Skip Menu |
 

This queue is for tickets about the HTML-FillInForm CPAN distribution.

Report information
The Basics
Id: 100926
Status: open
Priority: 0/
Queue: HTML-FillInForm

People
Owner: Nobody in particular
Requestors: gjtunley [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Using with CGI version >= 4 causes error
Date: Mon, 15 Dec 2014 14:04:08 +0000
To: bug-HTML-FillInForm [...] rt.cpan.org
From: Gareth Tunley <gjtunley [...] gmail.com>
Download (untitled) / with headers
text/plain 560b
When module is used with CGI version 4 or above the following warning is thrown: CGI::param called in list context from package HTML::FillInForm line 427, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/local/share/perl/5.14.2/CGI.pm line 437. I fixed by changing this to: my @v; if ($o->can('multi_param')) { @v = $o->multi_param($param); } else { @v = $o->param($param); } Though YMMV. Gareth -- Gareth Tunley - gjtunley@gmail.com
Download (untitled) / with headers
text/plain 217b
Gareth, Looks like a good fix. I was the active maintainer of this module but am no longer working with Perl now due to a job change. The original maintainer, TJMATHER, will give final word on your patch. Mark


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.