[Jifty-commit] r865 - in jifty/trunk: lib/Jifty
jifty-commit at lists.jifty.org
jifty-commit at lists.jifty.org
Fri Apr 14 16:17:59 EDT 2006
Author: alexmv
Date: Fri Apr 14 16:17:58 2006
New Revision: 865
Modified:
jifty/trunk/ (props changed)
jifty/trunk/lib/Jifty/Continuation.pm
Log:
r12369 at zoq-fot-pik: chmrr | 2006-04-14 16:17:38 -0400
* Unescape incoming and stored URIs to make them match better
* If that fails, warn if it looks dodgy.
Modified: jifty/trunk/lib/Jifty/Continuation.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Continuation.pm (original)
+++ jifty/trunk/lib/Jifty/Continuation.pm Fri Apr 14 16:17:58 2006
@@ -153,12 +153,20 @@
my $request_path = $self->request->path;
# XXX TODO: WE should be using URI canonicalization
- $called_uri =~ s{/+}{/}g;
+ my $escape;
+ $called_uri =~ s{/+}{/}g;
+ $called_uri = $escape while $called_uri ne ($escape = URI::Escape::uri_unescape($called_uri));
$request_path =~ s{/+}{/}g;
-
+ $request_path = $escape while $request_path ne ($escape = URI::Escape::uri_unescape($request_path));
if (defined $request_path and
- ($called_uri ne $request_path . "?J:CALL=" . $self->id)) {
+ ($called_uri !~ /^\Q$request_path\E[?&;]J:CALL=@{[$self->id]}/)) {
+ # If we needed to fix up the path (it contains invalid
+ # characters) then warn, because this may cause infinite
+ # redirects
+ Jifty->log->warn("Redirect to '@{[$self->request->path]}' contains unsafe characters")
+ if $self->request->path =~ m{[^A-Za-z0-9\-_.!~*'()/?&;+]};
+
# Clone our request
my $request = Clone::clone($self->request);
More information about the Jifty-commit
mailing list