[Jifty-commit] jifty branch, master, updated. 1.10518-41-gf51cae7
Jifty commits
jifty-commit at lists.jifty.org
Thu Aug 4 14:50:56 EDT 2011
The branch, master has been updated
via f51cae781f809c45b03d3bcb44cabb775a41fafb (commit)
from c14c88cf97851d9c6f2157f0b7acdb9bb5ea762f (commit)
Summary of changes:
lib/Jifty/Continuation.pm | 6 ------
1 files changed, 0 insertions(+), 6 deletions(-)
- Log -----------------------------------------------------------------
commit f51cae781f809c45b03d3bcb44cabb775a41fafb
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Aug 4 14:06:28 2011 -0400
Checking for path hygene in continuation returns is no longer necessary
This warning was introduced in 36bd338, when "call" and "return" were
handled by the same code. The only way we determined which phase we
were in was by whether the path matched what was stored in the
continuation. The danger is this was that the path that we redirected
to could be different from the path that the browser then requested, if
it chose to escape characters differently; this would cause Jifty to
redirect indefinitely. The warning was placed here to warn of the
perils of redirecting to URIs containing characters which the browser
might choose to escape differently than Jifty did.
However, the canonicalization done by Plack::Request (and in 3e54cf2)
guarantees that the URIs have been canonicalized equivilently; thus,
this warning is always a false-positive.
diff --git a/lib/Jifty/Continuation.pm b/lib/Jifty/Continuation.pm
index dece686..6701fd6 100644
--- a/lib/Jifty/Continuation.pm
+++ b/lib/Jifty/Continuation.pm
@@ -190,12 +190,6 @@ sub call {
return;
}
- # If we needed to fix up the path (it contains invalid
- # characters) then warn, because this may cause infinite
- # redirects
- $self->log->warn("Redirect to '@{[$self->request->path]}' contains unsafe characters")
- if $self->request->path =~ m{[^A-Za-z0-9\-_.!~*'()/?&;+%]};
-
# Clone our request
my $request = $self->request->clone;
-----------------------------------------------------------------------
More information about the Jifty-commit
mailing list