Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 14814
Status: resolved
Priority: 0/
Queue: CGI

Owner: Nobody in particular
Requestors: arkady74 [...]

Bug Information
Severity: Critical
Broken in: (no value)
Fixed in: (no value)

Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.417 (Entity 5.417)
Subject: some cgi parameters may ruine
X-RT-Original-Encoding: iso-8859-1
Content-Length: 118
Download (untitled) / with headers
text/plain 118b
parameter names matching `internal` names may interfere or crush script for e.g.: "http://host/?.cookie=crack"
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Charset: utf8
Content-Type: text/plain
Message-ID: <rt-3.6.HEAD-10159-1240367433-352.14814-0-0 [...]>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 473
Download (untitled) / with headers
text/plain 473b
On Thu Sep 29 06:37:25 2005, guest wrote: Show quoted text
> parameter names matching `internal` names may interfere or > crush script > > for e.g.: "http://host/?.cookie=crack"
Perhaps this was issue at some point in the past, but it's not with 3.43. You can easily see how special and normal parameters are stored. They are not in the same part of the data structure: ### use CGI; my $q = CGI->new('.cookie=crack&good=foo'); use Data::Dumper; warn Dumper ($q); ### Mark

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to