Skip Menu |

This queue is for tickets about the CGI-Application CPAN distribution.

Report information
The Basics
Id: 84403
Status: resolved
Priority: 0/
Queue: CGI-Application

Owner: mcgrath.martin [...]
Requestors: tomas.zemres [...]

Bug Information
Severity: Normal
Broken in: 4.50
Fixed in:
  • 4.50_50
  • 4.50_51

Subject: Security problem: missing "start" mode dumps ENV to output page
Download (untitled) / with headers
text/plain 368b
If I forgot assign runmode "start", it internally calls "dump_html" instead. It print $ENV into HTTP response. In devel-environment it may be usefull, but in production mode it may be security-problem. Better would be display some like "HTTP 500 Internal Server Error" about missing run-mode/start-mode instead of dump server $ENV to website users on production-env.
From: tnt [...]
Maybe better default start-mode may render: 404 Page Not Found
Thanks for the report.
From: mcgrath.martin [...]
Download (untitled) / with headers
text/plain 160b
On Wed Apr 03 13:37:24 2013, MARKSTOS wrote: Show quoted text
> Thanks for the report.
Pull request to address this issue:
Download (untitled) / with headers
text/plain 103b
Fixed in dev releases, 4.50_50, 4.50_51 and the 4.60 release:

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to