Mail Index

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ApacheGallery] Fw: uri_escape suggestion

----- Original Message -----
Sent: Friday, March 08, 2002 4:58 PM
Subject: uri_escape suggestion

Hello everyone,
Working through a problem with my friend George Schlossnagle, we uncovered a problem in uri_escape, both the version that comes with 5.6.0 and 5.6.1. It makes the following escape rule problematic:
my $escape_rule = '^a-zA-Z0-9\/_\\.';
It fails in 5.6.1 but works in 5.6.0.
However, if you change it to
my $escape_rule = '^a-zA-Z0-9/_\\.';
Then it works in 5.6.0 but fails in 5.6.1.
George uncovered the following lines. Forgive me as I paste from our im conversation to save time.
 [16:22] muntoh: I'm guessing stronglythe problem is in this line of URI::Escape
[16:23] muntoh:            $subst{$patn} =
              eval "sub {\$_[0] =~ s/([$patn])/\$escapes{\$1}/g; }";
[16:24] muntoh: so, he creates ana nonymous function block which does the substitution by eval'ing a sub routine defintiion.
[16:25] muntoh: if you have a bare '/' in $patn, that will likely break the regex.  I think
[16:26] muntoh: yep
[16:33] muntoh: URI::Escape changed in perl;-5.6.1 to allow for that.  But it re-breaks it.
[16:33] muntoh:        unless (exists  $subst{$patn}) {
            # Because we can't compile the regex we fake it with a cached sub
            (my $tmp = $patn) =~ s,/,\\/,g;
            $subst{$patn} =
              eval "sub {\$_[0] =~ s/([$tmp])/\$escapes{\$1}/g; }";
[16:46] muntoh: we talked it over here and think it may be safe.  someone should just fix URI::Escape
[16:47] muntoh: if you want to submit a patch, I think what he wants is (my $tmp = $patn) =~ s,/,[^\]\\/,g;
Hope this helps,