[Jifty-commit] jifty branch, master, updated. 3e54cf2a301f5dfbb8ab7e521cea3420cab785fb

[Jifty commits]

The branch, master has been updated
       via  3e54cf2a301f5dfbb8ab7e521cea3420cab785fb (commit)
      from  77480b1dac5af2b92ba1c6147bce8cc7f2435ae1 (commit)

Summary of changes:
 lib/Jifty/Continuation.pm |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

- Log -----------------------------------------------------------------
commit 3e54cf2a301f5dfbb8ab7e521cea3420cab785fb
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Wed May 12 13:18:00 2010 -0400

    Check continual path against canonicalized version, as URI::Escape and URI disagree on "safe" characters
    
    One would expect that the following statement should be code should be
    silent for all values of $char:
    
        use URI;
        use URI::Escape;
    
        my $uri = URI->new("http://localhost/".uri_escape($char));
        print "oh no!" unless $uri->as_string eq $uri->canonical->as_string;
    
    That is, that URI::Escape and URI would agree on the set of characters
    that need to be escaped.  Unfortunately, URI::Escape defaults to
    escaping as per RFC3986, whereas URI uses the less restrictive
    RFC2732.  The latter allows the following characters which the former
    does not:
    
        ! * ' ( )
    
    Plack::Request returns a ->canonical'd version of the request URI,
    which means that one cannot assume that the URI that a user was
    redirected to is the same as the URI that they later arrive at.  A
    "more correct" solution would be to either not canonicalize the URI in
    Plack::Request, or to change all URI::Escape::uri_escape calls to
    escape only RFC2732-unfriendly characters; however, this fix is
    arguably also correct, and much simpler to implement.

diff --git a/lib/Jifty/Continuation.pm b/lib/Jifty/Continuation.pm
index 667261b..25606e2 100644
--- a/lib/Jifty/Continuation.pm
+++ b/lib/Jifty/Continuation.pm
@@ -158,7 +158,8 @@ to ask "are we about to call a continuation?"
 sub return_path_matches {
     my $self = shift;
 
-    return unless Jifty->web->request->path eq $self->request->path;
+    return unless Jifty->web->request->path eq $self->request->path
+        or Jifty->web->request->path eq $self->request->uri->canonical->path;
 
     my $args = Jifty->web->request->arguments;
     return unless scalar keys %{$args} == 1;

-----------------------------------------------------------------------