From: Tomas Doran Date: Mon, 30 Nov 2009 20:37:19 +0000 (+0000) Subject: Add the HTTP::Request::AsCGI part of RT#50082 X-Git-Tag: v1.0~1 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FHTTP-Request-AsCGI.git;a=commitdiff_plain;h=4d6b96d820ea954bcc2f6cad0908a3303e635c17 Add the HTTP::Request::AsCGI part of RT#50082 --- diff --git a/Changes b/Changes index af03670..5ede19a 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,8 @@ This file documents the revision history for Perl extension HTTP::Request::AsCGI. + - Change how PATH_INFO is decoded so that everything is decoded, including + URI reserved characters (RT#50082) + 0.9 2009-04-27 - unescape PATH_INFO more safely diff --git a/lib/HTTP/Request/AsCGI.pm b/lib/HTTP/Request/AsCGI.pm index d150794..f2ddbff 100644 --- a/lib/HTTP/Request/AsCGI.pm +++ b/lib/HTTP/Request/AsCGI.pm @@ -75,7 +75,12 @@ sub new { @_ }; - $environment->{PATH_INFO} = _uri_safe_unescape($environment->{PATH_INFO}); + # RFC 3875 says PATH_INFO is not URI-encoded. That's really + # annoying for applications that you can't tell "%2F" vs "/", but + # doing the partial decoding then makes it impossible to tell + # "%252F" vs "%2F". Encoding everything is more compatible to what + # web servers like Apache or lighttpd do, anyways. + $environment->{PATH_INFO} = URI::Escape::uri_unescape($environment->{PATH_INFO}); foreach my $field ( $request->headers->header_field_names ) { diff --git a/t/05env.t b/t/05env.t index 1e9d666..6a47321 100644 --- a/t/05env.t +++ b/t/05env.t @@ -24,7 +24,7 @@ $c->setup; is( $ENV{GATEWAY_INTERFACE}, 'CGI/1.1', 'GATEWAY_INTERFACE' ); is( $ENV{HTTP_HOST}, 'www.host.com:80', 'HTTP_HOST' ); is( $ENV{HTTP_X_TEST}, 'Test', 'HTTP_X_TEST' ); -is( decode('UTF-8', $ENV{PATH_INFO}), '/foo%2FБЯ陰茎', 'PATH_INFO'); +is( decode('UTF-8', $ENV{PATH_INFO}), '/foo/БЯ陰茎', 'PATH_INFO'); is( $ENV{QUERY_STRING}, 'a=1&b=2', 'QUERY_STRING' ); is( $ENV{SCRIPT_NAME}, '/cgi-bin/script.cgi', 'SCRIPT_NAME' ); is( $ENV{REQUEST_METHOD}, 'GET', 'REQUEST_METHOD' );