Bug #103096 for WWW-Mechanize: multi

Wed Mar 25 06:24:43 2015 zefram [...] fysh.org - Ticket created

Subject:	multi_param warning
Date:	Wed, 25 Mar 2015 10:24:31 +0000
To:	bug-WWW-Mechanize [...] rt.cpan.org
From:	Zefram <zefram [...] fysh.org>

With recent CGI.pm, WWW-Mechanize generates these warnings from its test suite: CGI::param called in list context from package main /opt/perl-5.20.2/cpan/build/WWW-Mechanize-1.74-x1I0dt/t/local/log-server line 112, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /opt/perl-5.20.2/cpan/build/WWW-Mechanize-1.74-x1I0dt/CGI.pm line 437, <DATA> line 39. The attached patch alters the method call to avoid the warning. The fix depends on the new multi_param method, so the patch also declares a dependency on the first version of CGI that contained that method. This incidentally fixes the bug that WWW-Mechanize doesn't declare its dependency on CGI at all, which is potentially a problem now that CGI.pm is no longer bundled with the Perl core. -zefram

Message body is not shown because sender requested not to inline it.

Wed Mar 25 12:30:55 2015 ether [...] cpan.org - Taken

Tue Jun 02 23:28:04 2015 ether [...] cpan.org - Correspondence added

Thanks, released in 1.75.

Tue Jun 02 23:28:05 2015 The RT System itself - Status changed from 'new' to 'open'

Tue Jun 02 23:28:11 2015 ether [...] cpan.org - Status changed from 'open' to 'resolved'

Wed Jun 03 13:01:27 2015 ether [...] cpan.org - Broken in 1.75 added

Wed Jun 03 22:05:21 2015 ether [...] cpan.org - Fixed in 1.75 added

Wed Jun 03 22:05:22 2015 ether [...] cpan.org - Broken in 1.75 deleted

Bug #103096 for WWW-Mechanize: multi_param warning

Preferred bug tracker