develooper Front page | perl.libwww | Postings from October 2001

URI bug

Thread Next
From:
me-01
Date:
October 1, 2001 18:22
Subject:
URI bug
Message ID:
20010930225626.A21086@quasar.home.lunix
Hi,

URI::Escape uses the following code to set a subs function in uri_escape:

    if (defined $patn){
	unless (exists  $subst{$patn}) {
	    # Because we can't compile the regex we fake it with a cached sub
	    (my $tmp = $patn) =~ s,/,\\/,g;
	    $subst{$patn} =
	      eval "sub {\$_[0] =~ s/([$tmp])/\$escapes{\$1}/g; }";
	    Carp::croak("uri_escape: $@") if $@;
	}
	&{$subst{$patn}}($text);
    } else {
	# Default unsafe characters.  RFC 2732 ^(uric - reserved)
	$text =~ s/([^A-Za-z0-9\-_.!~*'()])/$escapes{$1}/g;
    }

The problem with this is that if the eval fails for a bad pattern,
$subst{$patn} does still get set. so if the user has an eval somewhere
around the call to uri_escape and the program continues, on the next
call to uri_escape with that same pattern the "if" test will fail,
and he will get an error. Easily fixed of course by first assigning
to a temp var, and only assigning to $subst{$patn} after the croak test

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About