oops, that should be RFC1866 instead of RFC822 in my prior message.
-f
On Wed, 23 Feb 2000, la mouton wrote:
> mike,
>
> you're right, thanks for the fix. I hope your assumption that
> '+' == '%20' is right across the board on the web. I know from a browser
> prospective that netscape transmits spaces as '+' instead of '%20' when
> submitting forms. This still technically breaks spec per below ;)
>
> --------------- RFC 822 section 8.2.1 --------------------------------
> 1.The form field names and values are escaped: space characters are
> replaced by `+', and then reserved characters are escaped as per
> [URL];
> --------------- RFC 822 section 8.2.1 --------------------------------
>
> -f
>
> On Wed, 23 Feb 2000, Michael Sheldrake wrote:
>
> >
> > Frey -
> >
> > Let URI::query_form() escape and unescape your strings, including the
> > spaces. The function expects plain, unencoded strings, or else that regex
> > you modified wouldn't be there.
> >
> > The problem with your solution is that now you can't include '+' (as in
> > plus) in your key/value pairs. If you use '+' and you mean plus, you'll get
> > a space when you decode the string. If you try to escape '+' with '%2B',
> > that same regex will escape the '%', so when you decode the string, you'll
> > be left with '%2B'.
> >
> > To make URI::query_form() follow the specifications for user agents found in
> > section 8.2.1 of RFC 1866, you could add
> >
> > $key =~ s/ /+/g;
> >
> > and
> >
> > $val =~ s/ /+/g;
> >
> > after the respective regex's, instead of modifying those regex's. Then, just
> > be sure to pass regular, unescaped strings to URI::query_form().
> >
> > You can probably get away with using _query.pm as distributed if you use
> > URI::query_form() to manipulate the query string but URI::query() when you
> > want to actually use the query string. Spaces will be converted to '%20'
> > instead of '+', but applications that decode
> > "application/x-www-form-urlencoded" data will convert both back to a space.
> >
> > - Mike Sheldrake
> >
> >
> > > -----Original Message-----
> > > From: la mouton [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, February 22, 2000 7:01 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: URI::URL->query_form() non compliant with specification
> > >
> > >
> > > Gisle,
> > >
> > > query_form() is non-compliant with RFC 1866 section. 8.2.1.
> > >
> > > This bug relates to the URL escaping of a space in key,value pairs for a
> > > "application/x-www-form-urlencoded" type POST form.
> > >
> > > section 8.2.1 [RFC 1866] states:
> > >
> > > [------------------------------------------------------------------]
> > > 1.The form field names and values are escaped: space characters are
> > > replaced by `+', and then reserved characters are escaped as per [URL];
> > > that is, non-alphanumeric characters are replaced by `%HH', a
> > > percent sign and two hexadecimal digits representing the ASCII code of the
> > > character. Line breaks, as in multi-line text field values, are
> > > represented as CR LF pairs, i.e. `%0D%0A'.
> > > [------------------------------------------------------------------]
> > >
> > > However, in URI::_query, the default policy is to escape the '+' character
> > > into '%HH' format which produces a '%2B' as a result. The offending lines
> > > of code in _query.pm are:
> > >
> > > 33 $key =~ s/([;\/?:@&=+,\$%])/$URI::Escape::escapes{$1}/g;
> > > 37 $val =~ s/([;\/?:@&=+,\$%])/$URI::Escape::escapes{$1}/g;
> > >
> > > removing the '+' from the regex does the trick for me.
> > >
> > > regards,
> > > Frey Kuo
> > >
> > >
> >
> >
>
>
