Re: Seeming bug in URI::URL

Aaron Sherman (ajs@openmarket.com)
Thu, 12 Oct 1995 16:47:37 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Roy T. Fielding: "Re: Seeming bug in URI::URL"
Previous message: Martijn Koster: "Re: Seeming bug in URI::URL"

Ok, so it seems that the broken part of URI::URL is truely the
*decoding* not the *encoding*, and I've been patching a non-hole for a
while now.

How is it broken, you ask? Well, imagine the following URL, which my
browser handles just fine:

	http://foo/s?a=b%26c&d=e

This should pass a parameter "a" which arives at the script, s,
looking like "b&c" because the & was quoted. This *is* the cannonical
form of this URL, and it should not be altered in any way.

However, URI::URL turns it into:

	http://foo/s?a=b&c&d=e

Which passes a as "b", c, with no value (is it legal to omit the =?)
and d as "e".

URI::URL is going to need some mechanism of keeping track of what was
passed to it encoded and what *it* encoded. The only way that I can
think of, which is simple enough for the general case, is to NOT
decode query arguments in the first place. Of course, that means that
you have to not re-encode those %-signs.

			-AJS

--
Aaron Sherman <ajs@ajs.com>		B4 f w+ c kv s+(--)v r p
I-Kinetics, Inc.			Pager: (508)545-0584
1 NE Executive Park			Fax:   (617)270-4979
Burlington, MA 01803-5005		WWW:   http://ajs.com/~ajs/
		ajs@ajs.com or ajs@openmarket.com
		      "I speak for no one."

Next message: Roy T. Fielding: "Re: Seeming bug in URI::URL"
Previous message: Martijn Koster: "Re: Seeming bug in URI::URL"