1.113 2010-12-27
- (thanks to Yamada Masahiro) randomise multipart boundary string
(security).
- Numerous changes from Mark Stosberg:
Port max-age support from CGI.pm, to improve compatibility and
RFC-compliance
Correct header comment in cookie.t
It claims that is a simple copy/paste/modify from CGI.pm's test
by the same name, but this has not been true for some time--
CGI::Simple added
httponly tests that CGI.pm lacks, for example.
Sync cookie references with CGI.pm: add reference to the
newer RFC 2695
"Interface to browse cookies" looks like it was typo for
"browser". HTTP is more precise.
Fix awkward "CGI::Simple.pm" language. It looks like it probably
originated from the CGI.pm form. "CGI::Simple" is used instead.
Best Practice: eliminate indirect object notation from new(),
parse() and fetch() calls
Security: Fix handling of embedded malicious newlines in header
values This is a direct port of the same security fix that
Security: use a random MIME boundary by default in
multipart_init(). This is a direct port of the same issue
which was addressed in CGI.pm, preventing some kinds of
potential header injection attacks.
Port from CGI.pm: Fix multi-line header parsing.
This fix is covered by the tests in t/header.t added in
the previous patch. If you run those tests without this
patch, you'll see how the headers would be malformed
without this fix.
Port CRLF injection prevention from CGI.pm
Optimize Vars(): Don't build %hash if we aren't going to use it.
Micro-optimization to Vars(): Don't call "tie" unless we need to.
- Numerous changes from K. Berov:
Added "+" to the mime character class.
Added tests for C<$mime = $q->upload_info( $filename, 'mime' );>
Fixed wrong match for mimetypes. Example: matched only
'application/vnd' instead of 'application/vnd.ms-excel'.
Added "\." to the mime character class
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.
sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
- Updating package of p5 module for CGI::Simple from 1.109 to 1.112
- Adjusting dependencies according to META:yaml
- Setting LICENSE=${PERL5_LICENSE} according to META.yaml
Upstream changes since 1.109:
1.110 2009-05-24
- Added missing test to manifest / distro.
- Added a test to ensure the manifest is consistent.
- Migrated to git.
1.111 2009-05-28
- Implemented Michael Nachbaur fixes for multipart form data
handling.
1.112 2009-05-31
- (thanks bingos) added missing IO::Scalar dependency.
- Updating package for p5 module CGI::Simple to 1.109
Upstream changes:
1.107 2009-03-07
- CGI::Simple::Cookie, fixed bug when cookie had both leading and
trailing white space (RT#34314, Ron Savage and Mark Stosberg)
- Accept a comma as well as semi-colon as a cookie separator. This
is consistent with CGI.pm as well as RFC 2965, which states: "A
server SHOULD also accept comma (,) as the separator between cookie-
values for future compatibility." (Mark Stosberg)
- Support cookies which have an equals sign in the value. Ported
from CGI.pm (Mark Stosberg)
- Support cookies in which one of multiple values is empty. Ported
from CGI.pm (Mark Stosberg)
- Fixed bug when calling unescapeHTML on HTML that wasn't
properly escaped in the first place. Thanks to M-Uchino and
Mark Stosberg.
- Removed bogus dependency on version.pm.
- Add heuristic to upload to handle the case where no boundary is
specified in CONTENT_TYPE. See #14838.
1.108 2009-03-13
- Remove bogus references to Selfloader in documenation. No
functional changes.
1.109 2009-04-16
- Added support for HttpOnly to CGI::Simple::Cookie. Thanks to
Scott Thomson for the patch.
Pkgsrc changes:
o Change to Module::Build
Upstream changes:
1.106 2008-09-14
- Added missing Apache2 modules. Refs #39146 and #38931. Thanks
to RSAVAGE.
- Applied BEROV's patch for UTF-8 form data handling. Refs #12481.
Thanks to BEROV.
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
CGI::Simple provides a relatively lightweight drop in replacement
for CGI.pm. It shares an identical OO interface to CGI.pm for
parameter parsing, file upload, cookie handling and header generation.
