From: Rafael Garcia-Suarez Date: Thu, 15 Apr 2010 07:35:07 +0000 (+0200) Subject: Upgrade to CGI.pm 3.49 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=cfbab81b96edaf7de871d0fa306f1723e15a56d7;p=p5sagit%2Fp5-mst-13.2.git Upgrade to CGI.pm 3.49 --- diff --git a/MANIFEST b/MANIFEST index da0c1f3..c0de439 100644 --- a/MANIFEST +++ b/MANIFEST @@ -224,6 +224,7 @@ cpan/CGI/t/unescapeHTML.t See if CGI::unescapeHTML() works cpan/CGI/t/uploadInfo.t See if CGI.pm works cpan/CGI/t/upload_post_text.txt Test data for CGI.pm cpan/CGI/t/upload.t See if CGI.pm works +cpan/CGI/t/url.t See if CGI.pm works cpan/CGI/t/user_agent.t See if CGI->user_agent() works cpan/CGI/t/utf8.t See if CGI.pm works cpan/CGI/t/util-58.t See if 5.8-dependent features work diff --git a/Porting/Maintainers.pl b/Porting/Maintainers.pl index f37c895..1608efa 100755 --- a/Porting/Maintainers.pl +++ b/Porting/Maintainers.pl @@ -308,7 +308,7 @@ use File::Glob qw(:case); 'CGI' => { 'MAINTAINER' => 'lstein', - 'DISTRIBUTION' => 'LDS/CGI.pm-3.48.tar.gz', + 'DISTRIBUTION' => 'LDS/CGI.pm-3.49.tar.gz', 'FILES' => q[cpan/CGI], 'EXCLUDED' => [ qr{^t/lib/Test}, qw( cgi-lib_porting.html diff --git a/cpan/CGI/Changes b/cpan/CGI/Changes index e7acabd..fb1644f 100644 --- a/cpan/CGI/Changes +++ b/cpan/CGI/Changes @@ -1,3 +1,23 @@ +Version 3.49 + + [BUG FIXES] + 1. Fix a regression since 3.44 involving a case when the header includes "Content-Length: 0". + Thanks to Alex Vandiver (RT#51109) + 2. Suppress uninitialized warnings under -w. Thanks to burak. (RT#50301) + 3. url() now uses virtual_port() instead of server_port(). Thanks to MKANAT and Yanick Champoux. (RT#51562) + + [SECURITY] + 1. embedded newlines are now filtered out of header values in header(). + Thanks to Mark Stosberg and Yanick Champoux. + + [DOCUMENTATION] + 1. README was updated to reflect that CGI.pm was moved under ./lib. + Thanks to Alex Vandiver. + + [INTERNALS] + 1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485) + 2. Attempt to avoid test failures with t/fast, thanks to Steve Hay. (RT#49599) + Version 3.48 [BUG FIXES] diff --git a/cpan/CGI/lib/CGI.pm b/cpan/CGI/lib/CGI.pm index 0cba881..355b8d1 100644 --- a/cpan/CGI/lib/CGI.pm +++ b/cpan/CGI/lib/CGI.pm @@ -19,7 +19,7 @@ use Carp 'croak'; # http://stein.cshl.org/WWW/software/CGI/ $CGI::revision = '$Id: CGI.pm,v 1.266 2009/07/30 16:32:34 lstein Exp $'; -$CGI::VERSION='3.48'; +$CGI::VERSION='3.49'; # HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES. # UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING. @@ -663,7 +663,7 @@ sub init { if ( $content_length > 0 ) { $self->read_from_client(\$query_string,$content_length,0); } - else { + elsif (not defined $ENV{CONTENT_LENGTH}) { $self->read_from_stdin(\$query_string); # should this be PUTDATA in case of PUT ? my($param) = $meth . 'DATA' ; @@ -1542,6 +1542,16 @@ sub header { 'EXPIRES','NPH','CHARSET', 'ATTACHMENT','P3P'],@p); + # CR escaping for values, per RFC 822 + for my $header ($type,$status,$cookie,$target,$expires,$nph,$charset,$attachment,$p3p,@other) { + if (defined $header) { + $header =~ s/ + (?<=\n) # For any character proceeded by a newline + (?=\S) # ... that is not whitespace + / /xg; # ... inject a leading space in the new line + } + } + $nph ||= $NPH; $type ||= 'text/html' unless defined($type); @@ -1557,7 +1567,7 @@ sub header { # need to fix it up a little. for (@other) { # Don't use \s because of perl bug 21951 - next unless my($header,$value) = /([^ \r\n\t=]+)=\"?(.+?)\"?$/; + next unless my($header,$value) = /([^ \r\n\t=]+)=\"?(.+?)\"?$/s; ($_ = $header) =~ s/^(\w)(.*)/"\u$1\L$2" . ': '.$self->unescapeHTML($value)/e; } @@ -2566,6 +2576,7 @@ sub popup_menu { my(@values); @values = $self->_set_values_and_labels($values,\$labels,$name); $tabindex = $self->element_tab($tabindex); + $name = q{} if ! defined $name; $result = qq/