UCW::CGI: Let url_param_escape() encode non-ASCII characters

RFC 3986 (generic URI syntax) explicitly says this must be done
and some URI parsers choke on them.

Anyway, I am keeping bare url_escape() as is for the time being,
because it's used for production of user-friendly URLs, too. Needs
cleanup later.

diff --git a/ucw/perl/UCW/CGI.pm b/ucw/perl/UCW/CGI.pm
index f81bd3ea300da22776457a5cf0b52ed34f17791b..a18ee8eaa568bc8bf0e866404ea21a9b06418ffa 100644 (file)
--- a/ucw/perl/UCW/CGI.pm
+++ b/ucw/perl/UCW/CGI.pm
@@ -50,8 +50,10 @@ sub url_deescape($) {
 sub url_param_escape($) {
        my $x = shift @_;
        defined $x or return;
-       $x = url_escape($x);
+       utf8::encode($x) if $utf8_mode;
+       $x =~ s/([^-\$_.!*'(),0-9A-Za-z])/"%".unpack('H2',$1)/ge;
        $x =~ s/%20/+/g;
+       utf8::decode($x) if $utf8_mode;
        return $x;
 }