[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-cgicc] Form Variable Parsing Bug
From: |
Michael Richards |
Subject: |
[bug-cgicc] Form Variable Parsing Bug |
Date: |
Sun, 4 Mar 2012 00:15:12 -0500 |
I googled this but was surprised to find no comments or fixes. Diff is
at the bottom.
W3C says the following at
http://www.w3.org/TR/1999/REC-html401-19991224/appendix/notes.html#h-B.2.2
We recommend that HTTP server implementors, and in particular, CGI
implementors support the use of ";" in place of "&" to save authors
the trouble of escaping "&" characters in this manner.
The fix below is very simple. It does permit then separation using
either a ; or a & which in my mind isn't very neat but proper URI
encoding requires that any form names or values containing ';' or '&'
be encoded to their % equivalent anyway.
--- Cgicc.cpp 2012-03-04 00:03:35.000000000 -0500
+++ Cgicc.cpp.bak 2012-03-04 00:02:11.000000000 -0500
@@ -365,12 +365,12 @@
// Decode the name
name = form_urldecode(data.substr(oldPos, pos - oldPos));
oldPos = ++pos;
- // Find the '&' OR ';' separating subsequent name/value pairs
- pos = data.find_first_of(";&", oldPos);
+ // Find the '&' separating subsequent name/value pairs
+ pos = data.find_first_of('&', oldPos);
// Even if an '&' wasn't found the rest of the string is a value
value = form_urldecode(data.substr(oldPos, pos - oldPos));
// Store the pair
- [bug-cgicc] Form Variable Parsing Bug,
Michael Richards <=