Re: dealing with empty field names in query

Fri, 06 Feb 2009 15:05:41 -0800 

Phil Carmody wrote:

--- On Fri, 2/6/09, John ORourke <john-modp...@o-rourke.org> wrote:

We're using more and more javascript to do clever
things with forms,


Lots of people have said that. Probably a majority were wrong.


 and I think we broke the Apache2::Request

parser, but wanted to check before reporting it as a bug. 
(and tell me if this should go to the apreq list)


With the following request body:

i1=drnk4&basket%3A_new_de9a792da0f5127d72d7c6a5f6b2d4c5%3Aquan
tity=1&basket%3A_new_de9a792da0f5127d72d7c6a5f6b2d4c5%3Aid=de9a792da0f5127d72d7c6a5f
6b2d4c5&i2=clth12&basket%3A_new_7acf9602cd6ab0ee86f77efeaaffefff%3Aquantity=1&basket
%3A_new_7acf9602cd6ab0ee86f77efeaaffefff%3Aid=7acf9602cd6ab0ee86f77efeaaffefff&i3=&=
&=&i4=&=&=&i5=&=&=&i6=&=&=&action=insert&x=46&y=17

When I create a new Apache2::Request object and loop
through the parameters, I get this: (output from
Data::Dumper of a hash of the params)

 'basket:_new_7acf9602cd6ab0ee86f77efeaaffefff:id'
=> '7acf9602cd6ab0ee86f77efeaaff
efff',

'basket:_new_7acf9602cd6ab0ee86f77efeaaffefff:quantity'
=> '1',
 'basket:_new_de9a792da0f5127d72d7c6a5f6b2d4c5:id'
=> 'de9a792da0f5127d72d7c6a5f6b2
d4c5',

'basket:_new_de9a792da0f5127d72d7c6a5f6b2d4c5:quantity'
=> '1',
 'i1' => 'drnk4',
 'i2' => 'clth12',
 'i3' => ''

So it stops parsing when it gets an '=' straight
after an ampersand.

I looked up the spec and it doesn't seem to explicitly
say, so I don't think we should just stop parsing.

Spec:

http://www.w3.org/MarkUp/html-spec/html-spec_8.html#SEC8.2.1


In those name/value pairs, according to HTML 4 at least, the names must begin 
with a letter [A-Za-z]. The empty string does not do so. Garbage in, garbage 
out.


+1
+ :

Above the OP is talking about a request "body".  Are we sure that this 
is really a request body, and not a query-string ?

What does the <form> tag really look like ? (enctype)

Just thinking that if this is a query-string, is it not just being cut 
off after a certain size ?
It would not be possible to submit this data as multipart/form-data, for 
a similar reason to what Phil says.

























					Reply via email to