* [PATCH] www: avoid misinterpreting '&' and ';' in query parameters
@ 2016-08-09 2:00 Eric Wong
0 siblings, 0 replies; only message in thread
From: Eric Wong @ 2016-08-09 2:00 UTC (permalink / raw)
To: meta
Oops, we must unescape each key=value pair in a QUERY_STRING
individually; otherwise we cannot interpret '&' or ';' in
query parameter values.
---
lib/PublicInbox/WWW.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm
index 26cd571..60cb443 100644
--- a/lib/PublicInbox/WWW.pm
+++ b/lib/PublicInbox/WWW.pm
@@ -41,11 +41,11 @@ sub call {
# we don't care about multi-value
my %qp = map {
- my ($k, $v) = split('=', $_, 2);
+ my ($k, $v) = split('=', uri_unescape($_), 2);
$v = '' unless defined $v;
$v =~ tr/+/ /;
($k, $v)
- } split(/[&;]/, uri_unescape($env->{QUERY_STRING}));
+ } split(/[&;]/, $env->{QUERY_STRING});
$ctx->{qp} = \%qp;
my $path_info = $env->{PATH_INFO};
--
EW
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2016-08-09 2:00 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-09 2:00 [PATCH] www: avoid misinterpreting '&' and ';' in query parameters Eric Wong
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).