Re: bug in mod_perl-1.24 & request->args & request->content

Thu, 25 Jan 2001 21:56:10 -0800 

On Mon, 22 Jan 2001, Marc Lehmann wrote:

> Apache.pm documents two methods "args" and "content" that should return
> argument => value pairs (when called appropriately). In fact, args is
> implemented as:
> 
>         return map { Apache::unescape_url_info($_) } split /[=&;]/, $string, -1;
> 
> However, this might return an odd number of values, for example for this url:
> 
>         httpurl?arg1&arg2=val2
> 
> I get (arg1 => "arg2", val2), which is not as documented.
> 
> This url format is often used for boolean arguments (CGI.pm creates an
> arg1 => "", while I would prefer arg1 => undef in this case).
> 
> So either the documentation or the implementation is in error. I would
> prefer if the implementation were in error ;)

the real error was putting args in-a-scalar-context and the content method
in Apache.pm to begin with.  i pointed that out last time this came up and
just punted.  the patch below should fix, but the taint test fails with
5.6.0, not sure if its something that 5.6.1-trial1 will fix or not.
probably will wait until after 1.25 to revisit this.

Index: Apache/Apache.pm
===================================================================
RCS file: /home/cvs/modperl/Apache/Apache.pm,v
retrieving revision 1.61
diff -u -r1.61 Apache.pm
--- Apache/Apache.pm    2001/01/25 08:10:16     1.61
+++ Apache/Apache.pm    2001/01/26 06:05:52
@@ -38,7 +38,15 @@
     my($wantarray,$string) = @_;
     return unless defined $string and $string;
     if(defined $wantarray and $wantarray) {
-       return map { Apache::unescape_url_info($_) } split /[=&;]/, $string, -1;
+        my @args;
+        local $_;
+        for my $pair (split /[&;]/, $string) {
+            my($key,$val) = split '=', $pair, 2;
+            for ($key, $val) {
+                push @args, defined $_ ? Apache::unescape_url_info($_) : undef;
+            }
+        }
+        return @args;
     }
     $string;
 }
Index: t/net/perl/taint.pl
===================================================================
RCS file: /home/cvs/modperl/t/net/perl/taint.pl,v
retrieving revision 1.3
diff -u -r1.3 taint.pl
--- t/net/perl/taint.pl 1999/08/04 03:43:00     1.3
+++ t/net/perl/taint.pl 2001/01/26 06:05:53
@@ -18,7 +18,7 @@
 
 my $tests = {
     args => sub {
-       eval { system $r->args };
+       eval { system scalar $r->args };
        die "TaintCheck failed, I can `system \$r->args'" unless $@;
        #warn "TRAPPED: `system \$r->args' '$@'\n";
     },

Reply via email to