[interchange-cvs] interchange - racke modified 3 files
interchange-core@interchange.redhat.com
interchange-core@interchange.redhat.com
Fri Mar 1 15:11:01 2002
User: racke
Date: 2002-03-01 20:10:54 GMT
Modified: lib/Vend Tag: STABLE_4_8-branch Interpolate.pm Scan.pm
Modified: Util.pm
Log:
backported two bugfixes from development branch, which experienced
enough testing IMHO:
1) introduced new Vend::Util::escape_scan_url function which escapes
unsafe characters in string (I consider the = sign safe in opposite of
what URI::Escape says, because it looks to ugly and is bloat
in IMHO to escape it)
therefore these things should work now as expected:
[area href="Catalog/Food/Hot Dogs"]
[area href="scan/lf=category/ls=%Hot Dogs"]
2) Vend::Util::errmsg don't call sprintf anymore if only one parameter
is passed which protects against unwanted expansion
Revision Changes Path
No revision
No revision
2.9.2.14 +20 -6 interchange/lib/Vend/Interpolate.pm
rev 2.9.2.14, prev_rev 2.9.2.13
Index: Interpolate.pm
===================================================================
RCS file: /anon_cvs/repository/interchange/lib/Vend/Interpolate.pm,v
retrieving revision 2.9.2.13
retrieving revision 2.9.2.14
diff -u -r2.9.2.13 -r2.9.2.14
--- Interpolate.pm 25 Jan 2002 19:54:06 -0000 2.9.2.13
+++ Interpolate.pm 1 Mar 2002 20:10:53 -0000 2.9.2.14
@@ -1,6 +1,6 @@
# Vend::Interpolate - Interpret Interchange tags
#
-# $Id: Interpolate.pm,v 2.9.2.13 2002/01/25 19:54:06 jon Exp $
+# $Id: Interpolate.pm,v 2.9.2.14 2002/03/01 20:10:53 racke Exp $
#
# Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
#
@@ -27,7 +27,7 @@
require Exporter;
@ISA = qw(Exporter);
-$VERSION = substr(q$Revision: 2.9.2.13 $, 10);
+$VERSION = substr(q$Revision: 2.9.2.14 $, 10);
@EXPORT = qw (
@@ -3464,6 +3464,21 @@
return join '/', 'scan', escape_mv('/', $scan);
}
+sub escape_form {
+ my $val = shift;
+
+ $val =~ s/^\s+//mg;
+ $val =~ s/\s+$//mg;
+ my @args = split /\n+/, $val;
+
+ for(@args) {
+ s!\0!-_NULL_-!g;
+ s!(\w=)(.*)!$1 . esc($2)!eg
+ or (undef $_, next);
+ }
+ return join $Global::UrlJoiner, grep length($_), @args;
+}
+
sub escape_mv {
my ($joiner, $scan, $not_scan) = @_;
@@ -3485,8 +3500,8 @@
for(@args) {
s!/!__SLASH__!g unless defined $not_scan;
s!\0!__NULL__!g;
- s!(\w\w=)(.*)!$1 . esc($2)!eg
- or (undef $_, next);
+ m!\w=!
+ or (undef $_, next);
s!__SLASH__!::!g unless defined $not_scan;
}
return join $joiner, grep(defined $_, @args);
@@ -3517,8 +3532,7 @@
$arg = '' if ! $arg;
$arg = "mv_arg=$arg\n" if $arg && $arg !~ /\n/;
$extra .= $arg . $opt->{form};
- $extra = escape_mv($Global::UrlJoiner, $extra, 1);
- return $href . '?' . $extra;
+ return $href . '?' . escape_form($extra);
}
PAGELINK: {
2.0.2.4 +2 -3 interchange/lib/Vend/Scan.pm
rev 2.0.2.4, prev_rev 2.0.2.3
Index: Scan.pm
===================================================================
RCS file: /anon_cvs/repository/interchange/lib/Vend/Scan.pm,v
retrieving revision 2.0.2.3
retrieving revision 2.0.2.4
diff -u -r2.0.2.3 -r2.0.2.4
--- Scan.pm 24 Jan 2002 05:07:01 -0000 2.0.2.3
+++ Scan.pm 1 Mar 2002 20:10:53 -0000 2.0.2.4
@@ -1,6 +1,6 @@
# Vend::Scan - Prepare searches for Interchange
#
-# $Id: Scan.pm,v 2.0.2.3 2002/01/24 05:07:01 jon Exp $
+# $Id: Scan.pm,v 2.0.2.4 2002/03/01 20:10:53 racke Exp $
#
# Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
#
@@ -29,7 +29,7 @@
perform_search
);
-$VERSION = substr(q$Revision: 2.0.2.3 $, 10);
+$VERSION = substr(q$Revision: 2.0.2.4 $, 10);
use strict;
use Vend::Util;
@@ -262,7 +262,6 @@
($var,$val) = split /=/, $_, 2;
next unless defined $Scan{$var};
$val =~ s!::!/!g;
- $val =~ s/%([A-Fa-f0-9][A-Fa-f0-9])/chr(hex($1))/ge;
$c->{$Scan{$var}} = defined $c->{$Scan{$var}}
? ($c->{$Scan{$var}} . "\0$val" )
: $val;
2.1.2.6 +48 -10 interchange/lib/Vend/Util.pm
rev 2.1.2.6, prev_rev 2.1.2.5
Index: Util.pm
===================================================================
RCS file: /anon_cvs/repository/interchange/lib/Vend/Util.pm,v
retrieving revision 2.1.2.5
retrieving revision 2.1.2.6
diff -u -r2.1.2.5 -r2.1.2.6
--- Util.pm 28 Feb 2002 14:41:59 -0000 2.1.2.5
+++ Util.pm 1 Mar 2002 20:10:53 -0000 2.1.2.6
@@ -1,6 +1,6 @@
# Vend::Util - Interchange utility functions
#
-# $Id: Util.pm,v 2.1.2.5 2002/02/28 14:41:59 racke Exp $
+# $Id: Util.pm,v 2.1.2.6 2002/03/01 20:10:53 racke Exp $
#
# Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
#
@@ -74,7 +74,7 @@
use Errno;
use subs qw(logError logGlobal);
use vars qw($VERSION @EXPORT @EXPORT_OK);
-$VERSION = substr(q$Revision: 2.1.2.5 $, 10);
+$VERSION = substr(q$Revision: 2.1.2.6 $, 10);
BEGIN {
eval {
@@ -99,6 +99,15 @@
'-:_.$/'
;
+$ESCAPE_CHARS::ok_in_url =
+ 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' .
+ 'abcdefghijklmnopqrstuvwxyz' .
+ '0123456789' .
+ '-_./~='
+ ;
+
+my $need_escape;
+
sub setup_escape_chars {
my($ok, $i, $a, $t);
@@ -111,8 +120,18 @@
$t = $a;
}
$ESCAPE_CHARS::translate[$i] = $t;
+ if (index($ESCAPE_CHARS::ok_in_url,$a) == -1) {
+ $t = '%' . sprintf( "%02X", $i );
+ }
+ else {
+ $t = $a;
+ }
+ $ESCAPE_CHARS::translate_url[$i] = $t;
}
+ my $string = "[^$ESCAPE_CHARS::ok_in_url]";
+ $need_escape = qr{$string};
+
}
# Replace any characters that might not be safe in a filename (especially
@@ -131,6 +150,22 @@
return $r;
}
+# Replace any characters that might not be safe in an URL
+# with the %HH notation.
+
+sub escape_chars_url {
+ my($in) = @_;
+ my($c, $r);
+
+ $r = '';
+ foreach $c (split(//, $in)) {
+ $r .= $ESCAPE_CHARS::translate_url[ord($c)];
+ }
+
+ # safe now
+ return $r;
+}
+
# Returns its arguments as a string of tab-separated fields. Tabs in the
# argument values are converted to spaces.
@@ -1071,6 +1106,8 @@
$ct = ++$Vend::Session->{pageCount}
unless $can_cache and $::Scratch->{mv_no_count};
+ $path = escape_chars_url($path)
+ if $path =~ $need_escape;
$r .= '/' . $path;
$r .= '.html' if $::Scratch->{mv_add_dot_html} and $r !~ /\.html?$/;
push @parms, "$::VN->{mv_session_id}=$id" if defined $id;
@@ -1521,15 +1558,16 @@
elsif($Global::Locale and defined $Global::Locale->{$fmt}) {
$location = $Global::Locale;
}
- return sprintf $fmt, @strings if ! $location;
- if(ref $location->{$fmt}) {
- $fmt = $location->{$fmt}[0];
- @strings = @strings[ @{ $location->{$fmt}[1] } ];
- }
- else {
- $fmt = $location->{$fmt};
+ if($location) {
+ if(ref $location->{$fmt}) {
+ $fmt = $location->{$fmt}[0];
+ @strings = @strings[ @{ $location->{$fmt}[1] } ];
+ }
+ else {
+ $fmt = $location->{$fmt};
+ }
}
- return sprintf $fmt, @strings;
+ return scalar(@strings) ? sprintf $fmt, @strings : $fmt;
}
sub show_times {