This is an automated email from the git hooks/post-receive script.
fsfs pushed a commit to branch master
in repository libhtml-mason-perl.
commit f2b4ee2d2a3f89515d63a6cf85183d6d50f0dbfa
Author: Kevin Falcone <falc...@bestpractical.com>
Date: Wed Oct 15 15:28:09 2014 -0400
Ask CGI to not warn about param() in list context.
Mason protects from the class of param() bugs which allow users to sneak in
arguments as described here:
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/
Since CGI.pm 4.05 the only way to quiet this warning is by setting their
variable as documented here
https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-parameter
Mason has always allowed foo=1&foo=2 to end up available in a template
as @foo = (1,2) so retain backcompat.
Notes:
Bug: https://rt.cpan.org/Public/Bug/Display.html?id=99520
Origin: https://rt.cpan.org/Public/Bug/Display.html?id=99520
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765477
Patch-Name: 03_cgi_param_disable_list_context_warning.patch
---
lib/HTML/Mason/Utils.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/HTML/Mason/Utils.pm b/lib/HTML/Mason/Utils.pm
index 0ac549f..37545f1 100644
--- a/lib/HTML/Mason/Utils.pm
+++ b/lib/HTML/Mason/Utils.pm
@@ -45,6 +45,7 @@ sub cgi_request_args
foreach my $key ( map { $q->$_() } @methods ) {
next if exists $args{$key};
+ local $CGI::LIST_CONTEXT_WARN = 0;
my @values = map { $q->$_($key) } @methods;
$args{$key} = @values == 1 ? $values[0] : \@values;
}
--
Alioth's /usr/local/bin/git-commit-notice on
/srv/git.debian.org/git/pkg-perl/packages/libhtml-mason-perl.git
_______________________________________________
Pkg-perl-cvs-commits mailing list
Pkg-perl-cvs-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits
