develooper Front page | perl.libwww | Postings from October 2001

URI bug

Thread Next
October 1, 2001 18:22
URI bug
Message ID:

URI::Escape uses the following code to set a subs function in uri_escape:

    if (defined $patn){
	unless (exists  $subst{$patn}) {
	    # Because we can't compile the regex we fake it with a cached sub
	    (my $tmp = $patn) =~ s,/,\\/,g;
	    $subst{$patn} =
	      eval "sub {\$_[0] =~ s/([$tmp])/\$escapes{\$1}/g; }";
	    Carp::croak("uri_escape: $@") if $@;
    } else {
	# Default unsafe characters.  RFC 2732 ^(uric - reserved)
	$text =~ s/([^A-Za-z0-9\-_.!~*'()])/$escapes{$1}/g;

The problem with this is that if the eval fails for a bad pattern,
$subst{$patn} does still get set. so if the user has an eval somewhere
around the call to uri_escape and the program continues, on the next
call to uri_escape with that same pattern the "if" test will fail,
and he will get an error. Easily fixed of course by first assigning
to a temp var, and only assigning to $subst{$patn} after the croak test

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About