W3C home > Mailing lists > Public > www-validator@w3.org > January 2007

Re: Unescaped URI portions in validator script

From: Ville Skyttä <ville.skytta@iki.fi>
Date: Sun, 21 Jan 2007 14:42:54 +0200
To: Stefan Ram <ram@zedat.fu-berlin.de>, Olivier Thereaux <ot@w3.org>
Cc: "www-validator" <www-validator@w3.org>
Message-Id: <200701211442.54341.ville.skytta@iki.fi>

On Sunday 14 January 2007 23:21, Stefan Ram wrote:
>   The validator seems to copy portions of a given URI without
>   proper escaping (like quotemeta or so) into a Perl script.
>   For example, a plus sign within the URI is being recognized as
>   a regex quantifier:
>
>       Software error:
>
>       Nested quantifiers in regex; marked by <-- HERE in
>       m/^/check?uri=http://++ <-- HERE / at (eval 18) line 14.
>
>       For help, please send mail to the webmaster ([no address
>       given]), giving this error message and the time and date
>       of the error.
>
> http://validator.w3.org/check?uri=http://++

Thanks for the report, Stefan.

This is a bug in the CGI.pm library used by the validator, not the validator's 
code itself.  Olivier, the bug is fixed in CGI.pm 3.19 and later, would it be 
possible to update the validator servers to a fixed version?
Received on Sunday, 21 January 2007 12:43:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 April 2012 12:14:23 GMT