Gisle,
query_form() is non-compliant with RFC 1866 section. 8.2.1.
This bug relates to the URL escaping of a space in key,value pairs for a
"application/x-www-form-urlencoded" type POST form.
section 8.2.1 [RFC 1866] states:
[------------------------------------------------------------------]
1.The form field names and values are escaped: space characters are
replaced by `+', and then reserved characters are escaped as per [URL];
that is, non-alphanumeric characters are replaced by `%HH', a
percent sign and two hexadecimal digits representing the ASCII code of the
character. Line breaks, as in multi-line text field values, are
represented as CR LF pairs, i.e. `%0D%0A'.
[------------------------------------------------------------------]
However, in URI::_query, the default policy is to escape the '+' character
into '%HH' format which produces a '%2B' as a result. The offending lines
of code in _query.pm are:
33 $key =~ s/([;\/?:@&=+,\$%])/$URI::Escape::escapes{$1}/g;
37 $val =~ s/([;\/?:@&=+,\$%])/$URI::Escape::escapes{$1}/g;
removing the '+' from the regex does the trick for me.
regards,
Frey Kuo
