From: Hans Dieter Pearcey Date: Mon, 27 Apr 2009 17:21:52 +0000 (+0000) Subject: reimplement PATH_INFO unescaping X-Git-Tag: v1.0~4 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FHTTP-Request-AsCGI.git;a=commitdiff_plain;h=bb6e4a92f9df67eabc629bfc0669c7d4506e96fb reimplement PATH_INFO unescaping --- diff --git a/Changes b/Changes index 67a83ce..397041e 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,8 @@ This file documents the revision history for Perl extension HTTP::Request::AsCGI. +0.9 + - unescape PATH_INFO more safely + 0.8 2009-04-27 - revert PATH_INFO change, Catalyst tests were failing diff --git a/lib/HTTP/Request/AsCGI.pm b/lib/HTTP/Request/AsCGI.pm index ff9849a..841f033 100644 --- a/lib/HTTP/Request/AsCGI.pm +++ b/lib/HTTP/Request/AsCGI.pm @@ -9,6 +9,7 @@ use Carp; use HTTP::Response; use IO::Handle; use IO::File; +use URI (); use URI::Escape (); __PACKAGE__->mk_accessors(qw[ environment request stdin stdout stderr ]); @@ -24,6 +25,13 @@ __PACKAGE__->mk_accessors(qw[ environment request stdin stdout stderr ]); *enviroment = \&environment; +my %reserved = map { sprintf('%02x', ord($_)) => 1 } split //, $URI::reserved; +sub _uri_safe_unescape { + my ($s) = @_; + $s =~ s/%([a-fA-F0-9]{2})/$reserved{lc($1)} ? "%$1" : chr(hex($1))/ge; + $s; +} + sub new { my $class = shift; my $request = shift; @@ -50,8 +58,7 @@ sub new { GATEWAY_INTERFACE => 'CGI/1.1', HTTP_HOST => $uri->host_port, HTTPS => ( $uri->scheme eq 'https' ) ? 'ON' : 'OFF', # not in RFC 3875 -# PATH_INFO => URI::Escape::uri_unescape($uri->path), - PATH_INFO => $uri->path, + PATH_INFO => _uri_safe_unescape($uri->path), QUERY_STRING => $uri->query || '', SCRIPT_NAME => '/', SERVER_NAME => $uri->host, diff --git a/t/02unescape.t b/t/02unescape.t new file mode 100644 index 0000000..a1d1d21 --- /dev/null +++ b/t/02unescape.t @@ -0,0 +1,10 @@ +use strict; +use warnings; +use HTTP::Request::AsCGI; +use Test::More tests => 1; + +is( + HTTP::Request::AsCGI::_uri_safe_unescape('%2Fhello%20there'), + '%2Fhello there', + 'do not unescape reserved characters', +); diff --git a/t/05env.t b/t/05env.t index 34cc0be..19e8df4 100644 --- a/t/05env.t +++ b/t/05env.t @@ -8,7 +8,7 @@ use warnings; use HTTP::Request; use HTTP::Request::AsCGI; -my $r = HTTP::Request->new( GET => 'http://www.host.com/cgi-bin/script.cgi/my%20path/?a=1&b=2', [ 'X-Test' => 'Test' ] ); +my $r = HTTP::Request->new( GET => 'http://www.host.com/cgi-bin/script.cgi/my%20path%2F?a=1&b=2', [ 'X-Test' => 'Test' ] ); my %e = ( SCRIPT_NAME => '/cgi-bin/script.cgi' ); my $c = HTTP::Request::AsCGI->new( $r, %e ); $c->stdout(undef); @@ -18,10 +18,7 @@ $c->setup; is( $ENV{GATEWAY_INTERFACE}, 'CGI/1.1', 'GATEWAY_INTERFACE' ); is( $ENV{HTTP_HOST}, 'www.host.com:80', 'HTTP_HOST' ); is( $ENV{HTTP_X_TEST}, 'Test', 'HTTP_X_TEST' ); -TODO: { - local $TODO = 'backed out as it breaks Catalyst'; - is( $ENV{PATH_INFO}, '/my path/', 'PATH_INFO' ); -} +is( $ENV{PATH_INFO}, '/my path%2F', 'PATH_INFO' ); is( $ENV{QUERY_STRING}, 'a=1&b=2', 'QUERY_STRING' ); is( $ENV{SCRIPT_NAME}, '/cgi-bin/script.cgi', 'SCRIPT_NAME' ); is( $ENV{REQUEST_METHOD}, 'GET', 'REQUEST_METHOD' );