CGI
view release on metacpan or search on metacpan
[INTERNALS]
1. Fixing https test in http.t. (RT#54768)
2. Tests were added for multipart_init(). Thanks to Mark Stosberg and CGI::Simple.
Version 3.49, Feb 5th, 2010
[BUG FIXES]
1. Fix a regression since 3.44 involving a case when the header includes "Content-Length: 0".
Thanks to Alex Vandiver (RT#51109)
2. Suppress uninitialized warnings under -w. Thanks to burak. (RT#50301)
3. url() now uses virtual_port() instead of server_port(). Thanks to MKANAT and Yanick Champoux. (RT#51562)
4. CGI::Carp now properly handles stringifiable objects, like Exception::Class throws (RT#39904)
[SECURITY]
1. embedded newlines are now filtered out of header values in header().
Thanks to Mark Stosberg and Yanick Champoux.
[DOCUMENTATION]
1. README was updated to reflect that CGI.pm was moved under ./lib.
Thanks to Alex Vandiver.
[INTERNALS]
1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)
2. Attempt to avoid test failures with t/fast, thanks to Steve Hay. (RT#49599)
Version 3.48, Sep 25, 2009
[BUG FIXES]
1. <optgroup> default values are now properly escaped.
Thanks to #raleigh.pm and Mark Stosberg. (RT#49606)
2. The change to exception handling in CGI::Carp introduced in 3.47 has been
reverted for now. It caused regressions reported in RT#49630.
Thanks to mkanat for the report.
[DOCUMENTATION]
1. Documentation for upload() has been overhauled, thanks to Mark Stosberg.
2. Documentation for tmpFileName has been added. Thanks to Mark Stosberg and Nathaniel K. Smith.
3. URLS were updated, thanks to Leon Brocard and Yanick Champoux. (RT#49770)
[INTERNALS]
1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)
Version 3.47, Sep 9, 2009
No code changes.
[INTERNALS]
Re-release of 3.46, which did not contain a proper MANIFEST
Version 3.46
[BUG FIXES]
1. In CGI::Pretty, we no longer add line breaks after tags we claim not to format. Thanks to rrt, Bob Kuo and
and Mark Stosberg. (RT#42114).
2. unescapeHTML() no longer falsely recognizes certain text as entities. Thanks to Pete Gamanche, Mark Stosberg
and Bob Kuo. (RT#39122)
3. checkbox_group() now correctly includes a space before the "checked" attribute.
Thanks to Andrew Speer and Bob Kuo. (RT#36583)
4. Fix case-sensitivity in http() and https() according to docs. Make https()
return list of keys in list context. Thanks to riQyRoe and Rhesa Rozendaal. (RT#12909)
5. XHTML is now automatically disabled for HTML 4, as well as HTML 2 and HTML 3. Thanks to
Dan Harkless and Yanick Champoux. (RT#27907)
6. Pre-compiling 'end_form' with ':form' switch now works. Thanks to ryochin and Yanick Champoux. (RT#41530)
7. Empty name/values pairs are now properly saved and restored from filehandles. Thanks to rlucas and
Rhesa Rozendaal (RT#13158)
8. Some differences between startform() and start_form() have been fixed. Thanks to Slaven Rezic and
Shawn Corey. (RT#22046)
9. url_param() has been updated to be more consistent with the documentation and param().
Thanks to Britton Kerin and Yanick Campoux. (RT#43587)
10.hidden() now correctly supports multiple default values.
Thanks to david@dierauer.net and Russell Jenkins. (RT#20436)
11.Calling CGI->new() no longer clobbers the value of $_ in the current scope.
Thanks to Alexey Tourbin, Bob Kuo and Mark Stosberg. (RT#25131)
12.UTF-8 params should not get double-decoded now.
Thanks to Yves, Bodo, Burak G�rsoy, and Michael Schout. (RT#19913)
13.We now give objects passed to CGI::Carp::die a chance to be stringified.
Thanks to teek and Yanick Champoux (RT#41530)
14.Turning off autoEscape() now only affects the behavior of built-in HTML
generation fuctions. Explicit calls to escapeHTML() always escape HTML regardless
of the setting. Thanks to vindex, Bob Kuo and Mark Stosberg (RT#40748)
15.In CGI::Fast, preferences set via pragmas are now preserved.
Thanks to heinst and Mark Stosberg (RT#32119)
[DOCUMENTATION]
1. remote_addr() is now documented. Thanks to Yanick Champoux. (RT#38884)
2. In CGI::Pretty in the list of tags left unformatted was updated to match the code. Thanks to Mark Stosberg. (RT#42114)
3. In CGI::Pretty, performance concerns are now documented. Thanks to Jochen, Rhesa Rozendaal and Mark Stosberg (RT#13223)
4. A number of outdated Netscape references have been removed. Thanks to Mark Stosberg.
5. The documentation has been purged of examples of using indirect object notation. Thanks to Mark Stosberg.
6. Some POD formatting was fixed. Thanks to Dave Mitchell (RT#48935).
7. Docs and examples were updated to highlight start_form instead of startform.
Thanks to Slaven Rezic.
8. Note that CGI::Carp::carpout() doesn't work with in-memory filehandles.
Thanks to rhubbell and Mark Stosberg.
9. The documentation for the -newstyle_urls is now less confusing.
Thanks to Ryan Tate and Mark Stosberg (RT#49454)
[INTERNALS]
1. Quit bundling an ancient copy of Test::More and and using a custom 'lib' path for the tests. Instead, Test::More
is now a dependency. Thanks to Ansgar and Mark Stosberg (RT#48811)
2. Automated tests for hidden() have been added, thanks to Russel Jenkins and Mark Stosberg (RT#20436)
3. t/util.t has been updated to use Test::More instead of a home-grown test function. Thanks to Bob Kuo.
Version 3.45, Aug 14, 2009
[BUG FIXES]
1. Prevent warnings about "uninitialized values" for REQUEST_URI, HTTP_USER_AGENT and other environment variables.
Patches by Callum Gibson, heiko and Mark Stosberg. (RT#24684, RT#29065)
2. Avoid death in some cases when running under Taint mode on Windows.
Patch by Peter Hancock (RT#43796)
3. Allow 0 to be used as a default value in popup_menu(). This was broken starting in 3.37.
Thanks to Haze, who was the first to report this and supply a patch, and pfschill, who pinpointed
when the bug was introduced. A regression test for this was also added. (RT#37908)
4. Allow "+" as a valid character in file names, which fixes temp file creation on OS X Leopard.
Thanks to Andy Armstrong, and alech for patches. (RT#30504)
5. Set binmode() on the Netware platform, thanks to Guenter Knauf (RT#27455)
6. Don't allow a CGI::Carp error handler to die recursively. Print a warning and exit instead.
Thanks to Marc Chantreux. (RT#45956)
7. The Dump() method now is fixed to escape HTML properly. Thanks to Mark Stosberg (RT#21341)
8. Support for <optgroup> with scrolling_list() now works the same way as it does for popup_menu().
Thanks to Stuart Johnston (RT#30097)
9. Workaround for weird interaction of CGI::Carp with Safe module
reported by William McKee.
10. Added patches from Ilmari Karonen to improve behavior of
CGI::Carp.
11. Fixed documentation error in -style argument.
12. Added virtual_port() method for finding out what port server is
listening on in a virtual-host aware fashion.
Version 3.00, Aug 18, 2003
1. Patch from Randal Schwartz to fix bug introduced by cross-site
scripting vulnerability "fix."
2. Patch from JFreeman to replace UTF-8 escape constant of 0xfe with
0xfc. Hope this is right!
Version 2.99
1. Patch from Steve Hay to fix extra Content-type: appearing on
browser screen when FatalsToBrowser invoked.
2. Patch from Ewann Corvellec to fix cross-site scripting
vulnerability.
3. Fixed tmpdir routine for file uploading to solve problem that
occurs under mod_perl when tmpdir is writable at startup time, but
not at session time.
Version 2.98
1. Fixed crash in Dump() function.
Version 2.97
1. Sigh. Uploaded wrong 2.96 to CPAN.
Version 2.96
1. More bugfixes to the -style argument.
Version 2.95
1. Fixed bugs in start_html(-style=>...) support introduced in 2.94.
Version 2.94
1. Removed warning from reset() method.
2. Moved
and tags into the :html3 group. Hope this removes undefined CGI::Area
errors.
Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore
reporting of compile-time errors.
Fixed potential deadlock between web server and CGI.pm when aborting
a read due to POST_MAX (reported by Antti Lankila).
Fixed issue with tag-generating function not incorporating content
when first variable undef.
Fixed cross-site scripting bug reported by obscure.
Fixed Dump() function to return correctly formed XHTML - bug
reported by Ralph Siemsen.
Version 2.93
1. Fixed embarassing bug in mp1 support.
Version 2.92
1. Fix to be P3P compliant submitted from MPREWITT.
2. Added CGI->r() API for mod_perl1/mod_perl2.
3. Fixed bug in redirect() that was corrupting cookies.
4. Minor fix to behavior of reset() button to make it consistent with
submit() button (first time this has been changed in 9 years).
5. Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher.
6. Patch from Steve Hay to make CGI::Carp's error messages appear on
MSIE browsers.
7. Added Yair Lenga's patch for non-urlencoded postings.
8. Added Stas Bekman's patches for mod_perl 2 compatibility.
9. Fixed uninitialized escape behavior submitted by William Campbell.
10. Fixed tied behavior so that you can pass arguments to tie()
11. Fixed incorrect generation of URLs when the path_info contains +
and other odd characters.
12. Fixed redirect(-cookies=>$cookie) problem.
13. Fixed tag generation bug that affects -javascript passed to
start_html().
Version 2.91
1. Attribute generation now correctly respects the value of
autoEscape().
2. Fixed endofrm() syntax error introduced by Ben Edgington's patch.
Version 2.90
1. Fixed bug in redirect header handling.
2. Added P3P option to header().
3. Patches from Alexey Mahotkin to make CGI::Carp work correctly with
object-oriented exceptions.
4. Removed inaccurate description of how to set multiple cookies from
CGI::Cookie pod file.
5. Patch from Kevin Mahony to prevent running out of filehandles when
uploading lots of files.
6. Documentation enhancement from Mark Fisher to note that the
import_names() method transforms the parameter names into valid
Perl names.
7. Patch from Dan Harkless to suppress lang attribute in <html> tag
if specified as a null string.
8. Patch from Ben Edgington to fix broken XHTML-transitional 1.0
validation on endform().
9. Custom html header fix from Steffen Beyer (first letter correctly
upcased now)
10. Added a -verbatim option to stylesheet generation from Michael
Dickson
11. Faster delete() method from Neelam Gupta
12. Fixed broken Cygwin support.
13. Added empty charset support from Bradley Baetz
14. Patches from Doug Perham and Kevin Mahoney to fix file upload
failures when uploaded file is a multiple of 4096.
Version 2.89
1. Fixed behavior of ACTION tag when POSTING to a URL that has a
query string.
2. Added Patch from Michael Rommel to handle multipart/mixed uploads
from Opera
Version 2.88
1. Fixed problem with uploads being refused under Perl 5.8 when under
Taint mode.
2. Fixed uninitialized variable warnings under Perl 5.8.
3. Fixed CGI::Pretty regression test failures.
Version 2.87
1. Security hole patched: when processing multipart/form-data
postings, most arguments were being untainted silently. Returned
arguments are now tainted correctly. This may cause some scripts
to fail that used to work (thanks to Nick Cleaton for pointing
this out and persisting until it was fixed).
2. Update for mod_perl 2.0.
3. Pragmas such as -no_xhtml are now respected in mod_perl
environment.
Version 2.86
1. Fixes for broken CGI::Cookie expiration dates introduced in 2.84.
Version 2.85
1. Fix for broken autoEscape function introduced in 2.84.
Version 2.84
1. Fix for failed file uploads on Cygwin platforms.
2. HTML escaping code now replaced 0x8b and 0x9b with unicode
references < and *#8250;
Version 2.83
1. Fixed autoEscape() documentation inconsistencies.
2. Patch from Ville Skytt� to fix a number of XHTML inconsistencies.
3. Added Max-Age to list of CGI::Cookie headers.
Version 2.82
1. Patch from Rudolf Troller to add attribute setting and option
groups to form fields.
2. Patch from Simon Perreault for silent crashes when using CGI::Carp
under mod_perl.
3. Patch from Scott Gifford allows you to set the program name for
CGI::Carp.
Version 2.81
1. Removed extraneous slash from end of stylesheet tags generated by
start_html in non-XHTML mode.
2. Changed behavior of CGI::Carp with respect to eval{} contexts so
that output behaves properly in mod_perl environments.
3. Fixed default DTD so that it validates with W3C validator.
Version 2.80
1. Fixed broken messages in CGI::Carp.
2. Changed checked="1" to checked="checked" for real XHTML
compatibility.
3. Resurrected REQUEST_URI code so that url() works correctly with
multiviews.
Version 2.79
1. Changes to CGI::Carp to avoid "subroutine redefined" error
messages.
2. Default DTD is now XHTML 1.0 Transitional
3. Patches to support all HTML4 tags.
Version 2.78
1. Added ability to change encoding in <?xml> assertion.
2. Fixed the old escapeHTML('CGI') ne "CGI" bug
3. In accordance with XHTML requirements, there are no longer any
minimized attributes, such as "checked".
4. Patched bug which caused file uploads of exactly 4096 bytes to be
truncated to 4094 (thanks to Kevin Mahony)
5. New tests and fixes to CGI::Pretty (thanks to Michael Schwern).
Version 2.77
1. No new features, but released in order to fix an apparent CPAN
bug.
Version 2.76
1. New esc.t regression test for EBCDIC translations courtesy Peter
Prymmer.
2. Patches from James Jurach to make compatible with FCGI-ProcManager
3. Additional fields passed to header() (like -Content_disposition)
now honor initial capitalization.
4. Patch from Andrew McNaughton to handle utf-8 escapes (%uXXXX
codes) in URLs.
Version 2.752
1. Syntax error in the autoloaded Fh::new() subroutine.
2. Better error reporting in autoloaded functions.
Version 2.751
1. Tiny tweak to filename regular expression function on line 3355.
Version 2.75
1. Fixed bug in server push boundary strings (CGI.pm and CGI::Push).
2. Fixed bug that occurs when uploading files with funny characters
in the name
3. Fixed non-XHTML-compliant attributes produced by textfield()
4. Added EPOC support, courtesy Olaf Flebbe
5. Fixed minor XHTML bugs.
6. Made escape() and unescape() symmetric with respect to EBCDIC,
courtesy Roca, Ignasi <ignasi.roca@fujitsu.siemens.es>
7. Removed uninitialized variable warning from CGI::Cookie, provided
by Atipat Rojnuckarin <rojnuca@yahoo.com>
8. Fixed bug in CGI::Pretty that causes it to print partial end tags
when the $INDENT global is changed.
9. Single quotes are changed to character entity ' for compatibility
with URLs.
Version 2.74
September 13, 2000
1. Quashed one-character bug that caused CGI.pm to fail on file
uploads.
Version 2.73
September 12, 2000
1. Added -base to the list of arguments accepted by url().
2. Fixes to XHTML support.
3. POST parameters no longer show up in the Location box.
Version 2.72
August 19, 2000
1. Fixed the defaults button so that it works again
2. Charset is now correctly saved and restored when saving to files
3. url() now works correctly when given scripts with %20 and other
escapes in the additional path info. This undoes a patch
introduced in version 2.47 that I no longer understand the
rationale for.
Version 2.71
August 13, 2000
1. Newlines in the value attributes of hidden fields and other form
elements are now escaped when using ISO-Latin.
2. Inline script and style sections are now protected as CDATA
sections when XHTML mode is on (the default).
Version 2.70
August 4, 2000
1. Fixed bug in scrolling_list() which omitted a space in front of
the "multiple" attribute.
2. Squashed the "useless use of string in void context" message from
redirects.
Version 2.69
1. startform() now creates default ACTION for POSTs as well as GETs.
This may break some browsers, but it no longer violates the HTML
spec.
2. CGI.pm now emits XHTML by default. Disable with -no_xhtml.
3. We no longer interpret &#ddd sequences in non-latin character
sets.
Version 2.68
1. No longer attempts to escape characters when dealing with non
ISO-8861 character sets.
2. checkbox() function now defaults to using -value as its label,
rather than -name. The current behavior is what has been
documented from the beginning.
3. -style accepts array reference to incorporate multiple stylesheets
into document.
1. Fixed two bugs that caused the -compile pragma to fail with a
syntax error.
Version 2.67
1. Added XHTML support (incomplete; tags need to be lowercased).
2. Fixed CGI/Carp when running under mod_perl. Probably broke in
other contexts.
3. Fixed problems when passing multiple cookies.
4. Suppress warnings from _tableize() that were appearing when using
-w switch with radio_group() and checkbox_group().
5. Support for the header() -attachment argument, which can give
pages a default file name when saving to disk.
Version 2.66
1. 2.65 changes in make_attributes() broke HTTP header functions
(including redirect), so made it context sensitive.
Version 2.65
1. Fixed regression tests to skip tests that require implicit fork on
machines without fork().
2. Changed make_attributes() to automatically escape any HTML
reserved characters.
3. Minor documentation fix in javascript example.
Version 2.64
1. Changes introduced in 2.63 broke param() when retrieving parameter
lists containing only a single argument. This is now fixed.
2. self_url() now defaults to returning parameters delimited with
semicolon. Use the pragma -oldstyle_urls to get the old "&"
delimiter.
Version 2.63
1. Fixed CGI::Push to pull out parameters correctly.
2. Fixed redirect() so that it works with default character set
3. Changed param() so as to returned empty string '' when referring
to variables passed in query strings like 'name1=&name2'
Version 2.62
1. Fixed broken ReadParse() function, and added regression tests
2. Fixed broken CGI::Pretty, and added regression tests
Version 2.61
1. Moved more functions from CGI.pm proper into CGI/Util.pm.
CGI/Cookie should now be standalone.
2. Disabled per-user temporary directories, which were causing grief.
Version 2.60
1. Fixed junk appearing in autogenerated HTML functions when using
object-oriented mode.
Version 2.59
1. autoescape functionality breaks too much existing code, removed
it.
2. use escapeHTML() manually
Version 2.58
( run in 1.429 second using v1.01-cache-2.11-cpan-ba708fea25c )