httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carl Brewer <c...@vivitec.com.au>
Subject [users@httpd] apache2, CGI.pm, IE and smart quotes
Date Mon, 24 Nov 2003 04:48:53 GMT

Hello,

I'm seeing a very interesting (and as yet I've been unable to
produce a simple test case) problem since moving some websites to
apache 2.0.48 from 1.3.x relating to users inserting microsoft
"smart quotes" into forms run through CGI.pm.  I have to appologise
for the vague nature of this help request, as I'm struggling to
reproduce the problem outside of a fairly complex set of perl scripts
that pull & push data from databases.

The symptom I'm seeing with a POST request is that the first parameter
defined in the form seems to go missing if there's a smartquote
backtick (I don't know how else to describe this entity!) in one
of the text fields.

This only happens with IE, Mozilla etc don't cause the problem (Mozilla
converts the backtick to something legal?), and it only seems to
happen when a user has written some text in Word, word's put some
funky quote in place of a normal ', and they've then cut & pasted it
into a textarea form.  I'd expect to be able to reproduce it with
something like this :

#!/usr/local/bin/perl

use CGI;
$q = new CGI;
$script = "test.pl";

print "Content-type: text/html\n\n";

print "Paramaters: ".join("/",$q->param())."<BR>\n";

$foo = $q->param('foo');
$bar = $q->param('bar');
$baz = $q->param('baz');

print qq{
  <FORM ACTION="$script" METHOD=POST ENCTYPE="multipart/form-data" 
NAME='test_form'>
                 <INPUT TYPE=TEXT NAME=foo VALUE='$foo'><BR>
                 <INPUT TYPE=TEXT NAME=bar VALUE="$bar"><BR>
                 <INPUT TYPE=TEXT NAME=baz VALUE='$baz'><BR>
                 <INPUT TYPE=submit><BR>
};


But that's not reproducing the problem, so it's something subtle
somewhere that I've not yet identified.  The behaviour does not
happen under apache 1.3.x, just with 2.0 (.48).  I thought this
may have been a problem with an older version of CGI.pm, so I
upgraded to 3.00, but this did not help.

I have a workaround for our scripts, which is just to insert
a dummy parameter into the form that we don't need, and that
"solves" the problem, but we have a lot of scripts to change if
that's really necessary.  Looking through CGI.pm's doco
on escaping things doesn't point me at an obvious solution,
I'd *like* CGI.pm to just make whatever those quotes are turn into
legal ASCII, but that may not be possible?  I think that's
maybe what happened under apache 1.3.x?

Anyone got any suggestions?  Again, I know the above is way too
vague to allow any sort of real analysis, but until I narrow
it down more (assuming my masters give me the time to do it!)
that's all I have :(

We're running perl 5.6.1 on RedHat linux 7.3.

thanks

Carl



-- 
=======================
Vivitec Pty. Ltd.
Suite 6, 51-55 City Rd.
Southbank, 3006.
Ph. +61 3 8626 5626
Fax +61 3 9682 1000
=======================


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message