Multiplay Labs

tech hits and tips from Multiplay

Perl CGI.pm problems with query strings under Apache

without comments

Ever had a problem with query strings causing strange behaviour in apache when using the CGI module?
If you have the patch below might just save you some time and effort hunting down the problem.

--- CGI.pm.orig	Sat Mar  1 16:58:19 2008
+++ CGI.pm	Sat Mar  1 18:39:21 2008
@@ -2779,5 +2779,10 @@
    my $raw_script_name = $ENV{SCRIPT_NAME} || '';
    my $raw_path_info   = $ENV{PATH_INFO}   || '';
-   my $uri             = unescape($self->request_uri) || '';
+   my $uri             = $self->request_uri || '';
+
+   # ensure we dont get any query string as that can include escaped //
+   # e.g. a url parameter, which will break the apache bug fix
+   $uri =~ s/\?(.*)$//; 
+   $uri = unescape($uri);
 
    my $protected    = quotemeta($raw_path_info);

Written by Dilbert

February 21st, 2009 at 11:45 pm

Posted in Code,Hackery,Perl

Tagged with , , ,

Leave a Reply

You must be logged in to post a comment.