[Catalyst-dev] [patch] Catalyst::Engine::Apache bug
Andy Grundman
andy at hybridized.org
Tue Feb 13 17:15:04 GMT 2007
On Feb 13, 2007, at 11:55 AM, Carl Johnstone wrote:
>
> I've got a problem with $c->req->arguments which I've tracked track
> to a bug with how the Catalyst::Engine::Apache parses the URL.
>
> Given the URL: /search/foo%2Fbar%20baz/1
>
> The cat-server returns:
>
> $VAR1 = [
> 'search',
> 'foo/bar baz',
> '1'
> ];
>
> Whereas through Apache I get:
>
> $VAR1 = [
> 'search',
> 'foo',
> 'bar baz',
> '1'
> ];
>
>
> This is because Catalyst::Engine::Apache is called apache->uri
> which has already unescaped the URL. Using apache->unparsed_uri and
> splitting off the query_string portion means that I get the same
> result through Apache as through the cat-server. I've attached my
> change as a patch.
Hmm, you should avoid the use of %2F in URIs. Most web servers
including Apache have taken various steps to deal with old hacks that
used encoded slashes. IIRC Apache will just 404 any request that
contains %2F unless you set an explicit flag (AllowEncodedSlashes On).
There are some %2F tests in Cat, so I'll try your patch out with the
test suite and see how it does.
More information about the Catalyst-dev
mailing list