Date: Wed, 09 Jun 2004 09:56:18 +0300 From: Ville =?ISO-8859-1?Q?Skytt=E4?= <scop@FreeBSD.org> To: freebsd-cvsweb@FreeBSD.org Cc: 250757@bugs.debian.org Subject: Re: cvsweb version 3:3.0.1-1 diff problems (and howto debug this) Message-ID: <1086764177.29458.174.camel@bobcat.mine.nu> In-Reply-To: <1086641586.29458.47.camel@bobcat.mine.nu> References: <20040602171019.GA12732@vgelder.com> <20040604095002.GA28772@vgelder.com> <1086357443.30172.290.camel@bobcat.mine.nu> <1086641586.29458.47.camel@bobcat.mine.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2004-06-07 at 23:53, Ville Skyttä wrote:
> On Fri, 2004-06-04 at 16:57, Ville Skyttä wrote:
> > On Fri, 2004-06-04 at 12:50, Koos Vriezen wrote:
> >
> > > if (defined($ENV{QUERY_STRING})) {
> > > $ENV{QUERY_STRING} = uri_escape($ENV{QUERY_STRING});
> > > for my $p (split(/[;&]+/, $ENV{QUERY_STRING})) {
> > [...]
> > > commenting out the 'uri_escape' line makes cvsweb work again.
> > > Up to you and/or debian maintainer to fix this, or is it my perl?
> >
> > That uri_escape() line does not exist in vanilla FreeBSD-CVSweb, so I
> > guess it's a Debian addition and should be fixed there.
>
> FYI: I stubled across this:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=250757
...but the uri_unescape() is wrong as well; it will break if the keys or
values in the query string contain eg. a ";".
For example, support for requesting a specific charset along with a
Content-Type is planned; in an escaped query string that will look like:
...;content-type=text%2Fhtml%3B%20charset%3DUTF-8;...
Now, if the query string is unescaped before parsing the key=value
pairs, that will become:
...;content-type=text/html; charset=UTF-8;...
Parsing that will obviously break.
Debian maintainers, see
http://lists.freebsd.org/pipermail/freebsd-cvsweb/2004-June/000246.html
and later messages in that thread.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1086764177.29458.174.camel>