sub url from perl cgi library fails on special characters

Bug #785338 reported by Lawren Quigley-Jones
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
perl (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: perl

hardy: ii perl 5.8.8-12ubuntu0.4 Larry Wall's Practical Extraction and Report
lucid: ii perl 5.10.1-8ubuntu2.1 Larry Wall's Practical Extraction and Report

Between Hardy and Lucid, CGI.pm has a change that breaks "sub url" when both the request_uri and the target contains special characters:

root@cricket:/usr/share/perl/5.10.1# diff CGI.pm.orig CGI.pm
2740c2740
< my $request_uri = unescape($self->request_uri) || '';
---
> my $request_uri = $self->request_uri || '';

If you pass in a target with a special character (in my case a +) and your $request_uri includes that character the outputed url includes an http escaped version of the $request_uri followed by the target url:

#run from /home/one+two
$cgi = new CGI;
$cgi->path_info('/home/one+two/link');
print $cgi->url(-relative=>1,
                     -query=>1,
                     -path_info=>1);
#output: /home/one%20two/home/one+two/link

I'm not sure why this change was made, so I don't know what other side effect it will have, but it breaks all URLs that contain special characters, so it should be removed.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: perl 5.10.1-8ubuntu2.1
ProcVersionSignature: Ubuntu 2.6.32-30.59-generic 2.6.32.29+drm33.13
Uname: Linux 2.6.32-30-generic x86_64
NonfreeKernelModules: fglrx
Architecture: amd64
Date: Thu May 19 13:36:25 2011
LiveMediaBuild: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.1)
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: perl

Revision history for this message
Lawren Quigley-Jones (lquigley) wrote :
Revision history for this message
dino99 (9d9) wrote :

Closing that outdated report as EOL has been reached long time ago

Changed in perl (Ubuntu):
status: New → Invalid
Revision history for this message
Lawren Quigley-Jones (lquigley) wrote :

This effects trusty as well.

ii perl-modules 5.18.2-2ubuntu1.1 all Core Perl modules

Changed in perl (Ubuntu):
status: Invalid → New
dino99 (9d9)
tags: added: trusty
tags: removed: lucid
Revision history for this message
Lawren Quigley-Jones (lquigley) wrote :

fyi, the line number is different:

@@ -2816,7 +2816,7 @@

     my $path = $self->path_info;
     my $script_name = $self->script_name;
- my $request_uri = unescape($self->request_uri) || '';
+ my $request_uri = $self->request_uri || '';
     my $query_str = $self->query_string;

     my $rewrite_in_use = $request_uri && $request_uri !~ /^\Q$script_name/;

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.