ports/89627: incorrect escaping of UTF-8 strings in www/p5-HTML-Mason
Eugene Gladchenko
eugene at donpac.ru
Sun Nov 27 09:40:04 UTC 2005
>Number: 89627
>Category: ports
>Synopsis: incorrect escaping of UTF-8 strings in www/p5-HTML-Mason
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Nov 27 09:40:01 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Eugene Gladchenko
>Release: FreeBSD 5.4-RELEASE-p8 i386
>Organization:
Bank of Russia
>Environment:
System: FreeBSD cerberus.rnd.cbr.ru 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #6: Thu Nov 3 01:10:34 MSK 2005
>Description:
There is a bug in the url_escape sub of HTML::Mason::Escapes.
When using url_escape sub of HTML::Mason::Escapes with utf8 strings,
url_escape produces incorrectly escaped URI strings.
>How-To-Repeat:
For example,
#!/usr/bin/perl
use HTML::Mason::Escapes;
my $s = "\x{442}\x{435}\x{441}\x{442}";
HTML::Mason::Escapes::url_escape(\$s);
print "$s\n";
prints %442%435%441%442 instead of %D1%82%D0%B5%D1%81%D1%82.
>Fix:
Obviously, it happens just because ord() returns numbers greater
than 255.
Mason since 1.29_01 requires Perl 5.6, so the following patch
for Escapes.pm is trivial:
--- patch-Escapes.pm begins here ---
--- lib/HTML/Mason/Escapes.pm.orig Sat Nov 6 22:34:55 2004
+++ lib/HTML/Mason/Escapes.pm Thu Sep 29 08:31:30 2005
@@ -36,6 +38,7 @@
{
return unless defined ${ $_[0] };
+ use bytes;
${ $_[0] } =~ s/([^a-zA-Z0-9_.-])/uc sprintf("%%%02x",ord($1))/eg;
}
--- patch-Escapes.pm ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list