Skip Menu |
 

This queue is for tickets about the libwww-perl CPAN distribution.

Report information
The Basics
Id: 46911
Status: resolved
Priority: 0/
Queue: libwww-perl

People
Owner: Nobody in particular
Requestors: m-uchino [...] yetipapa.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: HTML::Form Security problem
Download (untitled) / with headers
text/plain 286b
(Sorry, my English is poor.) HTML::Form->parse accepts '<input type="file" value="/usr/bin/passwd">'. Therefore, HTML::Form accesses this file when a form is submited before we notice it. parse method should not accept an initial value of type="file" so that much Web browsers are so.
Fixed in http://github.com/gisle/libwww- perl/commit/fa138a1c225dfa42e3dc804e6db943aa3d12798f


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.