From: Steve Peters Date: Wed, 26 Mar 2008 03:18:01 +0000 (+0000) Subject: Upgrade to CGI-3.35. X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=86de2d7dbe59d127ec449a28248f74873fd586d5;p=p5sagit%2Fp5-mst-13.2.git Upgrade to CGI-3.35. p4raw-id: //depot/perl@33568 --- diff --git a/lib/CGI.pm b/lib/CGI.pm index fc29d67..384a17c 100644 --- a/lib/CGI.pm +++ b/lib/CGI.pm @@ -18,8 +18,8 @@ use Carp 'croak'; # The most recent version and complete docs are available at: # http://stein.cshl.org/WWW/software/CGI/ -$CGI::revision = '$Id: CGI.pm,v 1.247 2008/03/14 14:29:36 lstein Exp $'; -$CGI::VERSION='3.34_01'; +$CGI::revision = '$Id: CGI.pm,v 1.249 2008/03/25 15:17:55 lstein Exp $'; +$CGI::VERSION='3.35'; # HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES. # UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING. @@ -2569,6 +2569,7 @@ sub scrolling_list { $size = $size || scalar(@values); my(%selected) = $self->previous_or_default($name,$defaults,$override); + my($is_multiple) = $multiple ? qq/ multiple="multiple"/ : ''; my($has_size) = $size ? qq/ size="$size"/: ''; my($other) = @other ? " @other" : ''; @@ -3381,12 +3382,12 @@ sub read_multipart { my($param)= $header{'Content-Disposition'}=~/ name="([^"]*)"/; $param .= $TAINTED; - # Bug: Netscape doesn't escape quotation marks in file names!!! - # See RFC 1867, 2183, 2045 - # NB: File content will be loaded into memory should - # content-disposition parsing fail. - my ($filename) = $header{'Content-Disposition'}=~/ filename=(("[^"]*")|([a-z\d!\#'\*\+,\.^_\`\{\}\|\~]*))/i; - $filename =~ s/^"([^"]*)"$/$1/; + # See RFC 1867, 2183, 2045 + # NB: File content will be loaded into memory should + # content-disposition parsing fail. + my ($filename) = $header{'Content-Disposition'} + =~/ filename=(("[^"]*")|([a-z\d!\#'\*\+,\.^_\`\{\}\|\~]*))/i; + $filename =~ s/^"([^"]*)"$/$1/; # Test for Opera's multiple upload feature my($multipart) = ( defined( $header{'Content-Type'} ) && $header{'Content-Type'} =~ /multipart\/mixed/ ) ? diff --git a/lib/CGI/Changes b/lib/CGI/Changes index c2f307a..9acc4d3 100644 --- a/lib/CGI/Changes +++ b/lib/CGI/Changes @@ -1,3 +1,27 @@ + Version 3.35 + 1. Resync with bleadperl, primarily fixing a bug in parsing semicolons in uploaded filenames. + + Version 3.34 + 1. Handle Unicode %uXXXX escapes properly -- patch from DANKOGAI@cpan.org + 2. Fix url() method to not choke on path names that contain regex characters. + + Version 3.33 + 1. Remove uninit variable warning when calling url(-relative=>1) + 2. Fix uninit variable warnings for two lc calls + 3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10 + + Version 3.32 + 1. Patch from Miguel Santinho to prevent sending premature headers under mod_perl 2.0 + + Version 3.31 + 1. Patch from Xavier Robin so that CGI::Carp issues a 500 Status code rather than a 200 status code. + 2. Patch from Alexander Klink to select correct temporary directory in OSX Leopard so that upload works. + 3. Possibly fixed "wrapped pack" error on 5.10 and higher. + + Version 3.30 + 1. Patch from Mike Barry to handle POSTDATA in the same way as PUT. + 2. Patch from Rafael Garcia-Suarez to correctly reencode unicode values as byte values. + Version 3.29 1. The position of file handles is now reset to zero when CGI->new is called. (Mark Stosberg)