[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#380302: libapache-mod-perl: args() can return an odd number of elements

Package: libapache-mod-perl
Severity: normal

args() currently does no checking on its naive split, so it can return
an odd number of elements in list context, which triggers a warning when
assigned to a hash.  (My logs are full of these due to the onslaught of
"/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+ver" and other crap.)

Here's a one-liner (well, four-liner) that does the trick:

  map { defined $_ ? $_ : '' }
    map Apache::unescape_url_info(defined $_ ? $_ : ''),
      map /^([^=]*)(?:=(.*))?/,
        split /[&;]+/ => $r->query_string

(Makes you miss Perl 6's "//" operator, doesn't it?)

Not only does this always return an even number of elements, it also
mimics the behavior of libapreq ("foo&bar" now returns two variables
instead of one), including the quirk (well, bug) where a leading empty
element will not be filtered out.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-1-toroia
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)

Versions of packages libapache-mod-perl depends on:
ii  apache-common                 1.3.34-2   support files for all Apache webse
ii  libc6                         2.3.6-15   GNU C Library: Shared libraries
ii  libdevel-symdump-perl         2.03-3     Perl module for inspecting perl's 
ii  libperl5.8                    5.8.8-6    Shared Perl library
ii  liburi-perl                   1.35-2     Manipulates and accesses URI strin
ii  libwww-perl                   5.805-1    WWW client/server library for Perl
ii  perl [libmime-base64-perl]    5.8.8-6    Larry Wall's Practical Extraction 

libapache-mod-perl recommends no packages.

-- no debconf information

Reply to: