| Subject: | The header subroutine in CGI.pm uses a MIME type whitelist that's not up to date, and shouldn't exist at all |
The header subroutine in CGI.pm uses a MIME type whitelist that's not up to date, and shouldn't exist at all. This problem exists in 3.15 and probably most if not all earlier revisions (although I haven't checked). The attached patch fixes the issue by removing the whitelist which I think shouldn't exist at all, it should be up to the programmer what MIME type / character set combinations he wants to send.
I reported this issue via email as instructed in the CGI.pm documentation[1] on 2005-07-18, as of 2005-12-27 I've recived no reply from the author, nor has the issue been fixed. The module probably needs a new maintainer or an update to its documentation explaining where to file bugs.
Test CGI script for the issue:
"""
#!/usr/bin/env perl
use strict;
use warnings;
use CGI;
my $cgi = new CGI;
# This works because !^text/! is whitelisted (sends Content-Type: text/html; charset=UTF-8)
print $cgi->header( -type => 'text/html', -charset => 'UTF-8' );
# This doesn't work as expected (just sends Content-Type: application/xhtml+xml)
print $cgi->header( -type => 'application/xhtml+xml', -charset => 'UTF-8' );
# This is a workaround for the issue (sends Content-Type: application/xhtml+xml; charset=UTF-8)%
print $cgi->header( -type => 'application/xhtml+xml; charset=UTF-8' );
"""
== Footnotes ==
* 1: http://search.cpan.org/~lds/CGI.pm-3.15/CGI.pm#AUTHOR_INFORMATION
--- CGI.pm.old 2005-12-27 18:07:22.000000000 +0000
+++ CGI.pm 2005-12-27 18:08:12.000000000 +0000
@@ -1433,7 +1433,7 @@
}
$type ||= 'text/html' unless defined($type);
- $type .= "; charset=$charset" if $type ne '' and $type =~ m!^text/! and $type !~ /\bcharset\b/ and $charset ne '';
+ $type .= "; charset=$charset" if $type ne '' and $type !~ /\bcharset\b/ and $charset ne '';
# Maybe future compatibility. Maybe not.
my $protocol = $ENV{SERVER_PROTOCOL} || 'HTTP/1.0';