Red Hat Bugzilla – Bug 472571
CGI::escape is broken
Last modified: 2009-04-21 21:09:08 EDT
Recent changes in CGI.pm for example in '$Id: CGI.pm,v 1.254 2008/06/25 14:52:19 lstein Exp $' Broke escape/unescape The escape is often used for escaping binary data. The problem is that new CGI.pm unicode handles adds logic which is no standard complient. CGI:unescape(CGI:escape($in)) do not produce the same value of $in. In CGI.pm form perl 5.8.8 there was no such problem. With new broken CGI.pm there is now no clean way to encode/decode binary data (such as images) -------------- use CGI; my $t="Crêpe Café"; my $te=CGI::escape($t); my $t2=CGI::unescape($te); my $cgi_params=new CGI("text=$te"); my $p=$cgi_params->param('text'); print{*STDERR} "T=$t LEN=",length($t),"\n"; print{*STDERR} "T2=$t LEN=",length($t2),"\n"; print{*STDERR} "P=$p LEN=",length($p),"\n"; ------------ $perl -w p1 T=Crêpe Café LEN=12 T2=Crêpe Café LEN=16 P=Crêpe Café LEN=16 ------------- The length differs. Stupid new paddings broke code. There was no such problem in say '$Id: CGI.pm,v 1.251 2008/04/23 13:08:23 lstein Exp $'
This was reported to upstream http://rt.cpan.org/Public/Bug/Display.html?id=34528 perl-5.8.8 with the latest CGI is working. The problem could be caused by change in packing UTF-8 strings.
First the above example is poorly written; before using utf-8 in the source, you should declare it: use utf8; my $t="Crêpe Café"; That way $t would become a Unicode string, with LEN=10 (counted in characters, not in bytes). (CGI::escape does handle Unicode strings correctly.) That said, I would like to return to the above case. It does demonstrate a bug, indeed. The string is a byte string (or Latin-1 string), consisting of ten one-byte characters. And CGI::escape should do the %XX escaping byte-by-byte on these, for several reasons, backward compatibility with perl-5.8.x among them. This bug is fixed in perl-5.10.0-66. Moreover the patch has been submitted upstream (see the link in comment #1) and is planned for CGI.pm-3.43.
perl-5.10.0-66.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update perl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-2992
perl-5.10.0-67.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update perl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-2992
perl-5.10.0-68.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update perl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-2992
perl-5.10.0-68.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
perl-5.10.0-68.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.