On 5 March 2015 at 18:54, Justin J <jus...@dadamailproject.com> wrote: > Hello everyone, > > I've been working on closing the bug/vulnerability/annoyance described here: > > > http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/ > > in my CGI::App. For the most part, it's relatively straightforward. I'm > having trouble with one module: HTML::FillInForm::Lite, that seems to cause > the following warning to be printed in my error log: > > [Thu Mar 5 11:46:12 2015] app.cgi: CGI::param called in list context > from package HTML::FillInForm::Lite line 373, this can lead to > vulnerabilities. See the warning in "Fetching the value or values of a single > named parameter" at [yadda yadda] > > There doesn't seemed to be a patched version of this module. Is there a way > to set the $CGI::LIST_CONTEXT_WARN from within CGI::App? This does assume > that CGI.pm is the query object used. Would this generally be a Good Idea?: > > $app->query()->LIST_CONTEXT_WARN = 0; > # Do my HTML::FillinForm::Lite Work... > $app->query()->LIST_CONTEXT_WARN = 1; >
Hi Justin, I found this warning a day ago after updating CGI.pm while preparing the next release of CGI:App, the test suite starting throwing these warnings. If you want to hide such messages use: $CGI::Application::LIST_CONTEXT_WARN = 0; My next task regarding CGI::App is to ensure the application code and test suite aren't actually causing such problems. Thanks Martin ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################