Hello everyone, I've been working on closing the bug/vulnerability/annoyance described here:
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/ in my CGI::App. For the most part, it's relatively straightforward. I'm having trouble with one module: HTML::FillInForm::Lite, that seems to cause the following warning to be printed in my error log: [Thu Mar 5 11:46:12 2015] app.cgi: CGI::param called in list context from package HTML::FillInForm::Lite line 373, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at [yadda yadda] There doesn't seemed to be a patched version of this module. Is there a way to set the $CGI::LIST_CONTEXT_WARN from within CGI::App? This does assume that CGI.pm is the query object used. Would this generally be a Good Idea?: $app->query()->LIST_CONTEXT_WARN = 0; # Do my HTML::FillinForm::Lite Work… $app->query()->LIST_CONTEXT_WARN = 1; -- Justin J: Lead Dadaist. url: http://dadamailproject.com email: jus...@dadamailproject.com twitter: @dadamail skype: leaddadaist Dada Mail Announcements: http://dadamailproject.com/cgi-bin/dada/mail.cgi/list/dada_announce/ ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################