Hello everyone,
I've been working on closing the bug/vulnerability/annoyance described here:
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/
in my CGI::App. For the most part, it's relatively straightforward. I'm having
trouble with one module: HTML::FillInForm::Lite, that seems to cause the
following warning to be printed in my error log:
[Thu Mar 5 11:46:12 2015] app.cgi: CGI::param called in list context
from package HTML::FillInForm::Lite line 373, this can lead to vulnerabilities.
See the warning in "Fetching the value or values of a single named parameter"
at [yadda yadda]
There doesn't seemed to be a patched version of this module. Is there a way to
set the $CGI::LIST_CONTEXT_WARN from within CGI::App? This does assume that
CGI.pm is the query object used. Would this generally be a Good Idea?:
$app->query()->LIST_CONTEXT_WARN = 0;
# Do my HTML::FillinForm::Lite Work…
$app->query()->LIST_CONTEXT_WARN = 1;
--
Justin J: Lead Dadaist.
url: http://dadamailproject.com
email: jus...@dadamailproject.com
twitter: @dadamail
skype: leaddadaist
Dada Mail Announcements:
http://dadamailproject.com/cgi-bin/dada/mail.cgi/list/dada_announce/
##### CGI::Application community mailing list ################
## ##
## To unsubscribe, or change your message delivery options, ##
## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ##
## ##
## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ##
## Wiki: http://cgiapp.erlbaum.net/ ##
## ##
################################################################
