diff options
author | Eric Wong <e@80x24.org> | 2016-08-09 01:55:19 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2016-08-09 01:55:19 +0000 |
commit | 414d67298d830bec7fd4241b30283e08faa3222d (patch) | |
tree | bae866dd2fb9f2654fb3bf9fbd1e3d7b7d50c80a /lib/PublicInbox | |
parent | 200fb98dd5d5f81344e9ab732d2c7ee3f92203e1 (diff) | |
download | public-inbox-414d67298d830bec7fd4241b30283e08faa3222d.tar.gz |
www: avoid misinterpreting '&' and ';' in query parameters
Oops, we must unescape each key=value pair in a QUERY_STRING individually; otherwise we cannot interpret '&' or ';' in query parameter values.
Diffstat (limited to 'lib/PublicInbox')
-rw-r--r-- | lib/PublicInbox/WWW.pm | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm index 26cd571c..60cb4430 100644 --- a/lib/PublicInbox/WWW.pm +++ b/lib/PublicInbox/WWW.pm @@ -41,11 +41,11 @@ sub call { # we don't care about multi-value my %qp = map { - my ($k, $v) = split('=', $_, 2); + my ($k, $v) = split('=', uri_unescape($_), 2); $v = '' unless defined $v; $v =~ tr/+/ /; ($k, $v) - } split(/[&;]/, uri_unescape($env->{QUERY_STRING})); + } split(/[&;]/, $env->{QUERY_STRING}); $ctx->{qp} = \%qp; my $path_info = $env->{PATH_INFO}; |