[Catalyst-commits] r12091 - in Catalyst-Runtime/5.80/trunk: . lib/Catalyst/Engine t/aggregate

t0m at dev.catalyst.perl.org t0m at dev.catalyst.perl.org
Tue Dec 1 00:09:19 GMT 2009


Author: t0m
Date: 2009-12-01 00:09:19 +0000 (Tue, 01 Dec 2009)
New Revision: 12091

Modified:
   Catalyst-Runtime/5.80/trunk/
   Catalyst-Runtime/5.80/trunk/Changes
   Catalyst-Runtime/5.80/trunk/Makefile.PL
   Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/CGI.pm
   Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/FastCGI.pm
   Catalyst-Runtime/5.80/trunk/t/aggregate/live_engine_request_escaped_path.t
Log:
 r12113 at t0mlaptop (orig r12078):  t0m | 2009-11-30 18:25:57 +0000
 Branch for path_info fixes. This may be short lived, but worth doing..
 
 r12114 at t0mlaptop (orig r12079):  t0m | 2009-11-30 18:26:34 +0000
 Commit miyagawa's fix for PATH_INFO decoding. I think that this also implies changes / fixes in the fcgi _fix_env stuff
 r12116 at t0mlaptop (orig r12081):  t0m | 2009-11-30 20:44:16 +0000
 And yea, these test cases now pass
 r12118 at t0mlaptop (orig r12083):  t0m | 2009-11-30 21:02:14 +0000
 I think the nginx hackery can just die with the new code in ::Engine::CGI
 r12119 at t0mlaptop (orig r12084):  t0m | 2009-11-30 22:05:41 +0000
 Back out r12083, also clarify the docs - like this works for me now, and the bottom para seems the wrong way round...?
 r12122 at t0mlaptop (orig r12087):  t0m | 2009-11-30 23:17:33 +0000
 Require new HTTP::Request::AsCGI
 r12124 at t0mlaptop (orig r12089):  t0m | 2009-11-30 23:23:38 +0000
 Rewrite changelog entry to be more complete



Property changes on: Catalyst-Runtime/5.80/trunk
___________________________________________________________________
Name: svk:merge
   - 1c72fc7c-9ce4-42af-bf25-3bfe470ff1e8:/local/Catalyst/trunk/Catalyst-Runtime:9763
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.70/branches/compres:7999
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.70/branches/context_go:8001
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.70/trunk:8533
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/Catalyst-Test-Updates:8363
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/add_captures_to_visit:9546
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/aggregate_more:11803
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/better_scripts:12074
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/disable_regex_fallback:11456
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/index_default_fuckage:10646
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/moose:7911
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/namespace_handling_refactor:10655
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/uri_encode_captures_andor_args_take2:11811
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-ChildOf:4443
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-Runtime-jrockway:5857
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-component-setup:4320
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-docs:4325
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/current/Catalyst-Runtime:5142
4ad37cd2-5fec-0310-835f-b3785c72a374:/trunk/Catalyst:4483
4ad37cd2-5fec-0310-835f-b3785c72a374:/trunk/Catalyst-Runtime:6165
6d45476b-5895-46b8-b13a-8b969fa34c98:/local/Catalyst-Runtime-better_scripts:11331
8a9521aa-ff93-41d6-9f87-b05cafcdab40:/local/cat/Catalyst-Runtime/5.80/trunk:8157
d7608cd0-831c-0410-93c0-e5b306c3c028:/local/Catalyst/Catalyst-Runtime:8339
d7608cd0-831c-0410-93c0-e5b306c3c028:/local/Catalyst/Catalyst-Runtime-jrockway:8342
e56d974f-7718-0410-8b1c-b347a71765b2:/local/Catalyst-Runtime:6511
e56d974f-7718-0410-8b1c-b347a71765b2:/local/Catalyst-Runtime-current:10442
   + 1c72fc7c-9ce4-42af-bf25-3bfe470ff1e8:/local/Catalyst/trunk/Catalyst-Runtime:9763
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.70/branches/compres:7999
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.70/branches/context_go:8001
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.70/trunk:8533
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/Catalyst-Test-Updates:8363
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/add_captures_to_visit:9546
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/aggregate_more:11803
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/better_scripts:12074
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/disable_regex_fallback:11456
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/fix_path_info_decoding:12089
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/index_default_fuckage:10646
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/moose:7911
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/namespace_handling_refactor:10655
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/uri_encode_captures_andor_args_take2:11811
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-ChildOf:4443
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-Runtime-jrockway:5857
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-component-setup:4320
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-docs:4325
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/current/Catalyst-Runtime:5142
4ad37cd2-5fec-0310-835f-b3785c72a374:/trunk/Catalyst:4483
4ad37cd2-5fec-0310-835f-b3785c72a374:/trunk/Catalyst-Runtime:6165
6d45476b-5895-46b8-b13a-8b969fa34c98:/local/Catalyst-Runtime-better_scripts:11331
8a9521aa-ff93-41d6-9f87-b05cafcdab40:/local/cat/Catalyst-Runtime/5.80/trunk:8157
d7608cd0-831c-0410-93c0-e5b306c3c028:/local/Catalyst/Catalyst-Runtime:8339
d7608cd0-831c-0410-93c0-e5b306c3c028:/local/Catalyst/Catalyst-Runtime-jrockway:8342
e56d974f-7718-0410-8b1c-b347a71765b2:/local/Catalyst-Runtime:6511
e56d974f-7718-0410-8b1c-b347a71765b2:/local/Catalyst-Runtime-current:10442

Modified: Catalyst-Runtime/5.80/trunk/Changes
===================================================================
--- Catalyst-Runtime/5.80/trunk/Changes	2009-12-01 00:02:38 UTC (rev 12090)
+++ Catalyst-Runtime/5.80/trunk/Changes	2009-12-01 00:09:19 UTC (rev 12091)
@@ -7,6 +7,15 @@
      produce the same output either way, but bytes::length returns too big
      values for upgraded strings containing characters >127
    - Fix t/live_fork.t with bleadperl (RT#52100)
+   - Set $ENV{PATH_INFO} from $ENV{REQUEST_URI} combined with
+     $ENV{SCRIPT_NAME} if possible. This is many web servers always fully
+     decode PATH_INFO including URI reserved characters. This allows us to
+     tell foo%2cbar from foo%252cbar, and fixes issues with %2F in paths
+     being incorrectly decoded, resulting in too many path parts (rather
+     than 1 path part containing a /, on some web servers (at least nginx).
+     (RT#50082)
+   - Require new HTTP::Request::AsCGI so that it fully decodes $ENV{PATH_INFO}
+     in non CGI contexts. (RT#50082)
 
   Refactoring / cleanups:
    - NoTabs and Pod tests moved to t/author so that they're not run

Modified: Catalyst-Runtime/5.80/trunk/Makefile.PL
===================================================================
--- Catalyst-Runtime/5.80/trunk/Makefile.PL	2009-12-01 00:02:38 UTC (rev 12090)
+++ Catalyst-Runtime/5.80/trunk/Makefile.PL	2009-12-01 00:09:19 UTC (rev 12091)
@@ -34,7 +34,7 @@
 requires 'HTTP::Headers' => '1.64';
 requires 'HTTP::Request' => '5.814';
 requires 'HTTP::Response' => '5.813';
-requires 'HTTP::Request::AsCGI' => '0.8';
+requires 'HTTP::Request::AsCGI' => '1.0';
 requires 'LWP::UserAgent';
 requires 'Module::Pluggable' => '3.9';
 requires 'Path::Class' => '0.09';

Modified: Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/CGI.pm
===================================================================
--- Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/CGI.pm	2009-12-01 00:02:38 UTC (rev 12090)
+++ Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/CGI.pm	2009-12-01 00:09:19 UTC (rev 12091)
@@ -115,13 +115,16 @@
     my $scheme = $c->request->secure ? 'https' : 'http';
     my $host      = $ENV{HTTP_HOST}   || $ENV{SERVER_NAME};
     my $port      = $ENV{SERVER_PORT} || 80;
+    my $script_name = $ENV{SCRIPT_NAME};
+    $script_name =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go if $script_name;
+
     my $base_path;
     if ( exists $ENV{REDIRECT_URL} ) {
         $base_path = $ENV{REDIRECT_URL};
         $base_path =~ s/$ENV{PATH_INFO}$//;
     }
     else {
-        $base_path = $ENV{SCRIPT_NAME} || '/';
+        $base_path = $script_name || '/';
     }
 
     # If we are running as a backend proxy, get the true hostname
@@ -143,8 +146,22 @@
         }
     }
 
+    # RFC 3875: "Unlike a URI path, the PATH_INFO is not URL-encoded,
+    # and cannot contain path-segment parameters." This means PATH_INFO
+    # is always decoded, and the script can't distinguish / vs %2F.
+    # See https://issues.apache.org/bugzilla/show_bug.cgi?id=35256
+    # Here we try to resurrect the original encoded URI from REQUEST_URI.
+    my $path_info   = $ENV{PATH_INFO};
+    if (my $req_uri = $ENV{REQUEST_URI}) {
+        if (defined $script_name) {
+            $req_uri =~ s/^\Q$script_name\E//;
+        }
+        $req_uri =~ s/\?.*$//;
+        $path_info = $req_uri if $req_uri;
+    }
+
     # set the request URI
-    my $path = $base_path . ( $ENV{PATH_INFO} || '' );
+    my $path = $base_path . ( $path_info || '' );
     $path =~ s{^/+}{};
 
     # Using URI directly is way too slow, so we construct the URLs manually

Modified: Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/FastCGI.pm
===================================================================
--- Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/FastCGI.pm	2009-12-01 00:02:38 UTC (rev 12090)
+++ Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/FastCGI.pm	2009-12-01 00:09:19 UTC (rev 12091)
@@ -463,7 +463,7 @@
             fastcgi_param  CONTENT_TYPE       $content_type;
             fastcgi_param  CONTENT_LENGTH     $content_length;
 
-            fastcgi_param  PATH_INFO          $fastcgi_script_name;
+            fastcgi_param  PATH_INFO          /;
             fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
             fastcgi_param  REQUEST_URI        $request_uri;
             fastcgi_param  DOCUMENT_URI       $document_uri;
@@ -490,9 +490,9 @@
 
 =head3  Non-root configuration
 
-If you properly specify the PATH_INFO and SCRIPT_NAME parameters your 
-application will be accessible at any path.  The SCRIPT_NAME variable is the
-prefix of your application, and PATH_INFO would be everything in addition.
+If you properly specify the PATH_INFO and SCRIPT_NAME parameters your
+application will be accessible at any path.  The PATH_INFO variable is the
+prefix of your application, and SCRIPT_NAME would be everything in addition.
 
 As an example, if your application is rooted at /myapp, you would configure:
 

Modified: Catalyst-Runtime/5.80/trunk/t/aggregate/live_engine_request_escaped_path.t
===================================================================
--- Catalyst-Runtime/5.80/trunk/t/aggregate/live_engine_request_escaped_path.t	2009-12-01 00:02:38 UTC (rev 12090)
+++ Catalyst-Runtime/5.80/trunk/t/aggregate/live_engine_request_escaped_path.t	2009-12-01 00:09:19 UTC (rev 12091)
@@ -13,7 +13,7 @@
 
 This test exposes a problem in the handling of PATH_INFO in C::Engine::CGI (and
 other engines) where Catalyst does not un-escape the request correctly.
-If a request is URL-encoded then Catalyst fails to decode the request 
+If a request is URL-encoded then Catalyst fails to decode the request
 and thus will try and match actions using the URL-encoded value.
 
 Can NOT use Catalyst::Test as it uses HTTP::Request::AsCGI which does
@@ -31,11 +31,11 @@
 @@ -157,6 +157,8 @@
      my $query = $ENV{QUERY_STRING} ? '?' . $ENV{QUERY_STRING} : '';
      my $uri   = $scheme . '://' . $host . '/' . $path . $query;
- 
+
 +    $uri = URI->new( $uri )->canonical;
 +
      $c->request->uri( bless \$uri, $uri_class );
- 
+
      # set the base URI
 
 =cut
@@ -54,6 +54,7 @@
 }
 
 # test that request with URL-escaped code works.
+{
     my $request = Catalyst::Utils::request( 'http://localhost/args/param%73/one/two' );
     my $cgi     = HTTP::Request::AsCGI->new( $request, %ENV )->setup;
 
@@ -65,8 +66,6 @@
     TestApp->handle_request( env => \%ENV );
 
     ok( my $response = $cgi->restore->response );
-TODO: {
-    local $TODO = 'Actions should match when path parts are url encoded';
     ok( $response->is_success, 'Response Successful 2xx' );
     is( $response->content, 'onetwo' );
 }




More information about the Catalyst-commits mailing list