forked from leejo/CGI.pm
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathChanges
1474 lines (1196 loc) · 61 KB
/
Changes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Version 3.46
[BUG FIXES]
1. In CGI::Pretty, we no longer add line breaks after tags we claim not to format. Thanks to rrt, Bob Kuo and
and Mark Stosberg. (RT#42114).
2. unescapeHTML() no longer falsely recognizes certain text as entities. Thanks to Pete Gamanche, Mark Stosberg
and Bob Kuo. (RT#39122)
3. checkbox_group() now correctly includes a space before the "checked" attribute.
Thanks to Andrew Speer and Bob Kuo. (RT#36583)
4. Fix case-sensitivity in http() and https() according to docs. Make https()
return list of keys in list context. Thanks to riQyRoe and Rhesa Rozendaal. (RT#12909)
5. XHTML is now automatically disabled for HTML 4, as well as HTML 2 and HTML 3. Thanks to
Dan Harkless and Yanick Champoux. (RT#27907)
6. Pre-compiling 'end_form' with ':form' switch now works. Thanks to ryochin and Yanick Champoux. (RT#41530)
7. Empty name/values pairs are now properly saved and restored from filehandles. Thanks to rlucas and
Rhesa Rozendaal (RT#13158)
8. Some differences between startform() and start_form() have been fixed. Thanks to Slaven Rezic and
Shawn Corey. (RT#22046)
9. url_param() has been updated to be more consistent with the documentation and param().
Thanks to Britton Kerin and Yanick Campoux. (RT#43587)
10.hidden() now correctly supports multiple defaule values.
Thanks to [email protected] and Russell Jenkins. (RT#20436)
11.Calling CGI->new() no longer clobbers the value of $_ in the current scope.
Thanks to Alexey Tourbin, Bob Kuo and Mark Stosberg. (RT#25131)
12.UTF-8 params should not get double-decoded now.
Thanks to Yves, Bodo, Burak Gürsoy, and Michael Schout. (RT#19913)
13.We now give objects passed to CGI::Carp::die a chance to be stringified.
Thanks to teek and Yanick Champoux (RT#41530)
14.Turning off autoEscape() now only affects the behavior of built-in HTML
generation fuctions. Explicit calls to escapeHTML() always escape HTML regardless
of the setting. Thanks to vindex, Bob Kuo and Mark Stosberg (RT#40748)
15.In CGI::Fast, preferences set via pragmas are now preserved.
Thanks to heinst and Mark Stosberg (RT#32119)
[DOCUMENTATION]
1. remote_addr() is now documented. Thanks to Yanick Champoux. (RT#38884)
2. In CGI::Pretty in the list of tags left unformatted was updated to match the code. Thanks to Mark Stosberg. (RT#42114)
3. In CGI::Pretty, performance concerns are now documented. Thanks to Jochen, Rhesa Rozendaal and Mark Stosberg (RT#13223)
4. A number of outdated Netscape references have been removed. Thanks to Mark Stosberg.
5. The documentation has been purged of examples of using indirect object notation. Thanks to Mark Stosberg.
6. Some POD formatting was fixed. Thanks to Dave Mitchell (RT#48935).
7. Docs and examples were updated to highlight start_form instead of startform.
Thanks to Slaven Rezic.
8. Note that CGI::Carp::carpout() doesn't work with in-memory filehandles.
Thanks to rhubbell and Mark Stosberg.
[INTERNALS]
1. Quit bundling an ancient copy of Test::More and and using a custom 'lib' path for the tests. Instead, Test::More
is now a dependency. Thanks to Ansgar and Mark Stosberg (RT#48811)
2. Automated tests for hidden() have been added, thanks to Russel Jenkins and Mark Stosberg (RT#20436)
3. t/util.t has been updated to use Test::More instead of a home-grown test function. Thanks to Bob Kuo.
Version 3.45
[BUG FIXES]
1. Prevent warnings about "uninitialized values" for REQUEST_URI, HTTP_USER_AGENT and other environment variables.
Patches by Callum Gibson, heiko and Mark Stosberg. (RT#24684, RT#29065)
2. Avoid death in some cases when running under Taint mode on Windows.
Patch by Peter Hancock (RT#43796)
3. Allow 0 to be used as a default value in popup_menu(). This was broken starting in 3.37.
Thanks to Haze, who was the first to report this and supply a patch, and pfschill, who pinpointed
when the bug was introduced. A regression test for this was also added. (RT#37908)
4. Allow "+" as a valid character in file names, which fixes temp file creation on OS X Leopard.
Thanks to Andy Armstrong, and alech for patches. (RT#30504)
5. Set binmode() on the Netware platform, thanks to Guenter Knauf (RT#27455)
6. Don't allow a CGI::Carp error handler to die recursively. Print a warning and exit instead.
Thanks to Marc Chantreux. (RT#45956)
7. The Dump() method now is fixed to escape HTML properly. Thanks to Mark Stosberg (RT#21341)
8. Support for <optgroup> with scrolling_list() now works the same way as it does for popup_menu().
Thanks to Stuart Johnston (RT#30097)
9. CGI::Pretty now works properly when $" is set to ''. Thanks to Jim Keenan (RT#12401)
10. Fix crash when used in combination with PerlEx::DBI. Thanks to Burak Gürsoy (RT#19902)
[DOCUMENTATION]
1. Several typos were fixed, Thanks to ambs. (RT#41105)
2. A typo related to the nosticky pragma was fixed, thanks to Britton Kerin. (RT#43220)
3. examples/nph-clock.cgi is now more portable, by calling localtime() rather than `/bin/date`,
thanks to Guenter Knauf. (RT#27456).
4. In CGI::Carp, the SEE ALSO section was cleaned up, thanks to Slaven Rezic. (RT#32769)
5. The docs for redirect() were updated to reflect that most headers are
ignored during redirection. Thanks to Mark Stosberg (RT#44911)
[INTERNALS]
1. New t/unescapeHTML.t test script has been added. It includes a TODO test for a pre-existing
bug which could use a patch. Thanks to Pete Gamache and Mark Stosberg (RT#39122)
2. New test scripts have been added for user_agent(), popup_menu() and query_string(), scrolling_list() and Dump()
Thanks to Mark Stosberg and Stuart Johnston. (RT#37908, RT#43006, RT#21341, RT#30097)
3. CGI::Carp and CGI::Util have been updated to have non-developer version numbers.
Thanks to Slaven Rezic. (RT#48425)
4. CGI::Switch and CGI::Apache now properly set their VERSION in their own name space.
Thanks to Alexey Tourbin (RT#11941,RT#11942)
Version 3.44
1. Patch from Kurt Jaeger to allow HTTP PUT even if the content length is unknown.
2. Patch from Pavel merdin to fix a problem for one of the FireFox addons.
3. Fixed issue in mod_perl & fastCGI environment of cookies returned from
CGI->cookie() leaking from one session to another.
Version 3.43
1. Documentation patch from [email protected] to replace all occurrences of
"new CGI" with CGI->new()" to reflect best perl practices.
2. Patch from Stepan Kasal to fix utf-8 related problems in perl 5.10
Version 3.42
1. Added patch from Renee Baecker that makes it possible to subclass
CGI::Pretty.
2. Added patch from Nicholas Clark to allow ~ characters in temporary directories.
3. Added patch from Renee Baecker that fixes the inappropriate escaping of fields
in multipart headers.
Version 3.41
1. Fix url() returning incorrect path when query string contains escaped newline.
2. Added additional windows temporary directories and environment variables, courtesy patch from Renee Baecker
3. Added a handle() method to the lightweight upload
filehandles. This method returns a real IO::Handle object.
4. Added patch from Tony Vanlingen to fix deep recursion warnings in CGI::Pretty.
Version 3.40
1. Fixed CGI::Fast docs to eliminate references to a "special"
version of Perl.
2. Makefile.PL now depends on FCGI so that CGI::Fast installs properly.
3. Fix script_name() call from Stephane Chazelas.
Version 3.39
1. Fixed regression in "exists" function when using tied interface to CGI via $q->Vars.
Version 3.38
1. Fix annoying warning in http://rt.cpan.org/Ticket/Display.html?id=34551
2. Added nobr() function http://rt.cpan.org/Ticket/Display.html?id=35377
3. popup_menu() allows multiple items to be selected by default, satisfying
http://rt.cpan.org/Ticket/Display.html?id=35376
4. Patch from Renee Backer to avoid doubled <http-equiv> headers.
5. Fixed documentation bug that describes what happens when a
parameter is empty (e.g. "?test1=").
6. Fixed minor warning described at http://rt.cpan.org/Public/Bug/Display.html?id=36435
7. Fixed overlap of attribute and parameter space described in http://rt.perl.org/rt3//Ticket/Display.html?id=24294
Version 3.37
1. Fix pragmas so that they persist over modperl invocations (e.g. RT 34761)
2. Fixed handling of chunked multipart uploads; thanks to Michael Bernhardt
who reported and fixed the problem.
Version 3.36
1. Fix CGI::Cookie to support cookies that are separated by "," instead of ";".
Version 3.35
1. Resync with bleadperl, primarily fixing a bug in parsing semicolons in uploaded filenames.
Version 3.34
1. Handle Unicode %uXXXX escapes properly -- patch from [email protected]
2. Fix url() method to not choke on path names that contain regex characters.
Version 3.33
1. Remove uninit variable warning when calling url(-relative=>1)
2. Fix uninit variable warnings for two lc calls
3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10
Version 3.32
1. Patch from Miguel Santinho to prevent sending premature headers under mod_perl 2.0
Version 3.31
1. Patch from Xavier Robin so that CGI::Carp issues a 500 Status code rather than a 200 status code.
2. Patch from Alexander Klink to select correct temporary directory in OSX Leopard so that upload works.
3. Possibly fixed "wrapped pack" error on 5.10 and higher.
Version 3.30
1. Patch from Mike Barry to handle POSTDATA in the same way as PUT.
2. Patch from Rafael Garcia-Suarez to correctly reencode unicode values as byte values.
Version 3.29
1. The position of file handles is now reset to zero when CGI->new is called.
(Mark Stosberg)
2. uploadInfo() now works across multiple object instances. Also, the first
tests for uploadInfo() were added as part of the fix. (CPAN bug 11895, with
contributions from drfrench and Mark Stosberg).
Version 3.28
1. Applied patch from Allen Day that makes Cookie parsing RFC2109 compliant
(attribute/values can be separated by commas as well as semicolons).
2. Applied patch from Stephan Struckmann that allows script_name() to be set correctly.
3. Fixed problem with url(-full) in which port number appears twice.
Version 3.27
1. Applied patch from Steve Taylor that allows checkbox_groups to be
disabled with a new -disabled=> option.
Version 3.26
1. Fixed alternate stylesheet behavior so that it is insensitive to order of declarations.
2. Patch from John Binns to allow users to provide a callback to CGI::Carp.
3. Added "~" as an unreserved character in escape().
4. Patch from Chris Fedde to prevent HTTP_HOST from inhibiting SERVER_PORT in url() generation.
5. Fixed outdated documentation (and behavior) of -language in start_html -script option.
6. Fixed bug in seconds calculation in CGI::Util::expire_calc.
Version 3.25
1. Fixed the link to the Netscape frames page.
2. Added ability to specify an alternate stylesheet.
3. Add support for XForms POST submssion both as application/xml or as multipart/related
Version 3.24
1. In startform(), if request_uri() returns undef, then falls back
to self_url(). This should rarely happen except when run outside of
the CGI environment.
2. image button alignment options were mistakenly being capitalized, causing xhtml validation to fail.
Version 3.23
1. Typo in upload() persisted, now fixed for real. Thanks to
Emanuele Zeppieri for correct patch and regression test.
Version 3.22
1. Typo in upload() function broke uploads. Now fixed (CPAN bug 21126).
Version 3.21
1. Don't try to read data at all when POST > $POST_MAX.
2. Fixed bug that caused $cgi->param('name',undef,'value') to unset param('name') entirely.
3. Fixed bug in which upload() sometimes returns empty. (CPAN bug #12694).
4. Incorporated patch from [email protected] to support HTTPcookies (CPAN bug 21019).
Version 3.20
1. Patch from David Wheeler for CGI::Cookie->bake(). Uses mod_perl headers_out->add()
rather than headers_out->set().
2. Fixed problem identified by Andrei Voronkov in which start_form() output was screwed
up when initial argument begins with a dash and subsequent arguments do not.
3. Quashed uninitialized variable warnings coming from script_name(), url() and other
functions that require access to the PATH_INFO environment variable.
Version 3.19
1. Added patch from Stephen Frost that allows one to suppress use of the temp file that is
created during uploads.
2. Fixed problem noted by Martin Foster in which regular expression meta-character terms
in the path information were not quoted, causing URL parsing
to fail on URLs that contained metacharacters (such as +).
3. More fixes to the url() method.
4. Removed "hack to fix broken PATH_INFO in MSII".
Version 3.18
1. Doc typo fixes.
2. Patch from Steve Peters to default the document type to match the charset.
3. Fixed param() so that param(-name=>'foo',-values=>[]) sets the parameter to empty list.
Version 3.17 Fri Feb 24 14:01:27 EST 2006
1. Added patch from Mike Hanafey which caused 0 arguments to CGI::Cookie->new() to
be treated as empty.
2. Patch to CGI::Carp from Peter Whaite to fix the unfixable problem of CGI::Carp
not behaving correctly in an eval() context.
3. CGI::Fast->new() calls CGI->_reset_globals to avoid contamination of one session
with another's variables.
4. Fixed upload failure on files that contain semicolons in their names.
Version 3.16 Wed Feb 8 13:29:11 EST 2006
1. header() -charset option now works even when the MIME type is not "text".
2. Fixed documentation for cookie() function and fastCGI.
3. Upload filehandles now only closed automatically on Windows systems.
4. Apache::Cookie compatibility fix from David Wheeler
5. CGI::Carp->fatalsToBrowser() does not work correctly with
mod_perl 2. No workaround is known.
6. Fixed text status code associated with 302 redirects. Should be "Found"
but was "Moved".
7. Fixed charset in start_html() and header() to be in synch.
Version 3.15 Wed Dec 7 15:13:22 EST 2005
1. Remove extraneous "?" from self_url() when URI contains a ? but no query string.
Version 3.14 Tue Dec 6 17:12:03 EST 2005
1. Fixed broken scrolling_list() select attribute.
Version 3.13
1. Removed extraneous empty "?" from end of self_url().
Version 3.12
1. Fixed virtual_port so that it works properly with https protocol.
2. Fixed documentation for upload_hook().
3. Added POSTDATA documentation.
4. Made upload_hook() work in function-oriented mode.
5. Fixed POST_MAX behavior so that it doesn't cause client to hang.
6. Disabled automatic tab indexes and added new -tabindex pragma to
turn automatic indexes back on.
7. The url() and self_url() methods now work better in the context of Apache
mod_rewrite. Be advised that path_info() may give you confusing results
when mod_rewrite is active because Apache calculates the path info *after*
rewriting. This is mostly worked around in url() and self_url(), but you
may notice some anomalies.
8. Removed empty (and non-validating) <div> from code emitted by end_form().
9. Fixed CGI::Carp to work correctly with Mod_perl 1.29 in an Apache 2 environment.
10. Setting $CGI::TMPDIRECTORY should now be effective.
Version 3.11
1. Killed warning in CGI::Cookie about MOD_PERL_API_VERSION
2. Fixed append() so that it works in function mode.
3. Workaround for a bug that appears in Apache2 versions through 2.0.54
in which SCRIPT_NAME and PATH_INFO are incorrect if the additional path_info
contains a double slash. This workaround will handle the common case of
http://mysite.com/cgi-bin/log.cgi/http://www.some.other.site/args, but will
not handle the uncommon case of a ScriptAlias directive that adds additional
path information to the end of the translated URI.
Version 3.10
1. Added Apache2::RequestIO, which is necessary for mp2 interoperability.
Version 3.09
1. Fixed tabindex="0" when using CGI to create forms without a prior start_html
2. Removed warning about non-numeric MOD_PERL_API_VERSION.
Version 3.08
1. update support for mod_perl 2.0. versions prior to
mod_perl 1.999_22 (2.0.0-RC5) are no longer supported.
Version 3.07
1. Fixed typo in mod_perl detection.
Version 3.06
1. Fixed bare call to script() in start_html
2. Moved Fh::DESTROY out of autoloaded functions so as to avoid
clobbering $@ when CGI functions are executed in an eval{}
context.
3. mod_perl 2.0 version detection patch in CGI::Cookie provided by
Allen Day.
4. autoEscape() flag is now respected when generating extra
attributes.
5. Tests for *tag start/end generation from Shlomi Fish.
6. Support for can() method provided by Ron Savage.
7. Fix for lang='' when outputting XHTML.
8. Added support for chunked transfer encoding, as suggested by
Hakan Ardo
9. Fixed clobbering of row and column headers in tableized radio
and checkbox groups, as reported by Nicolas Thierry-Mieg.
10. <Label> tags are now associated with form elements, as suggested
by accessibility guidelines.
11. The <?xml> directive produced by start_html is now turned off by
default and the charset is specified in a <meta> directive. Apparently
IE6 (and maybe some versions of Opera) were getting confused by this.
12. Support for tab indexes.
13. Retired the HTML docs. The POD docs are now primary documentation.
14. CGI::Carp now correctly detects and handles Apache::Dispatch.
15. CGI::Util::utf8_chr now correctly sets the UTF8 flag on 5.006 or
higher perls (fix courtesy Slaven Rezic).
Version 3.05
1. Fixed uninitialized variable warning on start_form() when running
from command line.
2. Fixed CGI::_set_attributes so that attributes with a - are handled
correctly.
3. Fixed CGI::Carp::die() so as to avoid problems from _longmess()
clobbering @_.
4. If HTTP_X_FORWARDED_HOST is defined (i.e. running under a proxy),
the various functions that return HOST will use that instead.
5. Fix for undefined utf8() call in CGI::Util.
6. Changed the call to warningsToBrowser() in
CGI::Carp::fatalsToBrowser to call only after HTTP header is sent
(thanks to Didier Lebrun for noticing).
7. Patches from Dan Harkless to make CGI.pm validatable against HTML
3.2.
8. Fixed an extraneous "foo=bar" appearing when extra style
parameters passed to start_html;
9. Fixed cross-site scripting bug in startform() pointed out by Dan
Harkless.
10. Fixed documentation to discuss list context behavior of
form-element generators explicitly.
11. Fixed incorrect results from end_form() when called in OO manner.
12. Fixed query string stripping in order to handle URLs containing
escaped newlines.
13. During server push, set NPH to 0 rather than 1. This is supposed
to fix problems with Apache.
14. Fixed incorrect processing of multipart form fields that contain
embedded quotes. There's still the issue of how to handle ones
that contain embedded semicolons, but no one has complained (yet).
15. Fixed documentation bug in -style argument to start_html()
16. Added -status argument to redirect().
Version 3.04
1. Fixed the problem with mod_perl crashing when "defaults" button
pressed.
Version 3.03
1. Fix upload hook functionality
2. Workaround for CGI->unescape_html()
3. Bumped version numbers in CGI::Fast and CGI::Util for 5.8.3-tobe
Version 3.02
1. Bring in Apache::Response just in case.
2. File upload on EBCDIC systems now works.
Version 3.01
1. No fix yet for upload failures when running on EBCDIC server.
2. Fixed uninitialized glob warnings that appeared when file
uploading under perl 5.8.2.
3. Added patch from Schlomi Fish to allow debugging of PATH_INFO from
command line.
4. Added patch from Steve Hay to correctly unlink tmp files under
mod_perl/windows
5. Added upload_hook functionality from Jamie LeTaul
6. Workarounds for mod_perl 2 IO issues. Check that file upload and
state saving still working.
7. Added code for underreads.
8. Fixed misleading description of redirect() and relative URLs in
the POD docs.
9. Workaround for weird interaction of CGI::Carp with Safe module
reported by William McKee.
10. Added patches from Ilmari Karonen to improve behavior of
CGI::Carp.
11. Fixed documentation error in -style argument.
12. Added virtual_port() method for finding out what port server is
listening on in a virtual-host aware fashion.
Version 3.00
1. Patch from Randal Schwartz to fix bug introduced by cross-site
scripting vulnerability "fix."
2. Patch from JFreeman to replace UTF-8 escape constant of 0xfe with
0xfc. Hope this is right!
Version 2.99
1. Patch from Steve Hay to fix extra Content-type: appearing on
browser screen when FatalsToBrowser invoked.
2. Patch from Ewann Corvellec to fix cross-site scripting
vulnerability.
3. Fixed tmpdir routine for file uploading to solve problem that
occurs under mod_perl when tmpdir is writable at startup time, but
not at session time.
Version 2.98
1. Fixed crash in Dump() function.
Version 2.97
1. Sigh. Uploaded wrong 2.96 to CPAN.
Version 2.96
1. More bugfixes to the -style argument.
Version 2.95
1. Fixed bugs in start_html(-style=>...) support introduced in 2.94.
Version 2.94
1. Removed warning from reset() method.
2. Moved
and tags into the :html3 group. Hope this removes undefined CGI::Area
errors.
Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore
reporting of compile-time errors.
Fixed potential deadlock between web server and CGI.pm when aborting
a read due to POST_MAX (reported by Antti Lankila).
Fixed issue with tag-generating function not incorporating content
when first variable undef.
Fixed cross-site scripting bug reported by obscure.
Fixed Dump() function to return correctly formed XHTML - bug
reported by Ralph Siemsen.
Version 2.93
1. Fixed embarassing bug in mp1 support.
Version 2.92
1. Fix to be P3P compliant submitted from MPREWITT.
2. Added CGI->r() API for mod_perl1/mod_perl2.
3. Fixed bug in redirect() that was corrupting cookies.
4. Minor fix to behavior of reset() button to make it consistent with
submit() button (first time this has been changed in 9 years).
5. Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher.
6. Patch from Steve Hay to make CGI::Carp's error messages appear on
MSIE browsers.
7. Added Yair Lenga's patch for non-urlencoded postings.
8. Added Stas Bekman's patches for mod_perl 2 compatibility.
9. Fixed uninitialized escape behavior submitted by William Campbell.
10. Fixed tied behavior so that you can pass arguments to tie()
11. Fixed incorrect generation of URLs when the path_info contains +
and other odd characters.
12. Fixed redirect(-cookies=>$cookie) problem.
13. Fixed tag generation bug that affects -javascript passed to
start_html().
Version 2.91
1. Attribute generation now correctly respects the value of
autoEscape().
2. Fixed endofrm() syntax error introduced by Ben Edgington's patch.
Version 2.90
1. Fixed bug in redirect header handling.
2. Added P3P option to header().
3. Patches from Alexey Mahotkin to make CGI::Carp work correctly with
object-oriented exceptions.
4. Removed inaccurate description of how to set multiple cookies from
CGI::Cookie pod file.
5. Patch from Kevin Mahony to prevent running out of filehandles when
uploading lots of files.
6. Documentation enhancement from Mark Fisher to note that the
import_names() method transforms the parameter names into valid
Perl names.
7. Patch from Dan Harkless to suppress lang attribute in <html> tag
if specified as a null string.
8. Patch from Ben Edgington to fix broken XHTML-transitional 1.0
validation on endform().
9. Custom html header fix from Steffen Beyer (first letter correctly
upcased now)
10. Added a -verbatim option to stylesheet generation from Michael
Dickson
11. Faster delete() method from Neelam Gupta
12. Fixed broken Cygwin support.
13. Added empty charset support from Bradley Baetz
14. Patches from Doug Perham and Kevin Mahoney to fix file upload
failures when uploaded file is a multiple of 4096.
Version 2.89
1. Fixed behavior of ACTION tag when POSTING to a URL that has a
query string.
2. Added Patch from Michael Rommel to handle multipart/mixed uploads
from Opera
Version 2.88
1. Fixed problem with uploads being refused under Perl 5.8 when under
Taint mode.
2. Fixed uninitialized variable warnings under Perl 5.8.
3. Fixed CGI::Pretty regression test failures.
Version 2.87
1. Security hole patched: when processing multipart/form-data
postings, most arguments were being untainted silently. Returned
arguments are now tainted correctly. This may cause some scripts
to fail that used to work (thanks to Nick Cleaton for pointing
this out and persisting until it was fixed).
2. Update for mod_perl 2.0.
3. Pragmas such as -no_xhtml are now respected in mod_perl
environment.
Version 2.86
1. Fixes for broken CGI::Cookie expiration dates introduced in 2.84.
Version 2.85
1. Fix for broken autoEscape function introduced in 2.84.
Version 2.84
1. Fix for failed file uploads on Cygwin platforms.
2. HTML escaping code now replaced 0x8b and 0x9b with unicode
references < and *#8250;
Version 2.83
1. Fixed autoEscape() documentation inconsistencies.
2. Patch from Ville Skyttä to fix a number of XHTML inconsistencies.
3. Added Max-Age to list of CGI::Cookie headers.
Version 2.82
1. Patch from Rudolf Troller to add attribute setting and option
groups to form fields.
2. Patch from Simon Perreault for silent crashes when using CGI::Carp
under mod_perl.
3. Patch from Scott Gifford allows you to set the program name for
CGI::Carp.
Version 2.81
1. Removed extraneous slash from end of stylesheet tags generated by
start_html in non-XHTML mode.
2. Changed behavior of CGI::Carp with respect to eval{} contexts so
that output behaves properly in mod_perl environments.
3. Fixed default DTD so that it validates with W3C validator.
Version 2.80
1. Fixed broken messages in CGI::Carp.
2. Changed checked="1" to checked="checked" for real XHTML
compatibility.
3. Resurrected REQUEST_URI code so that url() works correctly with
multiviews.
Version 2.79
1. Changes to CGI::Carp to avoid "subroutine redefined" error
messages.
2. Default DTD is now XHTML 1.0 Transitional
3. Patches to support all HTML4 tags.
Version 2.78
1. Added ability to change encoding in <?xml> assertion.
2. Fixed the old escapeHTML('CGI') ne "CGI" bug
3. In accordance with XHTML requirements, there are no longer any
minimized attributes, such as "checked".
4. Patched bug which caused file uploads of exactly 4096 bytes to be
truncated to 4094 (thanks to Kevin Mahony)
5. New tests and fixes to CGI::Pretty (thanks to Michael Schwern).
Version 2.77
1. No new features, but released in order to fix an apparent CPAN
bug.
Version 2.76
1. New esc.t regression test for EBCDIC translations courtesy Peter
Prymmer.
2. Patches from James Jurach to make compatible with FCGI-ProcManager
3. Additional fields passed to header() (like -Content_disposition)
now honor initial capitalization.
4. Patch from Andrew McNaughton to handle utf-8 escapes (%uXXXX
codes) in URLs.
Version 2.752
1. Syntax error in the autoloaded Fh::new() subroutine.
2. Better error reporting in autoloaded functions.
Version 2.751
1. Tiny tweak to filename regular expression function on line 3355.
Version 2.75
1. Fixed bug in server push boundary strings (CGI.pm and CGI::Push).
2. Fixed bug that occurs when uploading files with funny characters
in the name
3. Fixed non-XHTML-compliant attributes produced by textfield()
4. Added EPOC support, courtesy Olaf Flebbe
5. Fixed minor XHTML bugs.
6. Made escape() and unescape() symmetric with respect to EBCDIC,
courtesy Roca, Ignasi <[email protected]>
7. Removed uninitialized variable warning from CGI::Cookie, provided
by Atipat Rojnuckarin <[email protected]>
8. Fixed bug in CGI::Pretty that causes it to print partial end tags
when the $INDENT global is changed.
9. Single quotes are changed to character entity ' for compatibility
with URLs.
Version 2.74
September 13, 2000
1. Quashed one-character bug that caused CGI.pm to fail on file
uploads.
Version 2.73
September 12, 2000
1. Added -base to the list of arguments accepted by url().
2. Fixes to XHTML support.
3. POST parameters no longer show up in the Location box.
Version 2.72
August 19, 2000
1. Fixed the defaults button so that it works again
2. Charset is now correctly saved and restored when saving to files
3. url() now works correctly when given scripts with %20 and other
escapes in the additional path info. This undoes a patch
introduced in version 2.47 that I no longer understand the
rationale for.
Version 2.71
August 13, 2000
1. Newlines in the value attributes of hidden fields and other form
elements are now escaped when using ISO-Latin.
2. Inline script and style sections are now protected as CDATA
sections when XHTML mode is on (the default).
Version 2.70
August 4, 2000
1. Fixed bug in scrolling_list() which omitted a space in front of
the "multiple" attribute.
2. Squashed the "useless use of string in void context" message from
redirects.
Version 2.69
1. startform() now creates default ACTION for POSTs as well as GETs.
This may break some browsers, but it no longer violates the HTML
spec.
2. CGI.pm now emits XHTML by default. Disable with -no_xhtml.
3. We no longer interpret &#ddd sequences in non-latin character
sets.
Version 2.68
1. No longer attempts to escape characters when dealing with non
ISO-8861 character sets.
2. checkbox() function now defaults to using -value as its label,
rather than -name. The current behavior is what has been
documented from the beginning.
3. -style accepts array reference to incorporate multiple stylesheets
into document.
1. Fixed two bugs that caused the -compile pragma to fail with a
syntax error.
Version 2.67
1. Added XHTML support (incomplete; tags need to be lowercased).
2. Fixed CGI/Carp when running under mod_perl. Probably broke in
other contexts.
3. Fixed problems when passing multiple cookies.
4. Suppress warnings from _tableize() that were appearing when using
-w switch with radio_group() and checkbox_group().
5. Support for the header() -attachment argument, which can give
pages a default file name when saving to disk.
Version 2.66
1. 2.65 changes in make_attributes() broke HTTP header functions
(including redirect), so made it context sensitive.
Version 2.65
1. Fixed regression tests to skip tests that require implicit fork on
machines without fork().
2. Changed make_attributes() to automatically escape any HTML
reserved characters.
3. Minor documentation fix in javascript example.
Version 2.64
1. Changes introduced in 2.63 broke param() when retrieving parameter
lists containing only a single argument. This is now fixed.
2. self_url() now defaults to returning parameters delimited with
semicolon. Use the pragma -oldstyle_urls to get the old "&"
delimiter.
Version 2.63
1. Fixed CGI::Push to pull out parameters correctly.
2. Fixed redirect() so that it works with default character set
3. Changed param() so as to returned empty string '' when referring
to variables passed in query strings like 'name1=&name2'
Version 2.62
1. Fixed broken ReadParse() function, and added regression tests
2. Fixed broken CGI::Pretty, and added regression tests
Version 2.61
1. Moved more functions from CGI.pm proper into CGI/Util.pm.
CGI/Cookie should now be standalone.
2. Disabled per-user temporary directories, which were causing grief.
Version 2.60
1. Fixed junk appearing in autogenerated HTML functions when using
object-oriented mode.
Version 2.59
1. autoescape functionality breaks too much existing code, removed
it.
2. use escapeHTML() manually
Version 2.58
This is the release version of 2.57.
Version 2.57
1. Added -debug pragma and turned off auto reading of STDIN.
2. Default DTD updated to HTML 4.01 transitional.
3. Added charset() method and the -charset argument to header().
4. Fixed behavior of escapeHTML() to respect charset() and to escape
nasty Windows characters (thanks to Tom Christiansen).
5. Handle REDIRECT_QUERY_STRING correctly.
6. Removed use_named_parameters() because of dependency problems and
general lameness.
7. Fixed problems with bad HREF links generated by url(-relative=>1)
when the url is like /people/.
8. Silenced a warning on upload (patch provided by Jonas Liljegren)
9. Fixed race condition in CGI::Carp when errors occur during parsing
(patch provided by Maurice Aubrey).
10. Fixed failure of url(-path_info=>1) when path contains % signs.
11. Fixed warning from CGI::Cookie when receiving foreign cookies that
don't use name=value format.
12. Fixed incompatibilities with file uploading on VMS systems.
Version 2.56
1. Fixed bugs in file upload introduced in version 2.55
2. Fixed long-standing bug that prevented two files with identical
names from being uploaded.
Version 2.55
1. Fixed cookie regression test so as not to produce an error.
2. Fixed path_info() and self_url() to work correctly together when
path_info() modified.
3. Removed manify warnings from CGI::{Switch,Apache}.
Version 2.54
1. This will be the last release of the monolithic CGI.pm module.
Later versions will be modularized and optimized.
2. DOMAIN tag no longer added to cookies by default. This will break
some versions of Internet Explorer, but will avoid breaking
networks which use host tables without fully qualified domain
names. For compatibility, please always add the -domain tag when
creating cookies.
3. Fixed escape() method so that +'s are treated correctly.
4. Updated CGI::Pretty module.
Version 2.53
1. Forgot to upgrade regression tests before releasing 2.52. NOTHING
ELSE HAS CHANGED IN LIBRARY
Version 2.52
1. Spurious newline in checkbox() routine removed. (courtesy John
Essen)
2. TEXTAREA linebreaks now respected in dump() routine. (courtesy
John Essen)
3. Patches for DOS ports (courtesy Robert Davies)
4. Patches for VMS
5. More fixes for cookie problems
6. Fix CGI::Carp so that it doesn't affect eval{} blocks (courtesy
Byron Brummer)
Version 2.51
1. Fixed problems with cookies not being remembered when sent to IE
5.0 (and Netscape 5.0 too?)
2. Numerous HTML compliance problems in cgi_docs.html; fixed thanks
to Michael Leahy
Version 2.50
1. Added a new Vars() method to retrieve all parameters as a tied
hash.
2. Untainted tainted tempfile name so that script doesn't fail on
terminal unlink.
3. Made picking of upload tempfile name more intelligent so that
doesn't fail in case of name collision.
4. Fixed handling of expire times when passed an absolute timestamp.
5. Changed dump() to Dump() to avoid name clashes.
Version 2.49
1. Fixes for FastCGI (globals not getting reset)
2. Fixed url() to correctly handle query string and path under
MOD_PERL
Version 2.48
1. Reverted detection of MOD_PERL to avoid breaking PerlEX.
Version 2.47
1. Patch to fix file upload bug appearing in IE 3.01 for
Macintosh/PowerPC.
2. Replaced use of $ENV{SCRIPT_NAME} with $ENV{REQUEST_URI} when
running under Apache, to fix self-referencing URIs.
3. Fixed bug in escapeHTML() which caused certain constructs, such as
CGI->image_button(), to fail.
4. Fixed bug which caused strong('CGI') to fail. Be careful to use
CGI::strong('CGI') and not CGI->strong('CGI'). The latter will
produce confusing results.
5. Added upload() function, as a preferred replacement for the
"filehandle as string" feature.
6. Added cgi_error() function.
7. Rewrote file upload handling to return undef rather than dieing
when an error is encountered. Be sure to call cgi_error() to find
out what went wrong.
Version 2.46
1. Fix for failure of the "include" tests under mod_perl
2. Added end_multipart_form to prevent failures during qw(-compile
:all)
Version 2.45
1. Multiple small documentation fixes
2. CGI::Pretty didn't get into 2.44. Fixed now.
Version 2.44
1. Fixed file descriptor leak in upload function.
2. Fixed bug in header() that prevented fields from containing double
quotes.
3. Added Brian Paulsen's CGI::Pretty package for pretty-printing
output HTML.
4. Removed CGI::Apache and CGI::Switch from the distribution.
5. Generated start_* shortcuts so that start_table(), end_table(),
start_ol(), end_ol(), and so forth now work (see the docs on how
to enable this feature).
6. Changed accept() to Accept(), sub() to Sub(). There's still a
conflict with reset(), but this will break too many existing
scripts!
Version 2.43
1. Fixed problem with "use strict" and file uploads (thanks to Peter
Haworth)
2. Fixed problem with not MSIE 3.01 for the power_mac not doing file
uploads right.
3. Fixed problem with file upload on IIS 4.0 when authorization in
use.
4. -content_type and '-content-type' can now be provided to header()
as synonyms for -type.
5. CGI::Carp now escapes the ampersand BEFORE escaping the > and <
signs.
6. Fixed "not an array reference" error when passing a hash reference
to radio_group().
7. Fixed non-removal of uploaded TMP files on NT platforms which
occurs when server runs on non-C drive (thanks to Steve Kilbane
for finding this one).
Version 2.42
1. Too many screams of anguish at changed behavior of url(). Is now
back to its old behavior by default, with options to generate all
the variants.
2. Added regression tests. "make test" now works.
3. Documentation fixes.
4. Fixes for Macintosh uploads, but uploads STILL do not work pending
changes to MacPerl.
Version 2.41
1. url() method now includes the path info. Use script_name() to get
it without path info().
2. Changed handling of empty attributes in HTML tag generation. Be
warned! Use table({-border=>undef}) rather than
table({-border=>''}).
3. Changes to allow uploaded filenames to be compared to other
strings with "eq", "cmp" and "ne".
4. Changes to allow CGI.pm to coexist more peacefully with
ActiveState PerlEX.
5. Changes to prevent exported variables from clashing when importing
":all" set in combination with cookies.
Version 2.40
1. CGI::Carp patched to work better with mod_perl (thanks to Chris
Dean).
2. Uploads of files whose names begin with numbers or the Windows
\\UNC\shared\file nomenclature should no longer fail.
3. The <STYLE> tag (for cascading style sheets) now generates the
required TYPE attribute.
4. Server push primitives added, thanks to Ed Jordan.
5. Table and other HTML3 functions are now part of the :standard set.
6. Small documentation fixes.
TO DO:
1. Do something about the DTD mess. The module should generate
correct DTDs, or at least offer the programmer a way to specify
the correct one.
2. Split CGI.pm into CGI processing and HTML-generating modules.
3. More robust file upload (?still not working on the Macintosh?).
4. Bring in all the HTML4 functionality, particular the accessibility
features.
Version 2.39
1. file uploads failing because of VMS patch; fixed.
2. -dtd parameter was not being properly processed.
Version 2.38
I finally got tired of all the 2.37 betas and released 2.38. The main
difference between this version and the last 2.37 beta (2.37b30) are
some fixes for VMS. This should allow file upload to work properly on
all VMS Web servers.
Version 2.37, various beta versions
1. Added a CGI::Cookie::parse() method for lucky mod_perl users.
2. No longer need separate -values and -labels arguments for
multi-valued form elements.
3. Added better interface to raw cookies (fix courtesy Ken Fox,
4. Added param_fetch() function for direct access to parameter list.
5. Fix to checkbox() to allow for multi-valued single checkboxes
(weird problem).
6. Added a compile() method for those who want to compile without
importing.
7. Documented the import pragmas a little better.
8. Added a -compile switch to the use clause for the long-suffering
mod_perl and Perl compiler users.
9. Fixed initialization routines so that FileHandle and type globs