mike,
you're right, thanks for the fix. I hope your assumption that
'+' == '%20' is right across the board on the web. I know from a browser
prospective that netscape transmits spaces as '+' instead of '%20' when
submitting forms. This still technically breaks spec per below ;)
--------------- RFC 822 section 8.2.1 --------------------------------
1.The form field names and values are escaped: space characters are
replaced by `+', and then reserved characters are escaped as per
[URL];
--------------- RFC 822 section 8.2.1 --------------------------------
-f
On Wed, 23 Feb 2000, Michael Sheldrake wrote:
>
> Frey -
>
> Let URI::query_form() escape and unescape your strings, including the
> spaces. The function expects plain, unencoded strings, or else that regex
> you modified wouldn't be there.
>
> The problem with your solution is that now you can't include '+' (as in
> plus) in your key/value pairs. If you use '+' and you mean plus, you'll get
> a space when you decode the string. If you try to escape '+' with '%2B',
> that same regex will escape the '%', so when you decode the string, you'll
> be left with '%2B'.
>
> To make URI::query_form() follow the specifications for user agents found in
> section 8.2.1 of RFC 1866, you could add
>
> $key =~ s/ /+/g;
>
> and
>
> $val =~ s/ /+/g;
>
> after the respective regex's, instead of modifying those regex's. Then, just
> be sure to pass regular, unescaped strings to URI::query_form().
>
> You can probably get away with using _query.pm as distributed if you use
> URI::query_form() to manipulate the query string but URI::query() when you
> want to actually use the query string. Spaces will be converted to '%20'
> instead of '+', but applications that decode
> "application/x-www-form-urlencoded" data will convert both back to a space.
>
> - Mike Sheldrake
>
>
> > -----Original Message-----
> > From: la mouton [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, February 22, 2000 7:01 PM
> > To: [EMAIL PROTECTED]
> > Subject: URI::URL->query_form() non compliant with specification
> >
> >
> > Gisle,
> >
> > query_form() is non-compliant with RFC 1866 section. 8.2.1.
> >
> > This bug relates to the URL escaping of a space in key,value pairs for a
> > "application/x-www-form-urlencoded" type POST form.
> >
> > section 8.2.1 [RFC 1866] states:
> >
> > [------------------------------------------------------------------]
> > 1.The form field names and values are escaped: space characters are
> > replaced by `+', and then reserved characters are escaped as per [URL];
> > that is, non-alphanumeric characters are replaced by `%HH', a
> > percent sign and two hexadecimal digits representing the ASCII code of the
> > character. Line breaks, as in multi-line text field values, are
> > represented as CR LF pairs, i.e. `%0D%0A'.
> > [------------------------------------------------------------------]
> >
> > However, in URI::_query, the default policy is to escape the '+' character
> > into '%HH' format which produces a '%2B' as a result. The offending lines
> > of code in _query.pm are:
> >
> > 33 $key =~ s/([;\/?:@&=+,\$%])/$URI::Escape::escapes{$1}/g;
> > 37 $val =~ s/([;\/?:@&=+,\$%])/$URI::Escape::escapes{$1}/g;
> >
> > removing the '+' from the regex does the trick for me.
> >
> > regards,
> > Frey Kuo
> >
> >
>
>
