URI params are not escaped correctly [rt.cpan.org #106237]
oalders opened this issue · comments
Olaf Alders commented
Migrated from rt.cpan.org#106237 (status was 'open')
Requestors:
From dcpetrov@cpan.org on 2015-08-03 20:56:42:
I have simple script which passes something like:
#!/usr/bin/env perl
use strict;
use warnings;
use HTTP::Request::Common qw/GET POST DELETE/;
use Data::Dumper;
my $req = GET 'http://localhost/events?search={"basetag":{"-like":"%devAAAAAAAA%"}}';
warn Dumper( $req->uri->query_form );
Result:
$VAR1 = 'search';
$VAR2 = '{"basetag":{"-like":"�vAAAAAAAA%"}}';
It seems like the params are not escaped correctly.
From srezic@cpan.org on 2015-08-04 20:56:45:
On 2015-08-03 16:56:42, DCPETROV wrote:
> I have simple script which passes something like:
>
> #!/usr/bin/env perl
> use strict;
> use warnings;
> use HTTP::Request::Common qw/GET POST DELETE/;
> use Data::Dumper;
>
> my $req = GET 'http://localhost/events?search={"basetag":{"-
> like":"%devAAAAAAAA%"}}';
>
> warn Dumper( $req->uri->query_form );
>
> Result:
> $VAR1 = 'search';
> $VAR2 = '{"basetag":{"-like":"�vAAAAAAAA%"}}';
>
> It seems like the params are not escaped correctly.
I think it's not the job of HTTP::* to escape something here. After all, the user maybe wanted to use the "%de" escape deliberately.
If you want to escape, then you should use a module like URI::QueryParam:
my $u = URI->new('http://localhost/events');
$u->query_param('search', '{"basetag":{"-like":"%devAAAAAAAA%"}}');
warn Dumper($u->query_form);
Result
$VAR1 = 'search';
$VAR2 = '{"basetag":{"-like":"%devAAAAAAAA%"}}';
Theo van Hoesel commented
i think Slaven is right here and that this ticket can de closed
Olaf Alders commented
Thanks @eserte and @vanHoesel!