Skip Menu |

This queue is for tickets about the HTML-FillInForm CPAN distribution.

Report information
The Basics
Id: 100926
Status: open
Priority: 0/
Queue: HTML-FillInForm
People
Owner: Nobody in particular
Requestors: gjtunley [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Dec 15 09:04:21 2014 gjtunley [...] gmail.com - Ticket created
Subject: Using with CGI version >= 4 causes error
Date: Mon, 15 Dec 2014 14:04:08 +0000
To: bug-HTML-FillInForm [...] rt.cpan.org
From: Gareth Tunley <gjtunley [...] gmail.com>
When module is used with CGI version 4 or above the following warning is thrown: CGI::param called in list context from package HTML::FillInForm line 427, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/local/share/perl/5.14.2/CGI.pm line 437. I fixed by changing this to: my @v; if ($o->can('multi_param')) { @v = $o->multi_param($param); } else { @v = $o->param($param); } Though YMMV. Gareth -- Gareth Tunley - gjtunley@gmail.com
  Mon Dec 15 09:21:20 2014 MARKSTOS [...] cpan.org - Correspondence added
Gareth, Looks like a good fix. I was the active maintainer of this module but am no longer working with Perl now due to a job change. The original maintainer, TJMATHER, will give final word on your patch. Mark
  Mon Dec 15 09:21:20 2014 The RT System itself - Status changed from 'new' to 'open'
  Fri Apr 03 15:33:28 2015 jeremy.mates [...] gmail.com - Correspondence added
Fix merged in: https://github.com/markstos/HTML-FillInForm/pull/9