- Fixed crash in Dump() function.
- Removed warning from reset() method.
- Moved <area> and <map> tags into the :html3 group. Hope this removes
undefined CGI::Area errors.
- Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore
reporting of compile-time errors.
- Fixed potential deadlock between web server and CGI.pm when aborting
a read due to POST_MAX (reported by Antti Lankila).
- Fixed issue with tag-generating function not incorporating content when
first variable undef.
- Fixed cross-site scripting bug reported by obscure.
- Fixed Dump() function to return correctly formed XHTML - bug reported by
Ralph Siemsen.
- Fix to be P3P compliant submitted from MPREWITT.
- Added CGI->r() API for mod_perl1/mod_perl2.
- Fixed bug in redirect() that was corrupting cookies.
- Minor fix to behavior of reset() button to make it consistent with
submit() button (first time this has been changed in 9 years).
- Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher.
- Patch from Steve Hay to make CGI::Carp's error messages appear on MSIE
browsers.
- Added Yair Lenga's patch for non-urlencoded postings.
- Added Stas Bekman's patches for mod_perl 2 compatibility.
- Fixed uninitialized escape behavior submitted by William Campbell.
- Fixed tied behavior so that you can pass arguments to tie()
- Fixed incorrect generation of URLs when the path_info contains + and other
odd characters.
- Fixed redirect(-cookies=>$cookie) problem.
- Fixed tag generation bug that affects -javascript passed to start_html().
- Attribute generation now correctly respects the value of autoEscape()
- Fixed endofrm() syntax error
- Fixed bug in redirect header handling
- Added P3P option to header()
- Patches to make CGI::Carp work correctly with object-oriented exceptions
- Removed inaccurate description of how to set multiple cookies from
CGI::Cookie pod file
- Patch to prevent running out of filehandles when uploading lots of files
- Documentation enhancement to note that the import_names() method
transforms the parameter names into valid Perl names
- Patch to suppress lang attribute in <html> tag if not provided explicitly
- Patch to fix broken XHTML-transitional 1.0 validation on endform()
- Custom html header fix (first letter correctly upcased now)
- Added a -verbatim option to stylesheet generation
- Faster delete() method
- Added empty charset support
- Patch to fix file upload failures when uploaded file is a multiple of 4096
- Fixed behavior of ACTION tag when POSTING to a URL that has a query
string
- Patch to handle multipart/mixed uploads from Opera
Edited list of changes (many bug fixes removed):
Version 2.87
1. Security hole patched: when processing multipart/form-data postings,
most arguments were being untainted silently. Returned arguments are
now tainted correctly. This may cause some scripts to fail that used
to work (thanks to Nick Cleaton for pointing this out and persisting
until it was fixed).
2. Update for mod_perl 2.0.
3. Pragmas such as -no_xhtml are now respected in mod_perl environment.
Version 2.84
2. HTML escaping code now replaced 0x8b and 0x9b with unicode references
< and *#8250;
Version 2.83
3. Added Max-Age to list of CGI::Cookie headers.
Version 2.82
1. Patch from Rudolf Troller to add attribute setting and option groups
to form fields.
3. Patch from Scott Gifford allows you to set the program name for
CGI::Carp.
Version 2.81
1. Removed extraneous slash from end of stylesheet tags generated by
start_html in non-XHTML mode.
2. Changed behavior of CGI::Carp with respect to eval{} contexts so that
output behaves properly in mod_perl environments.
Version 2.80
2. Changed checked="1" to checked="checked" for real XHTML compatibility.
3. Resurrected REQUEST_URI code so that url() works correctly with
multiviews.
<briggs@ninthwonder.com>. If you use CGI.pm, then this update is highly
recommended. Changes from version 2.75.2 include:
* Changes to CGI::Carp to avoid "subroutine redefined" error messages.
* Default DTD is now XHTML 1.0 Transitional
* Patches to support all HTML4 tags.
* Added ability to change encoding in <?xml> assertion.
* Fixed the old escapeHTML('CGI') ne "CGI" bug
* In accordance with XHTML requirements, there are no longer any
minimized attributes, such as "checked".
--> Patched bug which caused file uploads of exactly 4096 bytes to be
truncated to 4094 (thanks to Kevin Mahony)
* New tests and fixes to CGI::Pretty (thanks to Michael Schwern).
* New esc.t regression test for EBCDIC translations courtesy Peter
Prymmer.
* Patches from James Jurach to make compatible with FCGI-ProcManager
* Additional fields passed to header() (like -Content_disposition) now
honor initial capitalization.
* Patch from Andrew McNaughton to handle utf-8 escapes (%uXXXX codes) in
URLs.
