Skip Menu |
 

This queue is for tickets about the HTML-FillInForm CPAN distribution.

Report information
The Basics
Id: 100926
Status: open
Priority: 0/
Queue: HTML-FillInForm

People
Owner: Nobody in particular
Requestors: gjtunley [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



MIME-Version: 1.0
X-Spam-Status: No, score=-2.698 tagged_above=-99.9 required=10 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
X-Spam-Flag: NO
Content-Type: multipart/alternative; boundary="047d7b5d45805c1ed0050a41b756"
Message-ID: <CAObzTgZgCbDicj_7jMfFFtf8B7jMr=5fyW65Q7LzK09x=39nBg [...] mail.gmail.com>
X-Received: by 10.194.20.98 with SMTP id m2mr52791310wje.52.1418652248971; Mon, 15 Dec 2014 06:04:08 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
X-Spam-Score: -2.698
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id A2AC1240664 for <cpan-bug+HTML-FillInForm [...] hipster.bestpractical.com>; Mon, 15 Dec 2014 09:04:20 -0500 (EST)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pBf9SX0Nc9-N for <cpan-bug+HTML-FillInForm [...] hipster.bestpractical.com>; Mon, 15 Dec 2014 09:04:19 -0500 (EST)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id D62222404C3 for <bug-HTML-FillInForm [...] rt.cpan.org>; Mon, 15 Dec 2014 09:04:18 -0500 (EST)
Received: (qmail 11792 invoked by alias); 15 Dec 2014 14:04:17 -0000
Received: from mail-wg0-f46.google.com (HELO mail-wg0-f46.google.com) (74.125.82.46) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Mon, 15 Dec 2014 06:04:13 -0800
Received: by mail-wg0-f46.google.com with SMTP id x13so14828512wgg.33 for <bug-HTML-FillInForm [...] rt.cpan.org>; Mon, 15 Dec 2014 06:04:09 -0800 (PST)
Received: by 10.194.24.106 with HTTP; Mon, 15 Dec 2014 06:04:08 -0800 (PST)
Authentication-Results: hipster.bestpractical.com (amavisd-new); dkim=pass header.i= [...] gmail.com
Delivered-To: cpan-bug+HTML-FillInForm [...] hipster.bestpractical.com
Subject: Using with CGI version >= 4 causes error
Return-Path: <gjtunley [...] gmail.com>
X-RT-Mail-Extension: html-fillinform
X-Original-To: cpan-bug+HTML-FillInForm [...] hipster.bestpractical.com
X-Spam-Check-BY: la.mx.develooper.com
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=kFkIB6TsW80QUFo2YGWZb6t8szQcFfGxdwGCY+cna+g=; b=VnragXSFe+1wzxMEhaRECRchjT7BhX0jcuJY3BejKR+Zz1baOJ7JCe8pXN7/0/ksm5 cA03exBOtQAvMMGtuDPf5DrGCfYqtzhDY00/iNdc6KCrLspePYAq+d2uRRzJwcx3L79T FeuqjyS8YLrVSJb9PjhAZd7EXPAADZ7AQyOEjYMp0svrhCyql2rolQ/NObGMvFWU50td DCirfs1yTOzn+lNEUtWLWo351xYXQIM0HjaNj8IaktH9STpL82Zv+wmU8R2Eh1kHUtO4 8t1nLNXXVYkoqs5jzOsCVST8Szg6uhWA8EALEjZtu8SWpTS80vmnJE/mzLB4WviNq/29 l3cQ==
Date: Mon, 15 Dec 2014 14:04:08 +0000
X-Spam-Level:
To: bug-HTML-FillInForm [...] rt.cpan.org
From: Gareth Tunley <gjtunley [...] gmail.com>
X-RT-Interface: Email
Content-Length: 0
content-type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Content-Length: 560
Download (untitled) / with headers
text/plain 560b
When module is used with CGI version 4 or above the following warning is thrown: CGI::param called in list context from package HTML::FillInForm line 427, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/local/share/perl/5.14.2/CGI.pm line 437. I fixed by changing this to: my @v; if ($o->can('multi_param')) { @v = $o->multi_param($param); } else { @v = $o->param($param); } Though YMMV. Gareth -- Gareth Tunley - gjtunley@gmail.com
content-type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-RT-Original-Encoding: utf-8
Content-Length: 831
MIME-Version: 1.0
In-Reply-To: <CAObzTgZgCbDicj_7jMfFFtf8B7jMr=5fyW65Q7LzK09x=39nBg [...] mail.gmail.com>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <CAObzTgZgCbDicj_7jMfFFtf8B7jMr=5fyW65Q7LzK09x=39nBg [...] mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-25896-1418653280-1347.100926-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 217
Download (untitled) / with headers
text/plain 217b
Gareth, Looks like a good fix. I was the active maintainer of this module but am no longer working with Perl now due to a job change. The original maintainer, TJMATHER, will give final word on your patch. Mark
MIME-Version: 1.0
In-Reply-To: <CAObzTgZgCbDicj_7jMfFFtf8B7jMr=5fyW65Q7LzK09x=39nBg [...] mail.gmail.com>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <CAObzTgZgCbDicj_7jMfFFtf8B7jMr=5fyW65Q7LzK09x=39nBg [...] mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-8972-1428089608-833.100926-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 66


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.