CGI
view release on metacpan or search on metacpan
- CGI.pm is now considered "done". See also "mature" and "legacy"
Features requests and non-critical issues will be outright rejected.
The module is now in maintenance mode for critical issues only.
- This release removes the AUTOLOAD and compile optimisations from CGI.pm
that were introduced into CGI.pm twenty (20) years ago as a response to
its large size, which meant there was a significant compile time penalty.
- This optimisation is no longer relevant and makes the code difficult to
deal with as well as making test coverage metrics incorrect. Benchmarks
show that advantages of AUTOLOAD / lazy loading / deferred compile are
less than 0.05s, which will be dwarfed by just about any meaningful code
in a cgi script. If this is an issue for you then you should look at
running CGI.pm in a persistent environment (FCGI, etc)
- To offset some of the time added by removing the AUTOLOAD functionality
the dependencies have been made runtime rather than compile time. The
POD has also been split into its own file. CGI.pm now contains around
4000 lines of code, which compared to some modules on CPAN isn't really
that much
- This essentially deprecates the -compile pragma and ->compile method. The
-compile pragma will no longer do anything, whereas the ->compile method
will raise a deprecation warning. More importantly this also REMOVES the
-any pragma because as per the documentation this pragma needed to be
"used with care or not at all" and allowing arbitrary HTML tags is almost
certainly a bad idea. If you are using the -any pragma and using arbitrary
tags (or have typo's in your code) your code will *BREAK*
- Although this release should be back compatible (with the exception of any
code using the -any pragma) you are encouraged to test it throughly as if
you are doing anything out of the ordinary with CGI.pm (i.e. have bugs
that may have been masked by the AUTOLOAD feature) you may see some issues.
- References: GH #162, GH #137, GH #164
[ SPEC / BUG FIXES ]
- make the list context warning in param show the filename rather than
the package so we have more information on exactly where the warning
has been raised from (GH #171)
- correct self_url when PATH_INFO and SCRIPT_NAME are the same but we
are not running under IIS (GH #176)
- Add the multi_param method to :cgi export (thanks to xblitz for the patch
and tests. GH #167)
- Fix warning for lack of HTTP_USER_AGENT in CGI::Carp (GH #168)
- Fix imports when called from CGI::Fast, restores the import of CGI functions
into the callers namespace for users of CGI::Fast (GH leejo/cgi-fast#11 and
GH leejo/cgi-fast#12)
- Fix regression of tmpFileName when calling with a plain string (GH #178,
thanks to Simon McVittie for the report and fix)
[ FEATURES ]
- CGI::Carp now has $CGI::Carp::FULL_PATH for displaying the full path to the
offending script in error messages
- CGI now has env_query_string() for getting the value of QUERY_STRING from
the environment and not that fiddled with by CGI.pm (which is what
query_string() does) (GH #161)
- CGI::ENCODE_ENTITIES var added to control which chracters are encoded by
the call to the HTML::Entities module - defaults to &<>"' (GH #157 - the
\x8b and \x9b chars have been removed from this list as we are concerned
more about unicode compat these days than old browser support.)
[ DOCUMENTATION ]
- Fix some typos (GH #173, GH #174)
- All *documentation* for HTML functionality in CGI has been moved into
its own namespace: CGI::HTML::Functions - although the functionality
continues to exist within CGI.pm so there are no code changes required
(GH #142)
- Add missing documentation for env variable fetching routines (GH #163)
[ TESTING ]
- Increase test coverage (GH #3)
[ INTERNALS ]
- Cwd made a TEST_REQUIRES rather than a BUILD_REQUIRES in Makefile.PL
(GH #170)
- AutoloadClass variables have been removed as AUTOLOAD was removed in
v4.14 so these are no longer necessary (GH #172 thanks to alexmv)
- Remove dependency on constant - internal DEBUG, XHTML_DTD and EBCDIC
constants changes to $_DEBUG, $_XHTML_DTD, and $_EBCDIC
4.13 2014-12-18
[ RELEASE NOTES ]
- CGI::Pretty is now DEPRECATED and will be removed in a future release.
Please see GH #162 (https://github.com/leejo/CGI.pm/issues/162) for more
information and discussion (also GH #140 for HTML function deprecation
discussion: https://github.com/leejo/CGI.pm/issues/140)
[ TESTING ]
- fix t\rt-84767.t for failures on Win32 platforms related to file paths
4.11 2014-12-02
[ SPEC / BUG FIXES ]
- more hash key ordering bugs fixed in HTML attribute output (GH #158,
thanks to Marcus Meissner for the patch and test case)
[ REFACTORING ]
- escapeHTML (and unescapeHTML) have been refactored to use the functions
exported by the HTML::Entities module (GH #157)
- change BUILD_REQUIRES to TEST_REQUIRES in Makefile.PL as these are test
dependencies not build dependencies (GH #159)
[ DOCUMENTATION ]
- replace any remaining uses of indirect object notation (new Object) with
the safer Object->new syntax (GH #156)
4.10 2014-11-27
[ SPEC / BUG FIXES ]
- favour -content-type arg in header if -type and -charset options are also
passed in (GH #155, thanks to kaoru for the test case). this change also
sorts the hash keys in the rearrange method in CGI::Util meaning the order
of the arrangement will always be the same for params that have multiple
aliases. really you shouldn't be passing in multiple aliases, but this will
make it consistent should you do that
[ DOCUMENTATION ]
- fix some typos
1. Fixed CGI::Fast docs to eliminate references to a "special"
version of Perl.
2. Makefile.PL now depends on FCGI so that CGI::Fast installs properly.
3. Fix script_name() call from Stephane Chazelas.
Version 3.39, Jun 29, 2008
1. Fixed regression in "exists" function when using tied interface to CGI via $q->Vars.
Version 3.38, Jun 25, 2008
1. Fix annoying warning in http://rt.cpan.org/Ticket/Display.html?id=34551
2. Added nobr() function http://rt.cpan.org/Ticket/Display.html?id=35377
3. popup_menu() allows multiple items to be selected by default, satisfying
http://rt.cpan.org/Ticket/Display.html?id=35376
4. Patch from Renee Backer to avoid doubled <http-equiv> headers.
5. Fixed documentation bug that describes what happens when a
parameter is empty (e.g. "?test1=").
6. Fixed minor warning described at http://rt.cpan.org/Public/Bug/Display.html?id=36435
7. Fixed overlap of attribute and parameter space described in http://rt.perl.org/rt3//Ticket/Display.html?id=24294
Version 3.37, Apr 22, 2008
1. Fix pragmas so that they persist over modperl invocations (e.g. RT 34761)
2. Fixed handling of chunked multipart uploads; thanks to Michael Bernhardt
who reported and fixed the problem.
Version 3.36
1. Fix CGI::Cookie to support cookies that are separated by "," instead of ";".
Version 3.35, Mar 27, 2008
1. Resync with bleadperl, primarily fixing a bug in parsing semicolons in uploaded filenames.
Version 3.34, Mar 18, 2008
1. Handle Unicode %uXXXX escapes properly -- patch from DANKOGAI@cpan.org
2. Fix url() method to not choke on path names that contain regex characters.
Version 3.33, Jan 02, 2008
1. Remove uninit variable warning when calling url(-relative=>1)
2. Fix uninit variable warnings for two lc calls
3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10
Version 3.32, Dec 27, 2007
1. Patch from Miguel Santinho to prevent sending premature headers under mod_perl 2.0
Version 3.31, Nov 30, 2007
1. Patch from Xavier Robin so that CGI::Carp issues a 500 Status code rather than a 200 status code.
2. Patch from Alexander Klink to select correct temporary directory in OSX Leopard so that upload works.
3. Possibly fixed "wrapped pack" error on 5.10 and higher.
Version 3.30
1. Patch from Mike Barry to handle POSTDATA in the same way as PUT.
2. Patch from Rafael Garcia-Suarez to correctly reencode unicode values as byte values.
Version 3.29, Apr 16, 2007
1. The position of file handles is now reset to zero when CGI->new is called.
(Mark Stosberg)
2. uploadInfo() now works across multiple object instances. Also, the first
tests for uploadInfo() were added as part of the fix. (CPAN bug 11895, with
contributions from drfrench and Mark Stosberg).
Version 3.28, Mar 29, 2007
1. Applied patch from Allen Day that makes Cookie parsing RFC2109 compliant
(attribute/values can be separated by commas as well as semicolons).
2. Applied patch from Stephan Struckmann that allows script_name() to be set correctly.
3. Fixed problem with url(-full) in which port number appears twice.
Version 3.27, Feb 27, 2007
1. Applied patch from Steve Taylor that allows checkbox_groups to be
disabled with a new -disabled=> option.
Version 3.26
1. Fixed alternate stylesheet behavior so that it is insensitive to order of declarations.
2. Patch from John Binns to allow users to provide a callback to CGI::Carp.
3. Added "~" as an unreserved character in escape().
4. Patch from Chris Fedde to prevent HTTP_HOST from inhibiting SERVER_PORT in url() generation.
5. Fixed outdated documentation (and behavior) of -language in start_html -script option.
6. Fixed bug in seconds calculation in CGI::Util::expire_calc.
Version 3.25, Sep 28, 2006
1. Fixed the link to the Netscape frames page.
2. Added ability to specify an alternate stylesheet.
3. Add support for XForms POST submssion both as application/xml or as multipart/related
Version 3.24
1. In startform(), if request_uri() returns undef, then falls back
to self_url(). This should rarely happen except when run outside of
the CGI environment.
2. image button alignment options were mistakenly being capitalized, causing xhtml validation to fail.
Version 3.23, Aug 23, 2006
1. Typo in upload() persisted, now fixed for real. Thanks to
Emanuele Zeppieri for correct patch and regression test.
Version 3.22, Aug 23, 2006
1. Typo in upload() function broke uploads. Now fixed (CPAN bug 21126).
Version 3.21, Aug 21, 2006
1. Don't try to read data at all when POST > $POST_MAX.
2. Fixed bug that caused $cgi->param('name',undef,'value') to unset param('name') entirely.
3. Fixed bug in which upload() sometimes returns empty. (CPAN bug #12694).
4. Incorporated patch from BURAK@cpan.org to support HTTPcookies (CPAN bug 21019).
Version 3.20
2. Added P3P option to header().
3. Patches from Alexey Mahotkin to make CGI::Carp work correctly with
object-oriented exceptions.
4. Removed inaccurate description of how to set multiple cookies from
CGI::Cookie pod file.
5. Patch from Kevin Mahony to prevent running out of filehandles when
uploading lots of files.
6. Documentation enhancement from Mark Fisher to note that the
import_names() method transforms the parameter names into valid
Perl names.
7. Patch from Dan Harkless to suppress lang attribute in <html> tag
if specified as a null string.
8. Patch from Ben Edgington to fix broken XHTML-transitional 1.0
validation on endform().
9. Custom html header fix from Steffen Beyer (first letter correctly
upcased now)
10. Added a -verbatim option to stylesheet generation from Michael
Dickson
11. Faster delete() method from Neelam Gupta
12. Fixed broken Cygwin support.
13. Added empty charset support from Bradley Baetz
14. Patches from Doug Perham and Kevin Mahoney to fix file upload
failures when uploaded file is a multiple of 4096.
Version 2.89
1. Fixed behavior of ACTION tag when POSTING to a URL that has a
query string.
2. Added Patch from Michael Rommel to handle multipart/mixed uploads
from Opera
Version 2.88
1. Fixed problem with uploads being refused under Perl 5.8 when under
Taint mode.
2. Fixed uninitialized variable warnings under Perl 5.8.
3. Fixed CGI::Pretty regression test failures.
Version 2.87
1. Security hole patched: when processing multipart/form-data
postings, most arguments were being untainted silently. Returned
arguments are now tainted correctly. This may cause some scripts
to fail that used to work (thanks to Nick Cleaton for pointing
this out and persisting until it was fixed).
2. Update for mod_perl 2.0.
3. Pragmas such as -no_xhtml are now respected in mod_perl
environment.
Version 2.86
1. Fixes for broken CGI::Cookie expiration dates introduced in 2.84.
Version 2.85
1. Fix for broken autoEscape function introduced in 2.84.
Version 2.84
1. Fix for failed file uploads on Cygwin platforms.
2. HTML escaping code now replaced 0x8b and 0x9b with unicode
references < and *#8250;
Version 2.83
1. Fixed autoEscape() documentation inconsistencies.
2. Patch from Ville Skytt� to fix a number of XHTML inconsistencies.
3. Added Max-Age to list of CGI::Cookie headers.
Version 2.82
1. Patch from Rudolf Troller to add attribute setting and option
groups to form fields.
2. Patch from Simon Perreault for silent crashes when using CGI::Carp
under mod_perl.
3. Patch from Scott Gifford allows you to set the program name for
CGI::Carp.
Version 2.81
1. Removed extraneous slash from end of stylesheet tags generated by
start_html in non-XHTML mode.
2. Changed behavior of CGI::Carp with respect to eval{} contexts so
that output behaves properly in mod_perl environments.
3. Fixed default DTD so that it validates with W3C validator.
Version 2.80
1. Fixed broken messages in CGI::Carp.
2. Changed checked="1" to checked="checked" for real XHTML
compatibility.
3. Resurrected REQUEST_URI code so that url() works correctly with
multiviews.
Version 2.79
1. Changes to CGI::Carp to avoid "subroutine redefined" error
messages.
2. Default DTD is now XHTML 1.0 Transitional
3. Patches to support all HTML4 tags.
Version 2.78
1. Added ability to change encoding in <?xml> assertion.
2. Fixed the old escapeHTML('CGI') ne "CGI" bug
3. In accordance with XHTML requirements, there are no longer any
minimized attributes, such as "checked".
4. Patched bug which caused file uploads of exactly 4096 bytes to be
truncated to 4094 (thanks to Kevin Mahony)
5. New tests and fixes to CGI::Pretty (thanks to Michael Schwern).
Version 2.77
1. No new features, but released in order to fix an apparent CPAN
bug.
Version 2.76
1. New esc.t regression test for EBCDIC translations courtesy Peter
Prymmer.
2. Patches from James Jurach to make compatible with FCGI-ProcManager
( run in 3.137 seconds using v1.01-cache-2.11-cpan-39bf76dae61 )