Bug#380302: libapache-mod-perl: args() can return an odd number of elements
Package: libapache-mod-perl
Version: 1.29.0.4-2
Severity: normal
args() currently does no checking on its naive split, so it can return
an odd number of elements in list context, which triggers a warning when
assigned to a hash. (My logs are full of these due to the onslaught of
"/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+ver" and other crap.)
Here's a one-liner (well, four-liner) that does the trick:
map { defined $_ ? $_ : '' }
map Apache::unescape_url_info(defined $_ ? $_ : ''),
map /^([^=]*)(?:=(.*))?/,
split /[&;]+/ => $r->query_string
(Makes you miss Perl 6's "//" operator, doesn't it?)
Not only does this always return an even number of elements, it also
mimics the behavior of libapreq ("foo&bar" now returns two variables
instead of one), including the quirk (well, bug) where a leading empty
element will not be filtered out.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-1-toroia
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)
Versions of packages libapache-mod-perl depends on:
ii apache-common 1.3.34-2 support files for all Apache webse
ii libc6 2.3.6-15 GNU C Library: Shared libraries
ii libdevel-symdump-perl 2.03-3 Perl module for inspecting perl's
ii libperl5.8 5.8.8-6 Shared Perl library
ii liburi-perl 1.35-2 Manipulates and accesses URI strin
ii libwww-perl 5.805-1 WWW client/server library for Perl
ii perl [libmime-base64-perl] 5.8.8-6 Larry Wall's Practical Extraction
libapache-mod-perl recommends no packages.
-- no debconf information
Reply to: