Commit | Line | Data |
---|---|---|
a2b3762a CBW |
1 | Version 3.63 Nov 12, 2012 |
2 | ||
3 | [SECURITY] | |
4 | - CR escaping for Set-Cookie and P3P headers was improved. There was potential | |
5 | for newline injection in these headers. | |
6 | (Thanks to anazawa, https://github.com/markstos/CGI.pm/pull/23) | |
11911e21 CBW |
7 | |
8 | Version 3.62, Nov 9th, 2012 | |
9 | ||
10 | [INTERNALS] | |
11 | - Changed how the deprecated endform function was defined for compatibilty | |
12 | with the development version of Perl. | |
13 | - Fix failures in t/tmpdir.t when run as root | |
14 | https://github.com/markstos/CGI.pm/issues/22, RT#80659) | |
15 | ||
16 | - Made it possible to force a sorted order for things like hash | |
17 | attributes so that tests are not dependent on a particular hash | |
18 | ordering. This will be required in modern perls which will | |
19 | change the ordering per process. (Yves, RT#80659) | |
20 | ||
f5e87f96 CBW |
21 | Version 3.61 Nov 2nd, 2012 |
22 | ||
23 | (No code changes) | |
24 | ||
25 | [INTERNALS] | |
26 | - formatting of CGI::Carp documentation was improved. Thanks to benkasminbullock. | |
27 | - un-TODO some tests in t/tmpdir.t that were passing in most cases. | |
28 | ||
29 | https://github.com/markstos/CGI.pm/issues/19# | |
30 | https://github.com/markstos/CGI.pm/commit/cc73dc9807b0fabb56b3cdf1a9726588b2eda0f7 | |
31 | ||
a506842e SH |
32 | Version 3.60 Aug 15th, 2012 |
33 | ||
34 | [BUG FIXES] | |
35 | - In some caes, When unescapeHTML() hit something it didn't recognize with an ampersand and | |
36 | and semicolon, it would throw away the semicolon and ampersand. It now does a better job. | |
37 | of preserving content it doesn't recognize. Thanks to CEBJYRE@cpan.org (RT#75595) | |
38 | - Remove trailing newline after <form> tag inserted by startform and start_form. It can | |
39 | cause rendering problems in some cases. Thanks to SJOHNSTON@cpan.org (RT#67719) | |
40 | - Workaround "Insecure Dependency" warning generated by some versions of Perl (RT#53733). | |
41 | Thanks to degatcpan@ntlworld.com, klchu@lbl.gov and Anonymous Monk | |
42 | ||
43 | [DOCUMENTATION] | |
44 | - Clarify that when -status is used, the human-readable phase should be included, per RFC 2616. | |
45 | Thanks to SREZIC@cpan.org (RT#76691). | |
46 | ||
47 | [INTERNALS] | |
48 | - More tests for header(), thanks to Ryo Anazawa. | |
49 | - t/url.t has been fixed on VMS. Thanks to cberry@cpan.org (RT#72380) | |
50 | - MANIFEST patched so that t/multipart_init.t is included again. Thanks to shay@cpan.org (RT#76189) | |
51 | ||
7f92e913 CBW |
52 | Version 3.59 Dec 29th, 2011 |
53 | ||
54 | [BUG FIXES] | |
55 | - We no longer read from STDIN when the Content-Length is not set, preventing | |
56 | requests with no Content-Length from freezing in some cases. This is consistent | |
57 | with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old | |
58 | behavior may have been expected by some command-line uses of CGI.pm. | |
59 | Thanks to Philip Potter and Yanick Champoux. See RT#52469 for details: | |
60 | https://rt.cpan.org/Public/Bug/Display.html?id=52469 | |
61 | ||
62 | [INTERNALS] | |
63 | - remove tmpdirs more aggressively. Thanks to rjbs (RT#73288) | |
64 | - use Text::ParseWords instead of ancient shellwords.pl. Thanks to AlexBio. | |
65 | - remove use of define(@arr). Thanks to rjbs. | |
66 | - spelling fixes. Thanks to Gregor Herrmann and Alessandro Ghedini. | |
67 | - fix test count and warning in t/fast.t. Thanks to Yanick. | |
68 | ||
cc947deb CBW |
69 | Version 3.58 Nov 11th, 2011 |
70 | ||
71 | [DOCUMENTATION] | |
72 | - Clarify that using query_string() only has defined behavior when using the GET method. (RT#60813) | |
73 | ||
3e3c678a CBW |
74 | Version 3.57 Nov 9th, 2011 |
75 | [INTERNALS] | |
76 | - test failure in t/fast.t introduced in 3.56 is fixed. (Thanks to zefram and chansen). | |
77 | - Test::More requirement has been bumped to 0.98 | |
78 | ||
79 | Version 3.56 Nov 8th, 2011 | |
80 | ||
81 | [SECURITY] | |
82 | Use public and documented FCGI.pm API in CGI::Fast | |
83 | CGI::Fast was using an FCGI API that was deprecated and removed from | |
84 | documentation more than ten years ago. Usage of this deprecated API with | |
85 | FCGI >= 0.70 or FCGI <= 0.73 introduces a security issue. | |
86 | <https://rt.cpan.org/Public/Bug/Display.html?id=68380> | |
87 | <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766> | |
88 | (Thanks to chansen) | |
89 | ||
90 | [INTERNALS] | |
91 | - tmp files are now cleaned up on VMS ( RT#69210, thanks to cberry@cpan.org ) | |
92 | - Fixed test failure: done_testing() added to url.t (Thanks to Ryan Jendoubi) | |
93 | - Clarify preferred bug submission location in docs, and note that Mark Stosberg | |
94 | is the current maintainer. | |
90a3c601 CBW |
95 | |
96 | Version 3.55 June 3rd, 2011 | |
97 | ||
98 | [THINGS THAT MAY BREAK YOUR CODE] | |
99 | url() was fixed to return "PATH_INFO" when it is explicitly requested | |
100 | with either the path=>1 or path_info=>1 flag. | |
101 | ||
102 | If your code is running under mod_rewrite (or compatible) and you are calling self_url() or | |
103 | you are calling url() and passing path_info=>1, These methods will actually be | |
104 | returning PATH_INFO now, as you have explicitly requested, or has self_url() | |
105 | has requested on your behalf. | |
106 | ||
107 | The PATH_INFO has been omitted in such URLs since the issue was introduced | |
108 | in the 3.12 release in December, 2005. | |
109 | ||
110 | This bug is so old your application may have come to depend on it or | |
111 | workaround it. Check for application before upgrading to this release. | |
112 | ||
113 | Examples of affected method calls: | |
114 | ||
115 | $q->url(-absolute => 1, -query => 1, -path_info => 1 ) | |
116 | $q->url(-path=>1) | |
117 | $q->url(-full=>1,-path=>1) | |
118 | $q->url(-rewrite=>1,-path=>1) | |
119 | $q->self_url(); | |
120 | ||
be039708 CBW |
121 | Version 3.54, Apr 28, 2011 |
122 | No code changes | |
f4c5852c | 123 | |
be039708 CBW |
124 | [INTERNALS] |
125 | - Address test failures in t/tmpdir.t, thanks to Niko Tyni. | |
126 | Some tests here are failing on some platforms and have been marked as TODO. | |
127 | ||
128 | Version 3.53, Apr 25, 2011 | |
129 | ||
130 | [NEW FEATURES] | |
131 | - The DELETE HTTP verb is now supported. | |
132 | (RT#52614, James Robson, Eduardo Ari�o de la Rubia) | |
133 | ||
134 | [INTERNALS] | |
135 | - Correct t/tmpdir.t MANIFEST entry. (RT#64949) | |
136 | - Update minimum required Perl version to be Perl 5.8.1, which | |
137 | has been out since 2003. This allows us to drop some hacks | |
138 | and exceptions (Mark Stosberg) | |
139 | ||
140 | Version 3.52, Jan 24, 2011 | |
141 | ||
f4c5852c CBW |
142 | [DOCUMENTATION] |
143 | - The documentation for multi-line header handling was been updated to reflect | |
be039708 | 144 | the changes in 3.51. (Mark Stosberg, ntyni@iki.fi) |
f4c5852c CBW |
145 | |
146 | [INTERNALS] | |
be039708 CBW |
147 | - Add missing t/tmpfile.t file. (RT#64949) |
148 | - Fix warning in t/cookie.t (RT#64570, Chris Williams, Rainer Tammer, Mark Stosberg) | |
f4c5852c CBW |
149 | - Fixed logic bug in t/multipart_init.t (RT#64261, Niko Tyni) |
150 | ||
be039708 | 151 | Version 3.51, Jan 5, 2011 |
2a1594f6 CBW |
152 | |
153 | [NEW FEATURES] | |
154 | - A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to explicitly | |
155 | exclude a particular scope from triggering printing to the browser when | |
156 | fatatlsToBrowser is set. (RT#62783, Thanks to papowell) | |
157 | - The <script> tag now supports the "charset" attribute. | |
158 | (RT#62907, Thanks to Fabrice Metge) | |
159 | - In CGI::Cookie, "Max-Age" is now supported for better spec compliance. | |
160 | (Mark Stosberg) | |
161 | ||
162 | [BUG FIXES] | |
163 | - Setting charset() now works for all content types, not just "text/*". | |
164 | (RT#57945, Thanks to Yanick and Gerv.) | |
165 | - support for user temporary directories ($HOME/tmp) was commented out | |
166 | in 2.61 but the documentation wasn't updated (Peter Gervai, Niko Tyni) | |
167 | - setting $CGITempFile::TMPDIRECTORY before loading CGI.pm has been | |
168 | working but undocumented since 3.12 (which listed it in Changes as | |
169 | $CGI::TMPDIRECTORY) (Peter Gervai, Niko Tyni) | |
170 | - unfortunately the previous change broke the runtime check for looking | |
171 | for a new temporary directory if the current one suddenly became | |
172 | unwritable (Peter Gervai, Niko Tyni) | |
173 | - A bug was fixed in CGI::Carp triggered by certain death cases in | |
174 | the BEGIN phase of parent classes. | |
175 | (RT#57224, Thanks to UNERA, Yanick Champoux, Mark Stosberg) | |
176 | - CGI::Cookie->new() now follows the documentation and returns undef | |
177 | if the -name and -value args aren't provided. This new behavior is also | |
178 | consistent with the docs and code of CGI::Simple::Cookie. (Mark Stosberg) | |
179 | - CGI::Cookie->parse() now trims leading and trailing whitespace from cookie | |
180 | elements as intended. The change also makes this part of the parsing | |
181 | identical to CGI::Simple::Cookie (Mark Stosberg) | |
182 | - Temp file handling was improved (RT#62762) | |
183 | ||
184 | [SECURITY] | |
185 | - Further improvements have been made to guard against newline injections | |
186 | in headers. (Thanks to Max Kanat-Alexander, Yanick Champoux, Mark Stosberg) | |
187 | ||
188 | [PERFORMANCE] | |
189 | - Make EBCDIC a compile-time constant so there's zero overhead (and less | |
190 | compiled code) in subroutines that test for it. (Tim Bunce) | |
191 | - If you just want to use CGI::Cookie, CGI.pm will no longer be loaded | |
192 | unless you call the bake() method, which requires it. (Mark Stosberg) | |
193 | ||
194 | [DOCUMENTATION] | |
195 | - quit referring to the <link> tag as being "rarely used". (Victor Sanders) | |
196 | - typo and whitespace fixes (RT#62785, thanks to scop@cpan.org) | |
197 | - The -dtd argument to start_html() is now documented | |
198 | (RT#60473, Thanks to giecrilj and steve@fisharerojo.org) | |
199 | - CGI::Carp doc are updated to reflect that it can work with mod_perl 2.0. | |
200 | - when creating a temporary file in the directory fails, the error message | |
201 | could indicate the root of the problem better (Peter Gervai, Niko Tyni) | |
202 | ||
203 | [INTERNALS] | |
204 | - Re-fixing https test in http.t. (RT#54768, thanks to SPROUT) | |
205 | - param_fetch no longer triggers a warning when called with no arguments (ysth, Mark Stosberg) | |
206 | ||
be039708 | 207 | Version 3.50, Nov 8, 2010 |
84601d63 CBW |
208 | |
209 | [SECURITY] | |
210 | 1. The MIME boundary in multipart_init is now random. | |
211 | Thanks to Byron Jones, Masahiro Yamada, Reed Loden, and Mark Stosberg | |
212 | 2. Further improvements to handling of newlines embedded in header values. | |
213 | An exception is thrown if header values contain invalid newlines. | |
214 | Thanks to Michal Zalewski, Max Kanat-Alexander, Yanick Champoux, | |
be039708 | 215 | Lincoln Stein, Fr�d�ric Buclin and Mark Stosberg |
84601d63 CBW |
216 | |
217 | [DOCUMENTATION] | |
218 | 1. Correcting/clarifying documentation for param_fetch(). Thanks to | |
be039708 | 219 | Ren�e B�cker. (RT#59132) |
84601d63 CBW |
220 | |
221 | [INTERNALS] | |
222 | 1. Fixing https test in http.t. (RT#54768) | |
223 | 2. Tests were added for multipart_init(). Thanks to Mark Stosberg and CGI::Simple. | |
224 | ||
be039708 | 225 | Version 3.49, Feb 5th, 2010 |
cfbab81b RGS |
226 | |
227 | [BUG FIXES] | |
228 | 1. Fix a regression since 3.44 involving a case when the header includes "Content-Length: 0". | |
229 | Thanks to Alex Vandiver (RT#51109) | |
230 | 2. Suppress uninitialized warnings under -w. Thanks to burak. (RT#50301) | |
231 | 3. url() now uses virtual_port() instead of server_port(). Thanks to MKANAT and Yanick Champoux. (RT#51562) | |
2a1594f6 | 232 | 4. CGI::Carp now properly handles stringifiable objects, like Exception::Class throws (RT#39904) |
cfbab81b RGS |
233 | |
234 | [SECURITY] | |
235 | 1. embedded newlines are now filtered out of header values in header(). | |
236 | Thanks to Mark Stosberg and Yanick Champoux. | |
237 | ||
238 | [DOCUMENTATION] | |
239 | 1. README was updated to reflect that CGI.pm was moved under ./lib. | |
240 | Thanks to Alex Vandiver. | |
241 | ||
242 | [INTERNALS] | |
243 | 1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485) | |
244 | 2. Attempt to avoid test failures with t/fast, thanks to Steve Hay. (RT#49599) | |
245 | ||
be039708 | 246 | Version 3.48, Sep 25, 2009 |
deafae52 SH |
247 | |
248 | [BUG FIXES] | |
249 | 1. <optgroup> default values are now properly escaped. | |
250 | Thanks to #raleigh.pm and Mark Stosberg. (RT#49606) | |
251 | 2. The change to exception handling in CGI::Carp introduced in 3.47 has been | |
252 | reverted for now. It caused regressions reported in RT#49630. | |
253 | Thanks to mkanat for the report. | |
254 | ||
255 | [DOCUMENTATION] | |
256 | 1. Documentation for upload() has been overhauled, thanks to Mark Stosberg. | |
257 | 2. Documentation for tmpFileName has been added. Thanks to Mark Stosberg and Nathaniel K. Smith. | |
258 | 3. URLS were updated, thanks to Leon Brocard and Yanick Champoux. (RT#49770) | |
259 | ||
260 | [INTERNALS] | |
261 | 1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485) | |
262 | ||
be039708 CBW |
263 | Version 3.47, Sep 9, 2009 |
264 | ||
deafae52 SH |
265 | No code changes. |
266 | ||
267 | [INTERNALS] | |
268 | Re-release of 3.46, which did not contain a proper MANIFEST | |
269 | ||
270 | Version 3.46 | |
be039708 | 271 | |
deafae52 SH |
272 | [BUG FIXES] |
273 | 1. In CGI::Pretty, we no longer add line breaks after tags we claim not to format. Thanks to rrt, Bob Kuo and | |
274 | and Mark Stosberg. (RT#42114). | |
275 | 2. unescapeHTML() no longer falsely recognizes certain text as entities. Thanks to Pete Gamanche, Mark Stosberg | |
276 | and Bob Kuo. (RT#39122) | |
277 | 3. checkbox_group() now correctly includes a space before the "checked" attribute. | |
278 | Thanks to Andrew Speer and Bob Kuo. (RT#36583) | |
279 | 4. Fix case-sensitivity in http() and https() according to docs. Make https() | |
280 | return list of keys in list context. Thanks to riQyRoe and Rhesa Rozendaal. (RT#12909) | |
281 | 5. XHTML is now automatically disabled for HTML 4, as well as HTML 2 and HTML 3. Thanks to | |
282 | Dan Harkless and Yanick Champoux. (RT#27907) | |
283 | 6. Pre-compiling 'end_form' with ':form' switch now works. Thanks to ryochin and Yanick Champoux. (RT#41530) | |
284 | 7. Empty name/values pairs are now properly saved and restored from filehandles. Thanks to rlucas and | |
285 | Rhesa Rozendaal (RT#13158) | |
286 | 8. Some differences between startform() and start_form() have been fixed. Thanks to Slaven Rezic and | |
287 | Shawn Corey. (RT#22046) | |
288 | 9. url_param() has been updated to be more consistent with the documentation and param(). | |
289 | Thanks to Britton Kerin and Yanick Campoux. (RT#43587) | |
290 | 10.hidden() now correctly supports multiple default values. | |
291 | Thanks to david@dierauer.net and Russell Jenkins. (RT#20436) | |
292 | 11.Calling CGI->new() no longer clobbers the value of $_ in the current scope. | |
293 | Thanks to Alexey Tourbin, Bob Kuo and Mark Stosberg. (RT#25131) | |
294 | 12.UTF-8 params should not get double-decoded now. | |
be039708 | 295 | Thanks to Yves, Bodo, Burak G�rsoy, and Michael Schout. (RT#19913) |
deafae52 SH |
296 | 13.We now give objects passed to CGI::Carp::die a chance to be stringified. |
297 | Thanks to teek and Yanick Champoux (RT#41530) | |
298 | 14.Turning off autoEscape() now only affects the behavior of built-in HTML | |
299 | generation fuctions. Explicit calls to escapeHTML() always escape HTML regardless | |
300 | of the setting. Thanks to vindex, Bob Kuo and Mark Stosberg (RT#40748) | |
301 | 15.In CGI::Fast, preferences set via pragmas are now preserved. | |
302 | Thanks to heinst and Mark Stosberg (RT#32119) | |
303 | ||
304 | [DOCUMENTATION] | |
305 | 1. remote_addr() is now documented. Thanks to Yanick Champoux. (RT#38884) | |
306 | 2. In CGI::Pretty in the list of tags left unformatted was updated to match the code. Thanks to Mark Stosberg. (RT#42114) | |
307 | 3. In CGI::Pretty, performance concerns are now documented. Thanks to Jochen, Rhesa Rozendaal and Mark Stosberg (RT#13223) | |
308 | 4. A number of outdated Netscape references have been removed. Thanks to Mark Stosberg. | |
309 | 5. The documentation has been purged of examples of using indirect object notation. Thanks to Mark Stosberg. | |
310 | 6. Some POD formatting was fixed. Thanks to Dave Mitchell (RT#48935). | |
311 | 7. Docs and examples were updated to highlight start_form instead of startform. | |
312 | Thanks to Slaven Rezic. | |
313 | 8. Note that CGI::Carp::carpout() doesn't work with in-memory filehandles. | |
314 | Thanks to rhubbell and Mark Stosberg. | |
315 | 9. The documentation for the -newstyle_urls is now less confusing. | |
316 | Thanks to Ryan Tate and Mark Stosberg (RT#49454) | |
317 | ||
318 | [INTERNALS] | |
319 | 1. Quit bundling an ancient copy of Test::More and and using a custom 'lib' path for the tests. Instead, Test::More | |
320 | is now a dependency. Thanks to Ansgar and Mark Stosberg (RT#48811) | |
321 | 2. Automated tests for hidden() have been added, thanks to Russel Jenkins and Mark Stosberg (RT#20436) | |
322 | 3. t/util.t has been updated to use Test::More instead of a home-grown test function. Thanks to Bob Kuo. | |
323 | ||
be039708 CBW |
324 | Version 3.45, Aug 14, 2009 |
325 | ||
68a4c8b9 DM |
326 | [BUG FIXES] |
327 | 1. Prevent warnings about "uninitialized values" for REQUEST_URI, HTTP_USER_AGENT and other environment variables. | |
328 | Patches by Callum Gibson, heiko and Mark Stosberg. (RT#24684, RT#29065) | |
deafae52 | 329 | 2. Avoid death in some cases when running under Taint mode on Windows. |
68a4c8b9 DM |
330 | Patch by Peter Hancock (RT#43796) |
331 | 3. Allow 0 to be used as a default value in popup_menu(). This was broken starting in 3.37. | |
332 | Thanks to Haze, who was the first to report this and supply a patch, and pfschill, who pinpointed | |
333 | when the bug was introduced. A regression test for this was also added. (RT#37908) | |
deafae52 SH |
334 | 4. Allow "+" as a valid character in file names, which fixes temp file creation on OS X Leopard. |
335 | Thanks to Andy Armstrong, and alech for patches. (RT#30504) | |
68a4c8b9 | 336 | 5. Set binmode() on the Netware platform, thanks to Guenter Knauf (RT#27455) |
deafae52 | 337 | 6. Don't allow a CGI::Carp error handler to die recursively. Print a warning and exit instead. |
68a4c8b9 DM |
338 | Thanks to Marc Chantreux. (RT#45956) |
339 | 7. The Dump() method now is fixed to escape HTML properly. Thanks to Mark Stosberg (RT#21341) | |
340 | 8. Support for <optgroup> with scrolling_list() now works the same way as it does for popup_menu(). | |
341 | Thanks to Stuart Johnston (RT#30097) | |
342 | 9. CGI::Pretty now works properly when $" is set to ''. Thanks to Jim Keenan (RT#12401) | |
be039708 | 343 | 10. Fix crash when used in combination with PerlEx::DBI. Thanks to Burak G�rsoy (RT#19902) |
68a4c8b9 DM |
344 | |
345 | [DOCUMENTATION] | |
346 | 1. Several typos were fixed, Thanks to ambs. (RT#41105) | |
347 | 2. A typo related to the nosticky pragma was fixed, thanks to Britton Kerin. (RT#43220) | |
348 | 3. examples/nph-clock.cgi is now more portable, by calling localtime() rather than `/bin/date`, | |
349 | thanks to Guenter Knauf. (RT#27456). | |
350 | 4. In CGI::Carp, the SEE ALSO section was cleaned up, thanks to Slaven Rezic. (RT#32769) | |
351 | 5. The docs for redirect() were updated to reflect that most headers are | |
352 | ignored during redirection. Thanks to Mark Stosberg (RT#44911) | |
353 | ||
deafae52 | 354 | [INTERNALS] |
68a4c8b9 DM |
355 | 1. New t/unescapeHTML.t test script has been added. It includes a TODO test for a pre-existing |
356 | bug which could use a patch. Thanks to Pete Gamache and Mark Stosberg (RT#39122) | |
357 | 2. New test scripts have been added for user_agent(), popup_menu() and query_string(), scrolling_list() and Dump() | |
358 | Thanks to Mark Stosberg and Stuart Johnston. (RT#37908, RT#43006, RT#21341, RT#30097) | |
deafae52 | 359 | 3. CGI::Carp and CGI::Util have been updated to have non-developer version numbers. |
68a4c8b9 | 360 | Thanks to Slaven Rezic. (RT#48425) |
deafae52 | 361 | 4. CGI::Switch and CGI::Apache now properly set their VERSION in their own name space. |
68a4c8b9 DM |
362 | Thanks to Alexey Tourbin (RT#11941,RT#11942) |
363 | ||
be039708 CBW |
364 | Version 3.44, Jul 30, 2009 |
365 | ||
68a4c8b9 DM |
366 | 1. Patch from Kurt Jaeger to allow HTTP PUT even if the content length is unknown. |
367 | 2. Patch from Pavel merdin to fix a problem for one of the FireFox addons. | |
deafae52 | 368 | 3. Fixed issue in mod_perl & fastCGI environment of cookies returned from |
68a4c8b9 DM |
369 | CGI->cookie() leaking from one session to another. |
370 | ||
be039708 CBW |
371 | Version 3.43, Apr 06, 2009 |
372 | ||
0106d518 DM |
373 | 1. Documentation patch from MARKSTOS@cpan.org to replace all occurrences of |
374 | "new CGI" with CGI->new()" to reflect best perl practices. | |
375 | 2. Patch from Stepan Kasal to fix utf-8 related problems in perl 5.10 | |
f8a128a9 | 376 | |
be039708 CBW |
377 | Version 3.42, Sep 08, 2008 |
378 | ||
f8a128a9 NC |
379 | 1. Added patch from Renee Baecker that makes it possible to subclass |
380 | CGI::Pretty. | |
381 | 2. Added patch from Nicholas Clark to allow ~ characters in temporary directories. | |
382 | 3. Added patch from Renee Baecker that fixes the inappropriate escaping of fields | |
383 | in multipart headers. | |
384 | ||
be039708 CBW |
385 | Version 3.41, Aug 25, 2008 |
386 | ||
e1c70484 NC |
387 | 1. Fix url() returning incorrect path when query string contains escaped newline. |
388 | 2. Added additional windows temporary directories and environment variables, courtesy patch from Renee Baecker | |
389 | 3. Added a handle() method to the lightweight upload | |
390 | filehandles. This method returns a real IO::Handle object. | |
391 | 4. Added patch from Tony Vanlingen to fix deep recursion warnings in CGI::Pretty. | |
392 | ||
be039708 CBW |
393 | Version 3.40, Aug 06, 2008 |
394 | ||
e1c70484 NC |
395 | 1. Fixed CGI::Fast docs to eliminate references to a "special" |
396 | version of Perl. | |
397 | 2. Makefile.PL now depends on FCGI so that CGI::Fast installs properly. | |
398 | 3. Fix script_name() call from Stephane Chazelas. | |
399 | ||
be039708 CBW |
400 | Version 3.39, Jun 29, 2008 |
401 | ||
e1c70484 NC |
402 | 1. Fixed regression in "exists" function when using tied interface to CGI via $q->Vars. |
403 | ||
be039708 CBW |
404 | Version 3.38, Jun 25, 2008 |
405 | ||
e1c70484 NC |
406 | 1. Fix annoying warning in http://rt.cpan.org/Ticket/Display.html?id=34551 |
407 | 2. Added nobr() function http://rt.cpan.org/Ticket/Display.html?id=35377 | |
408 | 3. popup_menu() allows multiple items to be selected by default, satisfying | |
409 | http://rt.cpan.org/Ticket/Display.html?id=35376 | |
410 | 4. Patch from Renee Backer to avoid doubled <http-equiv> headers. | |
411 | 5. Fixed documentation bug that describes what happens when a | |
412 | parameter is empty (e.g. "?test1="). | |
413 | 6. Fixed minor warning described at http://rt.cpan.org/Public/Bug/Display.html?id=36435 | |
414 | 7. Fixed overlap of attribute and parameter space described in http://rt.perl.org/rt3//Ticket/Display.html?id=24294 | |
415 | ||
be039708 CBW |
416 | Version 3.37, Apr 22, 2008 |
417 | ||
e1c70484 NC |
418 | 1. Fix pragmas so that they persist over modperl invocations (e.g. RT 34761) |
419 | 2. Fixed handling of chunked multipart uploads; thanks to Michael Bernhardt | |
420 | who reported and fixed the problem. | |
421 | ||
be039708 CBW |
422 | Version 3.36 |
423 | ||
e1c70484 NC |
424 | 1. Fix CGI::Cookie to support cookies that are separated by "," instead of ";". |
425 | ||
be039708 CBW |
426 | Version 3.35, Mar 27, 2008 |
427 | ||
86de2d7d SP |
428 | 1. Resync with bleadperl, primarily fixing a bug in parsing semicolons in uploaded filenames. |
429 | ||
be039708 CBW |
430 | Version 3.34, Mar 18, 2008 |
431 | ||
86de2d7d SP |
432 | 1. Handle Unicode %uXXXX escapes properly -- patch from DANKOGAI@cpan.org |
433 | 2. Fix url() method to not choke on path names that contain regex characters. | |
434 | ||
be039708 CBW |
435 | Version 3.33, Jan 02, 2008 |
436 | ||
86de2d7d SP |
437 | 1. Remove uninit variable warning when calling url(-relative=>1) |
438 | 2. Fix uninit variable warnings for two lc calls | |
439 | 3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10 | |
440 | ||
be039708 CBW |
441 | Version 3.32, Dec 27, 2007 |
442 | ||
86de2d7d SP |
443 | 1. Patch from Miguel Santinho to prevent sending premature headers under mod_perl 2.0 |
444 | ||
be039708 CBW |
445 | Version 3.31, Nov 30, 2007 |
446 | ||
86de2d7d SP |
447 | 1. Patch from Xavier Robin so that CGI::Carp issues a 500 Status code rather than a 200 status code. |
448 | 2. Patch from Alexander Klink to select correct temporary directory in OSX Leopard so that upload works. | |
449 | 3. Possibly fixed "wrapped pack" error on 5.10 and higher. | |
450 | ||
be039708 CBW |
451 | Version 3.30 |
452 | ||
86de2d7d SP |
453 | 1. Patch from Mike Barry to handle POSTDATA in the same way as PUT. |
454 | 2. Patch from Rafael Garcia-Suarez to correctly reencode unicode values as byte values. | |
455 | ||
be039708 CBW |
456 | Version 3.29, Apr 16, 2007 |
457 | ||
681699b9 SP |
458 | 1. The position of file handles is now reset to zero when CGI->new is called. |
459 | (Mark Stosberg) | |
460 | 2. uploadInfo() now works across multiple object instances. Also, the first | |
461 | tests for uploadInfo() were added as part of the fix. (CPAN bug 11895, with | |
462 | contributions from drfrench and Mark Stosberg). | |
463 | ||
be039708 CBW |
464 | Version 3.28, Mar 29, 2007 |
465 | ||
2c454cbd SP |
466 | 1. Applied patch from Allen Day that makes Cookie parsing RFC2109 compliant |
467 | (attribute/values can be separated by commas as well as semicolons). | |
468 | 2. Applied patch from Stephan Struckmann that allows script_name() to be set correctly. | |
469 | 3. Fixed problem with url(-full) in which port number appears twice. | |
470 | ||
be039708 CBW |
471 | Version 3.27, Feb 27, 2007 |
472 | ||
8869a4b7 SP |
473 | 1. Applied patch from Steve Taylor that allows checkbox_groups to be |
474 | disabled with a new -disabled=> option. | |
475 | ||
be039708 CBW |
476 | Version 3.26 |
477 | ||
8869a4b7 SP |
478 | 1. Fixed alternate stylesheet behavior so that it is insensitive to order of declarations. |
479 | 2. Patch from John Binns to allow users to provide a callback to CGI::Carp. | |
480 | 3. Added "~" as an unreserved character in escape(). | |
481 | 4. Patch from Chris Fedde to prevent HTTP_HOST from inhibiting SERVER_PORT in url() generation. | |
482 | 5. Fixed outdated documentation (and behavior) of -language in start_html -script option. | |
483 | 6. Fixed bug in seconds calculation in CGI::Util::expire_calc. | |
484 | ||
be039708 CBW |
485 | Version 3.25, Sep 28, 2006 |
486 | ||
0664a57d SP |
487 | 1. Fixed the link to the Netscape frames page. |
488 | 2. Added ability to specify an alternate stylesheet. | |
8869a4b7 | 489 | 3. Add support for XForms POST submssion both as application/xml or as multipart/related |
0664a57d | 490 | |
be039708 CBW |
491 | Version 3.24 |
492 | ||
0664a57d SP |
493 | 1. In startform(), if request_uri() returns undef, then falls back |
494 | to self_url(). This should rarely happen except when run outside of | |
495 | the CGI environment. | |
496 | 2. image button alignment options were mistakenly being capitalized, causing xhtml validation to fail. | |
497 | ||
be039708 CBW |
498 | Version 3.23, Aug 23, 2006 |
499 | ||
0664a57d SP |
500 | 1. Typo in upload() persisted, now fixed for real. Thanks to |
501 | Emanuele Zeppieri for correct patch and regression test. | |
502 | ||
be039708 CBW |
503 | Version 3.22, Aug 23, 2006 |
504 | ||
9f9736a1 SP |
505 | 1. Typo in upload() function broke uploads. Now fixed (CPAN bug 21126). |
506 | ||
be039708 CBW |
507 | Version 3.21, Aug 21, 2006 |
508 | ||
fc786e8b SP |
509 | 1. Don't try to read data at all when POST > $POST_MAX. |
510 | 2. Fixed bug that caused $cgi->param('name',undef,'value') to unset param('name') entirely. | |
511 | 3. Fixed bug in which upload() sometimes returns empty. (CPAN bug #12694). | |
512 | 4. Incorporated patch from BURAK@cpan.org to support HTTPcookies (CPAN bug 21019). | |
513 | ||
be039708 CBW |
514 | Version 3.20 |
515 | ||
adb86593 SP |
516 | 1. Patch from David Wheeler for CGI::Cookie->bake(). Uses mod_perl headers_out->add() |
517 | rather than headers_out->set(). | |
518 | 2. Fixed problem identified by Andrei Voronkov in which start_form() output was screwed | |
519 | up when initial argument begins with a dash and subsequent arguments do not. | |
520 | 3. Quashed uninitialized variable warnings coming from script_name(), url() and other | |
521 | functions that require access to the PATH_INFO environment variable. | |
522 | ||
be039708 CBW |
523 | Version 3.19 |
524 | ||
cb3b230c SP |
525 | 1. Added patch from Stephen Frost that allows one to suppress use of the temp file that is |
526 | created during uploads. | |
527 | 2. Fixed problem noted by Martin Foster in which regular expression meta-character terms | |
528 | in the path information were not quoted, causing URL parsing | |
529 | to fail on URLs that contained metacharacters (such as +). | |
530 | 3. More fixes to the url() method. | |
531 | 4. Removed "hack to fix broken PATH_INFO in MSII". | |
532 | ||
be039708 CBW |
533 | Version 3.18 |
534 | ||
cb3b230c SP |
535 | 1. Doc typo fixes. |
536 | 2. Patch from Steve Peters to default the document type to match the charset. | |
537 | 3. Fixed param() so that param(-name=>'foo',-values=>[]) sets the parameter to empty list. | |
538 | ||
be039708 CBW |
539 | Version 3.17, Feb 24, 2006 |
540 | ||
681699b9 SP |
541 | 1. Added patch from Mike Hanafey which caused 0 arguments to CGI::Cookie->new() to |
542 | be treated as empty. | |
543 | 2. Patch to CGI::Carp from Peter Whaite to fix the unfixable problem of CGI::Carp | |
544 | not behaving correctly in an eval() context. | |
545 | 3. CGI::Fast->new() calls CGI->_reset_globals to avoid contamination of one session | |
546 | with another's variables. | |
547 | 4. Fixed upload failure on files that contain semicolons in their names. | |
548 | ||
be039708 CBW |
549 | Version 3.16, Feb 8, 2006 |
550 | ||
55b5d700 SP |
551 | 1. header() -charset option now works even when the MIME type is not "text". |
552 | 2. Fixed documentation for cookie() function and fastCGI. | |
553 | 3. Upload filehandles now only closed automatically on Windows systems. | |
554 | 4. Apache::Cookie compatibility fix from David Wheeler | |
555 | 5. CGI::Carp->fatalsToBrowser() does not work correctly with | |
556 | mod_perl 2. No workaround is known. | |
557 | 6. Fixed text status code associated with 302 redirects. Should be "Found" | |
558 | but was "Moved". | |
559 | 7. Fixed charset in start_html() and header() to be in synch. | |
560 | ||
be039708 CBW |
561 | Version 3.15, Dec 7, 2005 |
562 | ||
edc47407 SP |
563 | 1. Remove extraneous "?" from self_url() when URI contains a ? but no query string. |
564 | ||
be039708 CBW |
565 | Version 3.14, Dec 6, 2005 |
566 | ||
1f426928 | 567 | 1. Fixed broken scrolling_list() select attribute. |
deafae52 | 568 | |
be039708 CBW |
569 | Version 3.13, Dec 4, 2005 |
570 | ||
0a9bdad4 SP |
571 | 1. Removed extraneous empty "?" from end of self_url(). |
572 | ||
be039708 CBW |
573 | Version 3.12, Dec 4, 2005 |
574 | ||
0a9bdad4 SP |
575 | 1. Fixed virtual_port so that it works properly with https protocol. |
576 | 2. Fixed documentation for upload_hook(). | |
577 | 3. Added POSTDATA documentation. | |
578 | 4. Made upload_hook() work in function-oriented mode. | |
579 | 5. Fixed POST_MAX behavior so that it doesn't cause client to hang. | |
580 | 6. Disabled automatic tab indexes and added new -tabindex pragma to | |
581 | turn automatic indexes back on. | |
582 | 7. The url() and self_url() methods now work better in the context of Apache | |
583 | mod_rewrite. Be advised that path_info() may give you confusing results | |
584 | when mod_rewrite is active because Apache calculates the path info *after* | |
585 | rewriting. This is mostly worked around in url() and self_url(), but you | |
586 | may notice some anomalies. | |
587 | 8. Removed empty (and non-validating) <div> from code emitted by end_form(). | |
588 | 9. Fixed CGI::Carp to work correctly with Mod_perl 1.29 in an Apache 2 environment. | |
589 | 10. Setting $CGI::TMPDIRECTORY should now be effective. | |
590 | ||
be039708 CBW |
591 | Version 3.11, Aug 3, 2005 |
592 | ||
7dc108d1 SP |
593 | 1. Killed warning in CGI::Cookie about MOD_PERL_API_VERSION |
594 | 2. Fixed append() so that it works in function mode. | |
deafae52 | 595 | 3. Workaround for a bug that appears in Apache2 versions through 2.0.54 |
7dc108d1 SP |
596 | in which SCRIPT_NAME and PATH_INFO are incorrect if the additional path_info |
597 | contains a double slash. This workaround will handle the common case of | |
598 | http://mysite.com/cgi-bin/log.cgi/http://www.some.other.site/args, but will | |
599 | not handle the uncommon case of a ScriptAlias directive that adds additional | |
600 | path information to the end of the translated URI. | |
601 | ||
be039708 CBW |
602 | Version 3.10, May 13, 2005 |
603 | ||
70194bd6 NC |
604 | 1. Added Apache2::RequestIO, which is necessary for mp2 interoperability. |
605 | ||
be039708 CBW |
606 | Version 3.09, May 5, 2005 |
607 | ||
70194bd6 NC |
608 | 1. Fixed tabindex="0" when using CGI to create forms without a prior start_html |
609 | 2. Removed warning about non-numeric MOD_PERL_API_VERSION. | |
610 | ||
be039708 CBW |
611 | Version 3.08, Apr 20, 2005 |
612 | ||
741ff09d RGS |
613 | 1. update support for mod_perl 2.0. versions prior to |
614 | mod_perl 1.999_22 (2.0.0-RC5) are no longer supported. | |
615 | ||
be039708 CBW |
616 | Version 3.07, Mar 14, 2005 |
617 | ||
976c4ade RGS |
618 | 1. Fixed typo in mod_perl detection. |
619 | ||
be039708 | 620 | Version 3.06, Mar 09, 2005 |
976c4ade RGS |
621 | |
622 | 1. Fixed bare call to script() in start_html | |
623 | 2. Moved Fh::DESTROY out of autoloaded functions so as to avoid | |
624 | clobbering $@ when CGI functions are executed in an eval{} | |
625 | context. | |
626 | 3. mod_perl 2.0 version detection patch in CGI::Cookie provided by | |
627 | Allen Day. | |
628 | 4. autoEscape() flag is now respected when generating extra | |
629 | attributes. | |
630 | 5. Tests for *tag start/end generation from Shlomi Fish. | |
631 | 6. Support for can() method provided by Ron Savage. | |
632 | 7. Fix for lang='' when outputting XHTML. | |
deafae52 | 633 | 8. Added support for chunked transfer encoding, as suggested by |
976c4ade RGS |
634 | Hakan Ardo |
635 | 9. Fixed clobbering of row and column headers in tableized radio | |
636 | and checkbox groups, as reported by Nicolas Thierry-Mieg. | |
637 | 10. <Label> tags are now associated with form elements, as suggested | |
638 | by accessibility guidelines. | |
639 | 11. The <?xml> directive produced by start_html is now turned off by | |
640 | default and the charset is specified in a <meta> directive. Apparently | |
641 | IE6 (and maybe some versions of Opera) were getting confused by this. | |
642 | 12. Support for tab indexes. | |
643 | 13. Retired the HTML docs. The POD docs are now primary documentation. | |
644 | 14. CGI::Carp now correctly detects and handles Apache::Dispatch. | |
645 | 15. CGI::Util::utf8_chr now correctly sets the UTF8 flag on 5.006 or | |
646 | higher perls (fix courtesy Slaven Rezic). | |
647 | ||
648 | ||
be039708 | 649 | Version 3.05, Apr 12, 2004 |
976c4ade RGS |
650 | |
651 | 1. Fixed uninitialized variable warning on start_form() when running | |
652 | from command line. | |
653 | 2. Fixed CGI::_set_attributes so that attributes with a - are handled | |
654 | correctly. | |
655 | 3. Fixed CGI::Carp::die() so as to avoid problems from _longmess() | |
656 | clobbering @_. | |
657 | 4. If HTTP_X_FORWARDED_HOST is defined (i.e. running under a proxy), | |
658 | the various functions that return HOST will use that instead. | |
659 | 5. Fix for undefined utf8() call in CGI::Util. | |
660 | 6. Changed the call to warningsToBrowser() in | |
661 | CGI::Carp::fatalsToBrowser to call only after HTTP header is sent | |
662 | (thanks to Didier Lebrun for noticing). | |
663 | 7. Patches from Dan Harkless to make CGI.pm validatable against HTML | |
664 | 3.2. | |
665 | 8. Fixed an extraneous "foo=bar" appearing when extra style | |
666 | parameters passed to start_html; | |
667 | 9. Fixed cross-site scripting bug in startform() pointed out by Dan | |
668 | Harkless. | |
669 | 10. Fixed documentation to discuss list context behavior of | |
670 | form-element generators explicitly. | |
671 | 11. Fixed incorrect results from end_form() when called in OO manner. | |
672 | 12. Fixed query string stripping in order to handle URLs containing | |
673 | escaped newlines. | |
674 | 13. During server push, set NPH to 0 rather than 1. This is supposed | |
675 | to fix problems with Apache. | |
676 | 14. Fixed incorrect processing of multipart form fields that contain | |
677 | embedded quotes. There's still the issue of how to handle ones | |
678 | that contain embedded semicolons, but no one has complained (yet). | |
679 | 15. Fixed documentation bug in -style argument to start_html() | |
680 | 16. Added -status argument to redirect(). | |
681 | ||
be039708 | 682 | Version 3.04, Jan 18, 2004 |
976c4ade RGS |
683 | |
684 | 1. Fixed the problem with mod_perl crashing when "defaults" button | |
685 | pressed. | |
686 | ||
be039708 | 687 | Version 3.03, Jan 13, 2004 |
976c4ade RGS |
688 | |
689 | 1. Fix upload hook functionality | |
690 | 2. Workaround for CGI->unescape_html() | |
691 | 3. Bumped version numbers in CGI::Fast and CGI::Util for 5.8.3-tobe | |
692 | ||
be039708 | 693 | Version 3.02 |
976c4ade RGS |
694 | |
695 | 1. Bring in Apache::Response just in case. | |
696 | 2. File upload on EBCDIC systems now works. | |
697 | ||
be039708 | 698 | Version 3.01, Dec 10, 2003 |
976c4ade RGS |
699 | |
700 | 1. No fix yet for upload failures when running on EBCDIC server. | |
701 | 2. Fixed uninitialized glob warnings that appeared when file | |
702 | uploading under perl 5.8.2. | |
703 | 3. Added patch from Schlomi Fish to allow debugging of PATH_INFO from | |
704 | command line. | |
705 | 4. Added patch from Steve Hay to correctly unlink tmp files under | |
706 | mod_perl/windows | |
707 | 5. Added upload_hook functionality from Jamie LeTaul | |
708 | 6. Workarounds for mod_perl 2 IO issues. Check that file upload and | |
709 | state saving still working. | |
710 | 7. Added code for underreads. | |
711 | 8. Fixed misleading description of redirect() and relative URLs in | |
712 | the POD docs. | |
713 | 9. Workaround for weird interaction of CGI::Carp with Safe module | |
714 | reported by William McKee. | |
715 | 10. Added patches from Ilmari Karonen to improve behavior of | |
716 | CGI::Carp. | |
717 | 11. Fixed documentation error in -style argument. | |
718 | 12. Added virtual_port() method for finding out what port server is | |
719 | listening on in a virtual-host aware fashion. | |
720 | ||
be039708 | 721 | Version 3.00, Aug 18, 2003 |
976c4ade RGS |
722 | |
723 | 1. Patch from Randal Schwartz to fix bug introduced by cross-site | |
724 | scripting vulnerability "fix." | |
725 | 2. Patch from JFreeman to replace UTF-8 escape constant of 0xfe with | |
726 | 0xfc. Hope this is right! | |
727 | ||
728 | Version 2.99 | |
729 | ||
730 | 1. Patch from Steve Hay to fix extra Content-type: appearing on | |
731 | browser screen when FatalsToBrowser invoked. | |
732 | 2. Patch from Ewann Corvellec to fix cross-site scripting | |
733 | vulnerability. | |
734 | 3. Fixed tmpdir routine for file uploading to solve problem that | |
735 | occurs under mod_perl when tmpdir is writable at startup time, but | |
736 | not at session time. | |
737 | ||
738 | Version 2.98 | |
739 | ||
740 | 1. Fixed crash in Dump() function. | |
741 | ||
742 | Version 2.97 | |
743 | ||
744 | 1. Sigh. Uploaded wrong 2.96 to CPAN. | |
745 | ||
746 | Version 2.96 | |
747 | ||
748 | 1. More bugfixes to the -style argument. | |
749 | ||
750 | Version 2.95 | |
751 | ||
752 | 1. Fixed bugs in start_html(-style=>...) support introduced in 2.94. | |
753 | ||
754 | Version 2.94 | |
755 | ||
756 | 1. Removed warning from reset() method. | |
757 | 2. Moved | |
758 | ||
759 | and tags into the :html3 group. Hope this removes undefined CGI::Area | |
760 | errors. | |
761 | ||
762 | Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore | |
763 | reporting of compile-time errors. | |
764 | ||
765 | Fixed potential deadlock between web server and CGI.pm when aborting | |
766 | a read due to POST_MAX (reported by Antti Lankila). | |
767 | ||
768 | Fixed issue with tag-generating function not incorporating content | |
769 | when first variable undef. | |
770 | ||
771 | Fixed cross-site scripting bug reported by obscure. | |
772 | ||
773 | Fixed Dump() function to return correctly formed XHTML - bug | |
774 | reported by Ralph Siemsen. | |
775 | ||
776 | Version 2.93 | |
777 | ||
778 | 1. Fixed embarassing bug in mp1 support. | |
779 | ||
780 | Version 2.92 | |
781 | ||
782 | 1. Fix to be P3P compliant submitted from MPREWITT. | |
783 | 2. Added CGI->r() API for mod_perl1/mod_perl2. | |
784 | 3. Fixed bug in redirect() that was corrupting cookies. | |
785 | 4. Minor fix to behavior of reset() button to make it consistent with | |
786 | submit() button (first time this has been changed in 9 years). | |
787 | 5. Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher. | |
788 | 6. Patch from Steve Hay to make CGI::Carp's error messages appear on | |
789 | MSIE browsers. | |
790 | 7. Added Yair Lenga's patch for non-urlencoded postings. | |
791 | 8. Added Stas Bekman's patches for mod_perl 2 compatibility. | |
792 | 9. Fixed uninitialized escape behavior submitted by William Campbell. | |
793 | 10. Fixed tied behavior so that you can pass arguments to tie() | |
794 | 11. Fixed incorrect generation of URLs when the path_info contains + | |
795 | and other odd characters. | |
796 | 12. Fixed redirect(-cookies=>$cookie) problem. | |
797 | 13. Fixed tag generation bug that affects -javascript passed to | |
798 | start_html(). | |
799 | ||
800 | Version 2.91 | |
801 | ||
802 | 1. Attribute generation now correctly respects the value of | |
803 | autoEscape(). | |
804 | 2. Fixed endofrm() syntax error introduced by Ben Edgington's patch. | |
805 | ||
806 | Version 2.90 | |
807 | ||
808 | 1. Fixed bug in redirect header handling. | |
809 | 2. Added P3P option to header(). | |
810 | 3. Patches from Alexey Mahotkin to make CGI::Carp work correctly with | |
811 | object-oriented exceptions. | |
812 | 4. Removed inaccurate description of how to set multiple cookies from | |
813 | CGI::Cookie pod file. | |
814 | 5. Patch from Kevin Mahony to prevent running out of filehandles when | |
815 | uploading lots of files. | |
816 | 6. Documentation enhancement from Mark Fisher to note that the | |
817 | import_names() method transforms the parameter names into valid | |
818 | Perl names. | |
819 | 7. Patch from Dan Harkless to suppress lang attribute in <html> tag | |
820 | if specified as a null string. | |
821 | 8. Patch from Ben Edgington to fix broken XHTML-transitional 1.0 | |
822 | validation on endform(). | |
823 | 9. Custom html header fix from Steffen Beyer (first letter correctly | |
824 | upcased now) | |
825 | 10. Added a -verbatim option to stylesheet generation from Michael | |
826 | Dickson | |
827 | 11. Faster delete() method from Neelam Gupta | |
828 | 12. Fixed broken Cygwin support. | |
829 | 13. Added empty charset support from Bradley Baetz | |
830 | 14. Patches from Doug Perham and Kevin Mahoney to fix file upload | |
831 | failures when uploaded file is a multiple of 4096. | |
832 | ||
833 | Version 2.89 | |
834 | ||
835 | 1. Fixed behavior of ACTION tag when POSTING to a URL that has a | |
836 | query string. | |
837 | 2. Added Patch from Michael Rommel to handle multipart/mixed uploads | |
838 | from Opera | |
839 | ||
840 | Version 2.88 | |
841 | ||
842 | 1. Fixed problem with uploads being refused under Perl 5.8 when under | |
843 | Taint mode. | |
844 | 2. Fixed uninitialized variable warnings under Perl 5.8. | |
845 | 3. Fixed CGI::Pretty regression test failures. | |
846 | ||
847 | Version 2.87 | |
848 | ||
849 | 1. Security hole patched: when processing multipart/form-data | |
850 | postings, most arguments were being untainted silently. Returned | |
851 | arguments are now tainted correctly. This may cause some scripts | |
852 | to fail that used to work (thanks to Nick Cleaton for pointing | |
853 | this out and persisting until it was fixed). | |
854 | 2. Update for mod_perl 2.0. | |
855 | 3. Pragmas such as -no_xhtml are now respected in mod_perl | |
856 | environment. | |
857 | ||
858 | Version 2.86 | |
859 | ||
860 | 1. Fixes for broken CGI::Cookie expiration dates introduced in 2.84. | |
861 | ||
862 | Version 2.85 | |
863 | ||
864 | 1. Fix for broken autoEscape function introduced in 2.84. | |
865 | ||
866 | Version 2.84 | |
867 | ||
868 | 1. Fix for failed file uploads on Cygwin platforms. | |
869 | 2. HTML escaping code now replaced 0x8b and 0x9b with unicode | |
870 | references < and *#8250; | |
871 | ||
872 | Version 2.83 | |
873 | ||
874 | 1. Fixed autoEscape() documentation inconsistencies. | |
be039708 | 875 | 2. Patch from Ville Skytt� to fix a number of XHTML inconsistencies. |
976c4ade RGS |
876 | 3. Added Max-Age to list of CGI::Cookie headers. |
877 | ||
878 | Version 2.82 | |
879 | ||
880 | 1. Patch from Rudolf Troller to add attribute setting and option | |
881 | groups to form fields. | |
882 | 2. Patch from Simon Perreault for silent crashes when using CGI::Carp | |
883 | under mod_perl. | |
884 | 3. Patch from Scott Gifford allows you to set the program name for | |
885 | CGI::Carp. | |
886 | ||
887 | Version 2.81 | |
888 | ||
889 | 1. Removed extraneous slash from end of stylesheet tags generated by | |
890 | start_html in non-XHTML mode. | |
891 | 2. Changed behavior of CGI::Carp with respect to eval{} contexts so | |
892 | that output behaves properly in mod_perl environments. | |
893 | 3. Fixed default DTD so that it validates with W3C validator. | |
894 | ||
895 | Version 2.80 | |
896 | ||
897 | 1. Fixed broken messages in CGI::Carp. | |
898 | 2. Changed checked="1" to checked="checked" for real XHTML | |
899 | compatibility. | |
900 | 3. Resurrected REQUEST_URI code so that url() works correctly with | |
901 | multiviews. | |
902 | ||
903 | Version 2.79 | |
904 | ||
905 | 1. Changes to CGI::Carp to avoid "subroutine redefined" error | |
906 | messages. | |
907 | 2. Default DTD is now XHTML 1.0 Transitional | |
908 | 3. Patches to support all HTML4 tags. | |
909 | ||
910 | Version 2.78 | |
911 | ||
912 | 1. Added ability to change encoding in <?xml> assertion. | |
913 | 2. Fixed the old escapeHTML('CGI') ne "CGI" bug | |
914 | 3. In accordance with XHTML requirements, there are no longer any | |
915 | minimized attributes, such as "checked". | |
916 | 4. Patched bug which caused file uploads of exactly 4096 bytes to be | |
917 | truncated to 4094 (thanks to Kevin Mahony) | |
918 | 5. New tests and fixes to CGI::Pretty (thanks to Michael Schwern). | |
919 | ||
920 | Version 2.77 | |
921 | ||
922 | 1. No new features, but released in order to fix an apparent CPAN | |
923 | bug. | |
924 | ||
925 | Version 2.76 | |
926 | ||
927 | 1. New esc.t regression test for EBCDIC translations courtesy Peter | |
928 | Prymmer. | |
929 | 2. Patches from James Jurach to make compatible with FCGI-ProcManager | |
930 | 3. Additional fields passed to header() (like -Content_disposition) | |
931 | now honor initial capitalization. | |
932 | 4. Patch from Andrew McNaughton to handle utf-8 escapes (%uXXXX | |
933 | codes) in URLs. | |
934 | ||
935 | Version 2.752 | |
936 | ||
937 | 1. Syntax error in the autoloaded Fh::new() subroutine. | |
938 | 2. Better error reporting in autoloaded functions. | |
939 | ||
940 | Version 2.751 | |
941 | ||
942 | 1. Tiny tweak to filename regular expression function on line 3355. | |
943 | ||
944 | Version 2.75 | |
945 | ||
946 | 1. Fixed bug in server push boundary strings (CGI.pm and CGI::Push). | |
947 | 2. Fixed bug that occurs when uploading files with funny characters | |
948 | in the name | |
949 | 3. Fixed non-XHTML-compliant attributes produced by textfield() | |
950 | 4. Added EPOC support, courtesy Olaf Flebbe | |
951 | 5. Fixed minor XHTML bugs. | |
952 | 6. Made escape() and unescape() symmetric with respect to EBCDIC, | |
953 | courtesy Roca, Ignasi <ignasi.roca@fujitsu.siemens.es> | |
954 | 7. Removed uninitialized variable warning from CGI::Cookie, provided | |
955 | by Atipat Rojnuckarin <rojnuca@yahoo.com> | |
956 | 8. Fixed bug in CGI::Pretty that causes it to print partial end tags | |
957 | when the $INDENT global is changed. | |
958 | 9. Single quotes are changed to character entity ' for compatibility | |
959 | with URLs. | |
960 | ||
961 | Version 2.74 | |
962 | ||
963 | September 13, 2000 | |
964 | 1. Quashed one-character bug that caused CGI.pm to fail on file | |
965 | uploads. | |
966 | ||
967 | Version 2.73 | |
968 | ||
969 | September 12, 2000 | |
970 | 1. Added -base to the list of arguments accepted by url(). | |
971 | 2. Fixes to XHTML support. | |
972 | 3. POST parameters no longer show up in the Location box. | |
973 | ||
974 | Version 2.72 | |
975 | ||
976 | August 19, 2000 | |
977 | 1. Fixed the defaults button so that it works again | |
978 | 2. Charset is now correctly saved and restored when saving to files | |
979 | 3. url() now works correctly when given scripts with %20 and other | |
980 | escapes in the additional path info. This undoes a patch | |
981 | introduced in version 2.47 that I no longer understand the | |
982 | rationale for. | |
983 | ||
984 | Version 2.71 | |
985 | ||
986 | August 13, 2000 | |
987 | 1. Newlines in the value attributes of hidden fields and other form | |
988 | elements are now escaped when using ISO-Latin. | |
989 | 2. Inline script and style sections are now protected as CDATA | |
990 | sections when XHTML mode is on (the default). | |
991 | ||
992 | Version 2.70 | |
993 | ||
994 | August 4, 2000 | |
995 | 1. Fixed bug in scrolling_list() which omitted a space in front of | |
996 | the "multiple" attribute. | |
997 | 2. Squashed the "useless use of string in void context" message from | |
998 | redirects. | |
999 | ||
1000 | Version 2.69 | |
1001 | ||
1002 | 1. startform() now creates default ACTION for POSTs as well as GETs. | |
1003 | This may break some browsers, but it no longer violates the HTML | |
1004 | spec. | |
1005 | 2. CGI.pm now emits XHTML by default. Disable with -no_xhtml. | |
1006 | 3. We no longer interpret &#ddd sequences in non-latin character | |
1007 | sets. | |
1008 | ||
1009 | Version 2.68 | |
1010 | ||
1011 | 1. No longer attempts to escape characters when dealing with non | |
1012 | ISO-8861 character sets. | |
1013 | 2. checkbox() function now defaults to using -value as its label, | |
1014 | rather than -name. The current behavior is what has been | |
1015 | documented from the beginning. | |
1016 | 3. -style accepts array reference to incorporate multiple stylesheets | |
1017 | into document. | |
1018 | ||
1019 | 1. Fixed two bugs that caused the -compile pragma to fail with a | |
1020 | syntax error. | |
1021 | ||
1022 | Version 2.67 | |
1023 | ||
1024 | 1. Added XHTML support (incomplete; tags need to be lowercased). | |
1025 | 2. Fixed CGI/Carp when running under mod_perl. Probably broke in | |
1026 | other contexts. | |
1027 | 3. Fixed problems when passing multiple cookies. | |
1028 | 4. Suppress warnings from _tableize() that were appearing when using | |
1029 | -w switch with radio_group() and checkbox_group(). | |
1030 | 5. Support for the header() -attachment argument, which can give | |
1031 | pages a default file name when saving to disk. | |
1032 | ||
1033 | Version 2.66 | |
1034 | ||
1035 | 1. 2.65 changes in make_attributes() broke HTTP header functions | |
1036 | (including redirect), so made it context sensitive. | |
1037 | ||
1038 | Version 2.65 | |
1039 | ||
1040 | 1. Fixed regression tests to skip tests that require implicit fork on | |
1041 | machines without fork(). | |
1042 | 2. Changed make_attributes() to automatically escape any HTML | |
1043 | reserved characters. | |
1044 | 3. Minor documentation fix in javascript example. | |
1045 | ||
1046 | Version 2.64 | |
1047 | ||
1048 | 1. Changes introduced in 2.63 broke param() when retrieving parameter | |
1049 | lists containing only a single argument. This is now fixed. | |
1050 | 2. self_url() now defaults to returning parameters delimited with | |
1051 | semicolon. Use the pragma -oldstyle_urls to get the old "&" | |
1052 | delimiter. | |
1053 | ||
1054 | Version 2.63 | |
1055 | ||
1056 | 1. Fixed CGI::Push to pull out parameters correctly. | |
1057 | 2. Fixed redirect() so that it works with default character set | |
1058 | 3. Changed param() so as to returned empty string '' when referring | |
1059 | to variables passed in query strings like 'name1=&name2' | |
1060 | ||
1061 | Version 2.62 | |
1062 | ||
1063 | 1. Fixed broken ReadParse() function, and added regression tests | |
1064 | 2. Fixed broken CGI::Pretty, and added regression tests | |
1065 | ||
1066 | Version 2.61 | |
1067 | ||
1068 | 1. Moved more functions from CGI.pm proper into CGI/Util.pm. | |
1069 | CGI/Cookie should now be standalone. | |
1070 | 2. Disabled per-user temporary directories, which were causing grief. | |
1071 | ||
1072 | Version 2.60 | |
1073 | ||
1074 | 1. Fixed junk appearing in autogenerated HTML functions when using | |
1075 | object-oriented mode. | |
1076 | ||
1077 | Version 2.59 | |
1078 | ||
1079 | 1. autoescape functionality breaks too much existing code, removed | |
1080 | it. | |
1081 | 2. use escapeHTML() manually | |
1082 | ||
1083 | Version 2.58 | |
1084 | ||
1085 | This is the release version of 2.57. | |
1086 | ||
1087 | Version 2.57 | |
1088 | ||
1089 | 1. Added -debug pragma and turned off auto reading of STDIN. | |
1090 | 2. Default DTD updated to HTML 4.01 transitional. | |
1091 | 3. Added charset() method and the -charset argument to header(). | |
1092 | 4. Fixed behavior of escapeHTML() to respect charset() and to escape | |
1093 | nasty Windows characters (thanks to Tom Christiansen). | |
1094 | 5. Handle REDIRECT_QUERY_STRING correctly. | |
1095 | 6. Removed use_named_parameters() because of dependency problems and | |
1096 | general lameness. | |
1097 | 7. Fixed problems with bad HREF links generated by url(-relative=>1) | |
1098 | when the url is like /people/. | |
1099 | 8. Silenced a warning on upload (patch provided by Jonas Liljegren) | |
1100 | 9. Fixed race condition in CGI::Carp when errors occur during parsing | |
1101 | (patch provided by Maurice Aubrey). | |
1102 | 10. Fixed failure of url(-path_info=>1) when path contains % signs. | |
1103 | 11. Fixed warning from CGI::Cookie when receiving foreign cookies that | |
1104 | don't use name=value format. | |
1105 | 12. Fixed incompatibilities with file uploading on VMS systems. | |
1106 | ||
1107 | Version 2.56 | |
1108 | ||
1109 | 1. Fixed bugs in file upload introduced in version 2.55 | |
1110 | 2. Fixed long-standing bug that prevented two files with identical | |
1111 | names from being uploaded. | |
1112 | ||
1113 | Version 2.55 | |
1114 | ||
1115 | 1. Fixed cookie regression test so as not to produce an error. | |
1116 | 2. Fixed path_info() and self_url() to work correctly together when | |
1117 | path_info() modified. | |
1118 | 3. Removed manify warnings from CGI::{Switch,Apache}. | |
1119 | ||
1120 | Version 2.54 | |
1121 | ||
1122 | 1. This will be the last release of the monolithic CGI.pm module. | |
1123 | Later versions will be modularized and optimized. | |
1124 | 2. DOMAIN tag no longer added to cookies by default. This will break | |
1125 | some versions of Internet Explorer, but will avoid breaking | |
1126 | networks which use host tables without fully qualified domain | |
1127 | names. For compatibility, please always add the -domain tag when | |
1128 | creating cookies. | |
1129 | 3. Fixed escape() method so that +'s are treated correctly. | |
1130 | 4. Updated CGI::Pretty module. | |
1131 | ||
1132 | Version 2.53 | |
1133 | ||
1134 | 1. Forgot to upgrade regression tests before releasing 2.52. NOTHING | |
1135 | ELSE HAS CHANGED IN LIBRARY | |
1136 | ||
1137 | Version 2.52 | |
1138 | ||
1139 | 1. Spurious newline in checkbox() routine removed. (courtesy John | |
1140 | Essen) | |
1141 | 2. TEXTAREA linebreaks now respected in dump() routine. (courtesy | |
1142 | John Essen) | |
1143 | 3. Patches for DOS ports (courtesy Robert Davies) | |
1144 | 4. Patches for VMS | |
1145 | 5. More fixes for cookie problems | |
1146 | 6. Fix CGI::Carp so that it doesn't affect eval{} blocks (courtesy | |
1147 | Byron Brummer) | |
1148 | ||
1149 | Version 2.51 | |
1150 | ||
1151 | 1. Fixed problems with cookies not being remembered when sent to IE | |
1152 | 5.0 (and Netscape 5.0 too?) | |
1153 | 2. Numerous HTML compliance problems in cgi_docs.html; fixed thanks | |
1154 | to Michael Leahy | |
1155 | ||
1156 | Version 2.50 | |
1157 | ||
1158 | 1. Added a new Vars() method to retrieve all parameters as a tied | |
1159 | hash. | |
1160 | 2. Untainted tainted tempfile name so that script doesn't fail on | |
1161 | terminal unlink. | |
1162 | 3. Made picking of upload tempfile name more intelligent so that | |
1163 | doesn't fail in case of name collision. | |
1164 | 4. Fixed handling of expire times when passed an absolute timestamp. | |
1165 | 5. Changed dump() to Dump() to avoid name clashes. | |
1166 | ||
1167 | Version 2.49 | |
1168 | ||
1169 | 1. Fixes for FastCGI (globals not getting reset) | |
1170 | 2. Fixed url() to correctly handle query string and path under | |
1171 | MOD_PERL | |
1172 | ||
1173 | Version 2.48 | |
1174 | ||
1175 | 1. Reverted detection of MOD_PERL to avoid breaking PerlEX. | |
1176 | ||
1177 | Version 2.47 | |
1178 | ||
1179 | 1. Patch to fix file upload bug appearing in IE 3.01 for | |
1180 | Macintosh/PowerPC. | |
1181 | 2. Replaced use of $ENV{SCRIPT_NAME} with $ENV{REQUEST_URI} when | |
1182 | running under Apache, to fix self-referencing URIs. | |
1183 | 3. Fixed bug in escapeHTML() which caused certain constructs, such as | |
1184 | CGI->image_button(), to fail. | |
1185 | 4. Fixed bug which caused strong('CGI') to fail. Be careful to use | |
1186 | CGI::strong('CGI') and not CGI->strong('CGI'). The latter will | |
1187 | produce confusing results. | |
1188 | 5. Added upload() function, as a preferred replacement for the | |
1189 | "filehandle as string" feature. | |
1190 | 6. Added cgi_error() function. | |
1191 | 7. Rewrote file upload handling to return undef rather than dieing | |
1192 | when an error is encountered. Be sure to call cgi_error() to find | |
1193 | out what went wrong. | |
1194 | ||
1195 | Version 2.46 | |
1196 | ||
1197 | 1. Fix for failure of the "include" tests under mod_perl | |
1198 | 2. Added end_multipart_form to prevent failures during qw(-compile | |
1199 | :all) | |
1200 | ||
1201 | Version 2.45 | |
1202 | ||
1203 | 1. Multiple small documentation fixes | |
1204 | 2. CGI::Pretty didn't get into 2.44. Fixed now. | |
1205 | ||
1206 | Version 2.44 | |
1207 | ||
1208 | 1. Fixed file descriptor leak in upload function. | |
1209 | 2. Fixed bug in header() that prevented fields from containing double | |
1210 | quotes. | |
1211 | 3. Added Brian Paulsen's CGI::Pretty package for pretty-printing | |
1212 | output HTML. | |
1213 | 4. Removed CGI::Apache and CGI::Switch from the distribution. | |
1214 | 5. Generated start_* shortcuts so that start_table(), end_table(), | |
1215 | start_ol(), end_ol(), and so forth now work (see the docs on how | |
1216 | to enable this feature). | |
1217 | 6. Changed accept() to Accept(), sub() to Sub(). There's still a | |
1218 | conflict with reset(), but this will break too many existing | |
1219 | scripts! | |
1220 | ||
1221 | Version 2.43 | |
1222 | ||
1223 | 1. Fixed problem with "use strict" and file uploads (thanks to Peter | |
1224 | Haworth) | |
1225 | 2. Fixed problem with not MSIE 3.01 for the power_mac not doing file | |
1226 | uploads right. | |
1227 | 3. Fixed problem with file upload on IIS 4.0 when authorization in | |
1228 | use. | |
1229 | 4. -content_type and '-content-type' can now be provided to header() | |
1230 | as synonyms for -type. | |
1231 | 5. CGI::Carp now escapes the ampersand BEFORE escaping the > and < | |
1232 | signs. | |
1233 | 6. Fixed "not an array reference" error when passing a hash reference | |
1234 | to radio_group(). | |
1235 | 7. Fixed non-removal of uploaded TMP files on NT platforms which | |
1236 | occurs when server runs on non-C drive (thanks to Steve Kilbane | |
1237 | for finding this one). | |
1238 | ||
1239 | Version 2.42 | |
1240 | ||
1241 | 1. Too many screams of anguish at changed behavior of url(). Is now | |
1242 | back to its old behavior by default, with options to generate all | |
1243 | the variants. | |
1244 | 2. Added regression tests. "make test" now works. | |
1245 | 3. Documentation fixes. | |
1246 | 4. Fixes for Macintosh uploads, but uploads STILL do not work pending | |
1247 | changes to MacPerl. | |
1248 | ||
1249 | Version 2.41 | |
1250 | ||
1251 | 1. url() method now includes the path info. Use script_name() to get | |
1252 | it without path info(). | |
1253 | 2. Changed handling of empty attributes in HTML tag generation. Be | |
1254 | warned! Use table({-border=>undef}) rather than | |
1255 | table({-border=>''}). | |
1256 | 3. Changes to allow uploaded filenames to be compared to other | |
1257 | strings with "eq", "cmp" and "ne". | |
1258 | 4. Changes to allow CGI.pm to coexist more peacefully with | |
1259 | ActiveState PerlEX. | |
1260 | 5. Changes to prevent exported variables from clashing when importing | |
1261 | ":all" set in combination with cookies. | |
1262 | ||
1263 | Version 2.40 | |
1264 | ||
1265 | 1. CGI::Carp patched to work better with mod_perl (thanks to Chris | |
1266 | Dean). | |
1267 | 2. Uploads of files whose names begin with numbers or the Windows | |
1268 | \\UNC\shared\file nomenclature should no longer fail. | |
1269 | 3. The <STYLE> tag (for cascading style sheets) now generates the | |
1270 | required TYPE attribute. | |
1271 | 4. Server push primitives added, thanks to Ed Jordan. | |
1272 | 5. Table and other HTML3 functions are now part of the :standard set. | |
1273 | 6. Small documentation fixes. | |
1274 | ||
1275 | TO DO: | |
1276 | 1. Do something about the DTD mess. The module should generate | |
1277 | correct DTDs, or at least offer the programmer a way to specify | |
1278 | the correct one. | |
1279 | 2. Split CGI.pm into CGI processing and HTML-generating modules. | |
1280 | 3. More robust file upload (?still not working on the Macintosh?). | |
1281 | 4. Bring in all the HTML4 functionality, particular the accessibility | |
1282 | features. | |
1283 | ||
1284 | Version 2.39 | |
1285 | ||
1286 | 1. file uploads failing because of VMS patch; fixed. | |
1287 | 2. -dtd parameter was not being properly processed. | |
1288 | ||
1289 | Version 2.38 | |
1290 | ||
1291 | I finally got tired of all the 2.37 betas and released 2.38. The main | |
1292 | difference between this version and the last 2.37 beta (2.37b30) are | |
1293 | some fixes for VMS. This should allow file upload to work properly on | |
1294 | all VMS Web servers. | |
1295 | ||
1296 | Version 2.37, various beta versions | |
1297 | ||
1298 | 1. Added a CGI::Cookie::parse() method for lucky mod_perl users. | |
1299 | 2. No longer need separate -values and -labels arguments for | |
1300 | multi-valued form elements. | |
1301 | 3. Added better interface to raw cookies (fix courtesy Ken Fox, | |
1302 | kfox@ford.com) | |
1303 | 4. Added param_fetch() function for direct access to parameter list. | |
1304 | 5. Fix to checkbox() to allow for multi-valued single checkboxes | |
1305 | (weird problem). | |
1306 | 6. Added a compile() method for those who want to compile without | |
1307 | importing. | |
1308 | 7. Documented the import pragmas a little better. | |
1309 | 8. Added a -compile switch to the use clause for the long-suffering | |
1310 | mod_perl and Perl compiler users. | |
1311 | 9. Fixed initialization routines so that FileHandle and type globs | |
1312 | work correctly (and hash initialization doesn't fail!). | |
1313 | 10. Better deletion of temporary files on NT systems. | |
1314 | 11. Added documentation on escape(), unescape(), unescapeHTML() and | |
1315 | unescapeHTML() subroutines. | |
1316 | 12. Added documentation on creating subclasses. | |
1317 | 13. Fixed problem when calling $self->SUPER::foo() from inheriting | |
1318 | subclasses. | |
1319 | 14. Fixed problem using filehandles from within subroutines. | |
1320 | 15. Fixed inability to use the string "CGI" as a parameter. | |
1321 | 16. Fixed exponentially growing $FILLUNIT bug | |
1322 | 17. Check for undef filehandle in read_from_client() | |
1323 | 18. Now requires the UNIVERSAL.pm module, present in Perl 5.003_7 or | |
1324 | higher. | |
1325 | 19. Fixed problem with uppercase-only parameters being ignored. | |
1326 | 20. Fixed vanishing cookie problem. | |
1327 | 21. Fixed warning in initialize_globals() under mod_perl. | |
1328 | 22. File uploads from Macintosh versions of MSIE should now work. | |
1329 | 23. Pragmas now preceded by dashes (-nph) rather than colons (:nph). | |
7f92e913 | 1330 | Old style is supported for backward compatibility. |
976c4ade RGS |
1331 | 24. Can now pass arguments to all functions using {} brackets, |
1332 | resolving historical inconsistencies. | |
1333 | 25. Removed autoloader warnings about absent MultipartBuffer::DESTROY. | |
1334 | 26. Fixed non-sticky checkbox() when -name used without -value. | |
1335 | 27. Hack to fix path_info() in IIS 2.0. Doesn't help with IIS 3.0. | |
1336 | 28. Parameter syntax for debugging from command line now more | |
1337 | straightforward. | |
1338 | 29. Added $DISABLE_UPLOAD to disable file uploads. | |
1339 | 30. Added $POST_MAX to error out if POSTings exceed some ceiling. | |
1340 | 31. Fixed url_param(), which wasn't working at all. | |
1341 | 32. Fixed variable suicide problem in s///e expressions, where the | |
1342 | autoloader was needed during evaluation. | |
1343 | 33. Removed excess spaces between elements of checkbox and radio | |
1344 | groups | |
1345 | 34. Can now create "valueless" submit buttons | |
1346 | 35. Can now set path_info as well as read it. | |
1347 | 36. ReadParse() now returns a useful function result. | |
1348 | 37. import_names() now allows you to optionally clear out the | |
1349 | namespace before importing (for mod_perl users) | |
1350 | 38. Made it possible to have a popup menu or radio button with a value | |
1351 | of "0". | |
1352 | 39. link() changed to Link() to avoid overriding native link function. | |
1353 | 40. Takes advantage of mod_perl's register_cleanup() function to clear | |
1354 | globals. | |
1355 | 41. <LAYER> and <ILAYER> added to :html3 functions. | |
1356 | 42. Fixed problems with private tempfiles and NT/IIS systems. | |
1357 | 43. No longer prints the DTD by default (I bet no one will complain). | |
1358 | 44. Allow underscores to replace internal hyphens in parameter names. | |
1359 | 45. CGI::Push supports heterogeneous MIME types and adjustable delays | |
1360 | between pages. | |
1361 | 46. url_param() method added for retrieving URL parameters even when a | |
1362 | fill-out form is POSTed. | |
1363 | 47. Got rid of warnings when radio_group() is called. | |
1364 | 48. Cookies now moved to their very own module. | |
1365 | 49. Fixed documentation bug in CGI::Fast. | |
1366 | 50. Added a :no_debug pragma to the import list. | |
1367 | ||
1368 | Version 2.36 | |
1369 | ||
1370 | 1. Expanded JavaScript functionality | |
1371 | 2. Preliminary support for cascading stylesheets | |
1372 | 3. Security fixes for file uploads: | |
1373 | + Module will bail out if its temporary file already exists | |
1374 | + Temporary files can now be made completely private to avoid | |
1375 | peeking by other users or CGI scripts. | |
1376 | 4. use CGI qw/:nph/ wasn't working correctly. Now it is. | |
1377 | 5. Cookie and HTTP date formats didn't meet spec. Thanks to Mark | |
1378 | Fisher (fisherm@indy.tce.com) for catching and fixing this. | |
1379 | ||
1380 | p | |
1381 | ||
1382 | Version 2.35 | |
1383 | ||
1384 | 1. Robustified multipart file upload against incorrect syntax in | |
1385 | POST. | |
1386 | 2. Fixed more problems with mod_perl. | |
1387 | 3. Added -noScript parameter to start_html(). | |
1388 | 4. Documentation fixes. | |
1389 | ||
1390 | Version 2.34 | |
1391 | ||
1392 | 1. Stupid typo fix | |
1393 | ||
1394 | Version 2.33 | |
1395 | ||
1396 | 1. Fixed a warning about an undefined environment variable. | |
1397 | 2. Doug's patch for redirect() under mod_perl | |
1398 | 3. Partial fix for busted inheritence from CGI::Apache | |
1399 | 4. Documentation fixes. | |
1400 | ||
1401 | Version 2.32 | |
1402 | ||
1403 | 1. Improved support for Apache's mod_perl. | |
1404 | 2. Changes to better support inheritance. | |
1405 | 3. Support for OS/2. | |
1406 | ||
1407 | Version 2.31 | |
1408 | ||
1409 | 1. New uploadInfo() method to obtain header information from uploaded | |
1410 | files. | |
1411 | 2. cookie() without any arguments returns all the cookies passed to a | |
1412 | script. | |
1413 | 3. Removed annoying warnings about $ENV{NPH} when running with the -w | |
1414 | switch. | |
1415 | 4. Removed operator overloading throughout to make compatible with | |
1416 | new versions of perl. | |
1417 | 5. -expires now implies the -date header, to avoid clock skew. | |
1418 | 6. WebSite passes cookies in $ENV{COOKIE} rather than | |
1419 | $ENV{HTTP_COOKIE}. We now handle this, even though it's O'Reilly's | |
1420 | fault. | |
1421 | 7. Tested successfully against new sfio I/O layer. | |
1422 | 8. Documentation fixes. | |
1423 | ||
1424 | Version 2.30 | |
1425 | ||
1426 | 1. Automatic detection of operating system at load time. | |
1427 | 2. Changed select() function to Select() in order to avoid conflict | |
1428 | with Perl built-in. | |
1429 | 3. Added Tr() as an alternative to TR(); some people think it looks | |
1430 | better that way. | |
1431 | 4. Fixed problem with autoloading of MultipartBuffer::DESTROY code. | |
1432 | 5. Added the following methods: | |
1433 | + virtual_host() | |
1434 | + server_software() | |
1435 | 6. Automatic NPH mode when running under Microsoft IIS server. | |
1436 | ||
1437 | Version 2.29 | |
1438 | ||
1439 | 1. Fixed cookie bugs | |
1440 | 2. Fixed problems that cropped up when useNamedParameters was set to | |
1441 | 1. | |
1442 | 3. Prevent CGI::Carp::fatalsToBrowser() from crapping out when | |
1443 | encountering a die() within an eval(). | |
1444 | 4. Fixed problems with filehandle initializers. | |
1445 | ||
1446 | Version 2.28 | |
1447 | ||
1448 | 1. Added support for NPH scripts; also fixes problems with Microsoft | |
1449 | IIS. | |
1450 | 2. Fixed a problem with checkbox() values not being correctly saved | |
1451 | and restored. | |
1452 | 3. Fixed a bug in which CGI objects created with empty string | |
1453 | initializers took on default values from earlier CGI objects. | |
1454 | 4. Documentation fixes. | |
1455 | ||
1456 | Version 2.27 | |
1457 | ||
1458 | 1. Small but important bug fix: the automatic capitalization of tag | |
1459 | attributes was accidentally capitalizing the VALUES as well as the | |
1460 | ATTRIBUTE names (oops). | |
1461 | ||
1462 | Version 2.26 | |
1463 | ||
1464 | 1. Changed behavior of scrolling_list(), checkbox() and | |
1465 | checkbox_group() methods so that defaults are honored correctly. | |
1466 | The "fix" causes endform() to generate additional <INPUT | |
1467 | TYPE="HIDDEN"> tags -- don't be surpised. | |
1468 | 2. Fixed bug involving the detection of the SSL protocol. | |
1469 | 3. Fixed documentation error in position of the -meta argument in | |
1470 | start_html(). | |
1471 | 4. HTML shortcuts now generate tags in ALL UPPERCASE. | |
1472 | 5. start_html() now generates correct SGML header: | |
1473 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> | |
deafae52 | 1474 | |
976c4ade RGS |
1475 | 6. CGI::Carp no longer fails "use strict refs" pragma. |
1476 | ||
1477 | Version 2.25 | |
1478 | ||
1479 | 1. Fixed bug that caused bad redirection on destination URLs with | |
1480 | arguments. | |
1481 | 2. Fixed bug involving use_named_parameters() followed by | |
1482 | start_multipart_form() | |
1483 | 3. Fixed bug that caused incorrect determination of binmode for | |
1484 | Macintosh. | |
1485 | 4. Spelling fixes on documentation. | |
1486 | ||
1487 | Version 2.24 | |
1488 | ||
1489 | 1. Fixed bug that caused generation of lousy HTML for some form | |
1490 | elements | |
1491 | 2. Fixed uploading bug in Windows NT | |
1492 | 3. Some code cleanup (not enough) | |
1493 | ||
1494 | Version 2.23 | |
1495 | ||
1496 | 1. Fixed an obscure bug that caused scripts to fail mysteriously. | |
1497 | 2. Fixed auto-caching bug. | |
1498 | 3. Fixed bug that prevented HTML shortcuts from passing taint checks. | |
1499 | 4. Fixed some -w warning problems. | |
1500 | ||
1501 | Version 2.22 | |
1502 | ||
1503 | 1. New CGI::Fast module for use with FastCGI protocol. See pod | |
1504 | documentation for details. | |
1505 | 2. Fixed problems with inheritance and autoloading. | |
1506 | 3. Added TR() (<tr>) and PARAM() (<param>) methods to list of | |
1507 | exported HTML tag-generating functions. | |
1508 | 4. Moved all CGI-related I/O to a bottleneck method so that this can | |
1509 | be overridden more easily in mod_perl (thanks to Doug MacEachern). | |
1510 | 5. put() method as substitute for print() for use in mod_perl. | |
1511 | 6. Fixed crash in tmpFileName() method. | |
1512 | 7. Added tmpFileName(), startform() and endform() to export list. | |
1513 | 8. Fixed problems with attributes in HTML shortcuts. | |
1514 | 9. Functions that don't actually need access to the CGI object now no | |
1515 | longer generate a default one. May speed things up slightly. | |
1516 | 10. Aesthetic improvements in generated HTML. | |
1517 | 11. New examples. | |
1518 | ||
1519 | Version 2.21 | |
1520 | ||
1521 | 1. Added the -meta argument to start_html(). | |
1522 | 2. Fixed hidden fields (again). | |
1523 | 3. Radio_group() and checkbox_group() now return an appropriate | |
1524 | scalar value when called in a scalar context, rather than | |
1525 | returning a numeric value! | |
1526 | 4. Cleaned up the formatting of form elements to avoid unesthetic | |
1527 | extra spaces within the attributes. | |
1528 | 5. HTML elements now correctly include the closing tag when | |
1529 | parameters are present but null: em('') | |
1530 | 6. Added password_field() to the export list. | |
1531 | ||
1532 | Version 2.20 | |
1533 | ||
1534 | 1. Dumped the SelfLoader because of problems with running with taint | |
1535 | checks and rolled my own. Performance is now significantly | |
1536 | improved. | |
1537 | 2. Added HTML shortcuts. | |
1538 | 3. import() now adheres to the Perl module conventions, allowing | |
1539 | CGI.pm to import any or all method names into the user's name | |
1540 | space. | |
1541 | 4. Added the ability to initialize CGI objects from strings and | |
1542 | associative arrays. | |
1543 | 5. Made it possible to initialize CGI objects with filehandle | |
1544 | references rather than filehandle strings. | |
1545 | 6. Added the delete_all() and append() methods. | |
1546 | 7. CGI objects correctly initialize from filehandles on NT/95 systems | |
1547 | now. | |
1548 | 8. Fixed the problem with binary file uploads on NT/95 systems. | |
1549 | 9. Fixed bug in redirect(). | |
1550 | 10. Added '-Window-target' parameter to redirect(). | |
1551 | 11. Fixed import_names() so that parameter names containing funny | |
1552 | characters work. | |
1553 | 12. Broke the unfortunate connection between cookie and CGI parameter | |
1554 | name space. | |
1555 | 13. Fixed problems with hidden fields whose values are 0. | |
1556 | 14. Cleaned up the documentation somewhat. | |
1557 | ||
1558 | Version 2.19 | |
1559 | ||
1560 | 1. Added cookie() support routines. | |
1561 | 2. Added -expires parameter to header(). | |
7f92e913 | 1562 | 3. Added cgi-lib.pl compatibility mode. |
976c4ade RGS |
1563 | 4. Made the module more configurable for different operating systems. |
1564 | 5. Fixed a dumb bug in JavaScript button() method. | |
1565 | ||
1566 | Version 2.18 | |
1567 | ||
1568 | 1. Fixed a bug that corrects a hang that occurs on some platforms | |
1569 | when processing file uploads. Unfortunately this disables the | |
1570 | check for bad Netscape uploads. | |
1571 | 2. Fixed bizarre problem involving the inability to process uploaded | |
1572 | files that begin with a non alphabetic character in the file name. | |
1573 | 3. Fixed a bug in the hidden fields involving the -override directive | |
1574 | being ignored when scalar defaults were passed. | |
1575 | 4. Added documentation on how to disable the SelfLoader features. | |
1576 | ||
1577 | Version 2.17 | |
1578 | ||
1579 | 1. Added support for the SelfLoader module. | |
1580 | 2. Added oodles of JavaScript support routines. | |
1581 | 3. Fixed bad bug in query_string() method that caused some parameters | |
1582 | to be silently dropped. | |
1583 | 4. Robustified file upload code to handle premature termination by | |
1584 | the client. | |
1585 | 5. Exported temporary file names on file upload. | |
1586 | 6. Removed spurious "uninitialized variable" warnings that appeared | |
1587 | when running under 5.002. | |
1588 | 7. Added the Carp.pm library to the standard distribution. | |
1589 | 8. Fixed a number of errors in this documentation, and probably added | |
1590 | a few more. | |
1591 | 9. Checkbox_group() and radio_group() now return the buttons as | |
1592 | arrays, so that you can incorporate the individual buttons into | |
1593 | specialized tables. | |
1594 | 10. Added the '-nolabels' option to checkbox_group() and | |
1595 | radio_group(). Probably should be added to all the other | |
1596 | HTML-generating routines. | |
1597 | 11. Added the url() method to recover the URL without the entire query | |
1598 | string appended. | |
1599 | 12. Added request_method() to list of environment variables available. | |
1600 | 13. Would you believe it? Fixed hidden fields again! | |
1601 | ||
1602 | Version 2.16 | |
1603 | ||
1604 | 1. Fixed hidden fields yet again. | |
1605 | 2. Fixed subtle problems in the file upload method that caused | |
1606 | intermittent failures (thanks to Keven Hendrick for this one). | |
1607 | 3. Made file upload more robust in the face of bizarre behavior by | |
1608 | the Macintosh and Windows Netscape clients. | |
1609 | 4. Moved the POD documentation to the bottom of the module at the | |
1610 | request of Stephen Dahmen. | |
1611 | 5. Added the -xbase parameter to the start_html() method, also at the | |
1612 | request of Stephen Dahmen. | |
1613 | 6. Added JavaScript form buttons at Stephen's request. I'm not sure | |
1614 | how to use this Netscape extension correctly, however, so for now | |
1615 | the form() method is in the module as an undocumented feature. Use | |
1616 | at your own risk! | |
1617 | ||
1618 | Version 2.15 | |
1619 | ||
1620 | 1. Added the -override parameter to all field-generating methods. | |
1621 | 2. Documented the user_name() and remote_user() methods. | |
1622 | 3. Fixed bugs that prevented empty strings from being recognized as | |
1623 | valid textfield contents. | |
1624 | 4. Documented the use of framesets and added a frameset example. | |
1625 | ||
1626 | Version 2.14 | |
1627 | ||
1628 | This was an internal experimental version that was never released. | |
1629 | ||
1630 | Version 2.13 | |
1631 | ||
1632 | 1. Fixed a bug that interfered with the value "0" being entered into | |
1633 | text fields. | |
1634 | ||
1635 | Version 2.01 | |
1636 | ||
1637 | 1. Added -rows and -columns to the radio and checkbox groups. No | |
1638 | doubt this will cause much grief because it seems to promise a | |
1639 | level of meta-organization that it doesn't actually provide. | |
1640 | 2. Fixed a bug in the redirect() method -- it was not truly HTTP/1.0 | |
1641 | compliant. | |
1642 | ||
1643 | Version 2.0 | |
1644 | ||
1645 | The changes seemed to touch every line of code, so I decided to bump | |
1646 | up the major version number. | |
1647 | 1. Support for named parameter style method calls. This turns out | |
1648 | to be a big win for extending CGI.pm when Netscape adds new HTML | |
1649 | "features". | |
1650 | 2. Changed behavior of hidden fields back to the correct "sticky" | |
1651 | behavior. This is going to break some programs, but it is for | |
1652 | the best in the long run. | |
1653 | 3. Netscape 2.0b2 broke the file upload feature. CGI.pm now handles | |
1654 | both 2.0b1 and 2.0b2-style uploading. It will probably break again | |
1655 | in 2.0b3. | |
1656 | 4. There were still problems with library being unable to distinguish | |
1657 | between a form being loaded for the first time, and a subsequent | |
1658 | loading with all fields blank. We now forcibly create a default | |
1659 | name for the Submit button (if not provided) so that there's | |
1660 | always at least one parameter. | |
1661 | 5. More workarounds to prevent annoying spurious warning messages | |
1662 | when run under the -w switch. -w is seriously broken in perl | |
1663 | 5.001! | |
1664 | ||
1665 | Version 1.57 | |
1666 | ||
1667 | 1. Support for the Netscape 2.0 "File upload" field. | |
1668 | 2. The handling of defaults for selected items in scrolling lists and | |
1669 | multiple checkboxes is now consistent. | |
1670 | ||
1671 | Version 1.56 | |
1672 | ||
1673 | 1. Created true "pod" documentation for the module. | |
1674 | 2. Cleaned up the code to avoid many of the spurious "use of | |
1675 | uninitialized variable" warnings when running with the -w switch. | |
1676 | 3. Added the autoEscape() method. v | |
1677 | 4. Added string interpolation of the CGI object. | |
1678 | 5. Added the ability to pass additional parameters to the <BODY> tag. | |
1679 | 6. Added the ability to specify the status code in the HTTP header. | |
1680 | ||
1681 | Bug fixes in version 1.55 | |
1682 | ||
1683 | 1. Every time self_url() was called, the parameter list would grow. | |
1684 | This was a bad "feature". | |
1685 | 2. Documented the fact that you can pass "-" to radio_group() in | |
1686 | order to prevent any button from being highlighted by default. | |
1687 | ||
1688 | Bug fixes in version 1.54 | |
1689 | ||
1690 | 1. The user_agent() method is now documented; | |
1691 | 2. A potential security hole in import() is now plugged. | |
7f92e913 | 1692 | 3. Changed name of import() to import_names() for compatibility with |
976c4ade RGS |
1693 | CGI:: modules. |
1694 | ||
1695 | Bug fixes in version 1.53 | |
1696 | ||
1697 | 1. Fixed several typos in the code that were causing the following | |
1698 | subroutines to fail in some circumstances | |
1699 | 1. checkbox() | |
1700 | 2. hidden() | |
1701 | 2. No features added | |
1702 | ||
1703 | New features added in version 1.52 | |
1704 | ||
1705 | 1. Added backslashing, quotation marks, and other shell-style escape | |
1706 | sequences to the parameters passed in during debugging off-line. | |
1707 | 2. Changed the way that the hidden() method works so that the default | |
1708 | value always overrides the current one. | |
1709 | 3. Improved the handling of sticky values in forms. It's now less | |
1710 | likely that sticky values will get stuck. | |
1711 | 4. If you call server_name(), script_name() and several other methods | |
1712 | when running offline, the methods now create "dummy" values to | |
1713 | work with. | |
1714 | ||
1715 | Bugs fixed in version 1.51 | |
1716 | ||
1717 | 1. param() when called without arguments was returning an array of | |
1718 | length 1 even when there were no parameters to be had. Bad bug! | |
1719 | Bad! | |
1720 | 2. The HTML code generated would break if input fields contained the | |
1721 | forbidden characters ">< or &. You can now use these characters | |
1722 | freely. | |
1723 | ||
1724 | New features added in version 1.50 | |
1725 | ||
1726 | 1. import() method allows all the parameters to be imported into a | |
1727 | namespace in one fell swoop. | |
1728 | 2. Parameters are now returned in the same order in which they were | |
1729 | defined. | |
1730 | ||
1731 | Bugs fixed in version 1.45 | |
1732 | ||
1733 | 1. delete() method didn't work correctly. This is now fixed. | |
1734 | 2. reset() method didn't allow you to set the name of the button. | |
1735 | Fixed. | |
1736 | ||
1737 | Bugs fixed in version 1.44 | |
1738 | ||
1739 | 1. self_url() didn't include the path information. This is now fixed. | |
1740 | ||
1741 | New features added in version 1.43 | |
1742 | ||
1743 | 1. Added the delete() method. | |
1744 | ||
1745 | New features added in version 1.42 | |
1746 | ||
1747 | 1. The image_button() method to create clickable images. | |
1748 | 2. A few bug fixes involving forms embedded in <PRE> blocks. | |
1749 | ||
1750 | New features added in version 1.4 | |
1751 | ||
1752 | 1. New header shortcut methods | |
1753 | + redirect() to create HTTP redirection messages. | |
1754 | + start_html() to create the HTML title, complete with the | |
1755 | recommended <LINK> tag that no one ever remembers to include. | |
1756 | + end_html() for completeness' sake. | |
1757 | 2. A new save() method that allows you to write out the state of an | |
1758 | script to a file or pipe. | |
1759 | 3. An improved version of the new() method that allows you to restore | |
1760 | the state of a script from a file or pipe. With (2) this gives you | |
1761 | dump and restore capabilities! (Wow, you can put a "121,931 | |
1762 | customers served" banner at the bottom of your pages!) | |
1763 | 4. A self_url() method that allows you to create state-maintaining | |
1764 | hypertext links. In addition to allowing you to maintain the state | |
1765 | of your scripts between invocations, this lets you work around a | |
1766 | problem that some browsers have when jumping to internal links in | |
1767 | a document that contains a form -- the form information gets lost. | |
1768 | 5. The user-visible labels in checkboxes, radio buttons, popup menus | |
1769 | and scrolling lists have now been decoupled from the values sent | |
1770 | to your CGI script. Your script can know a checkbox by the name of | |
1771 | "cb1" while the user knows it by a more descriptive name. I've | |
1772 | also added some parameters that were missing from the text fields, | |
1773 | such as MAXLENGTH. | |
1774 | 6. A whole bunch of methods have been added to get at environment | |
1775 | variables involved in user verification and other obscure | |
1776 | features. | |
1777 | ||
1778 | Bug fixes | |
1779 | ||
1780 | 1. The problems with the hidden fields have (I hope at last) been | |
1781 | fixed. | |
1782 | 2. You can create multiple query objects and they will all be | |
1783 | initialized correctly. This simplifies the creation of multiple | |
1784 | forms on one page. | |
1785 | 3. The URL unescaping code works correctly now. |