[Catalyst] Does uri_for() URL-escape arguments correctly ?
Hi, for some time I write things like this in my templates: a href=[% c.uri_for(c.controller.action_for('object'), [ file ]) %]img src=[% c.uri_for(c.controller.action_for('thumbnail'), [ file ]) %] alt=[% video | html %] //a where file is something which can contain a lot of dangerous characters. I assumed (and after experiencing a bit it seemed to be the case) that it would escape spaces, quotes, slashes, etc using the %XX URL-escapes. It seems to do it, even for / e.g. However, it does not escape the % character itself. Yes, I do have filenames with % in them :) The url filter in the Template Toolkit does, so the following work-around works (because already %-encoded sequences are untouched by uri_for()) [% file = path _ video | url %] Am I mistaken so to think that c.uri_for(x, y) does the auto-filtering for y automatically as required ? I might also have a question regarding the priority of operations in path _ video | url. In my case it works, because path doesn't contain %, but slashes. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] [ANNOUNCE] Catalyst-Runtime 5.90019
It gives me great pleasure to announce the latest version of Catalyst-Runtime, which fixes issues installing and running on both old (5.8) and new (5.17.6) versions of perl! Full change log below as always. Cheers t0m 5.90019 - 2012-12-04 21:31:00 - Fix for perl 5.17.6 (commit g7dc8663). RT#81601 - Fix for perl 5.8. RT#61122 - Remove use of MooseX::Types as MooseX::Types is broken on perl5.8 RT#77100 RT#81121 ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Does uri_for() URL-escape arguments correctly ?
On Tue, Dec 4, 2012 at 5:22 AM, Marc SCHAEFER schae...@alphanet.ch wrote: Hi, for some time I write things like this in my templates: a href=[% c.uri_for(c.controller.action_for('object'), [ file ]) %]img src=[% c.uri_for(c.controller.action_for('thumbnail'), [ file ]) %] alt=[% video | html %] //a I've always used href=[% c.uri_for( ... ) | html %] -- Bill Moseley mose...@hank.org ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/