projects / p5sagit/p5-mst-13.2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | history | HEAD
Add a ; that 26281 was lacking.
[p5sagit/p5-mst-13.2.git] / lib / CGI / Changes
CommitLineData
0a9bdad4 1 Version 3.13
2 1. Removed extraneous empty "?" from end of self_url().
3
4 Version 3.12
5 1. Fixed virtual_port so that it works properly with https protocol.
6 2. Fixed documentation for upload_hook().
7 3. Added POSTDATA documentation.
8 4. Made upload_hook() work in function-oriented mode.
9 5. Fixed POST_MAX behavior so that it doesn't cause client to hang.
10 6. Disabled automatic tab indexes and added new -tabindex pragma to
11 turn automatic indexes back on.
12 7. The url() and self_url() methods now work better in the context of Apache
13 mod_rewrite. Be advised that path_info() may give you confusing results
14 when mod_rewrite is active because Apache calculates the path info *after*
15 rewriting. This is mostly worked around in url() and self_url(), but you
16 may notice some anomalies.
17 8. Removed empty (and non-validating) <div> from code emitted by end_form().
18 9. Fixed CGI::Carp to work correctly with Mod_perl 1.29 in an Apache 2 environment.
19 10. Setting $CGI::TMPDIRECTORY should now be effective.
20
7dc108d1 21 Version 3.11
22 1. Killed warning in CGI::Cookie about MOD_PERL_API_VERSION
23 2. Fixed append() so that it works in function mode.
24 3. Workaround for a bug that appears in Apache2 versions through 2.0.54
25 in which SCRIPT_NAME and PATH_INFO are incorrect if the additional path_info
26 contains a double slash. This workaround will handle the common case of
27 http://mysite.com/cgi-bin/log.cgi/http://www.some.other.site/args, but will
28 not handle the uncommon case of a ScriptAlias directive that adds additional
29 path information to the end of the translated URI.
30
70194bd6 31 Version 3.10
32 1. Added Apache2::RequestIO, which is necessary for mp2 interoperability.
33
34 Version 3.09
35 1. Fixed tabindex="0" when using CGI to create forms without a prior start_html
36 2. Removed warning about non-numeric MOD_PERL_API_VERSION.
37
741ff09d 38 Version 3.08
39 1. update support for mod_perl 2.0. versions prior to
40 mod_perl 1.999_22 (2.0.0-RC5) are no longer supported.
41
976c4ade 42 Version 3.07
43 1. Fixed typo in mod_perl detection.
44
45 Version 3.06
46
47 1. Fixed bare call to script() in start_html
48 2. Moved Fh::DESTROY out of autoloaded functions so as to avoid
49 clobbering $@ when CGI functions are executed in an eval{}
50 context.
51 3. mod_perl 2.0 version detection patch in CGI::Cookie provided by
52 Allen Day.
53 4. autoEscape() flag is now respected when generating extra
54 attributes.
55 5. Tests for *tag start/end generation from Shlomi Fish.
56 6. Support for can() method provided by Ron Savage.
57 7. Fix for lang='' when outputting XHTML.
58 8. Added support for chunked transfer encoding, as suggested by
59 Hakan Ardo
60 9. Fixed clobbering of row and column headers in tableized radio
61 and checkbox groups, as reported by Nicolas Thierry-Mieg.
62 10. <Label> tags are now associated with form elements, as suggested
63 by accessibility guidelines.
64 11. The <?xml> directive produced by start_html is now turned off by
65 default and the charset is specified in a <meta> directive. Apparently
66 IE6 (and maybe some versions of Opera) were getting confused by this.
67 12. Support for tab indexes.
68 13. Retired the HTML docs. The POD docs are now primary documentation.
69 14. CGI::Carp now correctly detects and handles Apache::Dispatch.
70 15. CGI::Util::utf8_chr now correctly sets the UTF8 flag on 5.006 or
71 higher perls (fix courtesy Slaven Rezic).
72
73
74 Version 3.05
75
76 1. Fixed uninitialized variable warning on start_form() when running
77 from command line.
78 2. Fixed CGI::_set_attributes so that attributes with a - are handled
79 correctly.
80 3. Fixed CGI::Carp::die() so as to avoid problems from _longmess()
81 clobbering @_.
82 4. If HTTP_X_FORWARDED_HOST is defined (i.e. running under a proxy),
83 the various functions that return HOST will use that instead.
84 5. Fix for undefined utf8() call in CGI::Util.
85 6. Changed the call to warningsToBrowser() in
86 CGI::Carp::fatalsToBrowser to call only after HTTP header is sent
87 (thanks to Didier Lebrun for noticing).
88 7. Patches from Dan Harkless to make CGI.pm validatable against HTML
89 3.2.
90 8. Fixed an extraneous "foo=bar" appearing when extra style
91 parameters passed to start_html;
92 9. Fixed cross-site scripting bug in startform() pointed out by Dan
93 Harkless.
94 10. Fixed documentation to discuss list context behavior of
95 form-element generators explicitly.
96 11. Fixed incorrect results from end_form() when called in OO manner.
97 12. Fixed query string stripping in order to handle URLs containing
98 escaped newlines.
99 13. During server push, set NPH to 0 rather than 1. This is supposed
100 to fix problems with Apache.
101 14. Fixed incorrect processing of multipart form fields that contain
102 embedded quotes. There's still the issue of how to handle ones
103 that contain embedded semicolons, but no one has complained (yet).
104 15. Fixed documentation bug in -style argument to start_html()
105 16. Added -status argument to redirect().
106
107 Version 3.04
108
109 1. Fixed the problem with mod_perl crashing when "defaults" button
110 pressed.
111
112 Version 3.03
113
114 1. Fix upload hook functionality
115 2. Workaround for CGI->unescape_html()
116 3. Bumped version numbers in CGI::Fast and CGI::Util for 5.8.3-tobe
117
118 Version 3.02
119
120 1. Bring in Apache::Response just in case.
121 2. File upload on EBCDIC systems now works.
122
123 Version 3.01
124
125 1. No fix yet for upload failures when running on EBCDIC server.
126 2. Fixed uninitialized glob warnings that appeared when file
127 uploading under perl 5.8.2.
128 3. Added patch from Schlomi Fish to allow debugging of PATH_INFO from
129 command line.
130 4. Added patch from Steve Hay to correctly unlink tmp files under
131 mod_perl/windows
132 5. Added upload_hook functionality from Jamie LeTaul
133 6. Workarounds for mod_perl 2 IO issues. Check that file upload and
134 state saving still working.
135 7. Added code for underreads.
136 8. Fixed misleading description of redirect() and relative URLs in
137 the POD docs.
138 9. Workaround for weird interaction of CGI::Carp with Safe module
139 reported by William McKee.
140 10. Added patches from Ilmari Karonen to improve behavior of
141 CGI::Carp.
142 11. Fixed documentation error in -style argument.
143 12. Added virtual_port() method for finding out what port server is
144 listening on in a virtual-host aware fashion.
145
146 Version 3.00
147
148 1. Patch from Randal Schwartz to fix bug introduced by cross-site
149 scripting vulnerability "fix."
150 2. Patch from JFreeman to replace UTF-8 escape constant of 0xfe with
151 0xfc. Hope this is right!
152
153 Version 2.99
154
155 1. Patch from Steve Hay to fix extra Content-type: appearing on
156 browser screen when FatalsToBrowser invoked.
157 2. Patch from Ewann Corvellec to fix cross-site scripting
158 vulnerability.
159 3. Fixed tmpdir routine for file uploading to solve problem that
160 occurs under mod_perl when tmpdir is writable at startup time, but
161 not at session time.
162
163 Version 2.98
164
165 1. Fixed crash in Dump() function.
166
167 Version 2.97
168
169 1. Sigh. Uploaded wrong 2.96 to CPAN.
170
171 Version 2.96
172
173 1. More bugfixes to the -style argument.
174
175 Version 2.95
176
177 1. Fixed bugs in start_html(-style=>...) support introduced in 2.94.
178
179 Version 2.94
180
181 1. Removed warning from reset() method.
182 2. Moved
183
184 and tags into the :html3 group. Hope this removes undefined CGI::Area
185 errors.
186
187 Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore
188 reporting of compile-time errors.
189
190 Fixed potential deadlock between web server and CGI.pm when aborting
191 a read due to POST_MAX (reported by Antti Lankila).
192
193 Fixed issue with tag-generating function not incorporating content
194 when first variable undef.
195
196 Fixed cross-site scripting bug reported by obscure.
197
198 Fixed Dump() function to return correctly formed XHTML - bug
199 reported by Ralph Siemsen.
200
201 Version 2.93
202
203 1. Fixed embarassing bug in mp1 support.
204
205 Version 2.92
206
207 1. Fix to be P3P compliant submitted from MPREWITT.
208 2. Added CGI->r() API for mod_perl1/mod_perl2.
209 3. Fixed bug in redirect() that was corrupting cookies.
210 4. Minor fix to behavior of reset() button to make it consistent with
211 submit() button (first time this has been changed in 9 years).
212 5. Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher.
213 6. Patch from Steve Hay to make CGI::Carp's error messages appear on
214 MSIE browsers.
215 7. Added Yair Lenga's patch for non-urlencoded postings.
216 8. Added Stas Bekman's patches for mod_perl 2 compatibility.
217 9. Fixed uninitialized escape behavior submitted by William Campbell.
218 10. Fixed tied behavior so that you can pass arguments to tie()
219 11. Fixed incorrect generation of URLs when the path_info contains +
220 and other odd characters.
221 12. Fixed redirect(-cookies=>$cookie) problem.
222 13. Fixed tag generation bug that affects -javascript passed to
223 start_html().
224
225 Version 2.91
226
227 1. Attribute generation now correctly respects the value of
228 autoEscape().
229 2. Fixed endofrm() syntax error introduced by Ben Edgington's patch.
230
231 Version 2.90
232
233 1. Fixed bug in redirect header handling.
234 2. Added P3P option to header().
235 3. Patches from Alexey Mahotkin to make CGI::Carp work correctly with
236 object-oriented exceptions.
237 4. Removed inaccurate description of how to set multiple cookies from
238 CGI::Cookie pod file.
239 5. Patch from Kevin Mahony to prevent running out of filehandles when
240 uploading lots of files.
241 6. Documentation enhancement from Mark Fisher to note that the
242 import_names() method transforms the parameter names into valid
243 Perl names.
244 7. Patch from Dan Harkless to suppress lang attribute in <html> tag
245 if specified as a null string.
246 8. Patch from Ben Edgington to fix broken XHTML-transitional 1.0
247 validation on endform().
248 9. Custom html header fix from Steffen Beyer (first letter correctly
249 upcased now)
250 10. Added a -verbatim option to stylesheet generation from Michael
251 Dickson
252 11. Faster delete() method from Neelam Gupta
253 12. Fixed broken Cygwin support.
254 13. Added empty charset support from Bradley Baetz
255 14. Patches from Doug Perham and Kevin Mahoney to fix file upload
256 failures when uploaded file is a multiple of 4096.
257
258 Version 2.89
259
260 1. Fixed behavior of ACTION tag when POSTING to a URL that has a
261 query string.
262 2. Added Patch from Michael Rommel to handle multipart/mixed uploads
263 from Opera
264
265 Version 2.88
266
267 1. Fixed problem with uploads being refused under Perl 5.8 when under
268 Taint mode.
269 2. Fixed uninitialized variable warnings under Perl 5.8.
270 3. Fixed CGI::Pretty regression test failures.
271
272 Version 2.87
273
274 1. Security hole patched: when processing multipart/form-data
275 postings, most arguments were being untainted silently. Returned
276 arguments are now tainted correctly. This may cause some scripts
277 to fail that used to work (thanks to Nick Cleaton for pointing
278 this out and persisting until it was fixed).
279 2. Update for mod_perl 2.0.
280 3. Pragmas such as -no_xhtml are now respected in mod_perl
281 environment.
282
283 Version 2.86
284
285 1. Fixes for broken CGI::Cookie expiration dates introduced in 2.84.
286
287 Version 2.85
288
289 1. Fix for broken autoEscape function introduced in 2.84.
290
291 Version 2.84
292
293 1. Fix for failed file uploads on Cygwin platforms.
294 2. HTML escaping code now replaced 0x8b and 0x9b with unicode
295 references < and *#8250;
296
297 Version 2.83
298
299 1. Fixed autoEscape() documentation inconsistencies.
300 2. Patch from Ville Skyttä to fix a number of XHTML inconsistencies.
301 3. Added Max-Age to list of CGI::Cookie headers.
302
303 Version 2.82
304
305 1. Patch from Rudolf Troller to add attribute setting and option
306 groups to form fields.
307 2. Patch from Simon Perreault for silent crashes when using CGI::Carp
308 under mod_perl.
309 3. Patch from Scott Gifford allows you to set the program name for
310 CGI::Carp.
311
312 Version 2.81
313
314 1. Removed extraneous slash from end of stylesheet tags generated by
315 start_html in non-XHTML mode.
316 2. Changed behavior of CGI::Carp with respect to eval{} contexts so
317 that output behaves properly in mod_perl environments.
318 3. Fixed default DTD so that it validates with W3C validator.
319
320 Version 2.80
321
322 1. Fixed broken messages in CGI::Carp.
323 2. Changed checked="1" to checked="checked" for real XHTML
324 compatibility.
325 3. Resurrected REQUEST_URI code so that url() works correctly with
326 multiviews.
327
328 Version 2.79
329
330 1. Changes to CGI::Carp to avoid "subroutine redefined" error
331 messages.
332 2. Default DTD is now XHTML 1.0 Transitional
333 3. Patches to support all HTML4 tags.
334
335 Version 2.78
336
337 1. Added ability to change encoding in <?xml> assertion.
338 2. Fixed the old escapeHTML('CGI') ne "CGI" bug
339 3. In accordance with XHTML requirements, there are no longer any
340 minimized attributes, such as "checked".
341 4. Patched bug which caused file uploads of exactly 4096 bytes to be
342 truncated to 4094 (thanks to Kevin Mahony)
343 5. New tests and fixes to CGI::Pretty (thanks to Michael Schwern).
344
345 Version 2.77
346
347 1. No new features, but released in order to fix an apparent CPAN
348 bug.
349
350 Version 2.76
351
352 1. New esc.t regression test for EBCDIC translations courtesy Peter
353 Prymmer.
354 2. Patches from James Jurach to make compatible with FCGI-ProcManager
355 3. Additional fields passed to header() (like -Content_disposition)
356 now honor initial capitalization.
357 4. Patch from Andrew McNaughton to handle utf-8 escapes (%uXXXX
358 codes) in URLs.
359
360 Version 2.752
361
362 1. Syntax error in the autoloaded Fh::new() subroutine.
363 2. Better error reporting in autoloaded functions.
364
365 Version 2.751
366
367 1. Tiny tweak to filename regular expression function on line 3355.
368
369 Version 2.75
370
371 1. Fixed bug in server push boundary strings (CGI.pm and CGI::Push).
372 2. Fixed bug that occurs when uploading files with funny characters
373 in the name
374 3. Fixed non-XHTML-compliant attributes produced by textfield()
375 4. Added EPOC support, courtesy Olaf Flebbe
376 5. Fixed minor XHTML bugs.
377 6. Made escape() and unescape() symmetric with respect to EBCDIC,
378 courtesy Roca, Ignasi <ignasi.roca@fujitsu.siemens.es>
379 7. Removed uninitialized variable warning from CGI::Cookie, provided
380 by Atipat Rojnuckarin <rojnuca@yahoo.com>
381 8. Fixed bug in CGI::Pretty that causes it to print partial end tags
382 when the $INDENT global is changed.
383 9. Single quotes are changed to character entity ' for compatibility
384 with URLs.
385
386 Version 2.74
387
388 September 13, 2000
389 1. Quashed one-character bug that caused CGI.pm to fail on file
390 uploads.
391
392 Version 2.73
393
394 September 12, 2000
395 1. Added -base to the list of arguments accepted by url().
396 2. Fixes to XHTML support.
397 3. POST parameters no longer show up in the Location box.
398
399 Version 2.72
400
401 August 19, 2000
402 1. Fixed the defaults button so that it works again
403 2. Charset is now correctly saved and restored when saving to files
404 3. url() now works correctly when given scripts with %20 and other
405 escapes in the additional path info. This undoes a patch
406 introduced in version 2.47 that I no longer understand the
407 rationale for.
408
409 Version 2.71
410
411 August 13, 2000
412 1. Newlines in the value attributes of hidden fields and other form
413 elements are now escaped when using ISO-Latin.
414 2. Inline script and style sections are now protected as CDATA
415 sections when XHTML mode is on (the default).
416
417 Version 2.70
418
419 August 4, 2000
420 1. Fixed bug in scrolling_list() which omitted a space in front of
421 the "multiple" attribute.
422 2. Squashed the "useless use of string in void context" message from
423 redirects.
424
425 Version 2.69
426
427 1. startform() now creates default ACTION for POSTs as well as GETs.
428 This may break some browsers, but it no longer violates the HTML
429 spec.
430 2. CGI.pm now emits XHTML by default. Disable with -no_xhtml.
431 3. We no longer interpret &#ddd sequences in non-latin character
432 sets.
433
434 Version 2.68
435
436 1. No longer attempts to escape characters when dealing with non
437 ISO-8861 character sets.
438 2. checkbox() function now defaults to using -value as its label,
439 rather than -name. The current behavior is what has been
440 documented from the beginning.
441 3. -style accepts array reference to incorporate multiple stylesheets
442 into document.
443
444 1. Fixed two bugs that caused the -compile pragma to fail with a
445 syntax error.
446
447 Version 2.67
448
449 1. Added XHTML support (incomplete; tags need to be lowercased).
450 2. Fixed CGI/Carp when running under mod_perl. Probably broke in
451 other contexts.
452 3. Fixed problems when passing multiple cookies.
453 4. Suppress warnings from _tableize() that were appearing when using
454 -w switch with radio_group() and checkbox_group().
455 5. Support for the header() -attachment argument, which can give
456 pages a default file name when saving to disk.
457
458 Version 2.66
459
460 1. 2.65 changes in make_attributes() broke HTTP header functions
461 (including redirect), so made it context sensitive.
462
463 Version 2.65
464
465 1. Fixed regression tests to skip tests that require implicit fork on
466 machines without fork().
467 2. Changed make_attributes() to automatically escape any HTML
468 reserved characters.
469 3. Minor documentation fix in javascript example.
470
471 Version 2.64
472
473 1. Changes introduced in 2.63 broke param() when retrieving parameter
474 lists containing only a single argument. This is now fixed.
475 2. self_url() now defaults to returning parameters delimited with
476 semicolon. Use the pragma -oldstyle_urls to get the old "&"
477 delimiter.
478
479 Version 2.63
480
481 1. Fixed CGI::Push to pull out parameters correctly.
482 2. Fixed redirect() so that it works with default character set
483 3. Changed param() so as to returned empty string '' when referring
484 to variables passed in query strings like 'name1=&name2'
485
486 Version 2.62
487
488 1. Fixed broken ReadParse() function, and added regression tests
489 2. Fixed broken CGI::Pretty, and added regression tests
490
491 Version 2.61
492
493 1. Moved more functions from CGI.pm proper into CGI/Util.pm.
494 CGI/Cookie should now be standalone.
495 2. Disabled per-user temporary directories, which were causing grief.
496
497 Version 2.60
498
499 1. Fixed junk appearing in autogenerated HTML functions when using
500 object-oriented mode.
501
502 Version 2.59
503
504 1. autoescape functionality breaks too much existing code, removed
505 it.
506 2. use escapeHTML() manually
507
508 Version 2.58
509
510 This is the release version of 2.57.
511
512 Version 2.57
513
514 1. Added -debug pragma and turned off auto reading of STDIN.
515 2. Default DTD updated to HTML 4.01 transitional.
516 3. Added charset() method and the -charset argument to header().
517 4. Fixed behavior of escapeHTML() to respect charset() and to escape
518 nasty Windows characters (thanks to Tom Christiansen).
519 5. Handle REDIRECT_QUERY_STRING correctly.
520 6. Removed use_named_parameters() because of dependency problems and
521 general lameness.
522 7. Fixed problems with bad HREF links generated by url(-relative=>1)
523 when the url is like /people/.
524 8. Silenced a warning on upload (patch provided by Jonas Liljegren)
525 9. Fixed race condition in CGI::Carp when errors occur during parsing
526 (patch provided by Maurice Aubrey).
527 10. Fixed failure of url(-path_info=>1) when path contains % signs.
528 11. Fixed warning from CGI::Cookie when receiving foreign cookies that
529 don't use name=value format.
530 12. Fixed incompatibilities with file uploading on VMS systems.
531
532 Version 2.56
533
534 1. Fixed bugs in file upload introduced in version 2.55
535 2. Fixed long-standing bug that prevented two files with identical
536 names from being uploaded.
537
538 Version 2.55
539
540 1. Fixed cookie regression test so as not to produce an error.
541 2. Fixed path_info() and self_url() to work correctly together when
542 path_info() modified.
543 3. Removed manify warnings from CGI::{Switch,Apache}.
544
545 Version 2.54
546
547 1. This will be the last release of the monolithic CGI.pm module.
548 Later versions will be modularized and optimized.
549 2. DOMAIN tag no longer added to cookies by default. This will break
550 some versions of Internet Explorer, but will avoid breaking
551 networks which use host tables without fully qualified domain
552 names. For compatibility, please always add the -domain tag when
553 creating cookies.
554 3. Fixed escape() method so that +'s are treated correctly.
555 4. Updated CGI::Pretty module.
556
557 Version 2.53
558
559 1. Forgot to upgrade regression tests before releasing 2.52. NOTHING
560 ELSE HAS CHANGED IN LIBRARY
561
562 Version 2.52
563
564 1. Spurious newline in checkbox() routine removed. (courtesy John
565 Essen)
566 2. TEXTAREA linebreaks now respected in dump() routine. (courtesy
567 John Essen)
568 3. Patches for DOS ports (courtesy Robert Davies)
569 4. Patches for VMS
570 5. More fixes for cookie problems
571 6. Fix CGI::Carp so that it doesn't affect eval{} blocks (courtesy
572 Byron Brummer)
573
574 Version 2.51
575
576 1. Fixed problems with cookies not being remembered when sent to IE
577 5.0 (and Netscape 5.0 too?)
578 2. Numerous HTML compliance problems in cgi_docs.html; fixed thanks
579 to Michael Leahy
580
581 Version 2.50
582
583 1. Added a new Vars() method to retrieve all parameters as a tied
584 hash.
585 2. Untainted tainted tempfile name so that script doesn't fail on
586 terminal unlink.
587 3. Made picking of upload tempfile name more intelligent so that
588 doesn't fail in case of name collision.
589 4. Fixed handling of expire times when passed an absolute timestamp.
590 5. Changed dump() to Dump() to avoid name clashes.
591
592 Version 2.49
593
594 1. Fixes for FastCGI (globals not getting reset)
595 2. Fixed url() to correctly handle query string and path under
596 MOD_PERL
597
598 Version 2.48
599
600 1. Reverted detection of MOD_PERL to avoid breaking PerlEX.
601
602 Version 2.47
603
604 1. Patch to fix file upload bug appearing in IE 3.01 for
605 Macintosh/PowerPC.
606 2. Replaced use of $ENV{SCRIPT_NAME} with $ENV{REQUEST_URI} when
607 running under Apache, to fix self-referencing URIs.
608 3. Fixed bug in escapeHTML() which caused certain constructs, such as
609 CGI->image_button(), to fail.
610 4. Fixed bug which caused strong('CGI') to fail. Be careful to use
611 CGI::strong('CGI') and not CGI->strong('CGI'). The latter will
612 produce confusing results.
613 5. Added upload() function, as a preferred replacement for the
614 "filehandle as string" feature.
615 6. Added cgi_error() function.
616 7. Rewrote file upload handling to return undef rather than dieing
617 when an error is encountered. Be sure to call cgi_error() to find
618 out what went wrong.
619
620 Version 2.46
621
622 1. Fix for failure of the "include" tests under mod_perl
623 2. Added end_multipart_form to prevent failures during qw(-compile
624 :all)
625
626 Version 2.45
627
628 1. Multiple small documentation fixes
629 2. CGI::Pretty didn't get into 2.44. Fixed now.
630
631 Version 2.44
632
633 1. Fixed file descriptor leak in upload function.
634 2. Fixed bug in header() that prevented fields from containing double
635 quotes.
636 3. Added Brian Paulsen's CGI::Pretty package for pretty-printing
637 output HTML.
638 4. Removed CGI::Apache and CGI::Switch from the distribution.
639 5. Generated start_* shortcuts so that start_table(), end_table(),
640 start_ol(), end_ol(), and so forth now work (see the docs on how
641 to enable this feature).
642 6. Changed accept() to Accept(), sub() to Sub(). There's still a
643 conflict with reset(), but this will break too many existing
644 scripts!
645
646 Version 2.43
647
648 1. Fixed problem with "use strict" and file uploads (thanks to Peter
649 Haworth)
650 2. Fixed problem with not MSIE 3.01 for the power_mac not doing file
651 uploads right.
652 3. Fixed problem with file upload on IIS 4.0 when authorization in
653 use.
654 4. -content_type and '-content-type' can now be provided to header()
655 as synonyms for -type.
656 5. CGI::Carp now escapes the ampersand BEFORE escaping the > and <
657 signs.
658 6. Fixed "not an array reference" error when passing a hash reference
659 to radio_group().
660 7. Fixed non-removal of uploaded TMP files on NT platforms which
661 occurs when server runs on non-C drive (thanks to Steve Kilbane
662 for finding this one).
663
664 Version 2.42
665
666 1. Too many screams of anguish at changed behavior of url(). Is now
667 back to its old behavior by default, with options to generate all
668 the variants.
669 2. Added regression tests. "make test" now works.
670 3. Documentation fixes.
671 4. Fixes for Macintosh uploads, but uploads STILL do not work pending
672 changes to MacPerl.
673
674 Version 2.41
675
676 1. url() method now includes the path info. Use script_name() to get
677 it without path info().
678 2. Changed handling of empty attributes in HTML tag generation. Be
679 warned! Use table({-border=>undef}) rather than
680 table({-border=>''}).
681 3. Changes to allow uploaded filenames to be compared to other
682 strings with "eq", "cmp" and "ne".
683 4. Changes to allow CGI.pm to coexist more peacefully with
684 ActiveState PerlEX.
685 5. Changes to prevent exported variables from clashing when importing
686 ":all" set in combination with cookies.
687
688 Version 2.40
689
690 1. CGI::Carp patched to work better with mod_perl (thanks to Chris
691 Dean).
692 2. Uploads of files whose names begin with numbers or the Windows
693 \\UNC\shared\file nomenclature should no longer fail.
694 3. The <STYLE> tag (for cascading style sheets) now generates the
695 required TYPE attribute.
696 4. Server push primitives added, thanks to Ed Jordan.
697 5. Table and other HTML3 functions are now part of the :standard set.
698 6. Small documentation fixes.
699
700 TO DO:
701 1. Do something about the DTD mess. The module should generate
702 correct DTDs, or at least offer the programmer a way to specify
703 the correct one.
704 2. Split CGI.pm into CGI processing and HTML-generating modules.
705 3. More robust file upload (?still not working on the Macintosh?).
706 4. Bring in all the HTML4 functionality, particular the accessibility
707 features.
708
709 Version 2.39
710
711 1. file uploads failing because of VMS patch; fixed.
712 2. -dtd parameter was not being properly processed.
713
714 Version 2.38
715
716 I finally got tired of all the 2.37 betas and released 2.38. The main
717 difference between this version and the last 2.37 beta (2.37b30) are
718 some fixes for VMS. This should allow file upload to work properly on
719 all VMS Web servers.
720
721 Version 2.37, various beta versions
722
723 1. Added a CGI::Cookie::parse() method for lucky mod_perl users.
724 2. No longer need separate -values and -labels arguments for
725 multi-valued form elements.
726 3. Added better interface to raw cookies (fix courtesy Ken Fox,
727 kfox@ford.com)
728 4. Added param_fetch() function for direct access to parameter list.
729 5. Fix to checkbox() to allow for multi-valued single checkboxes
730 (weird problem).
731 6. Added a compile() method for those who want to compile without
732 importing.
733 7. Documented the import pragmas a little better.
734 8. Added a -compile switch to the use clause for the long-suffering
735 mod_perl and Perl compiler users.
736 9. Fixed initialization routines so that FileHandle and type globs
737 work correctly (and hash initialization doesn't fail!).
738 10. Better deletion of temporary files on NT systems.
739 11. Added documentation on escape(), unescape(), unescapeHTML() and
740 unescapeHTML() subroutines.
741 12. Added documentation on creating subclasses.
742 13. Fixed problem when calling $self->SUPER::foo() from inheriting
743 subclasses.
744 14. Fixed problem using filehandles from within subroutines.
745 15. Fixed inability to use the string "CGI" as a parameter.
746 16. Fixed exponentially growing $FILLUNIT bug
747 17. Check for undef filehandle in read_from_client()
748 18. Now requires the UNIVERSAL.pm module, present in Perl 5.003_7 or
749 higher.
750 19. Fixed problem with uppercase-only parameters being ignored.
751 20. Fixed vanishing cookie problem.
752 21. Fixed warning in initialize_globals() under mod_perl.
753 22. File uploads from Macintosh versions of MSIE should now work.
754 23. Pragmas now preceded by dashes (-nph) rather than colons (:nph).
755 Old style is supported for backward compatability.
756 24. Can now pass arguments to all functions using {} brackets,
757 resolving historical inconsistencies.
758 25. Removed autoloader warnings about absent MultipartBuffer::DESTROY.
759 26. Fixed non-sticky checkbox() when -name used without -value.
760 27. Hack to fix path_info() in IIS 2.0. Doesn't help with IIS 3.0.
761 28. Parameter syntax for debugging from command line now more
762 straightforward.
763 29. Added $DISABLE_UPLOAD to disable file uploads.
764 30. Added $POST_MAX to error out if POSTings exceed some ceiling.
765 31. Fixed url_param(), which wasn't working at all.
766 32. Fixed variable suicide problem in s///e expressions, where the
767 autoloader was needed during evaluation.
768 33. Removed excess spaces between elements of checkbox and radio
769 groups
770 34. Can now create "valueless" submit buttons
771 35. Can now set path_info as well as read it.
772 36. ReadParse() now returns a useful function result.
773 37. import_names() now allows you to optionally clear out the
774 namespace before importing (for mod_perl users)
775 38. Made it possible to have a popup menu or radio button with a value
776 of "0".
777 39. link() changed to Link() to avoid overriding native link function.
778 40. Takes advantage of mod_perl's register_cleanup() function to clear
779 globals.
780 41. <LAYER> and <ILAYER> added to :html3 functions.
781 42. Fixed problems with private tempfiles and NT/IIS systems.
782 43. No longer prints the DTD by default (I bet no one will complain).
783 44. Allow underscores to replace internal hyphens in parameter names.
784 45. CGI::Push supports heterogeneous MIME types and adjustable delays
785 between pages.
786 46. url_param() method added for retrieving URL parameters even when a
787 fill-out form is POSTed.
788 47. Got rid of warnings when radio_group() is called.
789 48. Cookies now moved to their very own module.
790 49. Fixed documentation bug in CGI::Fast.
791 50. Added a :no_debug pragma to the import list.
792
793 Version 2.36
794
795 1. Expanded JavaScript functionality
796 2. Preliminary support for cascading stylesheets
797 3. Security fixes for file uploads:
798 + Module will bail out if its temporary file already exists
799 + Temporary files can now be made completely private to avoid
800 peeking by other users or CGI scripts.
801 4. use CGI qw/:nph/ wasn't working correctly. Now it is.
802 5. Cookie and HTTP date formats didn't meet spec. Thanks to Mark
803 Fisher (fisherm@indy.tce.com) for catching and fixing this.
804
805 p
806
807 Version 2.35
808
809 1. Robustified multipart file upload against incorrect syntax in
810 POST.
811 2. Fixed more problems with mod_perl.
812 3. Added -noScript parameter to start_html().
813 4. Documentation fixes.
814
815 Version 2.34
816
817 1. Stupid typo fix
818
819 Version 2.33
820
821 1. Fixed a warning about an undefined environment variable.
822 2. Doug's patch for redirect() under mod_perl
823 3. Partial fix for busted inheritence from CGI::Apache
824 4. Documentation fixes.
825
826 Version 2.32
827
828 1. Improved support for Apache's mod_perl.
829 2. Changes to better support inheritance.
830 3. Support for OS/2.
831
832 Version 2.31
833
834 1. New uploadInfo() method to obtain header information from uploaded
835 files.
836 2. cookie() without any arguments returns all the cookies passed to a
837 script.
838 3. Removed annoying warnings about $ENV{NPH} when running with the -w
839 switch.
840 4. Removed operator overloading throughout to make compatible with
841 new versions of perl.
842 5. -expires now implies the -date header, to avoid clock skew.
843 6. WebSite passes cookies in $ENV{COOKIE} rather than
844 $ENV{HTTP_COOKIE}. We now handle this, even though it's O'Reilly's
845 fault.
846 7. Tested successfully against new sfio I/O layer.
847 8. Documentation fixes.
848
849 Version 2.30
850
851 1. Automatic detection of operating system at load time.
852 2. Changed select() function to Select() in order to avoid conflict
853 with Perl built-in.
854 3. Added Tr() as an alternative to TR(); some people think it looks
855 better that way.
856 4. Fixed problem with autoloading of MultipartBuffer::DESTROY code.
857 5. Added the following methods:
858 + virtual_host()
859 + server_software()
860 6. Automatic NPH mode when running under Microsoft IIS server.
861
862 Version 2.29
863
864 1. Fixed cookie bugs
865 2. Fixed problems that cropped up when useNamedParameters was set to
866 1.
867 3. Prevent CGI::Carp::fatalsToBrowser() from crapping out when
868 encountering a die() within an eval().
869 4. Fixed problems with filehandle initializers.
870
871 Version 2.28
872
873 1. Added support for NPH scripts; also fixes problems with Microsoft
874 IIS.
875 2. Fixed a problem with checkbox() values not being correctly saved
876 and restored.
877 3. Fixed a bug in which CGI objects created with empty string
878 initializers took on default values from earlier CGI objects.
879 4. Documentation fixes.
880
881 Version 2.27
882
883 1. Small but important bug fix: the automatic capitalization of tag
884 attributes was accidentally capitalizing the VALUES as well as the
885 ATTRIBUTE names (oops).
886
887 Version 2.26
888
889 1. Changed behavior of scrolling_list(), checkbox() and
890 checkbox_group() methods so that defaults are honored correctly.
891 The "fix" causes endform() to generate additional <INPUT
892 TYPE="HIDDEN"> tags -- don't be surpised.
893 2. Fixed bug involving the detection of the SSL protocol.
894 3. Fixed documentation error in position of the -meta argument in
895 start_html().
896 4. HTML shortcuts now generate tags in ALL UPPERCASE.
897 5. start_html() now generates correct SGML header:
898 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
899
900 6. CGI::Carp no longer fails "use strict refs" pragma.
901
902 Version 2.25
903
904 1. Fixed bug that caused bad redirection on destination URLs with
905 arguments.
906 2. Fixed bug involving use_named_parameters() followed by
907 start_multipart_form()
908 3. Fixed bug that caused incorrect determination of binmode for
909 Macintosh.
910 4. Spelling fixes on documentation.
911
912 Version 2.24
913
914 1. Fixed bug that caused generation of lousy HTML for some form
915 elements
916 2. Fixed uploading bug in Windows NT
917 3. Some code cleanup (not enough)
918
919 Version 2.23
920
921 1. Fixed an obscure bug that caused scripts to fail mysteriously.
922 2. Fixed auto-caching bug.
923 3. Fixed bug that prevented HTML shortcuts from passing taint checks.
924 4. Fixed some -w warning problems.
925
926 Version 2.22
927
928 1. New CGI::Fast module for use with FastCGI protocol. See pod
929 documentation for details.
930 2. Fixed problems with inheritance and autoloading.
931 3. Added TR() (<tr>) and PARAM() (<param>) methods to list of
932 exported HTML tag-generating functions.
933 4. Moved all CGI-related I/O to a bottleneck method so that this can
934 be overridden more easily in mod_perl (thanks to Doug MacEachern).
935 5. put() method as substitute for print() for use in mod_perl.
936 6. Fixed crash in tmpFileName() method.
937 7. Added tmpFileName(), startform() and endform() to export list.
938 8. Fixed problems with attributes in HTML shortcuts.
939 9. Functions that don't actually need access to the CGI object now no
940 longer generate a default one. May speed things up slightly.
941 10. Aesthetic improvements in generated HTML.
942 11. New examples.
943
944 Version 2.21
945
946 1. Added the -meta argument to start_html().
947 2. Fixed hidden fields (again).
948 3. Radio_group() and checkbox_group() now return an appropriate
949 scalar value when called in a scalar context, rather than
950 returning a numeric value!
951 4. Cleaned up the formatting of form elements to avoid unesthetic
952 extra spaces within the attributes.
953 5. HTML elements now correctly include the closing tag when
954 parameters are present but null: em('')
955 6. Added password_field() to the export list.
956
957 Version 2.20
958
959 1. Dumped the SelfLoader because of problems with running with taint
960 checks and rolled my own. Performance is now significantly
961 improved.
962 2. Added HTML shortcuts.
963 3. import() now adheres to the Perl module conventions, allowing
964 CGI.pm to import any or all method names into the user's name
965 space.
966 4. Added the ability to initialize CGI objects from strings and
967 associative arrays.
968 5. Made it possible to initialize CGI objects with filehandle
969 references rather than filehandle strings.
970 6. Added the delete_all() and append() methods.
971 7. CGI objects correctly initialize from filehandles on NT/95 systems
972 now.
973 8. Fixed the problem with binary file uploads on NT/95 systems.
974 9. Fixed bug in redirect().
975 10. Added '-Window-target' parameter to redirect().
976 11. Fixed import_names() so that parameter names containing funny
977 characters work.
978 12. Broke the unfortunate connection between cookie and CGI parameter
979 name space.
980 13. Fixed problems with hidden fields whose values are 0.
981 14. Cleaned up the documentation somewhat.
982
983 Version 2.19
984
985 1. Added cookie() support routines.
986 2. Added -expires parameter to header().
987 3. Added cgi-lib.pl compatability mode.
988 4. Made the module more configurable for different operating systems.
989 5. Fixed a dumb bug in JavaScript button() method.
990
991 Version 2.18
992
993 1. Fixed a bug that corrects a hang that occurs on some platforms
994 when processing file uploads. Unfortunately this disables the
995 check for bad Netscape uploads.
996 2. Fixed bizarre problem involving the inability to process uploaded
997 files that begin with a non alphabetic character in the file name.
998 3. Fixed a bug in the hidden fields involving the -override directive
999 being ignored when scalar defaults were passed.
1000 4. Added documentation on how to disable the SelfLoader features.
1001
1002 Version 2.17
1003
1004 1. Added support for the SelfLoader module.
1005 2. Added oodles of JavaScript support routines.
1006 3. Fixed bad bug in query_string() method that caused some parameters
1007 to be silently dropped.
1008 4. Robustified file upload code to handle premature termination by
1009 the client.
1010 5. Exported temporary file names on file upload.
1011 6. Removed spurious "uninitialized variable" warnings that appeared
1012 when running under 5.002.
1013 7. Added the Carp.pm library to the standard distribution.
1014 8. Fixed a number of errors in this documentation, and probably added
1015 a few more.
1016 9. Checkbox_group() and radio_group() now return the buttons as
1017 arrays, so that you can incorporate the individual buttons into
1018 specialized tables.
1019 10. Added the '-nolabels' option to checkbox_group() and
1020 radio_group(). Probably should be added to all the other
1021 HTML-generating routines.
1022 11. Added the url() method to recover the URL without the entire query
1023 string appended.
1024 12. Added request_method() to list of environment variables available.
1025 13. Would you believe it? Fixed hidden fields again!
1026
1027 Version 2.16
1028
1029 1. Fixed hidden fields yet again.
1030 2. Fixed subtle problems in the file upload method that caused
1031 intermittent failures (thanks to Keven Hendrick for this one).
1032 3. Made file upload more robust in the face of bizarre behavior by
1033 the Macintosh and Windows Netscape clients.
1034 4. Moved the POD documentation to the bottom of the module at the
1035 request of Stephen Dahmen.
1036 5. Added the -xbase parameter to the start_html() method, also at the
1037 request of Stephen Dahmen.
1038 6. Added JavaScript form buttons at Stephen's request. I'm not sure
1039 how to use this Netscape extension correctly, however, so for now
1040 the form() method is in the module as an undocumented feature. Use
1041 at your own risk!
1042
1043 Version 2.15
1044
1045 1. Added the -override parameter to all field-generating methods.
1046 2. Documented the user_name() and remote_user() methods.
1047 3. Fixed bugs that prevented empty strings from being recognized as
1048 valid textfield contents.
1049 4. Documented the use of framesets and added a frameset example.
1050
1051 Version 2.14
1052
1053 This was an internal experimental version that was never released.
1054
1055 Version 2.13
1056
1057 1. Fixed a bug that interfered with the value "0" being entered into
1058 text fields.
1059
1060 Version 2.01
1061
1062 1. Added -rows and -columns to the radio and checkbox groups. No
1063 doubt this will cause much grief because it seems to promise a
1064 level of meta-organization that it doesn't actually provide.
1065 2. Fixed a bug in the redirect() method -- it was not truly HTTP/1.0
1066 compliant.
1067
1068 Version 2.0
1069
1070 The changes seemed to touch every line of code, so I decided to bump
1071 up the major version number.
1072 1. Support for named parameter style method calls. This turns out
1073 to be a big win for extending CGI.pm when Netscape adds new HTML
1074 "features".
1075 2. Changed behavior of hidden fields back to the correct "sticky"
1076 behavior. This is going to break some programs, but it is for
1077 the best in the long run.
1078 3. Netscape 2.0b2 broke the file upload feature. CGI.pm now handles
1079 both 2.0b1 and 2.0b2-style uploading. It will probably break again
1080 in 2.0b3.
1081 4. There were still problems with library being unable to distinguish
1082 between a form being loaded for the first time, and a subsequent
1083 loading with all fields blank. We now forcibly create a default
1084 name for the Submit button (if not provided) so that there's
1085 always at least one parameter.
1086 5. More workarounds to prevent annoying spurious warning messages
1087 when run under the -w switch. -w is seriously broken in perl
1088 5.001!
1089
1090 Version 1.57
1091
1092 1. Support for the Netscape 2.0 "File upload" field.
1093 2. The handling of defaults for selected items in scrolling lists and
1094 multiple checkboxes is now consistent.
1095
1096 Version 1.56
1097
1098 1. Created true "pod" documentation for the module.
1099 2. Cleaned up the code to avoid many of the spurious "use of
1100 uninitialized variable" warnings when running with the -w switch.
1101 3. Added the autoEscape() method. v
1102 4. Added string interpolation of the CGI object.
1103 5. Added the ability to pass additional parameters to the <BODY> tag.
1104 6. Added the ability to specify the status code in the HTTP header.
1105
1106 Bug fixes in version 1.55
1107
1108 1. Every time self_url() was called, the parameter list would grow.
1109 This was a bad "feature".
1110 2. Documented the fact that you can pass "-" to radio_group() in
1111 order to prevent any button from being highlighted by default.
1112
1113 Bug fixes in version 1.54
1114
1115 1. The user_agent() method is now documented;
1116 2. A potential security hole in import() is now plugged.
1117 3. Changed name of import() to import_names() for compatability with
1118 CGI:: modules.
1119
1120 Bug fixes in version 1.53
1121
1122 1. Fixed several typos in the code that were causing the following
1123 subroutines to fail in some circumstances
1124 1. checkbox()
1125 2. hidden()
1126 2. No features added
1127
1128 New features added in version 1.52
1129
1130 1. Added backslashing, quotation marks, and other shell-style escape
1131 sequences to the parameters passed in during debugging off-line.
1132 2. Changed the way that the hidden() method works so that the default
1133 value always overrides the current one.
1134 3. Improved the handling of sticky values in forms. It's now less
1135 likely that sticky values will get stuck.
1136 4. If you call server_name(), script_name() and several other methods
1137 when running offline, the methods now create "dummy" values to
1138 work with.
1139
1140 Bugs fixed in version 1.51
1141
1142 1. param() when called without arguments was returning an array of
1143 length 1 even when there were no parameters to be had. Bad bug!
1144 Bad!
1145 2. The HTML code generated would break if input fields contained the
1146 forbidden characters ">< or &. You can now use these characters
1147 freely.
1148
1149 New features added in version 1.50
1150
1151 1. import() method allows all the parameters to be imported into a
1152 namespace in one fell swoop.
1153 2. Parameters are now returned in the same order in which they were
1154 defined.
1155
1156 Bugs fixed in version 1.45
1157
1158 1. delete() method didn't work correctly. This is now fixed.
1159 2. reset() method didn't allow you to set the name of the button.
1160 Fixed.
1161
1162 Bugs fixed in version 1.44
1163
1164 1. self_url() didn't include the path information. This is now fixed.
1165
1166 New features added in version 1.43
1167
1168 1. Added the delete() method.
1169
1170 New features added in version 1.42
1171
1172 1. The image_button() method to create clickable images.
1173 2. A few bug fixes involving forms embedded in <PRE> blocks.
1174
1175 New features added in version 1.4
1176
1177 1. New header shortcut methods
1178 + redirect() to create HTTP redirection messages.
1179 + start_html() to create the HTML title, complete with the
1180 recommended <LINK> tag that no one ever remembers to include.
1181 + end_html() for completeness' sake.
1182 2. A new save() method that allows you to write out the state of an
1183 script to a file or pipe.
1184 3. An improved version of the new() method that allows you to restore
1185 the state of a script from a file or pipe. With (2) this gives you
1186 dump and restore capabilities! (Wow, you can put a "121,931
1187 customers served" banner at the bottom of your pages!)
1188 4. A self_url() method that allows you to create state-maintaining
1189 hypertext links. In addition to allowing you to maintain the state
1190 of your scripts between invocations, this lets you work around a
1191 problem that some browsers have when jumping to internal links in
1192 a document that contains a form -- the form information gets lost.
1193 5. The user-visible labels in checkboxes, radio buttons, popup menus
1194 and scrolling lists have now been decoupled from the values sent
1195 to your CGI script. Your script can know a checkbox by the name of
1196 "cb1" while the user knows it by a more descriptive name. I've
1197 also added some parameters that were missing from the text fields,
1198 such as MAXLENGTH.
1199 6. A whole bunch of methods have been added to get at environment
1200 variables involved in user verification and other obscure
1201 features.
1202
1203 Bug fixes
1204
1205 1. The problems with the hidden fields have (I hope at last) been
1206 fixed.
1207 2. You can create multiple query objects and they will all be
1208 initialized correctly. This simplifies the creation of multiple
1209 forms on one page.
1210 3. The URL unescaping code works correctly now.
Unnamed repository; edit this file to name it for gitweb.