Hi! > I believe there is a serious regression in this patch. The URL is > being canonicalized in its entirety at the beginning of > http:decode-url, before it is taken apart.
I was not sure the patch was entirely correct, because it is based on memories several years old. That is why I posted the reasoning behind it, so others might point out potential faults. > This is not correct, > because escaped characters should only be unescaped -after- breaking > the URL down into pathname and key/value pairs. In other words, only > unescaped ?, = and & serve as delimiters. Otherwise, how would you > pass ? = or & as part of a value? I've just briefly looked at RFC 1738 about URLs and RFC 1630 about URLs in WWW, and it looks like so called ``safe characters'' should not be escaped. ?, =, + and & are among the safe characters. And an escaped / is not the same as an original (i.e. non-escaped) /, as far as the RFC is concerned. So it looks like you are right about this. > So the unpatched version was correct, except that it was converting + > into spaces in the URL path itself. BTW, note that the original version also used the same function for decoding POST-data. > Attached is a patch against current SVN. Peter, can you test this on > your setup? Sure. I think I have time to test it tomorrow. Groetjes, Peter. _______________________________________________ Chicken-users mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/chicken-users
