[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-cgicc] Form Variable Parsing Bug
|
From: |
Stephen F. Booth |
|
Subject: |
Re: [bug-cgicc] Form Variable Parsing Bug |
|
Date: |
Mon, 12 Mar 2012 20:39:55 -0400 |
This looks like a good enhancement. Do you know of any HTTP server
implementations that actually use ';' as a separator? I don't think
I'm aware of any.
Stephen
On Sun, Mar 4, 2012 at 12:15 AM, Michael Richards <address@hidden> wrote:
> I googled this but was surprised to find no comments or fixes. Diff is
> at the bottom.
>
> W3C says the following at
> http://www.w3.org/TR/1999/REC-html401-19991224/appendix/notes.html#h-B.2.2
> We recommend that HTTP server implementors, and in particular, CGI
> implementors support the use of ";" in place of "&" to save authors
> the trouble of escaping "&" characters in this manner.
>
> The fix below is very simple. It does permit then separation using
> either a ; or a & which in my mind isn't very neat but proper URI
> encoding requires that any form names or values containing ';' or '&'
> be encoded to their % equivalent anyway.
>
>
> --- Cgicc.cpp 2012-03-04 00:03:35.000000000 -0500
> +++ Cgicc.cpp.bak 2012-03-04 00:02:11.000000000 -0500
> @@ -365,12 +365,12 @@
>
> // Decode the name
> name = form_urldecode(data.substr(oldPos, pos - oldPos));
> oldPos = ++pos;
>
> - // Find the '&' OR ';' separating subsequent name/value pairs
> - pos = data.find_first_of(";&", oldPos);
> + // Find the '&' separating subsequent name/value pairs
> + pos = data.find_first_of('&', oldPos);
>
> // Even if an '&' wasn't found the rest of the string is a value
> value = form_urldecode(data.substr(oldPos, pos - oldPos));
>
> // Store the pair
>
> _______________________________________________
> bug-cgicc mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/bug-cgicc