You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Tobias Hoellrich <th...@Adobe.COM> on 2000/08/01 21:42:47 UTC

Shouldn't we escape this regexp?

On one of my web server I ran several times into an issue where I received
an internal server error in Registry.pm under certain conditions. The
error_log says:

[Tue Aug  1 12:15:53 2000] [error] //VJ++.pdf$/: nested *?+ in regexp at
/usr/local2/lib/perl5/site_perl/5.6.0/sun4-solaris/Apache/Registry.pm line 65.

And the offending line in mod_perl 1.23's Registry.pm is:

       my $script_name = $path_info && $uri =~ /$path_info$/ ?
          substr($uri, 0, length($uri)-length($path_info)) :
          $uri;

I run into this situation after constructing a URL which contains a
filename-hint as path_info() (to make it easier for Browsers to figure out
the filename they display in the Save As ... dialog box). In this case the
URL generated was:

	http://myserver.com/somescript.pl/VJ%2B%2B.pdf?somearg=somevalue

(Note: If you happen to see "+" in the URL above it means that your
mail-program or my mail-program unescaped the %2B in the original URL)

When the users clicks on this link - boom - above error appears in my log
file and the user sees an "internal error". 

I guess we should really escape the path_info() matching and make sure that
perl treats it as a non-regexp string only. 

The patch below fixes 1.24 for me and the error has disappeared since then. 

Hmmm - I guess I should check all the other places where something like
this may cause troubles ...

Cheers
  Tobias



*** Registry.pm.org     Tue Aug  1 12:28:58 2000
--- Registry.pm Tue Aug  1 12:29:23 2000
***************
*** 62,68 ****
        $r->log_error(sprintf "Apache::Registry::handler examining %s",
                      $uri) if $Debug && $Debug & 4;
        my $path_info = $r->path_info;
!       my $script_name = $path_info && $uri =~ /$path_info$/ ?
            substr($uri, 0, length($uri)-length($path_info)) :
            $uri;
  
--- 62,68 ----
        $r->log_error(sprintf "Apache::Registry::handler examining %s",
                      $uri) if $Debug && $Debug & 4;
        my $path_info = $r->path_info;
!       my $script_name = $path_info && $uri =~ /\Q$path_info$\E/ ?
            substr($uri, 0, length($uri)-length($path_info)) :
            $uri;