sub url from perl cgi library fails on special characters

Bug #785338 reported by Lawren Quigley-Jones on 2011-05-19
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
perl (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: perl

hardy: ii perl 5.8.8-12ubuntu0.4 Larry Wall's Practical Extraction and Report
lucid: ii perl 5.10.1-8ubuntu2.1 Larry Wall's Practical Extraction and Report

Between Hardy and Lucid, CGI.pm has a change that breaks "sub url" when both the request_uri and the target contains special characters:

root@cricket:/usr/share/perl/5.10.1# diff CGI.pm.orig CGI.pm
2740c2740
< my $request_uri = unescape($self->request_uri) || '';
---
> my $request_uri = $self->request_uri || '';

If you pass in a target with a special character (in my case a +) and your $request_uri includes that character the outputed url includes an http escaped version of the $request_uri followed by the target url:

#run from /home/one+two
$cgi = new CGI;
$cgi->path_info('/home/one+two/link');
print $cgi->url(-relative=>1,
                     -query=>1,
                     -path_info=>1);
#output: /home/one%20two/home/one+two/link

I'm not sure why this change was made, so I don't know what other side effect it will have, but it breaks all URLs that contain special characters, so it should be removed.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: perl 5.10.1-8ubuntu2.1
ProcVersionSignature: Ubuntu 2.6.32-30.59-generic 2.6.32.29+drm33.13
Uname: Linux 2.6.32-30-generic x86_64
NonfreeKernelModules: fglrx
Architecture: amd64
Date: Thu May 19 13:36:25 2011
LiveMediaBuild: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.1)
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: perl

Lawren Quigley-Jones (lquigley) wrote :
dino99 (9d9) wrote :

Closing that outdated report as EOL has been reached long time ago

Changed in perl (Ubuntu):
status: New → Invalid
Lawren Quigley-Jones (lquigley) wrote :

This effects trusty as well.

ii perl-modules 5.18.2-2ubuntu1.1 all Core Perl modules

Changed in perl (Ubuntu):
status: Invalid → New
dino99 (9d9) on 2016-04-15
tags: added: trusty
tags: removed: lucid
Lawren Quigley-Jones (lquigley) wrote :

fyi, the line number is different:

@@ -2816,7 +2816,7 @@

     my $path = $self->path_info;
     my $script_name = $self->script_name;
- my $request_uri = unescape($self->request_uri) || '';
+ my $request_uri = $self->request_uri || '';
     my $query_str = $self->query_string;

     my $rewrite_in_use = $request_uri && $request_uri !~ /^\Q$script_name/;

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers