CGI
view release on metacpan or search on metacpan
4.71 2025-09-16
[ INTERNALS ]
- the .tmpfiles hash now keys on the $fh->filename . $fh rather than $$fh . $fh
- this ensures duplicate filename uploads still resolve to unique files on disk
- fixes GH #276
4.70 2025-06-11
[ META ]
- remove github/coveralls/travis badges, no meaningful any more
- add github actions for CI (GH #273, thanks to esabol)
4.69 2025-06-11
[ REVERT ]
- changes in 4.68 - this breaks backwards compatibility clearly not sufficiently covered by tests (see GH #271)
4.68 2025-04-01
[ FIX ]
- handle passing of hash keys as args with a mix of dashed and non dashed (GH #270, thanks to kocoureasy for the patch)
4.67 2025-01-08
[ FIX ]
- correctly parse unquoted expires cookie values containing embedded commas (GH #268, thanks to rlauer6 for the patch)
4.66 2024-06-04
[ FIX ]
- Restore trailing slashes in the ->url call (GH #267)
4.65 2024-06-04
[ TESTING ]
- "fix" t/url.t for older Perls (GH #266)
4.64 2024-03-18
[ META ]
- pass --no-xattrs to tar in Makefile to fix tar backwards compat (GH #264, thanks to ryandesign)
4.63 2024-03-01
[ FIX ]
- ->url returns a string in all cases (GH #263, thanks to Sketch6307)
4.62 2024-03-01
[ FIX ]
- ->url now returns the correct thing for ipv6 brackets (GH #259, thanks to eserte)
4.61 2024-01-08
[ ENHANCEMENT ]
- Support Paritioned cookies in CGI::Cookie (GH #262, thanks to dakkar)
4.60 2023-11-01
[ TESTING ]
- move t/changes.t to xt/ as is now broken by the recent rewrite of Test::CPAN::Changes (GH #260)
4.59 2023-10-02
[ FIX ]
- Bring VERSION values inline
4.58 2023-10-02
[ FIX ]
- Update cookie expires date format (GH #258 , thanks to robbiebow)
4.57 2023-05-01
[ DOCUMENTATION ]
- Documentation tweaks around uploadInfo() and hooks (GH #256, thanks to rlauer6)
4.56 2023-03-01
[ TESTING ]
- add new cookie field 'Priority' to CGI::Cookie code (GH #253, thanks to Pavel)
4.55 2023-01-03
[ TESTING ]
- remove dependency on Test::Deep (GH #254)
4.54 2022-02-03
[ FIX ]
- fix use of cache when calling ->cookie (GH #252)
- thanks to Sergey Panteleev for the PR
4.53 2021-06-03
[ FIX ]
- fix typo in passing of max-age to CGI::Cookie (GH #247)
4.52 2021-05-04
[ FIX ]
- sort hash keys for deterministic behaviour (GH #245, GH #246)
4.51 2020-10-01
[ DOCUMENTATION ]
- Document support for SameSite=None cookies in CGI::Cookie (GH #244)
4.50 2020-06-22
[ ENHANCEMENT ]
- Add APPEND_QUERY_STRING option (GH #243, thanks to stevenh)
4.49 2020-06-08
[ FIX ]
- remove deprecation warning as no longer in core (GH #221)
4.48 2020-06-02
[ FIX ]
- fix CGI::Cookie->bake() doesn't work with mod_perl redirects (GH #240)
- thanks to sherrardb for the PR (GH #241)
4.47 2020-05-01
[ FIX / TESTING ]
- fix typo in variable name (GH #239)
4.46 2020-02-03
[ DOCUMENTATION ]
- Document support for SameSite=None cookies (GH #238)
4.45 2019-06-03
[ ENHANCEMENT ]
- Add support for SameSite=None cookies (GH #237, thanks to Dur09)
4.44 2019-06-03
[ ENHANCEMENT ]
- Replace only use of "base" with "parent" (GH #235)
4.43 2019-05-01
[ FIX / TESTING ]
- support unquoted multipart/form-data name values (GH #234)
4.42 2019-03-26
[ DOCUMENTATION ]
- clarify licence also in Makefile.PL (GH #232)
4.41 2019-03-26
[ DOCUMENTATION ]
- clarify licence (GH #232)
4.40 2018-08-15
[ FIX / TESTING ]
- support perls < 5.10.1 in Makefile.PL by being more dynamic
(GH #229, GH #230, thanks to Aristotle)
4.39 2018-08-13
[ FIX / TESTING ]
- specify CONFIGURE_REQUIRES in Makefile.PL so can use TEST_REQUIRES
to build with older perls (GH #228)
4.38 2017-12-01
[ TESTING ]
- command_line.t: Avoid -I for libs (GH #224, thanks to cpansprout)
4.37 2017-11-01
[ FIX ]
- Fix incorrect quoting of ? in ->url (GH #112, GH #222, with
thanks to Reuben Thomas)
4.36 2017-03-29
[ ENHANCEMENT ]
- Support PATCH HTTP method (thanks to GovtGeek for the... patch)
- pass through max_age and samesite to CGI::Cookie->new in the call
in CGI->cookie (GH #220)
[ FIX ]
- skip t/command_line.t on windows as it doesn't work
4.35 2016-10-13
[ FIX ]
- revert changes from 4.34 as they broke stuff
4.34 2016-10-13
[ ENHANCEMENT ]
- If running from the command line, url_param now picks up
parameters given on then command line or on stdin (GH #210)
[ DOCUMENTATION ]
- documentation for above addition
4.33 2016-09-16
[ DOCUMENTATION ]
- clarify that ->param will return the first value if there are
multiple values (when not called in list context)
4.32 2016-07-19
[ DOCUMENTATION ]
- make perldoc CGI object consistent (GH #205)
- clarify reason for absolute URLs (GH #206)
[ INTERNALS ]
- tweak dependency defs in Makefile.PL (GH #207, GH #208)
- (thanks to karenetheridge and kentfredric)
4.31 2016-06-14
[ FEATURES ]
- Add SameSite support to Cookie handling (thanks to pangyre)
[ INTERNALS ]
- The MultipartBuffer package has been renamed to CGI::MultipartBuffer.
This has been done in a way to ensure any $MultipartBuffer package
variables are still set correctly in CGI::MultipartBuffer. if you are
explicitly using MultipartBuffer in a form such as:
MultipartBuffer->new
your code will break. you should be calling:
CGI->new->new_MultipartBuffer( $boundary,$length );
to ensure the correctly package is called. if you are extending the
MultipartBuffer package though use of ISA or base (or parent) then you
will need to update your code to use CGI::MultipartBuffer
- fake using strict and warnings to appease CPANTS Kwalitee
- require File::Temp v0.17+ to get seekable file handles (GH #204)
4.28 2016-03-14
[ RELEASE NOTES ]
- please see v4.21 Changes for any potentially impacting changes
[ SPEC / BUG FIXES ]
- undef %QUERY_PARAM in initialize_globals to clean mod_perl env
[ TESTING ]
- improve test coverage on request types (GH #199, GH #200)
- improve test coverage on CGI::Carp
4.27 2016-03-02
[ RELEASE NOTES ]
- please see v4.21 Changes for any potentially impacting changes
[ INTERNALS ]
- fix a couple of warnings in test harness
- add taint flag to example file_upload
- fix a warnings in STORE subroutine
4.26 2016-02-04
[ RELEASE NOTES ]
- please see v4.21 Changes for any potentially impacting changes
[ SPEC / BUG FIXES ]
- sort HTML attributes by default (GH #106, GH #196)
[ DOCUMENTATION ]
- clarifications about HTML function non removal
4.25 2015-12-17
[ RELEASE NOTES ]
- please see v4.21 Changes for any potentially impacting changes
[ DOCUMENTATION ]
- don't call ->query_string in url unless -query is passed (RT #87790)
(optimisation and fits the current documented behaviour)
4.04 2014-09-04
[ RELEASE NOTES ]
- this release removes some long deprecated modules/functions and
includes refactoring to the temporary file handling in CGI.pm. if
you are doing anything out of the ordinary with regards to temp
files you should test your code before deploying this update as
temp files may no longer be stored in previously used locations
[ REMOVED / DEPRECATIONS ]
- startform and endform methods removed (previously deprecated, you
should be using the start_form and end_form methods)
- both CGI::Apache and CGI::Switch have been removed as these modules
1) have been deprecated for *years*, and 2) do nothing whatsoever
[ SPEC / BUG FIXES ]
- handle multiple values in X-Forwarded-Host header, we follow the
logic in most other frameworks and take the last value from the list
(RT #54487)
- reverse the order of TEMP dir placement for WINDOWS: TEMP > TMP > WINDIR
(RT #71799, thanks to jeff@math.tntech.edu), this returns the behaviour
to pre e24d04e9bc5fda7722444b02fec135d8cc2ff488 but with the undefined
fix still in place
- refactor CGITempFile::find_tempdir to use File::Spec->tmpdir
(related: RT #71799)
- fix warnings when QUERY_STRING has empty key=value pairs (RT #54511)
- pad custom 500 status response messages to > 512 for MSIE (RT #81946)
- make Vars tied hash delete method return the value deleted from the hash
making it act like perl's delete (RT #51020)
[ TESTING ]
- add .travis.yml (https://travis-ci.org)
- test case for RT #53966 - disallow filenames with ~ char
- test case for RT #55166 - calling Vars to get the filename does not return
a filehandle, so this cannot be used in the call to uploadinfo, also
update documentation for the uploadInfo to show that ->Vars should not be
used to get the filename for this method
- fix t/url.t to pass on Win32 platforms that have the SCRIPT_NAME env
variable set (RT #89992)
- add procedural call tests for upload and uploadInfo to confirm these work
as should (RT #91136)
[ DOCUMENTATION ]
- tweak perldoc for -utf8 option (RT #54341, thanks to Helmut Richter)
- explain the HTML generation functions should no longer be used and that
they may be deprecated in a future release
4.03 2014-07-02
[ REMOVED / DEPRECATIONS ]
- the -multiple option to popup_menu is now IGNORED as this did not
function correctly. If you require a menu with multiple selections
use the scrolling_list method. (RT #30057)
[ SPEC / BUG FIXES ]
- support redirects in mod_perl2, or fall back to using env variable
for up to 5 redirects, when getting the query string (RT #36312)
- CGI::Cookie now correctly supports the -max-age argument, previously
if this was passed the value of the -expires argument would be used
meaning there was no way to supply *only* this argument (RT #50576)
- make :all actually import all methods, except for :cgi-lib, and add
:ssl to the :standard import (RT #70337)
[ DOCUMENTATION ]
- clarify documentation regarding query_string method (RT #48370)
- links fixed in some perldoc (Thanks to Michiel Beijen)
[ TESTING ]
- add t/changes.t for testing this Changes file
- test case for RT #31107 confirming multipart parsing is to spec
- improve t/rt-52469.t by adding a timeout check
4.02 2014-06-09
[ NEW FEATURES ]
- CGI::Carp learns noTimestamp / $CGI::Carp::NO_TIMESTAMP to prevent
timestamp in messages (RT #82364, EDAVIS@cpan.org)
- multipart_init and multipart_start learn -charset option (RT #22737)
[ SPEC / BUG FIXES ]
- Support multiple cookies when passing an ARRAY ref with -set-cookie
(RT #15065, JWILLIAMS@cpan.org)
[ DOCUMENTATION ]
- Made licencing information consistent and remove duplicate comments
about licence details, corrected location to report bugs (RT #38285)
4.01 2014-05-27
[ DOCUMENTATION ]
- CGI.pm hasn't been removed from core *just* yet, but will be soon:
http://perl5.git.perl.org/perl.git/commitdiff/e9fa5a80
4.00 2014-05-22
[ INTERNALS ]
- CGI::Fast split out into its own distribution, related files and tests removed
- developer test added for building with perlbrew
[ DOCUMENTATION ]
- Update perldoc to explain that CGI.pm has been removed from perl core
- Make =head2 perldoc less shouty (RT #91140)
- Tickets migrated from RT to github issues (both CGI and CGI.pm distributions)
- Repointing bugtracker at newly forked github repo and note that Lee Johnson
is the current maintainer.
- Bump version to 4.00 for clear boundary of above changes
Version 3.65 Feb 11, 2014
[INTERNALS]
- Update Makefile to refine where CGI.pm gets installed
(Thanks to bingo, rjbs: https://github.com/markstos/CGI.pm/pull/30)
Version 3.64 Nov 23, 2013
[BUG FIXES]
- Avoid warning about "undefined variable in user_agent in some cases (RT#72882)
[INTERNALS]
- Avoiding warning about "unitialized value" in when calling user_agent() in some cases. (RT#72882, perl@max-maurer.de)
- Update minimum required version in Makefile.PL to 5.8.1. It had already been
updated to 5.8.1 in the CGI.pm module in 3.53.
- Fix POD errors reported by newer pod2man (Thanks to jmdh)
- Typo fixes, (dsteinbrunner).
- use deprecate.pm on perls 5.19.0 and later. (rjbs).
[DOCUMENTATION]
- Update CGI::Cookie docs to reflect that HttpOnly is widely supported now.
Version 3.63 Nov 12, 2012
[SECURITY]
- CR escaping for Set-Cookie and P3P headers was improved. There was potential
for newline injection in these headers.
(Thanks to anazawa, https://github.com/markstos/CGI.pm/pull/23)
Version 3.62, Nov 9th, 2012
[INTERNALS]
- Changed how the deprecated endform function was defined for compatibility
with the development version of Perl.
- Fix failures in t/tmpdir.t when run as root
https://github.com/markstos/CGI.pm/issues/22, RT#80659)
- Made it possible to force a sorted order for things like hash
attributes so that tests are not dependent on a particular hash
ordering. This will be required in modern perls which will
change the ordering per process. (Yves, RT#80659)
Version 3.61 Nov 2nd, 2012
(No code changes)
[INTERNALS]
- formatting of CGI::Carp documentation was improved. Thanks to benkasminbullock.
- un-TODO some tests in t/tmpdir.t that were passing in most cases.
More on this:
https://github.com/markstos/CGI.pm/issues/19#
https://github.com/markstos/CGI.pm/commit/cc73dc9807b0fabb56b3cdf1a9726588b2eda0f7
Version 3.60 Aug 15th, 2012
[BUG FIXES]
- In some caes, When unescapeHTML() hit something it didn't recognize with an ampersand and
and semicolon, it would throw away the semicolon and ampersand. It now does a better job.
of preserving content it doesn't recognize. Thanks to CEBJYRE@cpan.org (RT#75595)
- Remove trailing newline after <form> tag inserted by startform and start_form. It can
cause rendering problems in some cases. Thanks to SJOHNSTON@cpan.org (RT#67719)
- Workaround "Insecure Dependency" warning generated by some versions of Perl (RT#53733).
Thanks to degatcpan@ntlworld.com, klchu@lbl.gov and Anonymous Monk
[DOCUMENTATION]
- Clarify that when -status is used, the human-readable phase should be included, per RFC 2616.
Thanks to SREZIC@cpan.org (RT#76691).
[INTERNALS]
- More tests for header(), thanks to Ryo Anazawa.
- t/url.t has been fixed on VMS. Thanks to cberry@cpan.org (RT#72380)
- MANIFEST patched so that t/multipart_init.t is included again. Thanks to shay@cpan.org (RT#76189)
Version 3.59 Dec 29th, 2011
[BUG FIXES]
- We no longer read from STDIN when the Content-Length is not set, preventing
requests with no Content-Length from freezing in some cases. This is consistent
with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old
behavior may have been expected by some command-line uses of CGI.pm.
Thanks to Philip Potter and Yanick Champoux. See RT#52469 for details:
https://rt.cpan.org/Public/Bug/Display.html?id=52469
[INTERNALS]
- remove tmpdirs more aggressively. Thanks to rjbs (RT#73288)
- use Text::ParseWords instead of ancient shellwords.pl. Thanks to AlexBio.
url() was fixed to return "PATH_INFO" when it is explicitly requested
with either the path=>1 or path_info=>1 flag.
If your code is running under mod_rewrite (or compatible) and you are calling self_url() or
you are calling url() and passing path_info=>1, These methods will actually be
returning PATH_INFO now, as you have explicitly requested, or has self_url()
has requested on your behalf.
The PATH_INFO has been omitted in such URLs since the issue was introduced
in the 3.12 release in December, 2005.
This bug is so old your application may have come to depend on it or
workaround it. Check for application before upgrading to this release.
Examples of affected method calls:
$q->url(-absolute => 1, -query => 1, -path_info => 1 )
$q->url(-path=>1)
$q->url(-full=>1,-path=>1)
$q->url(-rewrite=>1,-path=>1)
$q->self_url();
Version 3.54, Apr 28, 2011
No code changes
[INTERNALS]
- Address test failures in t/tmpdir.t, thanks to Niko Tyni.
Some tests here are failing on some platforms and have been marked as TODO.
Version 3.53, Apr 25, 2011
[NEW FEATURES]
- The DELETE HTTP verb is now supported.
(RT#52614, James Robson, Eduardo Ari�o de la Rubia)
[INTERNALS]
- Correct t/tmpdir.t MANIFEST entry. (RT#64949)
- Update minimum required Perl version to be Perl 5.8.1, which
has been out since 2003. This allows us to drop some hacks
and exceptions (Mark Stosberg)
Version 3.52, Jan 24, 2011
[DOCUMENTATION]
- The documentation for multi-line header handling was been updated to reflect
the changes in 3.51. (Mark Stosberg, ntyni@iki.fi)
[INTERNALS]
- Add missing t/tmpfile.t file. (RT#64949)
- Fix warning in t/cookie.t (RT#64570, Chris Williams, Rainer Tammer, Mark Stosberg)
- Fixed logic bug in t/multipart_init.t (RT#64261, Niko Tyni)
Version 3.51, Jan 5, 2011
[NEW FEATURES]
- A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to explicitly
exclude a particular scope from triggering printing to the browser when
fatatlsToBrowser is set. (RT#62783, Thanks to papowell)
- The <script> tag now supports the "charset" attribute.
(RT#62907, Thanks to Fabrice Metge)
- In CGI::Cookie, "Max-Age" is now supported for better spec compliance.
(Mark Stosberg)
[BUG FIXES]
- Setting charset() now works for all content types, not just "text/*".
(RT#57945, Thanks to Yanick and Gerv.)
- support for user temporary directories ($HOME/tmp) was commented out
in 2.61 but the documentation wasn't updated (Peter Gervai, Niko Tyni)
- setting $CGITempFile::TMPDIRECTORY before loading CGI.pm has been
working but undocumented since 3.12 (which listed it in Changes as
$CGI::TMPDIRECTORY) (Peter Gervai, Niko Tyni)
- unfortunately the previous change broke the runtime check for looking
for a new temporary directory if the current one suddenly became
unwritable (Peter Gervai, Niko Tyni)
- A bug was fixed in CGI::Carp triggered by certain death cases in
the BEGIN phase of parent classes.
(RT#57224, Thanks to UNERA, Yanick Champoux, Mark Stosberg)
- CGI::Cookie->new() now follows the documentation and returns undef
if the -name and -value args aren't provided. This new behavior is also
consistent with the docs and code of CGI::Simple::Cookie. (Mark Stosberg)
- CGI::Cookie->parse() now trims leading and trailing whitespace from cookie
elements as intended. The change also makes this part of the parsing
identical to CGI::Simple::Cookie (Mark Stosberg)
- Temp file handling was improved (RT#62762)
[SECURITY]
- Further improvements have been made to guard against newline injections
in headers. (Thanks to Max Kanat-Alexander, Yanick Champoux, Mark Stosberg)
[PERFORMANCE]
- Make EBCDIC a compile-time constant so there's zero overhead (and less
compiled code) in subroutines that test for it. (Tim Bunce)
- If you just want to use CGI::Cookie, CGI.pm will no longer be loaded
unless you call the bake() method, which requires it. (Mark Stosberg)
[DOCUMENTATION]
- quit referring to the <link> tag as being "rarely used". (Victor Sanders)
- typo and whitespace fixes (RT#62785, thanks to scop@cpan.org)
- The -dtd argument to start_html() is now documented
(RT#60473, Thanks to giecrilj and steve@fisharerojo.org)
- CGI::Carp doc are updated to reflect that it can work with mod_perl 2.0.
- when creating a temporary file in the directory fails, the error message
could indicate the root of the problem better (Peter Gervai, Niko Tyni)
[INTERNALS]
- Re-fixing https test in http.t. (RT#54768, thanks to SPROUT)
- param_fetch no longer triggers a warning when called with no arguments (ysth, Mark Stosberg)
Version 3.50, Nov 8, 2010
[SECURITY]
1. The MIME boundary in multipart_init is now random.
Thanks to Byron Jones, Masahiro Yamada, Reed Loden, and Mark Stosberg
2. Further improvements to handling of newlines embedded in header values.
An exception is thrown if header values contain invalid newlines.
Thanks to Michal Zalewski, Max Kanat-Alexander, Yanick Champoux,
Lincoln Stein, Fr�d�ric Buclin and Mark Stosberg
[DOCUMENTATION]
1. Correcting/clarifying documentation for param_fetch(). Thanks to
Ren�e B�cker. (RT#59132)
[INTERNALS]
1. Fixing https test in http.t. (RT#54768)
2. Tests were added for multipart_init(). Thanks to Mark Stosberg and CGI::Simple.
Version 3.49, Feb 5th, 2010
[BUG FIXES]
1. Fix a regression since 3.44 involving a case when the header includes "Content-Length: 0".
Thanks to Alex Vandiver (RT#51109)
2. Suppress uninitialized warnings under -w. Thanks to burak. (RT#50301)
3. url() now uses virtual_port() instead of server_port(). Thanks to MKANAT and Yanick Champoux. (RT#51562)
4. CGI::Carp now properly handles stringifiable objects, like Exception::Class throws (RT#39904)
[SECURITY]
1. embedded newlines are now filtered out of header values in header().
Thanks to Mark Stosberg and Yanick Champoux.
[DOCUMENTATION]
1. README was updated to reflect that CGI.pm was moved under ./lib.
Thanks to Alex Vandiver.
[INTERNALS]
1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)
2. Attempt to avoid test failures with t/fast, thanks to Steve Hay. (RT#49599)
Version 3.48, Sep 25, 2009
[BUG FIXES]
1. <optgroup> default values are now properly escaped.
Thanks to #raleigh.pm and Mark Stosberg. (RT#49606)
2. The change to exception handling in CGI::Carp introduced in 3.47 has been
Version 3.44, Jul 30, 2009
1. Patch from Kurt Jaeger to allow HTTP PUT even if the content length is unknown.
2. Patch from Pavel merdin to fix a problem for one of the FireFox addons.
3. Fixed issue in mod_perl & fastCGI environment of cookies returned from
CGI->cookie() leaking from one session to another.
Version 3.43, Apr 06, 2009
1. Documentation patch from MARKSTOS@cpan.org to replace all occurrences of
"new CGI" with CGI->new()" to reflect best perl practices.
2. Patch from Stepan Kasal to fix utf-8 related problems in perl 5.10
Version 3.42, Sep 08, 2008
1. Added patch from Renee Baecker that makes it possible to subclass
CGI::Pretty.
2. Added patch from Nicholas Clark to allow ~ characters in temporary directories.
3. Added patch from Renee Baecker that fixes the inappropriate escaping of fields
in multipart headers.
Version 3.41, Aug 25, 2008
1. Fix url() returning incorrect path when query string contains escaped newline.
2. Added additional windows temporary directories and environment variables, courtesy patch from Renee Baecker
3. Added a handle() method to the lightweight upload
filehandles. This method returns a real IO::Handle object.
4. Added patch from Tony Vanlingen to fix deep recursion warnings in CGI::Pretty.
Version 3.40, Aug 06, 2008
1. Fixed CGI::Fast docs to eliminate references to a "special"
version of Perl.
2. Makefile.PL now depends on FCGI so that CGI::Fast installs properly.
3. Fix script_name() call from Stephane Chazelas.
Version 3.39, Jun 29, 2008
1. Fixed regression in "exists" function when using tied interface to CGI via $q->Vars.
Version 3.38, Jun 25, 2008
1. Fix annoying warning in http://rt.cpan.org/Ticket/Display.html?id=34551
2. Added nobr() function http://rt.cpan.org/Ticket/Display.html?id=35377
3. popup_menu() allows multiple items to be selected by default, satisfying
http://rt.cpan.org/Ticket/Display.html?id=35376
4. Patch from Renee Backer to avoid doubled <http-equiv> headers.
5. Fixed documentation bug that describes what happens when a
parameter is empty (e.g. "?test1=").
6. Fixed minor warning described at http://rt.cpan.org/Public/Bug/Display.html?id=36435
7. Fixed overlap of attribute and parameter space described in http://rt.perl.org/rt3//Ticket/Display.html?id=24294
Version 3.37, Apr 22, 2008
1. Fix pragmas so that they persist over modperl invocations (e.g. RT 34761)
2. Fixed handling of chunked multipart uploads; thanks to Michael Bernhardt
who reported and fixed the problem.
Version 3.36
1. Fix CGI::Cookie to support cookies that are separated by "," instead of ";".
Version 3.35, Mar 27, 2008
1. Resync with bleadperl, primarily fixing a bug in parsing semicolons in uploaded filenames.
Version 3.34, Mar 18, 2008
1. Handle Unicode %uXXXX escapes properly -- patch from DANKOGAI@cpan.org
2. Fix url() method to not choke on path names that contain regex characters.
Version 3.33, Jan 02, 2008
1. Remove uninit variable warning when calling url(-relative=>1)
2. Fix uninit variable warnings for two lc calls
3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10
Version 3.32, Dec 27, 2007
1. Patch from Miguel Santinho to prevent sending premature headers under mod_perl 2.0
Version 3.31, Nov 30, 2007
1. Patch from Xavier Robin so that CGI::Carp issues a 500 Status code rather than a 200 status code.
2. Patch from Alexander Klink to select correct temporary directory in OSX Leopard so that upload works.
3. Possibly fixed "wrapped pack" error on 5.10 and higher.
Version 3.30
1. Patch from Mike Barry to handle POSTDATA in the same way as PUT.
2. Patch from Rafael Garcia-Suarez to correctly reencode unicode values as byte values.
Version 3.29, Apr 16, 2007
1. The position of file handles is now reset to zero when CGI->new is called.
(Mark Stosberg)
2. uploadInfo() now works across multiple object instances. Also, the first
tests for uploadInfo() were added as part of the fix. (CPAN bug 11895, with
contributions from drfrench and Mark Stosberg).
Version 3.28, Mar 29, 2007
1. Applied patch from Allen Day that makes Cookie parsing RFC2109 compliant
(attribute/values can be separated by commas as well as semicolons).
2. Applied patch from Stephan Struckmann that allows script_name() to be set correctly.
3. Fixed problem with url(-full) in which port number appears twice.
Version 3.27, Feb 27, 2007
1. Applied patch from Steve Taylor that allows checkbox_groups to be
disabled with a new -disabled=> option.
Version 3.26
1. Fixed alternate stylesheet behavior so that it is insensitive to order of declarations.
2. Patch from John Binns to allow users to provide a callback to CGI::Carp.
3. Added "~" as an unreserved character in escape().
4. Patch from Chris Fedde to prevent HTTP_HOST from inhibiting SERVER_PORT in url() generation.
5. Fixed outdated documentation (and behavior) of -language in start_html -script option.
6. Fixed bug in seconds calculation in CGI::Util::expire_calc.
Version 3.25, Sep 28, 2006
1. Fixed the link to the Netscape frames page.
2. Added ability to specify an alternate stylesheet.
3. Add support for XForms POST submssion both as application/xml or as multipart/related
Version 3.24
1. In startform(), if request_uri() returns undef, then falls back
to self_url(). This should rarely happen except when run outside of
the CGI environment.
2. image button alignment options were mistakenly being capitalized, causing xhtml validation to fail.
Version 3.23, Aug 23, 2006
1. Typo in upload() persisted, now fixed for real. Thanks to
Emanuele Zeppieri for correct patch and regression test.
Version 3.22, Aug 23, 2006
1. Typo in upload() function broke uploads. Now fixed (CPAN bug 21126).
Version 3.21, Aug 21, 2006
1. Don't try to read data at all when POST > $POST_MAX.
2. Fixed bug that caused $cgi->param('name',undef,'value') to unset param('name') entirely.
3. Fixed bug in which upload() sometimes returns empty. (CPAN bug #12694).
4. Incorporated patch from BURAK@cpan.org to support HTTPcookies (CPAN bug 21019).
Version 3.20
1. Patch from David Wheeler for CGI::Cookie->bake(). Uses mod_perl headers_out->add()
rather than headers_out->set().
2. Fixed problem identified by Andrei Voronkov in which start_form() output was screwed
up when initial argument begins with a dash and subsequent arguments do not.
3. Quashed uninitialized variable warnings coming from script_name(), url() and other
functions that require access to the PATH_INFO environment variable.
Version 3.19
1. Added patch from Stephen Frost that allows one to suppress use of the temp file that is
created during uploads.
2. Fixed problem noted by Martin Foster in which regular expression meta-character terms
in the path information were not quoted, causing URL parsing
to fail on URLs that contained metacharacters (such as +).
3. More fixes to the url() method.
4. Removed "hack to fix broken PATH_INFO in MSII".
Version 3.18
1. Doc typo fixes.
2. Patch from Steve Peters to default the document type to match the charset.
3. Fixed param() so that param(-name=>'foo',-values=>[]) sets the parameter to empty list.
Version 3.17, Feb 24, 2006
1. Added patch from Mike Hanafey which caused 0 arguments to CGI::Cookie->new() to
be treated as empty.
2. Patch to CGI::Carp from Peter Whaite to fix the unfixable problem of CGI::Carp
not behaving correctly in an eval() context.
3. CGI::Fast->new() calls CGI->_reset_globals to avoid contamination of one session
with another's variables.
4. Fixed upload failure on files that contain semicolons in their names.
Version 3.16, Feb 8, 2006
1. header() -charset option now works even when the MIME type is not "text".
2. Fixed documentation for cookie() function and fastCGI.
3. Upload filehandles now only closed automatically on Windows systems.
4. Apache::Cookie compatibility fix from David Wheeler
5. CGI::Carp->fatalsToBrowser() does not work correctly with
mod_perl 2. No workaround is known.
6. Fixed text status code associated with 302 redirects. Should be "Found"
but was "Moved".
7. Fixed charset in start_html() and header() to be in synch.
Version 3.15, Dec 7, 2005
1. Remove extraneous "?" from self_url() when URI contains a ? but no query string.
Version 3.14, Dec 6, 2005
1. Fixed broken scrolling_list() select attribute.
Version 3.13, Dec 4, 2005
1. Removed extraneous empty "?" from end of self_url().
Version 3.12, Dec 4, 2005
1. Fixed virtual_port so that it works properly with https protocol.
2. Fixed documentation for upload_hook().
3. Added POSTDATA documentation.
4. Made upload_hook() work in function-oriented mode.
5. Fixed POST_MAX behavior so that it doesn't cause client to hang.
6. Disabled automatic tab indexes and added new -tabindex pragma to
turn automatic indexes back on.
7. The url() and self_url() methods now work better in the context of Apache
mod_rewrite. Be advised that path_info() may give you confusing results
when mod_rewrite is active because Apache calculates the path info *after*
rewriting. This is mostly worked around in url() and self_url(), but you
may notice some anomalies.
8. Removed empty (and non-validating) <div> from code emitted by end_form().
9. Fixed CGI::Carp to work correctly with Mod_perl 1.29 in an Apache 2 environment.
10. Setting $CGI::TMPDIRECTORY should now be effective.
Version 3.11, Aug 3, 2005
1. Killed warning in CGI::Cookie about MOD_PERL_API_VERSION
2. Fixed append() so that it works in function mode.
3. Workaround for a bug that appears in Apache2 versions through 2.0.54
in which SCRIPT_NAME and PATH_INFO are incorrect if the additional path_info
contains a double slash. This workaround will handle the common case of
http://mysite.com/cgi-bin/log.cgi/http://www.some.other.site/args, but will
not handle the uncommon case of a ScriptAlias directive that adds additional
path information to the end of the translated URI.
Version 3.10, May 13, 2005
1. Added Apache2::RequestIO, which is necessary for mp2 interoperability.
Version 3.09, May 5, 2005
1. Fixed tabindex="0" when using CGI to create forms without a prior start_html
2. Removed warning about non-numeric MOD_PERL_API_VERSION.
Version 3.08, Apr 20, 2005
1. update support for mod_perl 2.0. versions prior to
mod_perl 1.999_22 (2.0.0-RC5) are no longer supported.
Version 3.07, Mar 14, 2005
1. Fixed typo in mod_perl detection.
Version 3.06, Mar 09, 2005
1. Fixed bare call to script() in start_html
2. Moved Fh::DESTROY out of autoloaded functions so as to avoid
clobbering $@ when CGI functions are executed in an eval{}
context.
3. mod_perl 2.0 version detection patch in CGI::Cookie provided by
Allen Day.
4. autoEscape() flag is now respected when generating extra
attributes.
5. Tests for *tag start/end generation from Shlomi Fish.
6. Support for can() method provided by Ron Savage.
7. Fix for lang='' when outputting XHTML.
8. Added support for chunked transfer encoding, as suggested by
Hakan Ardo
9. Fixed clobbering of row and column headers in tableized radio
and checkbox groups, as reported by Nicolas Thierry-Mieg.
10. <Label> tags are now associated with form elements, as suggested
by accessibility guidelines.
11. The <?xml> directive produced by start_html is now turned off by
default and the charset is specified in a <meta> directive. Apparently
IE6 (and maybe some versions of Opera) were getting confused by this.
12. Support for tab indexes.
13. Retired the HTML docs. The POD docs are now primary documentation.
14. CGI::Carp now correctly detects and handles Apache::Dispatch.
15. CGI::Util::utf8_chr now correctly sets the UTF8 flag on 5.006 or
higher perls (fix courtesy Slaven Rezic).
Version 3.05, Apr 12, 2004
1. Fixed uninitialized variable warning on start_form() when running
from command line.
2. Fixed CGI::_set_attributes so that attributes with a - are handled
correctly.
3. Fixed CGI::Carp::die() so as to avoid problems from _longmess()
clobbering @_.
4. If HTTP_X_FORWARDED_HOST is defined (i.e. running under a proxy),
the various functions that return HOST will use that instead.
5. Fix for undefined utf8() call in CGI::Util.
6. Changed the call to warningsToBrowser() in
CGI::Carp::fatalsToBrowser to call only after HTTP header is sent
(thanks to Didier Lebrun for noticing).
7. Patches from Dan Harkless to make CGI.pm validatable against HTML
3.2.
8. Fixed an extraneous "foo=bar" appearing when extra style
parameters passed to start_html;
9. Fixed cross-site scripting bug in startform() pointed out by Dan
Harkless.
10. Fixed documentation to discuss list context behavior of
form-element generators explicitly.
11. Fixed incorrect results from end_form() when called in OO manner.
12. Fixed query string stripping in order to handle URLs containing
escaped newlines.
13. During server push, set NPH to 0 rather than 1. This is supposed
to fix problems with Apache.
14. Fixed incorrect processing of multipart form fields that contain
embedded quotes. There's still the issue of how to handle ones
that contain embedded semicolons, but no one has complained (yet).
15. Fixed documentation bug in -style argument to start_html()
16. Added -status argument to redirect().
Version 3.04, Jan 18, 2004
1. Fixed the problem with mod_perl crashing when "defaults" button
pressed.
Version 2.94
1. Removed warning from reset() method.
2. Moved
and tags into the :html3 group. Hope this removes undefined CGI::Area
errors.
Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore
reporting of compile-time errors.
Fixed potential deadlock between web server and CGI.pm when aborting
a read due to POST_MAX (reported by Antti Lankila).
Fixed issue with tag-generating function not incorporating content
when first variable undef.
Fixed cross-site scripting bug reported by obscure.
Fixed Dump() function to return correctly formed XHTML - bug
reported by Ralph Siemsen.
Version 2.93
1. Fixed embarassing bug in mp1 support.
Version 2.92
1. Fix to be P3P compliant submitted from MPREWITT.
2. Added CGI->r() API for mod_perl1/mod_perl2.
3. Fixed bug in redirect() that was corrupting cookies.
4. Minor fix to behavior of reset() button to make it consistent with
submit() button (first time this has been changed in 9 years).
5. Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher.
6. Patch from Steve Hay to make CGI::Carp's error messages appear on
MSIE browsers.
7. Added Yair Lenga's patch for non-urlencoded postings.
8. Added Stas Bekman's patches for mod_perl 2 compatibility.
9. Fixed uninitialized escape behavior submitted by William Campbell.
10. Fixed tied behavior so that you can pass arguments to tie()
11. Fixed incorrect generation of URLs when the path_info contains +
and other odd characters.
12. Fixed redirect(-cookies=>$cookie) problem.
13. Fixed tag generation bug that affects -javascript passed to
start_html().
Version 2.91
1. Attribute generation now correctly respects the value of
autoEscape().
2. Fixed endofrm() syntax error introduced by Ben Edgington's patch.
Version 2.90
1. Fixed bug in redirect header handling.
2. Added P3P option to header().
3. Patches from Alexey Mahotkin to make CGI::Carp work correctly with
object-oriented exceptions.
4. Removed inaccurate description of how to set multiple cookies from
CGI::Cookie pod file.
5. Patch from Kevin Mahony to prevent running out of filehandles when
uploading lots of files.
6. Documentation enhancement from Mark Fisher to note that the
import_names() method transforms the parameter names into valid
Perl names.
7. Patch from Dan Harkless to suppress lang attribute in <html> tag
if specified as a null string.
8. Patch from Ben Edgington to fix broken XHTML-transitional 1.0
validation on endform().
9. Custom html header fix from Steffen Beyer (first letter correctly
upcased now)
10. Added a -verbatim option to stylesheet generation from Michael
Dickson
11. Faster delete() method from Neelam Gupta
12. Fixed broken Cygwin support.
13. Added empty charset support from Bradley Baetz
14. Patches from Doug Perham and Kevin Mahoney to fix file upload
failures when uploaded file is a multiple of 4096.
Version 2.89
1. Fixed behavior of ACTION tag when POSTING to a URL that has a
query string.
2. Added Patch from Michael Rommel to handle multipart/mixed uploads
from Opera
Version 2.88
1. Fixed problem with uploads being refused under Perl 5.8 when under
Taint mode.
2. Fixed uninitialized variable warnings under Perl 5.8.
3. Fixed CGI::Pretty regression test failures.
Version 2.87
1. Security hole patched: when processing multipart/form-data
postings, most arguments were being untainted silently. Returned
arguments are now tainted correctly. This may cause some scripts
to fail that used to work (thanks to Nick Cleaton for pointing
this out and persisting until it was fixed).
2. Update for mod_perl 2.0.
3. Pragmas such as -no_xhtml are now respected in mod_perl
environment.
Version 2.86
1. Fixes for broken CGI::Cookie expiration dates introduced in 2.84.
Version 2.85
1. Fix for broken autoEscape function introduced in 2.84.
Version 2.84
1. Fix for failed file uploads on Cygwin platforms.
2. HTML escaping code now replaced 0x8b and 0x9b with unicode
references < and *#8250;
Version 2.83
1. Fixed autoEscape() documentation inconsistencies.
2. Patch from Ville Skytt� to fix a number of XHTML inconsistencies.
3. Added Max-Age to list of CGI::Cookie headers.
Version 2.82
1. Patch from Rudolf Troller to add attribute setting and option
groups to form fields.
2. Patch from Simon Perreault for silent crashes when using CGI::Carp
under mod_perl.
3. Patch from Scott Gifford allows you to set the program name for
CGI::Carp.
Version 2.81
1. Removed extraneous slash from end of stylesheet tags generated by
start_html in non-XHTML mode.
2. Changed behavior of CGI::Carp with respect to eval{} contexts so
that output behaves properly in mod_perl environments.
3. Fixed default DTD so that it validates with W3C validator.
Version 2.80
1. Fixed broken messages in CGI::Carp.
2. Changed checked="1" to checked="checked" for real XHTML
compatibility.
3. Resurrected REQUEST_URI code so that url() works correctly with
multiviews.
Version 2.79
1. Changes to CGI::Carp to avoid "subroutine redefined" error
messages.
2. Default DTD is now XHTML 1.0 Transitional
3. Patches to support all HTML4 tags.
Version 2.78
1. Added ability to change encoding in <?xml> assertion.
2. Fixed the old escapeHTML('CGI') ne "CGI" bug
3. In accordance with XHTML requirements, there are no longer any
minimized attributes, such as "checked".
4. Patched bug which caused file uploads of exactly 4096 bytes to be
truncated to 4094 (thanks to Kevin Mahony)
5. New tests and fixes to CGI::Pretty (thanks to Michael Schwern).
Version 2.77
1. No new features, but released in order to fix an apparent CPAN
bug.
Version 2.76
1. New esc.t regression test for EBCDIC translations courtesy Peter
Prymmer.
2. Patches from James Jurach to make compatible with FCGI-ProcManager
3. Additional fields passed to header() (like -Content_disposition)
now honor initial capitalization.
4. Patch from Andrew McNaughton to handle utf-8 escapes (%uXXXX
codes) in URLs.
Version 2.752
1. Syntax error in the autoloaded Fh::new() subroutine.
2. Better error reporting in autoloaded functions.
Version 2.751
1. Tiny tweak to filename regular expression function on line 3355.
Version 2.75
1. Fixed bug in server push boundary strings (CGI.pm and CGI::Push).
2. Fixed bug that occurs when uploading files with funny characters
in the name
3. Fixed non-XHTML-compliant attributes produced by textfield()
4. Added EPOC support, courtesy Olaf Flebbe
5. Fixed minor XHTML bugs.
6. Made escape() and unescape() symmetric with respect to EBCDIC,
courtesy Roca, Ignasi <ignasi.roca@fujitsu.siemens.es>
7. Removed uninitialized variable warning from CGI::Cookie, provided
by Atipat Rojnuckarin <rojnuca@yahoo.com>
8. Fixed bug in CGI::Pretty that causes it to print partial end tags
when the $INDENT global is changed.
9. Single quotes are changed to character entity ' for compatibility
with URLs.
Version 2.74
September 13, 2000
1. Quashed one-character bug that caused CGI.pm to fail on file
uploads.
Version 2.73
September 12, 2000
1. Added -base to the list of arguments accepted by url().
2. Fixes to XHTML support.
3. POST parameters no longer show up in the Location box.
Version 2.72
August 19, 2000
1. Fixed the defaults button so that it works again
2. Charset is now correctly saved and restored when saving to files
3. url() now works correctly when given scripts with %20 and other
escapes in the additional path info. This undoes a patch
introduced in version 2.47 that I no longer understand the
rationale for.
Version 2.71
August 13, 2000
1. Newlines in the value attributes of hidden fields and other form
elements are now escaped when using ISO-Latin.
2. Inline script and style sections are now protected as CDATA
sections when XHTML mode is on (the default).
Version 2.70
August 4, 2000
1. Fixed bug in scrolling_list() which omitted a space in front of
the "multiple" attribute.
2. Squashed the "useless use of string in void context" message from
redirects.
Version 2.69
1. startform() now creates default ACTION for POSTs as well as GETs.
This may break some browsers, but it no longer violates the HTML
spec.
2. CGI.pm now emits XHTML by default. Disable with -no_xhtml.
3. We no longer interpret &#ddd sequences in non-latin character
sets.
Version 2.68
1. No longer attempts to escape characters when dealing with non
ISO-8861 character sets.
2. checkbox() function now defaults to using -value as its label,
rather than -name. The current behavior is what has been
documented from the beginning.
3. -style accepts array reference to incorporate multiple stylesheets
into document.
1. Fixed two bugs that caused the -compile pragma to fail with a
syntax error.
Version 2.67
1. Added XHTML support (incomplete; tags need to be lowercased).
2. Fixed CGI/Carp when running under mod_perl. Probably broke in
other contexts.
3. Fixed problems when passing multiple cookies.
4. Suppress warnings from _tableize() that were appearing when using
-w switch with radio_group() and checkbox_group().
5. Support for the header() -attachment argument, which can give
pages a default file name when saving to disk.
Version 2.66
1. 2.65 changes in make_attributes() broke HTTP header functions
(including redirect), so made it context sensitive.
Version 2.65
1. Fixed regression tests to skip tests that require implicit fork on
machines without fork().
2. Changed make_attributes() to automatically escape any HTML
reserved characters.
3. Minor documentation fix in javascript example.
Version 2.64
1. Changes introduced in 2.63 broke param() when retrieving parameter
lists containing only a single argument. This is now fixed.
2. self_url() now defaults to returning parameters delimited with
semicolon. Use the pragma -oldstyle_urls to get the old "&"
delimiter.
Version 2.63
1. Fixed CGI::Push to pull out parameters correctly.
2. Fixed redirect() so that it works with default character set
3. Changed param() so as to returned empty string '' when referring
to variables passed in query strings like 'name1=&name2'
Version 2.62
1. Fixed broken ReadParse() function, and added regression tests
2. Fixed broken CGI::Pretty, and added regression tests
Version 2.61
1. Moved more functions from CGI.pm proper into CGI/Util.pm.
CGI/Cookie should now be standalone.
2. Disabled per-user temporary directories, which were causing grief.
Version 2.60
1. Fixed junk appearing in autogenerated HTML functions when using
object-oriented mode.
Version 2.59
1. autoescape functionality breaks too much existing code, removed
it.
2. use escapeHTML() manually
Version 2.58
This is the release version of 2.57.
Version 2.57
1. Added -debug pragma and turned off auto reading of STDIN.
2. Default DTD updated to HTML 4.01 transitional.
3. Added charset() method and the -charset argument to header().
4. Fixed behavior of escapeHTML() to respect charset() and to escape
nasty Windows characters (thanks to Tom Christiansen).
5. Handle REDIRECT_QUERY_STRING correctly.
6. Removed use_named_parameters() because of dependency problems and
general lameness.
7. Fixed problems with bad HREF links generated by url(-relative=>1)
when the url is like /people/.
8. Silenced a warning on upload (patch provided by Jonas Liljegren)
9. Fixed race condition in CGI::Carp when errors occur during parsing
(patch provided by Maurice Aubrey).
10. Fixed failure of url(-path_info=>1) when path contains % signs.
11. Fixed warning from CGI::Cookie when receiving foreign cookies that
don't use name=value format.
12. Fixed incompatibilities with file uploading on VMS systems.
Version 2.56
1. Fixed bugs in file upload introduced in version 2.55
2. Fixed long-standing bug that prevented two files with identical
names from being uploaded.
Version 2.55
1. Fixed cookie regression test so as not to produce an error.
2. Fixed path_info() and self_url() to work correctly together when
path_info() modified.
3. Removed manify warnings from CGI::{Switch,Apache}.
Version 2.54
1. This will be the last release of the monolithic CGI.pm module.
Later versions will be modularized and optimized.
2. DOMAIN tag no longer added to cookies by default. This will break
some versions of Internet Explorer, but will avoid breaking
networks which use host tables without fully qualified domain
names. For compatibility, please always add the -domain tag when
creating cookies.
3. Fixed escape() method so that +'s are treated correctly.
4. Updated CGI::Pretty module.
Version 2.53
1. Forgot to upgrade regression tests before releasing 2.52. NOTHING
ELSE HAS CHANGED IN LIBRARY
Version 2.52
1. Spurious newline in checkbox() routine removed. (courtesy John
Essen)
2. TEXTAREA linebreaks now respected in dump() routine. (courtesy
John Essen)
3. Patches for DOS ports (courtesy Robert Davies)
4. Patches for VMS
5. More fixes for cookie problems
6. Fix CGI::Carp so that it doesn't affect eval{} blocks (courtesy
Byron Brummer)
Version 2.51
1. Fixed problems with cookies not being remembered when sent to IE
5.0 (and Netscape 5.0 too?)
2. Numerous HTML compliance problems in cgi_docs.html; fixed thanks
to Michael Leahy
Version 2.50
1. Added a new Vars() method to retrieve all parameters as a tied
hash.
2. Untainted tainted tempfile name so that script doesn't fail on
terminal unlink.
3. Made picking of upload tempfile name more intelligent so that
doesn't fail in case of name collision.
Version 2.42
1. Too many screams of anguish at changed behavior of url(). Is now
back to its old behavior by default, with options to generate all
the variants.
2. Added regression tests. "make test" now works.
3. Documentation fixes.
4. Fixes for Macintosh uploads, but uploads STILL do not work pending
changes to MacPerl.
Version 2.41
1. url() method now includes the path info. Use script_name() to get
it without path info().
2. Changed handling of empty attributes in HTML tag generation. Be
warned! Use table({-border=>undef}) rather than
table({-border=>''}).
3. Changes to allow uploaded filenames to be compared to other
strings with "eq", "cmp" and "ne".
4. Changes to allow CGI.pm to coexist more peacefully with
ActiveState PerlEX.
5. Changes to prevent exported variables from clashing when importing
":all" set in combination with cookies.
Version 2.40
1. CGI::Carp patched to work better with mod_perl (thanks to Chris
Dean).
2. Uploads of files whose names begin with numbers or the Windows
\\UNC\shared\file nomenclature should no longer fail.
3. The <STYLE> tag (for cascading style sheets) now generates the
required TYPE attribute.
4. Server push primitives added, thanks to Ed Jordan.
5. Table and other HTML3 functions are now part of the :standard set.
6. Small documentation fixes.
TO DO:
1. Do something about the DTD mess. The module should generate
correct DTDs, or at least offer the programmer a way to specify
the correct one.
2. Split CGI.pm into CGI processing and HTML-generating modules.
3. More robust file upload (?still not working on the Macintosh?).
4. Bring in all the HTML4 functionality, particular the accessibility
features.
Version 2.39
1. file uploads failing because of VMS patch; fixed.
2. -dtd parameter was not being properly processed.
Version 2.38
I finally got tired of all the 2.37 betas and released 2.38. The main
difference between this version and the last 2.37 beta (2.37b30) are
some fixes for VMS. This should allow file upload to work properly on
all VMS Web servers.
Version 2.37, various beta versions
1. Added a CGI::Cookie::parse() method for lucky mod_perl users.
2. No longer need separate -values and -labels arguments for
multi-valued form elements.
3. Added better interface to raw cookies (fix courtesy Ken Fox,
kfox@ford.com)
4. Added param_fetch() function for direct access to parameter list.
5. Fix to checkbox() to allow for multi-valued single checkboxes
(weird problem).
6. Added a compile() method for those who want to compile without
importing.
7. Documented the import pragmas a little better.
8. Added a -compile switch to the use clause for the long-suffering
mod_perl and Perl compiler users.
9. Fixed initialization routines so that FileHandle and type globs
work correctly (and hash initialization doesn't fail!).
10. Better deletion of temporary files on NT systems.
11. Added documentation on escape(), unescape(), unescapeHTML() and
unescapeHTML() subroutines.
12. Added documentation on creating subclasses.
13. Fixed problem when calling $self->SUPER::foo() from inheriting
subclasses.
14. Fixed problem using filehandles from within subroutines.
15. Fixed inability to use the string "CGI" as a parameter.
16. Fixed exponentially growing $FILLUNIT bug
17. Check for undef filehandle in read_from_client()
18. Now requires the UNIVERSAL.pm module, present in Perl 5.003_7 or
higher.
19. Fixed problem with uppercase-only parameters being ignored.
20. Fixed vanishing cookie problem.
21. Fixed warning in initialize_globals() under mod_perl.
22. File uploads from Macintosh versions of MSIE should now work.
23. Pragmas now preceded by dashes (-nph) rather than colons (:nph).
Old style is supported for backward compatibility.
24. Can now pass arguments to all functions using {} brackets,
resolving historical inconsistencies.
25. Removed autoloader warnings about absent MultipartBuffer::DESTROY.
26. Fixed non-sticky checkbox() when -name used without -value.
27. Hack to fix path_info() in IIS 2.0. Doesn't help with IIS 3.0.
28. Parameter syntax for debugging from command line now more
straightforward.
29. Added $DISABLE_UPLOAD to disable file uploads.
30. Added $POST_MAX to error out if POSTings exceed some ceiling.
31. Fixed url_param(), which wasn't working at all.
32. Fixed variable suicide problem in s///e expressions, where the
autoloader was needed during evaluation.
33. Removed excess spaces between elements of checkbox and radio
groups
34. Can now create "valueless" submit buttons
35. Can now set path_info as well as read it.
36. ReadParse() now returns a useful function result.
37. import_names() now allows you to optionally clear out the
namespace before importing (for mod_perl users)
38. Made it possible to have a popup menu or radio button with a value
of "0".
39. link() changed to Link() to avoid overriding native link function.
40. Takes advantage of mod_perl's register_cleanup() function to clear
globals.
41. <LAYER> and <ILAYER> added to :html3 functions.
42. Fixed problems with private tempfiles and NT/IIS systems.
43. No longer prints the DTD by default (I bet no one will complain).
44. Allow underscores to replace internal hyphens in parameter names.
45. CGI::Push supports heterogeneous MIME types and adjustable delays
between pages.
46. url_param() method added for retrieving URL parameters even when a
fill-out form is POSTed.
47. Got rid of warnings when radio_group() is called.
48. Cookies now moved to their very own module.
49. Fixed documentation bug in CGI::Fast.
50. Added a :no_debug pragma to the import list.
Version 2.36
1. Expanded JavaScript functionality
2. Preliminary support for cascading stylesheets
3. Security fixes for file uploads:
+ Module will bail out if its temporary file already exists
+ Temporary files can now be made completely private to avoid
peeking by other users or CGI scripts.
4. use CGI qw/:nph/ wasn't working correctly. Now it is.
5. Cookie and HTTP date formats didn't meet spec. Thanks to Mark
Fisher (fisherm@indy.tce.com) for catching and fixing this.
p
Version 2.35
1. Robustified multipart file upload against incorrect syntax in
POST.
2. Fixed more problems with mod_perl.
3. Added -noScript parameter to start_html().
4. Documentation fixes.
Version 2.34
1. Stupid typo fix
Version 2.33
1. Fixed a warning about an undefined environment variable.
2. Doug's patch for redirect() under mod_perl
3. Partial fix for busted inheritence from CGI::Apache
4. Documentation fixes.
Version 2.32
1. Improved support for Apache's mod_perl.
2. Changes to better support inheritance.
3. Support for OS/2.
Version 2.31
1. New uploadInfo() method to obtain header information from uploaded
files.
2. cookie() without any arguments returns all the cookies passed to a
script.
3. Removed annoying warnings about $ENV{NPH} when running with the -w
switch.
4. Removed operator overloading throughout to make compatible with
new versions of perl.
5. -expires now implies the -date header, to avoid clock skew.
6. WebSite passes cookies in $ENV{COOKIE} rather than
$ENV{HTTP_COOKIE}. We now handle this, even though it's O'Reilly's
fault.
7. Tested successfully against new sfio I/O layer.
8. Documentation fixes.
Version 2.30
1. Automatic detection of operating system at load time.
2. Changed select() function to Select() in order to avoid conflict
with Perl built-in.
3. Added Tr() as an alternative to TR(); some people think it looks
better that way.
4. Fixed problem with autoloading of MultipartBuffer::DESTROY code.
5. Added the following methods:
+ virtual_host()
+ server_software()
6. Automatic NPH mode when running under Microsoft IIS server.
Version 2.29
( run in 1.365 second using v1.01-cache-2.11-cpan-39bf76dae61 )