From 80bdcd1786650f4dcce68aa48470a8504f447a89 Mon Sep 17 00:00:00 2001
From: Martin Mares <mj@ucw.cz>
Date: Mon, 23 Nov 2009 20:40:49 +0100
Subject: [PATCH] UCW::CGI -- fixed a bug in parsing of boundaries

Interpolating user-supplied strings inside regular expressions in unsafe, even
if /\Q...\E/ were used.

In this case, it fails when Webkit-based browsers send boundary strings
containing "+" characters.
---
 ucw/perl/UCW/CGI.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ucw/perl/UCW/CGI.pm b/ucw/perl/UCW/CGI.pm
index 99ab83a9..404d476e 100644
--- a/ucw/perl/UCW/CGI.pm
+++ b/ucw/perl/UCW/CGI.pm
@@ -1,6 +1,6 @@
 #	Poor Man's CGI Module for Perl
 #
-#	(c) 2002--2007 Martin Mares <mj@ucw.cz>
+#	(c) 2002--2009 Martin Mares <mj@ucw.cz>
 #	Slightly modified by Tomas Valla <tom@ucw.cz>
 #
 #	This software may be freely distributed and used according to the terms
@@ -268,7 +268,7 @@ sub skip_mp_boundary() {
 	my $b = get_mp_line(0);
 	print STDERR "SEP $b\n" if $debug;
 	$mp_buffer_boundary = index($mp_buffer, $boundary, $mp_buffer_i);
-	if ("\r\n$b" =~ /^$boundary--/) {
+	if (substr("\r\n$b", 0, $boundary_len) eq "$boundary--") {
 		return 0;
 	} else {
 		return 1;
-- 
2.39.5