[Catalyst-commits] r12091 - in Catalyst-Runtime/5.80/trunk: .
lib/Catalyst/Engine t/aggregate
t0m at dev.catalyst.perl.org
t0m at dev.catalyst.perl.org
Tue Dec 1 00:09:19 GMT 2009
Author: t0m
Date: 2009-12-01 00:09:19 +0000 (Tue, 01 Dec 2009)
New Revision: 12091
Modified:
Catalyst-Runtime/5.80/trunk/
Catalyst-Runtime/5.80/trunk/Changes
Catalyst-Runtime/5.80/trunk/Makefile.PL
Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/CGI.pm
Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/FastCGI.pm
Catalyst-Runtime/5.80/trunk/t/aggregate/live_engine_request_escaped_path.t
Log:
r12113 at t0mlaptop (orig r12078): t0m | 2009-11-30 18:25:57 +0000
Branch for path_info fixes. This may be short lived, but worth doing..
r12114 at t0mlaptop (orig r12079): t0m | 2009-11-30 18:26:34 +0000
Commit miyagawa's fix for PATH_INFO decoding. I think that this also implies changes / fixes in the fcgi _fix_env stuff
r12116 at t0mlaptop (orig r12081): t0m | 2009-11-30 20:44:16 +0000
And yea, these test cases now pass
r12118 at t0mlaptop (orig r12083): t0m | 2009-11-30 21:02:14 +0000
I think the nginx hackery can just die with the new code in ::Engine::CGI
r12119 at t0mlaptop (orig r12084): t0m | 2009-11-30 22:05:41 +0000
Back out r12083, also clarify the docs - like this works for me now, and the bottom para seems the wrong way round...?
r12122 at t0mlaptop (orig r12087): t0m | 2009-11-30 23:17:33 +0000
Require new HTTP::Request::AsCGI
r12124 at t0mlaptop (orig r12089): t0m | 2009-11-30 23:23:38 +0000
Rewrite changelog entry to be more complete
Property changes on: Catalyst-Runtime/5.80/trunk
___________________________________________________________________
Name: svk:merge
- 1c72fc7c-9ce4-42af-bf25-3bfe470ff1e8:/local/Catalyst/trunk/Catalyst-Runtime:9763
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.70/branches/compres:7999
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.70/branches/context_go:8001
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.70/trunk:8533
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/Catalyst-Test-Updates:8363
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/add_captures_to_visit:9546
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/aggregate_more:11803
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/better_scripts:12074
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/disable_regex_fallback:11456
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/index_default_fuckage:10646
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/moose:7911
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/namespace_handling_refactor:10655
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/uri_encode_captures_andor_args_take2:11811
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-ChildOf:4443
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-Runtime-jrockway:5857
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-component-setup:4320
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-docs:4325
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/current/Catalyst-Runtime:5142
4ad37cd2-5fec-0310-835f-b3785c72a374:/trunk/Catalyst:4483
4ad37cd2-5fec-0310-835f-b3785c72a374:/trunk/Catalyst-Runtime:6165
6d45476b-5895-46b8-b13a-8b969fa34c98:/local/Catalyst-Runtime-better_scripts:11331
8a9521aa-ff93-41d6-9f87-b05cafcdab40:/local/cat/Catalyst-Runtime/5.80/trunk:8157
d7608cd0-831c-0410-93c0-e5b306c3c028:/local/Catalyst/Catalyst-Runtime:8339
d7608cd0-831c-0410-93c0-e5b306c3c028:/local/Catalyst/Catalyst-Runtime-jrockway:8342
e56d974f-7718-0410-8b1c-b347a71765b2:/local/Catalyst-Runtime:6511
e56d974f-7718-0410-8b1c-b347a71765b2:/local/Catalyst-Runtime-current:10442
+ 1c72fc7c-9ce4-42af-bf25-3bfe470ff1e8:/local/Catalyst/trunk/Catalyst-Runtime:9763
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.70/branches/compres:7999
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.70/branches/context_go:8001
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.70/trunk:8533
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/Catalyst-Test-Updates:8363
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/add_captures_to_visit:9546
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/aggregate_more:11803
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/better_scripts:12074
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/disable_regex_fallback:11456
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/fix_path_info_decoding:12089
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/index_default_fuckage:10646
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/moose:7911
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/namespace_handling_refactor:10655
4ad37cd2-5fec-0310-835f-b3785c72a374:/Catalyst-Runtime/5.80/branches/uri_encode_captures_andor_args_take2:11811
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-ChildOf:4443
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-Runtime-jrockway:5857
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-component-setup:4320
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/Catalyst-docs:4325
4ad37cd2-5fec-0310-835f-b3785c72a374:/branches/current/Catalyst-Runtime:5142
4ad37cd2-5fec-0310-835f-b3785c72a374:/trunk/Catalyst:4483
4ad37cd2-5fec-0310-835f-b3785c72a374:/trunk/Catalyst-Runtime:6165
6d45476b-5895-46b8-b13a-8b969fa34c98:/local/Catalyst-Runtime-better_scripts:11331
8a9521aa-ff93-41d6-9f87-b05cafcdab40:/local/cat/Catalyst-Runtime/5.80/trunk:8157
d7608cd0-831c-0410-93c0-e5b306c3c028:/local/Catalyst/Catalyst-Runtime:8339
d7608cd0-831c-0410-93c0-e5b306c3c028:/local/Catalyst/Catalyst-Runtime-jrockway:8342
e56d974f-7718-0410-8b1c-b347a71765b2:/local/Catalyst-Runtime:6511
e56d974f-7718-0410-8b1c-b347a71765b2:/local/Catalyst-Runtime-current:10442
Modified: Catalyst-Runtime/5.80/trunk/Changes
===================================================================
--- Catalyst-Runtime/5.80/trunk/Changes 2009-12-01 00:02:38 UTC (rev 12090)
+++ Catalyst-Runtime/5.80/trunk/Changes 2009-12-01 00:09:19 UTC (rev 12091)
@@ -7,6 +7,15 @@
produce the same output either way, but bytes::length returns too big
values for upgraded strings containing characters >127
- Fix t/live_fork.t with bleadperl (RT#52100)
+ - Set $ENV{PATH_INFO} from $ENV{REQUEST_URI} combined with
+ $ENV{SCRIPT_NAME} if possible. This is many web servers always fully
+ decode PATH_INFO including URI reserved characters. This allows us to
+ tell foo%2cbar from foo%252cbar, and fixes issues with %2F in paths
+ being incorrectly decoded, resulting in too many path parts (rather
+ than 1 path part containing a /, on some web servers (at least nginx).
+ (RT#50082)
+ - Require new HTTP::Request::AsCGI so that it fully decodes $ENV{PATH_INFO}
+ in non CGI contexts. (RT#50082)
Refactoring / cleanups:
- NoTabs and Pod tests moved to t/author so that they're not run
Modified: Catalyst-Runtime/5.80/trunk/Makefile.PL
===================================================================
--- Catalyst-Runtime/5.80/trunk/Makefile.PL 2009-12-01 00:02:38 UTC (rev 12090)
+++ Catalyst-Runtime/5.80/trunk/Makefile.PL 2009-12-01 00:09:19 UTC (rev 12091)
@@ -34,7 +34,7 @@
requires 'HTTP::Headers' => '1.64';
requires 'HTTP::Request' => '5.814';
requires 'HTTP::Response' => '5.813';
-requires 'HTTP::Request::AsCGI' => '0.8';
+requires 'HTTP::Request::AsCGI' => '1.0';
requires 'LWP::UserAgent';
requires 'Module::Pluggable' => '3.9';
requires 'Path::Class' => '0.09';
Modified: Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/CGI.pm
===================================================================
--- Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/CGI.pm 2009-12-01 00:02:38 UTC (rev 12090)
+++ Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/CGI.pm 2009-12-01 00:09:19 UTC (rev 12091)
@@ -115,13 +115,16 @@
my $scheme = $c->request->secure ? 'https' : 'http';
my $host = $ENV{HTTP_HOST} || $ENV{SERVER_NAME};
my $port = $ENV{SERVER_PORT} || 80;
+ my $script_name = $ENV{SCRIPT_NAME};
+ $script_name =~ s/([^$URI::uric])/$URI::Escape::escapes{$1}/go if $script_name;
+
my $base_path;
if ( exists $ENV{REDIRECT_URL} ) {
$base_path = $ENV{REDIRECT_URL};
$base_path =~ s/$ENV{PATH_INFO}$//;
}
else {
- $base_path = $ENV{SCRIPT_NAME} || '/';
+ $base_path = $script_name || '/';
}
# If we are running as a backend proxy, get the true hostname
@@ -143,8 +146,22 @@
}
}
+ # RFC 3875: "Unlike a URI path, the PATH_INFO is not URL-encoded,
+ # and cannot contain path-segment parameters." This means PATH_INFO
+ # is always decoded, and the script can't distinguish / vs %2F.
+ # See https://issues.apache.org/bugzilla/show_bug.cgi?id=35256
+ # Here we try to resurrect the original encoded URI from REQUEST_URI.
+ my $path_info = $ENV{PATH_INFO};
+ if (my $req_uri = $ENV{REQUEST_URI}) {
+ if (defined $script_name) {
+ $req_uri =~ s/^\Q$script_name\E//;
+ }
+ $req_uri =~ s/\?.*$//;
+ $path_info = $req_uri if $req_uri;
+ }
+
# set the request URI
- my $path = $base_path . ( $ENV{PATH_INFO} || '' );
+ my $path = $base_path . ( $path_info || '' );
$path =~ s{^/+}{};
# Using URI directly is way too slow, so we construct the URLs manually
Modified: Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/FastCGI.pm
===================================================================
--- Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/FastCGI.pm 2009-12-01 00:02:38 UTC (rev 12090)
+++ Catalyst-Runtime/5.80/trunk/lib/Catalyst/Engine/FastCGI.pm 2009-12-01 00:09:19 UTC (rev 12091)
@@ -463,7 +463,7 @@
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param PATH_INFO $fastcgi_script_name;
+ fastcgi_param PATH_INFO /;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
@@ -490,9 +490,9 @@
=head3 Non-root configuration
-If you properly specify the PATH_INFO and SCRIPT_NAME parameters your
-application will be accessible at any path. The SCRIPT_NAME variable is the
-prefix of your application, and PATH_INFO would be everything in addition.
+If you properly specify the PATH_INFO and SCRIPT_NAME parameters your
+application will be accessible at any path. The PATH_INFO variable is the
+prefix of your application, and SCRIPT_NAME would be everything in addition.
As an example, if your application is rooted at /myapp, you would configure:
Modified: Catalyst-Runtime/5.80/trunk/t/aggregate/live_engine_request_escaped_path.t
===================================================================
--- Catalyst-Runtime/5.80/trunk/t/aggregate/live_engine_request_escaped_path.t 2009-12-01 00:02:38 UTC (rev 12090)
+++ Catalyst-Runtime/5.80/trunk/t/aggregate/live_engine_request_escaped_path.t 2009-12-01 00:09:19 UTC (rev 12091)
@@ -13,7 +13,7 @@
This test exposes a problem in the handling of PATH_INFO in C::Engine::CGI (and
other engines) where Catalyst does not un-escape the request correctly.
-If a request is URL-encoded then Catalyst fails to decode the request
+If a request is URL-encoded then Catalyst fails to decode the request
and thus will try and match actions using the URL-encoded value.
Can NOT use Catalyst::Test as it uses HTTP::Request::AsCGI which does
@@ -31,11 +31,11 @@
@@ -157,6 +157,8 @@
my $query = $ENV{QUERY_STRING} ? '?' . $ENV{QUERY_STRING} : '';
my $uri = $scheme . '://' . $host . '/' . $path . $query;
-
+
+ $uri = URI->new( $uri )->canonical;
+
$c->request->uri( bless \$uri, $uri_class );
-
+
# set the base URI
=cut
@@ -54,6 +54,7 @@
}
# test that request with URL-escaped code works.
+{
my $request = Catalyst::Utils::request( 'http://localhost/args/param%73/one/two' );
my $cgi = HTTP::Request::AsCGI->new( $request, %ENV )->setup;
@@ -65,8 +66,6 @@
TestApp->handle_request( env => \%ENV );
ok( my $response = $cgi->restore->response );
-TODO: {
- local $TODO = 'Actions should match when path parts are url encoded';
ok( $response->is_success, 'Response Successful 2xx' );
is( $response->content, 'onetwo' );
}
More information about the Catalyst-commits
mailing list