP_X_TEST}, 'Test', 'HTTP_X_TEST' );
-TODO: {
-    local $TODO = 'backed out as it breaks Catalyst';
-    is( $ENV{PATH_INFO}, '/my path/', 'PATH_INFO' );
-}
+is( $ENV{PATH_INFO}, '/my path%2F', 'PATH_INFO' );
 is( $ENV{QUERY_STRING}, 'a=1&b=2', 'QUERY_STRING' );
 is( $ENV{SCRIPT_NAME}, '/cgi-bin/script.cgi', 'SCRIPT_NAME' );
 is( $ENV{REQUEST_METHOD}, 'GET', 'REQUEST_METHOD' );