[Jifty-commit] jifty branch, master, updated. 3e54cf2a301f5dfbb8ab7e521cea3420cab785fb
Jifty commits
jifty-commit at lists.jifty.org
Wed May 12 21:27:03 EDT 2010
The branch, master has been updated
via 3e54cf2a301f5dfbb8ab7e521cea3420cab785fb (commit)
from 77480b1dac5af2b92ba1c6147bce8cc7f2435ae1 (commit)
Summary of changes:
lib/Jifty/Continuation.pm | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
- Log -----------------------------------------------------------------
commit 3e54cf2a301f5dfbb8ab7e521cea3420cab785fb
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Wed May 12 13:18:00 2010 -0400
Check continual path against canonicalized version, as URI::Escape and URI disagree on "safe" characters
One would expect that the following statement should be code should be
silent for all values of $char:
use URI;
use URI::Escape;
my $uri = URI->new("http://localhost/".uri_escape($char));
print "oh no!" unless $uri->as_string eq $uri->canonical->as_string;
That is, that URI::Escape and URI would agree on the set of characters
that need to be escaped. Unfortunately, URI::Escape defaults to
escaping as per RFC3986, whereas URI uses the less restrictive
RFC2732. The latter allows the following characters which the former
does not:
! * ' ( )
Plack::Request returns a ->canonical'd version of the request URI,
which means that one cannot assume that the URI that a user was
redirected to is the same as the URI that they later arrive at. A
"more correct" solution would be to either not canonicalize the URI in
Plack::Request, or to change all URI::Escape::uri_escape calls to
escape only RFC2732-unfriendly characters; however, this fix is
arguably also correct, and much simpler to implement.
diff --git a/lib/Jifty/Continuation.pm b/lib/Jifty/Continuation.pm
index 667261b..25606e2 100644
--- a/lib/Jifty/Continuation.pm
+++ b/lib/Jifty/Continuation.pm
@@ -158,7 +158,8 @@ to ask "are we about to call a continuation?"
sub return_path_matches {
my $self = shift;
- return unless Jifty->web->request->path eq $self->request->path;
+ return unless Jifty->web->request->path eq $self->request->path
+ or Jifty->web->request->path eq $self->request->uri->canonical->path;
my $args = Jifty->web->request->arguments;
return unless scalar keys %{$args} == 1;
-----------------------------------------------------------------------
More information about the Jifty-commit
mailing list