From: John Napiorkowski Date: Fri, 2 Jan 2015 15:05:39 +0000 (-0600) Subject: documentation and up version X-Git-Tag: 5.90079_008~17 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Runtime.git;a=commitdiff_plain;h=ac1cf8d417b2f21cfd997b8cc7756e2bb36dedc7 documentation and up version --- diff --git a/Changes b/Changes index 8d87c7c..2a7af00 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,13 @@ # This file documents the revision history for Perl extension Catalyst. +5.90079.06 - 2015-01-02 + - Removed unneeded depdency on RenderView in new test case that was causing fails + on CPAN testers that did not just happen to have that dependency already installed + - Updated copyright notices to 2015 + - Documentation patches around the setup methods and clarification on on security + note posted a few months ago. + - Added my name to the contributors list + 5.90079_005 - 2014-12-31 - Merged changes from 5.90078 - If configuration 'using_frontend_proxy' is set, we add the correct middleware diff --git a/lib/Catalyst.pm b/lib/Catalyst.pm index 1b3af91..31434ee 100644 --- a/lib/Catalyst.pm +++ b/lib/Catalyst.pm @@ -129,7 +129,7 @@ __PACKAGE__->stats_class('Catalyst::Stats'); __PACKAGE__->_encode_check(Encode::FB_CROAK | Encode::LEAVE_SRC); # Remember to update this in Catalyst::Runtime as well! -our $VERSION = '5.90079_005'; +our $VERSION = '5.90079_006'; $VERSION = eval $VERSION if $VERSION =~ /_/; # numify for warning-free dev releases sub import { @@ -1184,6 +1184,17 @@ Catalyst> line. B You B wrap this method with method modifiers or bad things will happen - wrap the C method instead. +B You can create a custom setup stage that will execute when the +application is starting. Use this to customize setup. + + MyApp->setup(-Custom=value); + + sub setup_custom { + my ($class, $value) = @_; + } + +Can be handy if you want to hook into the setup phase. + =cut sub setup { @@ -4424,9 +4435,11 @@ dd070: Dhaval Dhanani Upasana +John Napiorkowski (jnap) + =head1 COPYRIGHT -Copyright (c) 2005-2014, the above named PROJECT FOUNDER and CONTRIBUTORS. +Copyright (c) 2005-2015, the above named PROJECT FOUNDER and CONTRIBUTORS. =head1 LICENSE diff --git a/lib/Catalyst/Request.pm b/lib/Catalyst/Request.pm index 5e57305..c0d9fca 100644 --- a/lib/Catalyst/Request.pm +++ b/lib/Catalyst/Request.pm @@ -669,12 +669,16 @@ cause a hash initialization error. For a more straightforward interface see C<< $c->req->parameters >>. B Interfaces like this, which are based on L and the C method -are now known to cause demonstrated exploits. It is highly recommended that you -avoid using this method, and migrate existing code away from it. Here's the +are known to cause demonstrated exploits. It is highly recommended that you +avoid using this method, and migrate existing code away from it. Here's a whitepaper of the exploit: L +B Further discussion on IRC indicate that the L core team from 'back then' +were well aware of this hack and this is the main reason we added the new approach to +getting parameters in the first place. + Basically this is an exploit that takes advantage of how L<\param> will do one thing in scalar context and another thing in list context. This is combined with how Perl chooses to deal with duplicate keys in a hash definition by overwriting the value of diff --git a/lib/Catalyst/Runtime.pm b/lib/Catalyst/Runtime.pm index 416f0de..a09b086 100644 --- a/lib/Catalyst/Runtime.pm +++ b/lib/Catalyst/Runtime.pm @@ -7,7 +7,7 @@ BEGIN { require 5.008003; } # Remember to update this in Catalyst as well! -our $VERSION = '5.90079_005'; +our $VERSION = '5.90079_006'; $VERSION = eval $VERSION if $VERSION =~ /_/; # numify for warning-free dev releases =head1 NAME