[Catalyst] Does uri_for() URL-escape arguments correctly ?

2012-12-04 Thread Marc SCHAEFER 
Hi,

for some time I write things like this in my templates:

a href=[% c.uri_for(c.controller.action_for('object'), [ file ]) %]img 
src=[% c.uri_for(c.controller.action_for('thumbnail'), [ file ]) %] alt=[% 
video | html %] //a

where file is something which can contain a lot of dangerous characters.

I assumed (and after experiencing a bit it seemed to be the case) that
it would escape spaces, quotes, slashes, etc using the %XX URL-escapes.
It seems to do it, even for / e.g.

However, it does not escape the % character itself. Yes, I do have filenames
with % in them :)

The url filter in the Template Toolkit does, so the following work-around
works (because already %-encoded sequences are untouched by uri_for())

   [% file = path _ video | url %]

Am I mistaken so to think that c.uri_for(x, y) does the auto-filtering
for y automatically as required ?

I might also have a question regarding the priority of operations in
path _ video | url. In my case it works, because path doesn't contain %,
but slashes.


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

[Catalyst] [ANNOUNCE] Catalyst-Runtime 5.90019

2012-12-04 Thread Tomas Doran 
It gives me great pleasure to announce the latest version of Catalyst-Runtime, 
which fixes issues installing and running on both old (5.8) and new (5.17.6) 
versions of perl!

Full change log below as always.

Cheers
t0m

5.90019 - 2012-12-04 21:31:00
  - Fix for perl 5.17.6 (commit g7dc8663). RT#81601
  - Fix for perl 5.8. RT#61122
  - Remove use of MooseX::Types as MooseX::Types is broken on perl5.8
RT#77100  RT#81121


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Does uri_for() URL-escape arguments correctly ?

2012-12-04 Thread Bill Moseley 
On Tue, Dec 4, 2012 at 5:22 AM, Marc SCHAEFER schae...@alphanet.ch wrote:

 Hi,

 for some time I write things like this in my templates:

 a href=[% c.uri_for(c.controller.action_for('object'), [ file ])
 %]img src=[% c.uri_for(c.controller.action_for('thumbnail'), [ file ])
 %] alt=[% video | html %] //a


I've always used href=[% c.uri_for( ... ) | html  %]


-- 
Bill Moseley
mose...@hank.org
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/