Skip Menu |

This queue is for tickets about the libwww-perl CPAN distribution.

Report information
The Basics
Id: 46911
Status: resolved
Priority: 0/
Queue: libwww-perl

Owner: Nobody in particular
Requestors: m-uchino [...]

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

Subject: HTML::Form Security problem
Download (untitled) / with headers
text/plain 286b
(Sorry, my English is poor.) HTML::Form->parse accepts '<input type="file" value="/usr/bin/passwd">'. Therefore, HTML::Form accesses this file when a form is submited before we notice it. parse method should not accept an initial value of type="file" so that much Web browsers are so.
Fixed in perl/commit/fa138a1c225dfa42e3dc804e6db943aa3d12798f

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to