Mail Index


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: [ApacheGallery] Problem with a freshly installed apache::gallery



Hey all interested parties,

My friend George (muntoh below) suggests that replacing / with \057 in our
escape string will take care of everything, if we're sure we need that
customer escape string. It should work with 5.6.0 and 5.6.1. However, both
versions' uri_escapes are broken... as George describes below.

He also comes up the the lines in uri_escape that cause the failure, and
why.

Setting the software with no custom escape string (uri_escape's default)
also is working fine.

I'll be looking for an executive decision on this... :-)

Paul

[16:19] pythianpv: '^a-zA-Z0-9/_\\.' fails with perl 5.6.0 but
'^a-zA-Z0-9\/_\\.'
 failes with 5.6.1!
[16:20] pythianpv: sounds like thomas also thinks the defaults should be
left alone
[16:21] muntoh: do you have both 5.6.0 and 5.6.1 somewhere?
[16:21] pythianpv: no, unfortunately
[16:21] pythianpv: trying it out with escape rule unset now though
[16:22] muntoh: do you have access to a box where my stuff breaks?
[16:22] pythianpv: no, unfortunately. sorry
[16:22] pythianpv: seems to work fine with no custom escape rule so far.
[16:22] muntoh: I'm guessing stronglythe problem is in this line of
URI::Escape
[16:23] muntoh:            $subst{$patn} =
              eval "sub {\$_[0] =~ s/([$patn])/\$escapes{\$1}/g; }";
[16:23] pythianpv: but your instinct of using the default rule seems
sound... software works fine.
[16:23] pythianpv: i wonder why they did that, maybe just following a coding
example or something
[16:24] muntoh: so, he creates ana nonymous function block which does the
substitution by eval'ing a sub routine defintiion.
[16:25] muntoh: if you have a bare '/' in $patn, that will likely break the
regex.  I think
[16:26] muntoh: yep
[16:28] muntoh: one solution to this whole mess is to use \057 instead
[16:28] muntoh: instead of /
[16:28] muntoh: that should work anywhere
[16:33] muntoh: URI::Escape changed in perl;-5.6.1 to allow for that.  But
it's still stupid.  It re-breaks it.
[16:33] muntoh:        unless (exists  $subst{$patn}) {
            # Because we can't compile the regex we fake it with a cached
sub
            (my $tmp = $patn) =~ s,/,\\/,g;
            $subst{$patn} =
              eval "sub {\$_[0] =~ s/([$tmp])/\$escapes{\$1}/g; }";
[16:33] pythianpv: gibberish to me, you must understand. :-(
[16:34] muntoh: so here the try to escape your /'s for you.
[16:34] muntoh:  (my $tmp = $patn) =~ s,/,\\/,g;
[16:34] pythianpv: ah, ok.
[16:34] muntoh: but if you already escaped your /, you're re-fucked.
[16:34] pythianpv: :-)
[16:34] pythianpv: \057 looking good.

----- Original Message -----
From: "Paul Vallee" <[email protected]>
To: "Thomas Eibner" <[email protected]>; <[email protected]>
Sent: Friday, March 08, 2002 4:25 PM
Subject: Re: Fw: [ApacheGallery] Problem with a freshly installed
apache::gallery


I've tried the software with no escape rule defined to test your theory,
Thomas, and it works fine.
Here's the diff against my most recent submission...

193,194c193
< #                                     $tpl->assign(FILEURL =>
uri_escape($fileurl, $escape_rule), FILE => $file);
<                                       $tpl->assign(FILEURL =>
uri_escape($fileurl), FILE => $file);
---
>                                       $tpl->assign(FILEURL =>
uri_escape($fileurl, $escape_rule), FILE => $file);
214,215c213
< #                                     $tpl->assign(SRC     =>
uri_escape($uri."/.cache/$cached", $escape_rule));
<                                       $tpl->assign(SRC     =>
uri_escape($uri."/.cache/$cached"));
---
>                                       $tpl->assign(SRC     =>
uri_escape($uri."/.cache/$cached", $escape_rule));
432,433c430
< #                                     $tpl->assign(URL       =>
uri_escape($prevpicture, $escape_rule));
<                                       $tpl->assign(URL       =>
uri_escape($prevpicture));
---
>                                       $tpl->assign(URL       =>
uri_escape($prevpicture, $escape_rule));
436,437c433
< #                                     $tpl->assign(PICTURE   =>
uri_escape(".cache/$cached", $escape_rule));
<                                       $tpl->assign(PICTURE   =>
uri_escape(".cache/$cached"));
---
>                                       $tpl->assign(PICTURE   =>
uri_escape(".cache/$cached", $escape_rule));
454,455c450
< #                                     $tpl->assign(URL       =>
uri_escape($nextpicture, $escape_rule));
<                                       $tpl->assign(URL       =>
uri_escape($nextpicture));
---
>                                       $tpl->assign(URL       =>
uri_escape($nextpicture, $escape_rule));
458,459c453
< #                                     $tpl->assign(PICTURE   =>
uri_escape(".cache/$cached", $escape_rule));
<                                       $tpl->assign(PICTURE   =>
uri_escape(".cache/$cached"));
---
>                                       $tpl->assign(PICTURE   =>
uri_escape(".cache/$cached", $escape_rule));
768,769c762
< #             $menu .= "<a href=\"".uri_escape($menuurl,
$escape_rule)."\">$linktext</a> / ";
<               $menu .= "<a href=\"".uri_escape($menuurl)."\">$linktext</a>
/ ";
---
>               $menu .= "<a href=\"".uri_escape($menuurl,
$escape_rule)."\">$linktext</a> / ";

(Just commented the lines out for now until someone else has had a chance to
try this.)

Paul
----- Original Message -----
From: "Thomas Eibner" <[email protected]>
To: <[email protected]>
Sent: Friday, March 08, 2002 4:18 PM
Subject: Re: Fw: [ApacheGallery] Problem with a freshly installed
apache::gallery


On Fri, Mar 08, 2002 at 04:10:08PM -0500, Paul Vallee wrote:
> Nope, it doesn't work. Sorry, we'll have to think of something else...

perldoc URI::Escape, it has the reason why it doesn't work ;-)

       uri_escape($string, [$unsafe])

             "\x00-\x1f\x7f-\xff"          # all control and hi-bit
characters
             "a-z"                         # all lower case characters
             "^A-Za-z"                     # everything not a letter

Those are the escape rules, so I'm wondering why we actually aren't using
the default set of:
"^A-Za-z0-9\-_.!~*'()"

> Hi Michael,
>
> Could you try George's suggestion? Is it equivalent?
>
> I tried it on my install, and all is well. I can't find any difference in
> the app's behaviour, and I use single quotes, colons and spaces all over
the
> place in my files and paths.
> Does it work on all the platforms you can test on?
>
> Sorry, but regular expressions are far from a strong suit of mine.
>
> Best regards,
>
> Paul
> ----- Original Message -----
> From: "George Schlossnagle" <[email protected]>
> To: "Paul Vallee" <[email protected]>
> Sent: Friday, March 08, 2002 3:40 PM
> Subject: Re: Fw: [ApacheGallery] Problem with a freshly installed
> apache::gallery
>
>
> taking the lazy approach....
>
>
> what's wrong with $escape_rule = '\w\.';
>
> what's the exact way you're using it later?
>
>
> On Friday, March 8, 2002, at 03:29 PM, Paul Vallee wrote:
>
> > Any ideas?
> > TIA
> > Paul
> > ----- Original Message -----
> > From: "Michael Legart" <[email protected]>
> > To: <[email protected]>
> > Sent: Friday, March 08, 2002 3:35 AM
> > Subject: Re: [ApacheGallery] Problem with a freshly installed
> > apache::gallery
> >
> >
> > On Thu, Feb 28, 2002 at 10:52:39AM -0500, Paul Vallee wrote:
> >>
> >> my $escape_rule = '^a-zA-Z0-9\/_\\.';
> >> /usr/lib/perl5/site_perl/5.6.0/Apache/Gallery.pm line 136
> >
> > This is weird!
> >
> > '^a-zA-Z0-9/_\\.' fails with perl 5.6.0 but '^a-zA-Z0-9\/_\\.'
> > failes with 5.6.1!
> >
> > So what to do? I think we should use '^a-zA-Z0-9\/_\\.' because
> > it works with the latest stable perl, but I'm not sure?
> >
> > michael
> >
> > ---------------------------------------------------------------------
> > Apache::Gallery users mailinglist. http://apachegallery.dk/
> > To unsubscribe, e-mail: [email protected]
> >
> >
> >
> >
> >
> >
> // George Schlossnagle
> // Principal Consultant
> // OmniTI, Inc http://www.omniti.com
> // (c) 301.343.6422   (e) [email protected]
> // 1024D/1100A5A0 1370 F70A 9365 96C9 2F5E 56C2 B2B9 262F 1100 A5A0
>
>
>
>
>
> ---------------------------------------------------------------------
> Apache::Gallery users mailinglist. http://apachegallery.dk/
> To unsubscribe, e-mail: [email protected]
>
>
>
>
>
> ---------------------------------------------------------------------
> Apache::Gallery users mailinglist. http://apachegallery.dk/
> To unsubscribe, e-mail: [email protected]

--
  Thomas Eibner <http://thomas.eibner.dk/> DnsZone <http://dnszone.org/>
  mod_pointer <http://stderr.net/mod_pointer> <http://photos.eibner.dk/>
  !(C)<http://copywrong.dk/>                  <http://apachegallery.dk/>
          Putting the HEST in .COM <http://www.hestdesign.com/>

---------------------------------------------------------------------
Apache::Gallery users mailinglist. http://apachegallery.dk/
To unsubscribe, e-mail: [email protected]





---------------------------------------------------------------------
Apache::Gallery users mailinglist. http://apachegallery.dk/
To unsubscribe, e-mail: [email protected]





---------------------------------------------------------------------
Apache::Gallery users mailinglist. http://apachegallery.dk/
To unsubscribe, e-mail: [email protected]