Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Catalyst>
  3. Dev
Proposed patch - Re: May (can) I fix Catalyst/Engine/CGI.pm REDIRECT_URL + PATH_INFO bug?
apv at sedition
Oct 22, 2008, 3:27 PM
Post #1 of 3 (3655 views)
Permalink
On Oct 21, 2008, at 8:38 PM, Ashley wrote:
> This is an old bug I reported the first time about two years ago,
> IIRC. Short version REDIRECT_URL + PATH_INFO can cause paths to get
> squirrelly if there are regex chars, which URIs can legally have.
>
>> - $base_path =~ s/$ENV{PATH_INFO}$//;
>> + $base_path =~ s/\Q$ENV{PATH_INFO}\E$//;

Attached is an svn diff -- redirect_url_substitution.patch -- against
Catalyst-Runtime/5.70/trunk, r8571. It updates t/
live_engine_request_uri.t, lib/Catalyst/Engine/CGI.pm, and Changes.

I didn't try to apply it but I'd be glad to (try at least) if a core
dev reviews it, or modify it if anyone directs it. If someone would
rather 'patch -p0', tweak, and commit yourself (as it were), that's
fine too. :)

There is a related bug report from Chris Dolan outstanding -- http://
rt.cpan.org/Ticket/Display.html?id=24951 -- which can be closed if
the patch is applied.

-Ashley
--
By the way, if you are going to work with this, please run the full
tests first. Some are failing (for me) in r8571 so you should see
that before trying my patch and then seeing it and thinking the patch
is to blame.

Attached Files:

Re: Proposed patch - Re: May (can) I fix Catalyst/Engine/CGI.pm REDIRECT_URL + PATH_INFO bug? [ In reply to ]
marcus at nordaaker
Oct 23, 2008, 12:50 AM
Post #2 of 3 (3507 views)
Permalink
I don't think this merits a minor release on it's own. Can you
recreate it as a patch to the 5.8 branch?

Marcus

On 23. okt.. 2008, at 00.27, Ashley wrote:

> On Oct 21, 2008, at 8:38 PM, Ashley wrote:
>> This is an old bug I reported the first time about two years ago,
>> IIRC. Short version REDIRECT_URL + PATH_INFO can cause paths to get
>> squirrelly if there are regex chars, which URIs can legally have.
>>
>>> - $base_path =~ s/$ENV{PATH_INFO}$//;
>>> + $base_path =~ s/\Q$ENV{PATH_INFO}\E$//;
>
> Attached is an svn diff -- redirect_url_substitution.patch --
> against Catalyst-Runtime/5.70/trunk, r8571. It updates t/
> live_engine_request_uri.t, lib/Catalyst/Engine/CGI.pm, and Changes.
>
> I didn't try to apply it but I'd be glad to (try at least) if a core
> dev reviews it, or modify it if anyone directs it. If someone would
> rather 'patch -p0', tweak, and commit yourself (as it were), that's
> fine too. :)
>
> There is a related bug report from Chris Dolan outstanding -- http://rt.cpan.org/Ticket/Display.html?id=24951
> -- which can be closed if the patch is applied.
>
> -Ashley
> --
> By the way, if you are going to work with this, please run the full
> tests first. Some are failing (for me) in r8571 so you should see
> that before trying my patch and then seeing it and thinking the
> patch is to blame.
>
> <
> redirect_url_substitution
> .patch>_______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev@lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev


_______________________________________________
Catalyst-dev mailing list
Catalyst-dev@lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev
Re: Proposed patch - Re: May (can) I fix Catalyst/Engine/CGI.pm REDIRECT_URL + PATH_INFO bug? [ In reply to ]
apv at sedition
Oct 23, 2008, 8:02 AM
Post #3 of 3 (3495 views)
Permalink
On Oct 23, 2008, at 12:50 AM, Marcus Ramberg wrote:
> I don't think this merits a minor release on it's own. Can you
> recreate it as a patch to the 5.8 branch?

Of course. Thanks!

-Ashley

>
>
> Marcus
>
> On 23. okt.. 2008, at 00.27, Ashley wrote:
>
>> On Oct 21, 2008, at 8:38 PM, Ashley wrote:
>>> This is an old bug I reported the first time about two years ago,
>>> IIRC. Short version REDIRECT_URL + PATH_INFO can cause paths to
>>> get squirrelly if there are regex chars, which URIs can legally
>>> have.
>>>
>>>> - $base_path =~ s/$ENV{PATH_INFO}$//;
>>>> + $base_path =~ s/\Q$ENV{PATH_INFO}\E$//;
>>
>> Attached is an svn diff -- redirect_url_substitution.patch --
>> against Catalyst-Runtime/5.70/trunk, r8571. It updates t/
>> live_engine_request_uri.t, lib/Catalyst/Engine/CGI.pm, and Changes.
>>
>> I didn't try to apply it but I'd be glad to (try at least) if a
>> core dev reviews it, or modify it if anyone directs it. If someone
>> would rather 'patch -p0', tweak, and commit yourself (as it were),
>> that's fine too. :)
>>
>> There is a related bug report from Chris Dolan outstanding -- http://rt.cpan.org/Ticket/Display.html?id=24951
>> -- which can be closed if the patch is applied.
>>
>> -Ashley
>> --
>> By the way, if you are going to work with this, please run the full
>> tests first. Some are failing (for me) in r8571 so you should see
>> that before trying my patch and then seeing it and thinking the
>> patch is to blame.
>>
>> <
>> redirect_url_substitution
>> .patch>_______________________________________________
>> Catalyst-dev mailing list
>> Catalyst-dev@lists.scsys.co.uk
>> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev
>
>
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev@lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev


_______________________________________________
Catalyst-dev mailing list
Catalyst-dev@lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal