projects / p5sagit/p5-mst-13.2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | history | HEAD
Upgrade to CGI.pm 3.08
[p5sagit/p5-mst-13.2.git] / lib / CGI / Changes
CommitLineData
741ff09d 1 Version 3.08
2 1. update support for mod_perl 2.0. versions prior to
3 mod_perl 1.999_22 (2.0.0-RC5) are no longer supported.
4
976c4ade 5 Version 3.07
6 1. Fixed typo in mod_perl detection.
7
8 Version 3.06
9
10 1. Fixed bare call to script() in start_html
11 2. Moved Fh::DESTROY out of autoloaded functions so as to avoid
12 clobbering $@ when CGI functions are executed in an eval{}
13 context.
14 3. mod_perl 2.0 version detection patch in CGI::Cookie provided by
15 Allen Day.
16 4. autoEscape() flag is now respected when generating extra
17 attributes.
18 5. Tests for *tag start/end generation from Shlomi Fish.
19 6. Support for can() method provided by Ron Savage.
20 7. Fix for lang='' when outputting XHTML.
21 8. Added support for chunked transfer encoding, as suggested by
22 Hakan Ardo
23 9. Fixed clobbering of row and column headers in tableized radio
24 and checkbox groups, as reported by Nicolas Thierry-Mieg.
25 10. <Label> tags are now associated with form elements, as suggested
26 by accessibility guidelines.
27 11. The <?xml> directive produced by start_html is now turned off by
28 default and the charset is specified in a <meta> directive. Apparently
29 IE6 (and maybe some versions of Opera) were getting confused by this.
30 12. Support for tab indexes.
31 13. Retired the HTML docs. The POD docs are now primary documentation.
32 14. CGI::Carp now correctly detects and handles Apache::Dispatch.
33 15. CGI::Util::utf8_chr now correctly sets the UTF8 flag on 5.006 or
34 higher perls (fix courtesy Slaven Rezic).
35
36
37 Version 3.05
38
39 1. Fixed uninitialized variable warning on start_form() when running
40 from command line.
41 2. Fixed CGI::_set_attributes so that attributes with a - are handled
42 correctly.
43 3. Fixed CGI::Carp::die() so as to avoid problems from _longmess()
44 clobbering @_.
45 4. If HTTP_X_FORWARDED_HOST is defined (i.e. running under a proxy),
46 the various functions that return HOST will use that instead.
47 5. Fix for undefined utf8() call in CGI::Util.
48 6. Changed the call to warningsToBrowser() in
49 CGI::Carp::fatalsToBrowser to call only after HTTP header is sent
50 (thanks to Didier Lebrun for noticing).
51 7. Patches from Dan Harkless to make CGI.pm validatable against HTML
52 3.2.
53 8. Fixed an extraneous "foo=bar" appearing when extra style
54 parameters passed to start_html;
55 9. Fixed cross-site scripting bug in startform() pointed out by Dan
56 Harkless.
57 10. Fixed documentation to discuss list context behavior of
58 form-element generators explicitly.
59 11. Fixed incorrect results from end_form() when called in OO manner.
60 12. Fixed query string stripping in order to handle URLs containing
61 escaped newlines.
62 13. During server push, set NPH to 0 rather than 1. This is supposed
63 to fix problems with Apache.
64 14. Fixed incorrect processing of multipart form fields that contain
65 embedded quotes. There's still the issue of how to handle ones
66 that contain embedded semicolons, but no one has complained (yet).
67 15. Fixed documentation bug in -style argument to start_html()
68 16. Added -status argument to redirect().
69
70 Version 3.04
71
72 1. Fixed the problem with mod_perl crashing when "defaults" button
73 pressed.
74
75 Version 3.03
76
77 1. Fix upload hook functionality
78 2. Workaround for CGI->unescape_html()
79 3. Bumped version numbers in CGI::Fast and CGI::Util for 5.8.3-tobe
80
81 Version 3.02
82
83 1. Bring in Apache::Response just in case.
84 2. File upload on EBCDIC systems now works.
85
86 Version 3.01
87
88 1. No fix yet for upload failures when running on EBCDIC server.
89 2. Fixed uninitialized glob warnings that appeared when file
90 uploading under perl 5.8.2.
91 3. Added patch from Schlomi Fish to allow debugging of PATH_INFO from
92 command line.
93 4. Added patch from Steve Hay to correctly unlink tmp files under
94 mod_perl/windows
95 5. Added upload_hook functionality from Jamie LeTaul
96 6. Workarounds for mod_perl 2 IO issues. Check that file upload and
97 state saving still working.
98 7. Added code for underreads.
99 8. Fixed misleading description of redirect() and relative URLs in
100 the POD docs.
101 9. Workaround for weird interaction of CGI::Carp with Safe module
102 reported by William McKee.
103 10. Added patches from Ilmari Karonen to improve behavior of
104 CGI::Carp.
105 11. Fixed documentation error in -style argument.
106 12. Added virtual_port() method for finding out what port server is
107 listening on in a virtual-host aware fashion.
108
109 Version 3.00
110
111 1. Patch from Randal Schwartz to fix bug introduced by cross-site
112 scripting vulnerability "fix."
113 2. Patch from JFreeman to replace UTF-8 escape constant of 0xfe with
114 0xfc. Hope this is right!
115
116 Version 2.99
117
118 1. Patch from Steve Hay to fix extra Content-type: appearing on
119 browser screen when FatalsToBrowser invoked.
120 2. Patch from Ewann Corvellec to fix cross-site scripting
121 vulnerability.
122 3. Fixed tmpdir routine for file uploading to solve problem that
123 occurs under mod_perl when tmpdir is writable at startup time, but
124 not at session time.
125
126 Version 2.98
127
128 1. Fixed crash in Dump() function.
129
130 Version 2.97
131
132 1. Sigh. Uploaded wrong 2.96 to CPAN.
133
134 Version 2.96
135
136 1. More bugfixes to the -style argument.
137
138 Version 2.95
139
140 1. Fixed bugs in start_html(-style=>...) support introduced in 2.94.
141
142 Version 2.94
143
144 1. Removed warning from reset() method.
145 2. Moved
146
147 and tags into the :html3 group. Hope this removes undefined CGI::Area
148 errors.
149
150 Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore
151 reporting of compile-time errors.
152
153 Fixed potential deadlock between web server and CGI.pm when aborting
154 a read due to POST_MAX (reported by Antti Lankila).
155
156 Fixed issue with tag-generating function not incorporating content
157 when first variable undef.
158
159 Fixed cross-site scripting bug reported by obscure.
160
161 Fixed Dump() function to return correctly formed XHTML - bug
162 reported by Ralph Siemsen.
163
164 Version 2.93
165
166 1. Fixed embarassing bug in mp1 support.
167
168 Version 2.92
169
170 1. Fix to be P3P compliant submitted from MPREWITT.
171 2. Added CGI->r() API for mod_perl1/mod_perl2.
172 3. Fixed bug in redirect() that was corrupting cookies.
173 4. Minor fix to behavior of reset() button to make it consistent with
174 submit() button (first time this has been changed in 9 years).
175 5. Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher.
176 6. Patch from Steve Hay to make CGI::Carp's error messages appear on
177 MSIE browsers.
178 7. Added Yair Lenga's patch for non-urlencoded postings.
179 8. Added Stas Bekman's patches for mod_perl 2 compatibility.
180 9. Fixed uninitialized escape behavior submitted by William Campbell.
181 10. Fixed tied behavior so that you can pass arguments to tie()
182 11. Fixed incorrect generation of URLs when the path_info contains +
183 and other odd characters.
184 12. Fixed redirect(-cookies=>$cookie) problem.
185 13. Fixed tag generation bug that affects -javascript passed to
186 start_html().
187
188 Version 2.91
189
190 1. Attribute generation now correctly respects the value of
191 autoEscape().
192 2. Fixed endofrm() syntax error introduced by Ben Edgington's patch.
193
194 Version 2.90
195
196 1. Fixed bug in redirect header handling.
197 2. Added P3P option to header().
198 3. Patches from Alexey Mahotkin to make CGI::Carp work correctly with
199 object-oriented exceptions.
200 4. Removed inaccurate description of how to set multiple cookies from
201 CGI::Cookie pod file.
202 5. Patch from Kevin Mahony to prevent running out of filehandles when
203 uploading lots of files.
204 6. Documentation enhancement from Mark Fisher to note that the
205 import_names() method transforms the parameter names into valid
206 Perl names.
207 7. Patch from Dan Harkless to suppress lang attribute in <html> tag
208 if specified as a null string.
209 8. Patch from Ben Edgington to fix broken XHTML-transitional 1.0
210 validation on endform().
211 9. Custom html header fix from Steffen Beyer (first letter correctly
212 upcased now)
213 10. Added a -verbatim option to stylesheet generation from Michael
214 Dickson
215 11. Faster delete() method from Neelam Gupta
216 12. Fixed broken Cygwin support.
217 13. Added empty charset support from Bradley Baetz
218 14. Patches from Doug Perham and Kevin Mahoney to fix file upload
219 failures when uploaded file is a multiple of 4096.
220
221 Version 2.89
222
223 1. Fixed behavior of ACTION tag when POSTING to a URL that has a
224 query string.
225 2. Added Patch from Michael Rommel to handle multipart/mixed uploads
226 from Opera
227
228 Version 2.88
229
230 1. Fixed problem with uploads being refused under Perl 5.8 when under
231 Taint mode.
232 2. Fixed uninitialized variable warnings under Perl 5.8.
233 3. Fixed CGI::Pretty regression test failures.
234
235 Version 2.87
236
237 1. Security hole patched: when processing multipart/form-data
238 postings, most arguments were being untainted silently. Returned
239 arguments are now tainted correctly. This may cause some scripts
240 to fail that used to work (thanks to Nick Cleaton for pointing
241 this out and persisting until it was fixed).
242 2. Update for mod_perl 2.0.
243 3. Pragmas such as -no_xhtml are now respected in mod_perl
244 environment.
245
246 Version 2.86
247
248 1. Fixes for broken CGI::Cookie expiration dates introduced in 2.84.
249
250 Version 2.85
251
252 1. Fix for broken autoEscape function introduced in 2.84.
253
254 Version 2.84
255
256 1. Fix for failed file uploads on Cygwin platforms.
257 2. HTML escaping code now replaced 0x8b and 0x9b with unicode
258 references < and *#8250;
259
260 Version 2.83
261
262 1. Fixed autoEscape() documentation inconsistencies.
263 2. Patch from Ville Skyttä to fix a number of XHTML inconsistencies.
264 3. Added Max-Age to list of CGI::Cookie headers.
265
266 Version 2.82
267
268 1. Patch from Rudolf Troller to add attribute setting and option
269 groups to form fields.
270 2. Patch from Simon Perreault for silent crashes when using CGI::Carp
271 under mod_perl.
272 3. Patch from Scott Gifford allows you to set the program name for
273 CGI::Carp.
274
275 Version 2.81
276
277 1. Removed extraneous slash from end of stylesheet tags generated by
278 start_html in non-XHTML mode.
279 2. Changed behavior of CGI::Carp with respect to eval{} contexts so
280 that output behaves properly in mod_perl environments.
281 3. Fixed default DTD so that it validates with W3C validator.
282
283 Version 2.80
284
285 1. Fixed broken messages in CGI::Carp.
286 2. Changed checked="1" to checked="checked" for real XHTML
287 compatibility.
288 3. Resurrected REQUEST_URI code so that url() works correctly with
289 multiviews.
290
291 Version 2.79
292
293 1. Changes to CGI::Carp to avoid "subroutine redefined" error
294 messages.
295 2. Default DTD is now XHTML 1.0 Transitional
296 3. Patches to support all HTML4 tags.
297
298 Version 2.78
299
300 1. Added ability to change encoding in <?xml> assertion.
301 2. Fixed the old escapeHTML('CGI') ne "CGI" bug
302 3. In accordance with XHTML requirements, there are no longer any
303 minimized attributes, such as "checked".
304 4. Patched bug which caused file uploads of exactly 4096 bytes to be
305 truncated to 4094 (thanks to Kevin Mahony)
306 5. New tests and fixes to CGI::Pretty (thanks to Michael Schwern).
307
308 Version 2.77
309
310 1. No new features, but released in order to fix an apparent CPAN
311 bug.
312
313 Version 2.76
314
315 1. New esc.t regression test for EBCDIC translations courtesy Peter
316 Prymmer.
317 2. Patches from James Jurach to make compatible with FCGI-ProcManager
318 3. Additional fields passed to header() (like -Content_disposition)
319 now honor initial capitalization.
320 4. Patch from Andrew McNaughton to handle utf-8 escapes (%uXXXX
321 codes) in URLs.
322
323 Version 2.752
324
325 1. Syntax error in the autoloaded Fh::new() subroutine.
326 2. Better error reporting in autoloaded functions.
327
328 Version 2.751
329
330 1. Tiny tweak to filename regular expression function on line 3355.
331
332 Version 2.75
333
334 1. Fixed bug in server push boundary strings (CGI.pm and CGI::Push).
335 2. Fixed bug that occurs when uploading files with funny characters
336 in the name
337 3. Fixed non-XHTML-compliant attributes produced by textfield()
338 4. Added EPOC support, courtesy Olaf Flebbe
339 5. Fixed minor XHTML bugs.
340 6. Made escape() and unescape() symmetric with respect to EBCDIC,
341 courtesy Roca, Ignasi <ignasi.roca@fujitsu.siemens.es>
342 7. Removed uninitialized variable warning from CGI::Cookie, provided
343 by Atipat Rojnuckarin <rojnuca@yahoo.com>
344 8. Fixed bug in CGI::Pretty that causes it to print partial end tags
345 when the $INDENT global is changed.
346 9. Single quotes are changed to character entity ' for compatibility
347 with URLs.
348
349 Version 2.74
350
351 September 13, 2000
352 1. Quashed one-character bug that caused CGI.pm to fail on file
353 uploads.
354
355 Version 2.73
356
357 September 12, 2000
358 1. Added -base to the list of arguments accepted by url().
359 2. Fixes to XHTML support.
360 3. POST parameters no longer show up in the Location box.
361
362 Version 2.72
363
364 August 19, 2000
365 1. Fixed the defaults button so that it works again
366 2. Charset is now correctly saved and restored when saving to files
367 3. url() now works correctly when given scripts with %20 and other
368 escapes in the additional path info. This undoes a patch
369 introduced in version 2.47 that I no longer understand the
370 rationale for.
371
372 Version 2.71
373
374 August 13, 2000
375 1. Newlines in the value attributes of hidden fields and other form
376 elements are now escaped when using ISO-Latin.
377 2. Inline script and style sections are now protected as CDATA
378 sections when XHTML mode is on (the default).
379
380 Version 2.70
381
382 August 4, 2000
383 1. Fixed bug in scrolling_list() which omitted a space in front of
384 the "multiple" attribute.
385 2. Squashed the "useless use of string in void context" message from
386 redirects.
387
388 Version 2.69
389
390 1. startform() now creates default ACTION for POSTs as well as GETs.
391 This may break some browsers, but it no longer violates the HTML
392 spec.
393 2. CGI.pm now emits XHTML by default. Disable with -no_xhtml.
394 3. We no longer interpret &#ddd sequences in non-latin character
395 sets.
396
397 Version 2.68
398
399 1. No longer attempts to escape characters when dealing with non
400 ISO-8861 character sets.
401 2. checkbox() function now defaults to using -value as its label,
402 rather than -name. The current behavior is what has been
403 documented from the beginning.
404 3. -style accepts array reference to incorporate multiple stylesheets
405 into document.
406
407 1. Fixed two bugs that caused the -compile pragma to fail with a
408 syntax error.
409
410 Version 2.67
411
412 1. Added XHTML support (incomplete; tags need to be lowercased).
413 2. Fixed CGI/Carp when running under mod_perl. Probably broke in
414 other contexts.
415 3. Fixed problems when passing multiple cookies.
416 4. Suppress warnings from _tableize() that were appearing when using
417 -w switch with radio_group() and checkbox_group().
418 5. Support for the header() -attachment argument, which can give
419 pages a default file name when saving to disk.
420
421 Version 2.66
422
423 1. 2.65 changes in make_attributes() broke HTTP header functions
424 (including redirect), so made it context sensitive.
425
426 Version 2.65
427
428 1. Fixed regression tests to skip tests that require implicit fork on
429 machines without fork().
430 2. Changed make_attributes() to automatically escape any HTML
431 reserved characters.
432 3. Minor documentation fix in javascript example.
433
434 Version 2.64
435
436 1. Changes introduced in 2.63 broke param() when retrieving parameter
437 lists containing only a single argument. This is now fixed.
438 2. self_url() now defaults to returning parameters delimited with
439 semicolon. Use the pragma -oldstyle_urls to get the old "&"
440 delimiter.
441
442 Version 2.63
443
444 1. Fixed CGI::Push to pull out parameters correctly.
445 2. Fixed redirect() so that it works with default character set
446 3. Changed param() so as to returned empty string '' when referring
447 to variables passed in query strings like 'name1=&name2'
448
449 Version 2.62
450
451 1. Fixed broken ReadParse() function, and added regression tests
452 2. Fixed broken CGI::Pretty, and added regression tests
453
454 Version 2.61
455
456 1. Moved more functions from CGI.pm proper into CGI/Util.pm.
457 CGI/Cookie should now be standalone.
458 2. Disabled per-user temporary directories, which were causing grief.
459
460 Version 2.60
461
462 1. Fixed junk appearing in autogenerated HTML functions when using
463 object-oriented mode.
464
465 Version 2.59
466
467 1. autoescape functionality breaks too much existing code, removed
468 it.
469 2. use escapeHTML() manually
470
471 Version 2.58
472
473 This is the release version of 2.57.
474
475 Version 2.57
476
477 1. Added -debug pragma and turned off auto reading of STDIN.
478 2. Default DTD updated to HTML 4.01 transitional.
479 3. Added charset() method and the -charset argument to header().
480 4. Fixed behavior of escapeHTML() to respect charset() and to escape
481 nasty Windows characters (thanks to Tom Christiansen).
482 5. Handle REDIRECT_QUERY_STRING correctly.
483 6. Removed use_named_parameters() because of dependency problems and
484 general lameness.
485 7. Fixed problems with bad HREF links generated by url(-relative=>1)
486 when the url is like /people/.
487 8. Silenced a warning on upload (patch provided by Jonas Liljegren)
488 9. Fixed race condition in CGI::Carp when errors occur during parsing
489 (patch provided by Maurice Aubrey).
490 10. Fixed failure of url(-path_info=>1) when path contains % signs.
491 11. Fixed warning from CGI::Cookie when receiving foreign cookies that
492 don't use name=value format.
493 12. Fixed incompatibilities with file uploading on VMS systems.
494
495 Version 2.56
496
497 1. Fixed bugs in file upload introduced in version 2.55
498 2. Fixed long-standing bug that prevented two files with identical
499 names from being uploaded.
500
501 Version 2.55
502
503 1. Fixed cookie regression test so as not to produce an error.
504 2. Fixed path_info() and self_url() to work correctly together when
505 path_info() modified.
506 3. Removed manify warnings from CGI::{Switch,Apache}.
507
508 Version 2.54
509
510 1. This will be the last release of the monolithic CGI.pm module.
511 Later versions will be modularized and optimized.
512 2. DOMAIN tag no longer added to cookies by default. This will break
513 some versions of Internet Explorer, but will avoid breaking
514 networks which use host tables without fully qualified domain
515 names. For compatibility, please always add the -domain tag when
516 creating cookies.
517 3. Fixed escape() method so that +'s are treated correctly.
518 4. Updated CGI::Pretty module.
519
520 Version 2.53
521
522 1. Forgot to upgrade regression tests before releasing 2.52. NOTHING
523 ELSE HAS CHANGED IN LIBRARY
524
525 Version 2.52
526
527 1. Spurious newline in checkbox() routine removed. (courtesy John
528 Essen)
529 2. TEXTAREA linebreaks now respected in dump() routine. (courtesy
530 John Essen)
531 3. Patches for DOS ports (courtesy Robert Davies)
532 4. Patches for VMS
533 5. More fixes for cookie problems
534 6. Fix CGI::Carp so that it doesn't affect eval{} blocks (courtesy
535 Byron Brummer)
536
537 Version 2.51
538
539 1. Fixed problems with cookies not being remembered when sent to IE
540 5.0 (and Netscape 5.0 too?)
541 2. Numerous HTML compliance problems in cgi_docs.html; fixed thanks
542 to Michael Leahy
543
544 Version 2.50
545
546 1. Added a new Vars() method to retrieve all parameters as a tied
547 hash.
548 2. Untainted tainted tempfile name so that script doesn't fail on
549 terminal unlink.
550 3. Made picking of upload tempfile name more intelligent so that
551 doesn't fail in case of name collision.
552 4. Fixed handling of expire times when passed an absolute timestamp.
553 5. Changed dump() to Dump() to avoid name clashes.
554
555 Version 2.49
556
557 1. Fixes for FastCGI (globals not getting reset)
558 2. Fixed url() to correctly handle query string and path under
559 MOD_PERL
560
561 Version 2.48
562
563 1. Reverted detection of MOD_PERL to avoid breaking PerlEX.
564
565 Version 2.47
566
567 1. Patch to fix file upload bug appearing in IE 3.01 for
568 Macintosh/PowerPC.
569 2. Replaced use of $ENV{SCRIPT_NAME} with $ENV{REQUEST_URI} when
570 running under Apache, to fix self-referencing URIs.
571 3. Fixed bug in escapeHTML() which caused certain constructs, such as
572 CGI->image_button(), to fail.
573 4. Fixed bug which caused strong('CGI') to fail. Be careful to use
574 CGI::strong('CGI') and not CGI->strong('CGI'). The latter will
575 produce confusing results.
576 5. Added upload() function, as a preferred replacement for the
577 "filehandle as string" feature.
578 6. Added cgi_error() function.
579 7. Rewrote file upload handling to return undef rather than dieing
580 when an error is encountered. Be sure to call cgi_error() to find
581 out what went wrong.
582
583 Version 2.46
584
585 1. Fix for failure of the "include" tests under mod_perl
586 2. Added end_multipart_form to prevent failures during qw(-compile
587 :all)
588
589 Version 2.45
590
591 1. Multiple small documentation fixes
592 2. CGI::Pretty didn't get into 2.44. Fixed now.
593
594 Version 2.44
595
596 1. Fixed file descriptor leak in upload function.
597 2. Fixed bug in header() that prevented fields from containing double
598 quotes.
599 3. Added Brian Paulsen's CGI::Pretty package for pretty-printing
600 output HTML.
601 4. Removed CGI::Apache and CGI::Switch from the distribution.
602 5. Generated start_* shortcuts so that start_table(), end_table(),
603 start_ol(), end_ol(), and so forth now work (see the docs on how
604 to enable this feature).
605 6. Changed accept() to Accept(), sub() to Sub(). There's still a
606 conflict with reset(), but this will break too many existing
607 scripts!
608
609 Version 2.43
610
611 1. Fixed problem with "use strict" and file uploads (thanks to Peter
612 Haworth)
613 2. Fixed problem with not MSIE 3.01 for the power_mac not doing file
614 uploads right.
615 3. Fixed problem with file upload on IIS 4.0 when authorization in
616 use.
617 4. -content_type and '-content-type' can now be provided to header()
618 as synonyms for -type.
619 5. CGI::Carp now escapes the ampersand BEFORE escaping the > and <
620 signs.
621 6. Fixed "not an array reference" error when passing a hash reference
622 to radio_group().
623 7. Fixed non-removal of uploaded TMP files on NT platforms which
624 occurs when server runs on non-C drive (thanks to Steve Kilbane
625 for finding this one).
626
627 Version 2.42
628
629 1. Too many screams of anguish at changed behavior of url(). Is now
630 back to its old behavior by default, with options to generate all
631 the variants.
632 2. Added regression tests. "make test" now works.
633 3. Documentation fixes.
634 4. Fixes for Macintosh uploads, but uploads STILL do not work pending
635 changes to MacPerl.
636
637 Version 2.41
638
639 1. url() method now includes the path info. Use script_name() to get
640 it without path info().
641 2. Changed handling of empty attributes in HTML tag generation. Be
642 warned! Use table({-border=>undef}) rather than
643 table({-border=>''}).
644 3. Changes to allow uploaded filenames to be compared to other
645 strings with "eq", "cmp" and "ne".
646 4. Changes to allow CGI.pm to coexist more peacefully with
647 ActiveState PerlEX.
648 5. Changes to prevent exported variables from clashing when importing
649 ":all" set in combination with cookies.
650
651 Version 2.40
652
653 1. CGI::Carp patched to work better with mod_perl (thanks to Chris
654 Dean).
655 2. Uploads of files whose names begin with numbers or the Windows
656 \\UNC\shared\file nomenclature should no longer fail.
657 3. The <STYLE> tag (for cascading style sheets) now generates the
658 required TYPE attribute.
659 4. Server push primitives added, thanks to Ed Jordan.
660 5. Table and other HTML3 functions are now part of the :standard set.
661 6. Small documentation fixes.
662
663 TO DO:
664 1. Do something about the DTD mess. The module should generate
665 correct DTDs, or at least offer the programmer a way to specify
666 the correct one.
667 2. Split CGI.pm into CGI processing and HTML-generating modules.
668 3. More robust file upload (?still not working on the Macintosh?).
669 4. Bring in all the HTML4 functionality, particular the accessibility
670 features.
671
672 Version 2.39
673
674 1. file uploads failing because of VMS patch; fixed.
675 2. -dtd parameter was not being properly processed.
676
677 Version 2.38
678
679 I finally got tired of all the 2.37 betas and released 2.38. The main
680 difference between this version and the last 2.37 beta (2.37b30) are
681 some fixes for VMS. This should allow file upload to work properly on
682 all VMS Web servers.
683
684 Version 2.37, various beta versions
685
686 1. Added a CGI::Cookie::parse() method for lucky mod_perl users.
687 2. No longer need separate -values and -labels arguments for
688 multi-valued form elements.
689 3. Added better interface to raw cookies (fix courtesy Ken Fox,
690 kfox@ford.com)
691 4. Added param_fetch() function for direct access to parameter list.
692 5. Fix to checkbox() to allow for multi-valued single checkboxes
693 (weird problem).
694 6. Added a compile() method for those who want to compile without
695 importing.
696 7. Documented the import pragmas a little better.
697 8. Added a -compile switch to the use clause for the long-suffering
698 mod_perl and Perl compiler users.
699 9. Fixed initialization routines so that FileHandle and type globs
700 work correctly (and hash initialization doesn't fail!).
701 10. Better deletion of temporary files on NT systems.
702 11. Added documentation on escape(), unescape(), unescapeHTML() and
703 unescapeHTML() subroutines.
704 12. Added documentation on creating subclasses.
705 13. Fixed problem when calling $self->SUPER::foo() from inheriting
706 subclasses.
707 14. Fixed problem using filehandles from within subroutines.
708 15. Fixed inability to use the string "CGI" as a parameter.
709 16. Fixed exponentially growing $FILLUNIT bug
710 17. Check for undef filehandle in read_from_client()
711 18. Now requires the UNIVERSAL.pm module, present in Perl 5.003_7 or
712 higher.
713 19. Fixed problem with uppercase-only parameters being ignored.
714 20. Fixed vanishing cookie problem.
715 21. Fixed warning in initialize_globals() under mod_perl.
716 22. File uploads from Macintosh versions of MSIE should now work.
717 23. Pragmas now preceded by dashes (-nph) rather than colons (:nph).
718 Old style is supported for backward compatability.
719 24. Can now pass arguments to all functions using {} brackets,
720 resolving historical inconsistencies.
721 25. Removed autoloader warnings about absent MultipartBuffer::DESTROY.
722 26. Fixed non-sticky checkbox() when -name used without -value.
723 27. Hack to fix path_info() in IIS 2.0. Doesn't help with IIS 3.0.
724 28. Parameter syntax for debugging from command line now more
725 straightforward.
726 29. Added $DISABLE_UPLOAD to disable file uploads.
727 30. Added $POST_MAX to error out if POSTings exceed some ceiling.
728 31. Fixed url_param(), which wasn't working at all.
729 32. Fixed variable suicide problem in s///e expressions, where the
730 autoloader was needed during evaluation.
731 33. Removed excess spaces between elements of checkbox and radio
732 groups
733 34. Can now create "valueless" submit buttons
734 35. Can now set path_info as well as read it.
735 36. ReadParse() now returns a useful function result.
736 37. import_names() now allows you to optionally clear out the
737 namespace before importing (for mod_perl users)
738 38. Made it possible to have a popup menu or radio button with a value
739 of "0".
740 39. link() changed to Link() to avoid overriding native link function.
741 40. Takes advantage of mod_perl's register_cleanup() function to clear
742 globals.
743 41. <LAYER> and <ILAYER> added to :html3 functions.
744 42. Fixed problems with private tempfiles and NT/IIS systems.
745 43. No longer prints the DTD by default (I bet no one will complain).
746 44. Allow underscores to replace internal hyphens in parameter names.
747 45. CGI::Push supports heterogeneous MIME types and adjustable delays
748 between pages.
749 46. url_param() method added for retrieving URL parameters even when a
750 fill-out form is POSTed.
751 47. Got rid of warnings when radio_group() is called.
752 48. Cookies now moved to their very own module.
753 49. Fixed documentation bug in CGI::Fast.
754 50. Added a :no_debug pragma to the import list.
755
756 Version 2.36
757
758 1. Expanded JavaScript functionality
759 2. Preliminary support for cascading stylesheets
760 3. Security fixes for file uploads:
761 + Module will bail out if its temporary file already exists
762 + Temporary files can now be made completely private to avoid
763 peeking by other users or CGI scripts.
764 4. use CGI qw/:nph/ wasn't working correctly. Now it is.
765 5. Cookie and HTTP date formats didn't meet spec. Thanks to Mark
766 Fisher (fisherm@indy.tce.com) for catching and fixing this.
767
768 p
769
770 Version 2.35
771
772 1. Robustified multipart file upload against incorrect syntax in
773 POST.
774 2. Fixed more problems with mod_perl.
775 3. Added -noScript parameter to start_html().
776 4. Documentation fixes.
777
778 Version 2.34
779
780 1. Stupid typo fix
781
782 Version 2.33
783
784 1. Fixed a warning about an undefined environment variable.
785 2. Doug's patch for redirect() under mod_perl
786 3. Partial fix for busted inheritence from CGI::Apache
787 4. Documentation fixes.
788
789 Version 2.32
790
791 1. Improved support for Apache's mod_perl.
792 2. Changes to better support inheritance.
793 3. Support for OS/2.
794
795 Version 2.31
796
797 1. New uploadInfo() method to obtain header information from uploaded
798 files.
799 2. cookie() without any arguments returns all the cookies passed to a
800 script.
801 3. Removed annoying warnings about $ENV{NPH} when running with the -w
802 switch.
803 4. Removed operator overloading throughout to make compatible with
804 new versions of perl.
805 5. -expires now implies the -date header, to avoid clock skew.
806 6. WebSite passes cookies in $ENV{COOKIE} rather than
807 $ENV{HTTP_COOKIE}. We now handle this, even though it's O'Reilly's
808 fault.
809 7. Tested successfully against new sfio I/O layer.
810 8. Documentation fixes.
811
812 Version 2.30
813
814 1. Automatic detection of operating system at load time.
815 2. Changed select() function to Select() in order to avoid conflict
816 with Perl built-in.
817 3. Added Tr() as an alternative to TR(); some people think it looks
818 better that way.
819 4. Fixed problem with autoloading of MultipartBuffer::DESTROY code.
820 5. Added the following methods:
821 + virtual_host()
822 + server_software()
823 6. Automatic NPH mode when running under Microsoft IIS server.
824
825 Version 2.29
826
827 1. Fixed cookie bugs
828 2. Fixed problems that cropped up when useNamedParameters was set to
829 1.
830 3. Prevent CGI::Carp::fatalsToBrowser() from crapping out when
831 encountering a die() within an eval().
832 4. Fixed problems with filehandle initializers.
833
834 Version 2.28
835
836 1. Added support for NPH scripts; also fixes problems with Microsoft
837 IIS.
838 2. Fixed a problem with checkbox() values not being correctly saved
839 and restored.
840 3. Fixed a bug in which CGI objects created with empty string
841 initializers took on default values from earlier CGI objects.
842 4. Documentation fixes.
843
844 Version 2.27
845
846 1. Small but important bug fix: the automatic capitalization of tag
847 attributes was accidentally capitalizing the VALUES as well as the
848 ATTRIBUTE names (oops).
849
850 Version 2.26
851
852 1. Changed behavior of scrolling_list(), checkbox() and
853 checkbox_group() methods so that defaults are honored correctly.
854 The "fix" causes endform() to generate additional <INPUT
855 TYPE="HIDDEN"> tags -- don't be surpised.
856 2. Fixed bug involving the detection of the SSL protocol.
857 3. Fixed documentation error in position of the -meta argument in
858 start_html().
859 4. HTML shortcuts now generate tags in ALL UPPERCASE.
860 5. start_html() now generates correct SGML header:
861 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
862
863 6. CGI::Carp no longer fails "use strict refs" pragma.
864
865 Version 2.25
866
867 1. Fixed bug that caused bad redirection on destination URLs with
868 arguments.
869 2. Fixed bug involving use_named_parameters() followed by
870 start_multipart_form()
871 3. Fixed bug that caused incorrect determination of binmode for
872 Macintosh.
873 4. Spelling fixes on documentation.
874
875 Version 2.24
876
877 1. Fixed bug that caused generation of lousy HTML for some form
878 elements
879 2. Fixed uploading bug in Windows NT
880 3. Some code cleanup (not enough)
881
882 Version 2.23
883
884 1. Fixed an obscure bug that caused scripts to fail mysteriously.
885 2. Fixed auto-caching bug.
886 3. Fixed bug that prevented HTML shortcuts from passing taint checks.
887 4. Fixed some -w warning problems.
888
889 Version 2.22
890
891 1. New CGI::Fast module for use with FastCGI protocol. See pod
892 documentation for details.
893 2. Fixed problems with inheritance and autoloading.
894 3. Added TR() (<tr>) and PARAM() (<param>) methods to list of
895 exported HTML tag-generating functions.
896 4. Moved all CGI-related I/O to a bottleneck method so that this can
897 be overridden more easily in mod_perl (thanks to Doug MacEachern).
898 5. put() method as substitute for print() for use in mod_perl.
899 6. Fixed crash in tmpFileName() method.
900 7. Added tmpFileName(), startform() and endform() to export list.
901 8. Fixed problems with attributes in HTML shortcuts.
902 9. Functions that don't actually need access to the CGI object now no
903 longer generate a default one. May speed things up slightly.
904 10. Aesthetic improvements in generated HTML.
905 11. New examples.
906
907 Version 2.21
908
909 1. Added the -meta argument to start_html().
910 2. Fixed hidden fields (again).
911 3. Radio_group() and checkbox_group() now return an appropriate
912 scalar value when called in a scalar context, rather than
913 returning a numeric value!
914 4. Cleaned up the formatting of form elements to avoid unesthetic
915 extra spaces within the attributes.
916 5. HTML elements now correctly include the closing tag when
917 parameters are present but null: em('')
918 6. Added password_field() to the export list.
919
920 Version 2.20
921
922 1. Dumped the SelfLoader because of problems with running with taint
923 checks and rolled my own. Performance is now significantly
924 improved.
925 2. Added HTML shortcuts.
926 3. import() now adheres to the Perl module conventions, allowing
927 CGI.pm to import any or all method names into the user's name
928 space.
929 4. Added the ability to initialize CGI objects from strings and
930 associative arrays.
931 5. Made it possible to initialize CGI objects with filehandle
932 references rather than filehandle strings.
933 6. Added the delete_all() and append() methods.
934 7. CGI objects correctly initialize from filehandles on NT/95 systems
935 now.
936 8. Fixed the problem with binary file uploads on NT/95 systems.
937 9. Fixed bug in redirect().
938 10. Added '-Window-target' parameter to redirect().
939 11. Fixed import_names() so that parameter names containing funny
940 characters work.
941 12. Broke the unfortunate connection between cookie and CGI parameter
942 name space.
943 13. Fixed problems with hidden fields whose values are 0.
944 14. Cleaned up the documentation somewhat.
945
946 Version 2.19
947
948 1. Added cookie() support routines.
949 2. Added -expires parameter to header().
950 3. Added cgi-lib.pl compatability mode.
951 4. Made the module more configurable for different operating systems.
952 5. Fixed a dumb bug in JavaScript button() method.
953
954 Version 2.18
955
956 1. Fixed a bug that corrects a hang that occurs on some platforms
957 when processing file uploads. Unfortunately this disables the
958 check for bad Netscape uploads.
959 2. Fixed bizarre problem involving the inability to process uploaded
960 files that begin with a non alphabetic character in the file name.
961 3. Fixed a bug in the hidden fields involving the -override directive
962 being ignored when scalar defaults were passed.
963 4. Added documentation on how to disable the SelfLoader features.
964
965 Version 2.17
966
967 1. Added support for the SelfLoader module.
968 2. Added oodles of JavaScript support routines.
969 3. Fixed bad bug in query_string() method that caused some parameters
970 to be silently dropped.
971 4. Robustified file upload code to handle premature termination by
972 the client.
973 5. Exported temporary file names on file upload.
974 6. Removed spurious "uninitialized variable" warnings that appeared
975 when running under 5.002.
976 7. Added the Carp.pm library to the standard distribution.
977 8. Fixed a number of errors in this documentation, and probably added
978 a few more.
979 9. Checkbox_group() and radio_group() now return the buttons as
980 arrays, so that you can incorporate the individual buttons into
981 specialized tables.
982 10. Added the '-nolabels' option to checkbox_group() and
983 radio_group(). Probably should be added to all the other
984 HTML-generating routines.
985 11. Added the url() method to recover the URL without the entire query
986 string appended.
987 12. Added request_method() to list of environment variables available.
988 13. Would you believe it? Fixed hidden fields again!
989
990 Version 2.16
991
992 1. Fixed hidden fields yet again.
993 2. Fixed subtle problems in the file upload method that caused
994 intermittent failures (thanks to Keven Hendrick for this one).
995 3. Made file upload more robust in the face of bizarre behavior by
996 the Macintosh and Windows Netscape clients.
997 4. Moved the POD documentation to the bottom of the module at the
998 request of Stephen Dahmen.
999 5. Added the -xbase parameter to the start_html() method, also at the
1000 request of Stephen Dahmen.
1001 6. Added JavaScript form buttons at Stephen's request. I'm not sure
1002 how to use this Netscape extension correctly, however, so for now
1003 the form() method is in the module as an undocumented feature. Use
1004 at your own risk!
1005
1006 Version 2.15
1007
1008 1. Added the -override parameter to all field-generating methods.
1009 2. Documented the user_name() and remote_user() methods.
1010 3. Fixed bugs that prevented empty strings from being recognized as
1011 valid textfield contents.
1012 4. Documented the use of framesets and added a frameset example.
1013
1014 Version 2.14
1015
1016 This was an internal experimental version that was never released.
1017
1018 Version 2.13
1019
1020 1. Fixed a bug that interfered with the value "0" being entered into
1021 text fields.
1022
1023 Version 2.01
1024
1025 1. Added -rows and -columns to the radio and checkbox groups. No
1026 doubt this will cause much grief because it seems to promise a
1027 level of meta-organization that it doesn't actually provide.
1028 2. Fixed a bug in the redirect() method -- it was not truly HTTP/1.0
1029 compliant.
1030
1031 Version 2.0
1032
1033 The changes seemed to touch every line of code, so I decided to bump
1034 up the major version number.
1035 1. Support for named parameter style method calls. This turns out
1036 to be a big win for extending CGI.pm when Netscape adds new HTML
1037 "features".
1038 2. Changed behavior of hidden fields back to the correct "sticky"
1039 behavior. This is going to break some programs, but it is for
1040 the best in the long run.
1041 3. Netscape 2.0b2 broke the file upload feature. CGI.pm now handles
1042 both 2.0b1 and 2.0b2-style uploading. It will probably break again
1043 in 2.0b3.
1044 4. There were still problems with library being unable to distinguish
1045 between a form being loaded for the first time, and a subsequent
1046 loading with all fields blank. We now forcibly create a default
1047 name for the Submit button (if not provided) so that there's
1048 always at least one parameter.
1049 5. More workarounds to prevent annoying spurious warning messages
1050 when run under the -w switch. -w is seriously broken in perl
1051 5.001!
1052
1053 Version 1.57
1054
1055 1. Support for the Netscape 2.0 "File upload" field.
1056 2. The handling of defaults for selected items in scrolling lists and
1057 multiple checkboxes is now consistent.
1058
1059 Version 1.56
1060
1061 1. Created true "pod" documentation for the module.
1062 2. Cleaned up the code to avoid many of the spurious "use of
1063 uninitialized variable" warnings when running with the -w switch.
1064 3. Added the autoEscape() method. v
1065 4. Added string interpolation of the CGI object.
1066 5. Added the ability to pass additional parameters to the <BODY> tag.
1067 6. Added the ability to specify the status code in the HTTP header.
1068
1069 Bug fixes in version 1.55
1070
1071 1. Every time self_url() was called, the parameter list would grow.
1072 This was a bad "feature".
1073 2. Documented the fact that you can pass "-" to radio_group() in
1074 order to prevent any button from being highlighted by default.
1075
1076 Bug fixes in version 1.54
1077
1078 1. The user_agent() method is now documented;
1079 2. A potential security hole in import() is now plugged.
1080 3. Changed name of import() to import_names() for compatability with
1081 CGI:: modules.
1082
1083 Bug fixes in version 1.53
1084
1085 1. Fixed several typos in the code that were causing the following
1086 subroutines to fail in some circumstances
1087 1. checkbox()
1088 2. hidden()
1089 2. No features added
1090
1091 New features added in version 1.52
1092
1093 1. Added backslashing, quotation marks, and other shell-style escape
1094 sequences to the parameters passed in during debugging off-line.
1095 2. Changed the way that the hidden() method works so that the default
1096 value always overrides the current one.
1097 3. Improved the handling of sticky values in forms. It's now less
1098 likely that sticky values will get stuck.
1099 4. If you call server_name(), script_name() and several other methods
1100 when running offline, the methods now create "dummy" values to
1101 work with.
1102
1103 Bugs fixed in version 1.51
1104
1105 1. param() when called without arguments was returning an array of
1106 length 1 even when there were no parameters to be had. Bad bug!
1107 Bad!
1108 2. The HTML code generated would break if input fields contained the
1109 forbidden characters ">< or &. You can now use these characters
1110 freely.
1111
1112 New features added in version 1.50
1113
1114 1. import() method allows all the parameters to be imported into a
1115 namespace in one fell swoop.
1116 2. Parameters are now returned in the same order in which they were
1117 defined.
1118
1119 Bugs fixed in version 1.45
1120
1121 1. delete() method didn't work correctly. This is now fixed.
1122 2. reset() method didn't allow you to set the name of the button.
1123 Fixed.
1124
1125 Bugs fixed in version 1.44
1126
1127 1. self_url() didn't include the path information. This is now fixed.
1128
1129 New features added in version 1.43
1130
1131 1. Added the delete() method.
1132
1133 New features added in version 1.42
1134
1135 1. The image_button() method to create clickable images.
1136 2. A few bug fixes involving forms embedded in <PRE> blocks.
1137
1138 New features added in version 1.4
1139
1140 1. New header shortcut methods
1141 + redirect() to create HTTP redirection messages.
1142 + start_html() to create the HTML title, complete with the
1143 recommended <LINK> tag that no one ever remembers to include.
1144 + end_html() for completeness' sake.
1145 2. A new save() method that allows you to write out the state of an
1146 script to a file or pipe.
1147 3. An improved version of the new() method that allows you to restore
1148 the state of a script from a file or pipe. With (2) this gives you
1149 dump and restore capabilities! (Wow, you can put a "121,931
1150 customers served" banner at the bottom of your pages!)
1151 4. A self_url() method that allows you to create state-maintaining
1152 hypertext links. In addition to allowing you to maintain the state
1153 of your scripts between invocations, this lets you work around a
1154 problem that some browsers have when jumping to internal links in
1155 a document that contains a form -- the form information gets lost.
1156 5. The user-visible labels in checkboxes, radio buttons, popup menus
1157 and scrolling lists have now been decoupled from the values sent
1158 to your CGI script. Your script can know a checkbox by the name of
1159 "cb1" while the user knows it by a more descriptive name. I've
1160 also added some parameters that were missing from the text fields,
1161 such as MAXLENGTH.
1162 6. A whole bunch of methods have been added to get at environment
1163 variables involved in user verification and other obscure
1164 features.
1165
1166 Bug fixes
1167
1168 1. The problems with the hidden fields have (I hope at last) been
1169 fixed.
1170 2. You can create multiple query objects and they will all be
1171 initialized correctly. This simplifies the creation of multiple
1172 forms on one page.
1173 3. The URL unescaping code works correctly now.
Unnamed repository; edit this file to name it for gitweb.