Bug#172132: pkgreport.cgi doesn't cope with & where & is expected
Package: debbugs
Version: 2.3-4
Tags: patch
Arguably, pkgreport.cgi etc. not coping with & where & is expected is
correct behaviour, but there are one or two browsers which don't decode
character entities in URLs (in the case of at least one such browser, it was
a design decision based on & in URLs often being a literal & rather than
marking the start of a character entity).
Better to be liberal in what you accept :-)
--
| Darren Salt | linux (or ds) at | nr. Ashington,
| Linux PC, Risc PC | youmustbejoking | Northumberland
| No Wodniws here | demon co uk | Toon Army
| <URL:http://www.youmustbejoking.demon.co.uk/> (PGP 2.6, GPG keys)
Deprive a mirror of its silver and even the Czar won't see his face.
--- debbugs_2.3-4/cgi/common.pl~
+++ debbugs_2.3-4/cgi/common.pl
@@ -24,7 +24,7 @@
} else {
return;
}
- foreach (split(/&/,$in)) {
+ foreach (split(/&|&/,$in)) {
s/\+/ /g;
($key, $val) = split(/=/,$_,2);
$key=~s/%(..)/pack("c",hex($1))/ge;
Reply to: