I just received an email from somebody using Apache::AuthDigest. in an of itself, this is pretty cool, since I considered the module to be an interesting application but not really usable in real life due to MSIE issues. however, this user is using the API with mod_dav, and apparently with great success, which is even cooler.
at any rate, the email included a patch for a bug he found when using DAV. apparently, DAV sometimes sends Authorization headers that look like
Authorization: Digest username="rob", realm="T3", nonce="1036695923", uri="/EPD%20Lookup/lots%201-66,%20A-G.txt", response="44aec14607049832094bbffa871ec62e"
and my header parsing routine chokes on the embedded "," in the uri portion of the header. but a comma in the URI seems just so, well, wrong. so, I follow the specs around and, sure enough, commas are allowed and it's my code that's broken. hmph.
at least the user was nice enough to provide a patch.
UPDATE: I ended up just using HTTP::Headers::Util::split_header_words(). oh, the power of CPAN.
