You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apreq-dev@httpd.apache.org by achim settelmeier <se...@netpioneer.de> on 2001/08/24 18:20:54 UTC

Patch: overwrite parameters

Hi,

I encountered a rather non-obvious problem with the most recent version of
libapreq found on CPAN (0.33).


SYMPTOM
  If the browser sends parameters to your script using POST-style as well as
URL-style (you know, that ?parm=val&parm2=val2 thing that method="get" uses,
too) parameter passing, the URL-style parameters take precedence over the
POST ones. 


WHY THIS IS A PROBLEM
  libapreq's behaviour is exactly the opposite of what CGI.pm is doing and 
thus causes some problems many old scripts that run as CGI and mod_perl.


INTERNAL
  As far as I can see, the internal handling of parameter looks like this: 
Put every key/value pair found into a list, don't care about dupes. 
When a lookup is done, the value of the first matching key is returned.
URL-style parameters are parsed first (see apache_request.c, line 278+,
subrout ApacheRequest___parse(req)).


PATCH
  The patch is rather simple and is attached to this mail. In subrout
split_to_params, the patch replaces ap_table_add with ap_table_set in 
case the key is already present.


bye,
  Settel

Re: Patch: overwrite parameters

Posted by Joe Schaefer <jo...@sunstarsys.com>.

achim settelmeier <se...@netpioneer.de> writes:

> SYMPTOM
>   If the browser sends parameters to your script using POST-style as well as
> URL-style (you know, that ?parm=val&parm2=val2 thing that method="get" uses,
> too) parameter passing, the URL-style parameters take precedence over the
> POST ones. 
> 
> 
> WHY THIS IS A PROBLEM
>   libapreq's behaviour is exactly the opposite of what CGI.pm is doing and 
> thus causes some problems many old scripts that run as CGI and mod_perl.

IMO the libapreq behavior is superior to CGI.pm, because ISTR CGI.pm 
just ignores the URL-style parameters in a POST.  Maybe this should 
be spelled out more clearly in the apreq documentation?

> INTERNAL
>   As far as I can see, the internal handling of parameter looks like this: 
> Put every key/value pair found into a list, don't care about dupes. 
> When a lookup is done, the value of the first matching key is returned.
> URL-style parameters are parsed first (see apache_request.c, line 278+,
> subrout ApacheRequest___parse(req)).

That's pretty much right.  If you want all the values of a parameter,
just call param in a list context:

  my @values = $apr->param('foo');

In particular, to get the "last" value in the list, you could try:

  my $last_value = ( $apr->param('foo') )[-1];

> PATCH
>   The patch is rather simple and is attached to this mail. In subrout
> split_to_params, the patch replaces ap_table_add with ap_table_set in 
> case the key is already present.

Although I haven't tested your patch, i think that it would disallow
multivalued parameters altogether.  That would be a bad thing, since
CGI.pm permits them.

-- 
Joe Schaefer