[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-users] A patch for the patch for the http egg ``+'' problem
|
From: |
Peter Busser |
|
Subject: |
Re: [Chicken-users] A patch for the patch for the http egg ``+'' problem... |
|
Date: |
Thu, 16 Feb 2006 20:38:02 +0100 |
|
User-agent: |
Mutt/1.5.9i |
Hi!
> I believe there is a serious regression in this patch. The URL is
> being canonicalized in its entirety at the beginning of
> http:decode-url, before it is taken apart.
I was not sure the patch was entirely correct, because it is based on
memories several years old. That is why I posted the reasoning behind
it, so others might point out potential faults.
> This is not correct,
> because escaped characters should only be unescaped -after- breaking
> the URL down into pathname and key/value pairs. In other words, only
> unescaped ?, = and & serve as delimiters. Otherwise, how would you
> pass ? = or & as part of a value?
I've just briefly looked at RFC 1738 about URLs and RFC 1630 about URLs in
WWW, and it looks like so called ``safe characters'' should not be
escaped. ?, =, + and & are among the safe characters. And an escaped /
is not the same as an original (i.e. non-escaped) /, as far as the RFC
is concerned. So it looks like you are right about this.
> So the unpatched version was correct, except that it was converting +
> into spaces in the URL path itself.
BTW, note that the original version also used the same function for
decoding POST-data.
> Attached is a patch against current SVN. Peter, can you test this on
> your setup?
Sure. I think I have time to test it tomorrow.
Groetjes,
Peter.