You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apreq-dev@httpd.apache.org by achim settelmeier <se...@netpioneer.de> on 2001/08/24 18:20:54 UTC
Patch: overwrite parameters
Hi,
I encountered a rather non-obvious problem with the most recent version of
libapreq found on CPAN (0.33).
SYMPTOM
If the browser sends parameters to your script using POST-style as well as
URL-style (you know, that ?parm=val&parm2=val2 thing that method="get" uses,
too) parameter passing, the URL-style parameters take precedence over the
POST ones.
WHY THIS IS A PROBLEM
libapreq's behaviour is exactly the opposite of what CGI.pm is doing and
thus causes some problems many old scripts that run as CGI and mod_perl.
INTERNAL
As far as I can see, the internal handling of parameter looks like this:
Put every key/value pair found into a list, don't care about dupes.
When a lookup is done, the value of the first matching key is returned.
URL-style parameters are parsed first (see apache_request.c, line 278+,
subrout ApacheRequest___parse(req)).
PATCH
The patch is rather simple and is attached to this mail. In subrout
split_to_params, the patch replaces ap_table_add with ap_table_set in
case the key is already present.
bye,
Settel
Re: Patch: overwrite parameters
Posted by Joe Schaefer <jo...@sunstarsys.com>.
achim settelmeier <se...@netpioneer.de> writes:
> SYMPTOM
> If the browser sends parameters to your script using POST-style as well as
> URL-style (you know, that ?parm=val&parm2=val2 thing that method="get" uses,
> too) parameter passing, the URL-style parameters take precedence over the
> POST ones.
>
>
> WHY THIS IS A PROBLEM
> libapreq's behaviour is exactly the opposite of what CGI.pm is doing and
> thus causes some problems many old scripts that run as CGI and mod_perl.
IMO the libapreq behavior is superior to CGI.pm, because ISTR CGI.pm
just ignores the URL-style parameters in a POST. Maybe this should
be spelled out more clearly in the apreq documentation?
> INTERNAL
> As far as I can see, the internal handling of parameter looks like this:
> Put every key/value pair found into a list, don't care about dupes.
> When a lookup is done, the value of the first matching key is returned.
> URL-style parameters are parsed first (see apache_request.c, line 278+,
> subrout ApacheRequest___parse(req)).
That's pretty much right. If you want all the values of a parameter,
just call param in a list context:
my @values = $apr->param('foo');
In particular, to get the "last" value in the list, you could try:
my $last_value = ( $apr->param('foo') )[-1];
> PATCH
> The patch is rather simple and is attached to this mail. In subrout
> split_to_params, the patch replaces ap_table_add with ap_table_set in
> case the key is already present.
Although I haven't tested your patch, i think that it would disallow
multivalued parameters altogether. That would be a bad thing, since
CGI.pm permits them.
--
Joe Schaefer