On Thu, Aug 26, 2004 at 08:25:05AM +1000, Carl Brewer wrote:
> sub hash_post {
> # this has to get called instead of read_post, as read_post()
> # gobbles up the POST arguments and they're no longer available...
> # and this calls read_post() :)
>
> # returns a hash of all the POST values
>
> my ($r) = shift;
>
> my $post_string = CB::read_post($r);
> my %rethash = {};
>
> my @bits = split(/&/, $post_string);
> foreach my $bit (@bits) {
> $bit =~ /^(.*)=(.*)$/;
> my $key = CGI::Util::unescape($1);
> my $value = CGI::Util::unescape($2);
> $rethash{$key} = $value;
> }
> return %rethash;
> }
A really quick look and I see that
> $bit =~ /^(.*)=(.*)$/;
should be
$bit =~ /^(.*?)=(.*)$/ || next;
or else the greedy match in the key will grab up to an "=" sign
in the value, if one exists. Also, you do double work on a
sequence without any '=' sign, because $1 and $2 will still be
the same from the previous match if there was one, or else might
be a previous match from elsewhere in the program (!) if there
was not a previous key/value in the $post_string.
The line should really be
$bit =~ /^(.+?)=(.*)$/;
if you want to handle those and additionally wish to disallow
empty keys, either.
If you do want to allow key/value pairs without "=", then a
slight variation in code should be used.
However, these probably have nothing to do with the question you
are asking; I'm just pointing out a bug in the code you posted.
Cheers,
Glenn
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
