From eugene@donpac.ru  Sun Nov 27 09:36:54 2005
Return-Path: <eugene@donpac.ru>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E71C816A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 27 Nov 2005 09:36:54 +0000 (GMT)
	(envelope-from eugene@donpac.ru)
Received: from cerberus.rnd.cbr.ru (cerberus.rnd.cbr.ru [194.84.224.97])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1E4D843D5E
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 27 Nov 2005 09:36:52 +0000 (GMT)
	(envelope-from eugene@donpac.ru)
Received: from [127.0.0.1]
	by cerberus.rnd.cbr.ru with ESMTP id jAR9amwE081058
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 27 Nov 2005 12:36:48 +0300 (MSK)
	(envelope-from eugene@donpac.ru)
Received: (from eugene@localhost)
	by cerberus.rnd.cbr.ru (8.13.3/8.13.3/Submit) id jAR9alY4081057
	for FreeBSD-gnats-submit@freebsd.org; Sun, 27 Nov 2005 12:36:47 +0300 (MSK)
	(envelope-from eugene@donpac.ru)
Message-Id: <20051127093647.GA81042@so.inet.rnd.cbr.ru>
Date: Sun, 27 Nov 2005 12:36:47 +0300
From: Eugene Gladchenko <eugene@donpac.ru>
To: FreeBSD-gnats-submit@freebsd.org
Subject: incorrect escaping of UTF-8 strings in www/p5-HTML-Mason

>Number:         89627
>Category:       ports
>Synopsis:       incorrect escaping of UTF-8 strings in www/p5-HTML-Mason
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 27 09:40:01 GMT 2005
>Closed-Date:    Wed Nov 30 09:39:15 GMT 2005
>Last-Modified:  Wed Nov 30 09:39:15 GMT 2005
>Originator:     Eugene Gladchenko
>Release:        FreeBSD 5.4-RELEASE-p8 i386
>Organization:
Bank of Russia
>Environment:
System: FreeBSD cerberus.rnd.cbr.ru 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #6: Thu Nov 3 01:10:34 MSK 2005
>Description:
	There is a bug in the url_escape sub of HTML::Mason::Escapes.
 
	When using url_escape sub of HTML::Mason::Escapes with utf8 strings,
	url_escape produces incorrectly escaped URI strings.
>How-To-Repeat:
	For example,

#!/usr/bin/perl
use HTML::Mason::Escapes;
my $s = "\x{442}\x{435}\x{441}\x{442}";
HTML::Mason::Escapes::url_escape(\$s);
print "$s\n";
 
	prints %442%435%441%442 instead of %D1%82%D0%B5%D1%81%D1%82.
>Fix:
	Obviously, it happens just because ord() returns numbers greater
	than 255.
 
	Mason since 1.29_01 requires Perl 5.6, so the following patch
	for Escapes.pm is trivial:

--- patch-Escapes.pm begins here ---
--- lib/HTML/Mason/Escapes.pm.orig	Sat Nov  6 22:34:55 2004
+++ lib/HTML/Mason/Escapes.pm	Thu Sep 29 08:31:30 2005
@@ -36,6 +38,7 @@
 {
     return unless defined ${ $_[0] };
 
+    use bytes;
     ${ $_[0] } =~ s/([^a-zA-Z0-9_.-])/uc sprintf("%%%02x",ord($1))/eg;
 }
 
--- patch-Escapes.pm ends here ---


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Sun Nov 27 10:27:17 GMT 2005 
State-Changed-Why:  
Awaiting maintainers feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=89627 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: dsh@vlink.ru
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/89627: incorrect escaping of UTF-8 strings in www/p5-HTML-Mason
Date: Sun, 27 Nov 2005 10:27:11 UT

 Maintainer of www/p5-HTML-Mason,
 
 Please note that PR ports/89627 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/89627
 
 -- 
 Edwin Groothuis
 edwin@FreeBSD.org
State-Changed-From-To: feedback->closed 
State-Changed-By: erwin 
State-Changed-When: Wed Nov 30 09:39:00 GMT 2005 
State-Changed-Why:  
Superseded by ports/89750 

http://www.freebsd.org/cgi/query-pr.cgi?pr=89627 
>Unformatted:
