cvsweb version 3:3.0.1-1 diff problems (and howto debug this)
VilleSkyttä
scop at FreeBSD.org
Wed Jun 9 06:56:20 GMT 2004
On Mon, 2004-06-07 at 23:53, Ville Skyttä wrote:
> On Fri, 2004-06-04 at 16:57, Ville Skyttä wrote:
> > On Fri, 2004-06-04 at 12:50, Koos Vriezen wrote:
> >
> > > if (defined($ENV{QUERY_STRING})) {
> > > $ENV{QUERY_STRING} = uri_escape($ENV{QUERY_STRING});
> > > for my $p (split(/[;&]+/, $ENV{QUERY_STRING})) {
> > [...]
> > > commenting out the 'uri_escape' line makes cvsweb work again.
> > > Up to you and/or debian maintainer to fix this, or is it my perl?
> >
> > That uri_escape() line does not exist in vanilla FreeBSD-CVSweb, so I
> > guess it's a Debian addition and should be fixed there.
>
> FYI: I stubled across this:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=250757
...but the uri_unescape() is wrong as well; it will break if the keys or
values in the query string contain eg. a ";".
For example, support for requesting a specific charset along with a
Content-Type is planned; in an escaped query string that will look like:
...;content-type=text%2Fhtml%3B%20charset%3DUTF-8;...
Now, if the query string is unescaped before parsing the key=value
pairs, that will become:
...;content-type=text/html; charset=UTF-8;...
Parsing that will obviously break.
Debian maintainers, see
http://lists.freebsd.org/pipermail/freebsd-cvsweb/2004-June/000246.html
and later messages in that thread.
More information about the freebsd-cvsweb
mailing list