cpan/CGI/t/http.t See if CGI.pm works
cpan/CGI/t/init.t See if CGI.pm works
cpan/CGI/t/init_test.txt See if CGI.pm works
+cpan/CGI/t/multipart_init.t See if CGI.pm works
cpan/CGI/t/no_tabindex.t See if CGI.pm works
-cpan/CGI/t/param_fetch.t See if CGI pop menus work
+cpan/CGI/t/param_fetch.t See if CGI pop menus work
cpan/CGI/t/popup_menu.t See if CGI pop menus work
cpan/CGI/t/pretty.t See if CGI.pm works
cpan/CGI/t/push.t See if CGI::Push works
'CGI' => {
'MAINTAINER' => 'lstein',
- 'DISTRIBUTION' => 'MARKSTOS/CGI.pm-3.59.tar.gz',
+ 'DISTRIBUTION' => 'MARKSTOS/CGI.pm-3.60.tar.gz',
'FILES' => q[cpan/CGI],
'EXCLUDED' => [
- qr{^t/lib/Test},
- qw( cgi-lib_porting.html
- cgi_docs.html
+ qw( cgi_docs.html
examples/WORLD_WRITABLE/18.157.1.253.sav
t/gen-tests/gen-start-end-tags.pl
t/fast.t
+Version 3.60 Aug 15th, 2012
+
+ [BUG FIXES]
+ - In some caes, When unescapeHTML() hit something it didn't recognize with an ampersand and
+ and semicolon, it would throw away the semicolon and ampersand. It now does a better job.
+ of preserving content it doesn't recognize. Thanks to CEBJYRE@cpan.org (RT#75595)
+ - Remove trailing newline after <form> tag inserted by startform and start_form. It can
+ cause rendering problems in some cases. Thanks to SJOHNSTON@cpan.org (RT#67719)
+ - Workaround "Insecure Dependency" warning generated by some versions of Perl (RT#53733).
+ Thanks to degatcpan@ntlworld.com, klchu@lbl.gov and Anonymous Monk
+
+ [DOCUMENTATION]
+ - Clarify that when -status is used, the human-readable phase should be included, per RFC 2616.
+ Thanks to SREZIC@cpan.org (RT#76691).
+
+ [INTERNALS]
+ - More tests for header(), thanks to Ryo Anazawa.
+ - t/url.t has been fixed on VMS. Thanks to cberry@cpan.org (RT#72380)
+ - MANIFEST patched so that t/multipart_init.t is included again. Thanks to shay@cpan.org (RT#76189)
+
Version 3.59 Dec 29th, 2011
[BUG FIXES]
# The revision is no longer being updated since moving to git.
$CGI::revision = '$Id: CGI.pm,v 1.266 2009/07/30 16:32:34 lstein Exp $';
-$CGI::VERSION='3.59';
+$CGI::VERSION='3.60';
# HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
# UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
my $val = $QUERY_PARAM{$name}; # always an arrayref;
$self->param('-name'=>$name,'-value'=> $val);
if (defined $val and ref $val eq 'ARRAY') {
- for my $fh (grep {defined(fileno($_))} @$val) {
+ for my $fh (grep {defined($_) && ref($_) && defined(fileno($_))} @$val) {
seek($fh,0,0); # reset the filehandle.
}
# put a filehandle into binary mode (DOS)
sub binmode {
- return unless defined($_[1]) && defined fileno($_[1]);
+ return unless defined($_[1]) && ref ($_[1]) && defined fileno($_[1]);
CORE::binmode($_[1]);
}
$action = qq(action="$action");
my($other) = @other ? " @other" : '';
$self->{'.parametersToAdd'}={};
- return qq/<form method="$method" $action enctype="$enctype"$other>\n/;
+ return qq/<form method="$method" $action enctype="$enctype"$other>/;
}
END_OF_FUNC
$action = qq(action="$action");
my($other) = @other ? " @other" : '';
$self->{'.parametersToAdd'}={};
- return qq/<form method="$method" $action enctype="$enctype"$other>\n/;
+ return qq/<form method="$method" $action enctype="$enctype"$other>/;
}
END_OF_FUNC
my $latin = defined $self->{'.charset'} ? $self->{'.charset'} =~ /^(ISO-8859-1|WINDOWS-1252)$/i
: 1;
# thanks to Randal Schwartz for the correct solution to this one
- $string=~ s[&(\S*?);]{
+ $string=~ s[&([^\s&]*?);]{
local $_ = $1;
/^amp$/i ? "&" :
/^quot$/i ? '"' :
/^lt$/i ? "<" :
/^#(\d+)$/ && $latin ? chr($1) :
/^#x([0-9a-f]+)$/i && $latin ? chr(hex($1)) :
- $_
+ "&$_;"
}gex;
return $string;
}
MIME type if you choose, otherwise it defaults to text/html. An
optional second parameter specifies the status code and a human-readable
message. For example, you can specify 204, "No response" to create a
-script that tells the browser to do nothing at all.
+script that tells the browser to do nothing at all. Note that RFC 2616 expects
+the human-readable phase to be there as well as the numeric status code.
The last example shows the named argument style for passing arguments
to the CGI methods using named parameters. Recognized parameters are
print $q->redirect(
-uri=>'http://somewhere.else/in/movie/land',
-nph=>1,
- -status=>301);
+ -status=>'301 Moved Permanently');
All names arguments recognized by header() are also recognized by
redirect(). However, most HTTP headers, including those generated by
advised that changing the status to anything other than 301, 302 or
303 will probably break redirection.
+Note that the human-readable phrase is also expected to be present to conform
+with RFC 2616, section 6.1.
+
=head2 CREATING THE HTML DOCUMENT HEADER
print start_html(-title=>'Secrets of the Pyramids',
CGI::Cookie->fetch($r);
If the value passed to parse() is undefined, an empty array will returned in list
-contact, and an empty hashref will be returned in scalar context.
+context, and an empty hashref will be returned in scalar context.
=head2 Manipulating Cookies
$ENV{SERVER_NAME} = 'the.good.ship.lollypop.com';
is(start_form(-action=>'foobar',-method=>'get'),
- qq(<form method="get" action="foobar" enctype="multipart/form-data">\n),
+ qq(<form method="get" action="foobar" enctype="multipart/form-data">),
"start_form()");
is(submit(),
$CGI::XHTML = 1;
is(start_form("GET","/foobar"),
- qq{<form method="get" action="/foobar" enctype="multipart/form-data">
-},
+ qq{<form method="get" action="/foobar" enctype="multipart/form-data">},
'start_form() + XHTML');
is(start_form("GET", "/foobar",&CGI::URL_ENCODED),
- qq{<form method="get" action="/foobar" enctype="application/x-www-form-urlencoded">
-},
+ qq{<form method="get" action="/foobar" enctype="application/x-www-form-urlencoded">},
'start_form() + XHTML + URL_ENCODED');
is(start_form("GET", "/foobar",&CGI::MULTIPART),
- qq{<form method="get" action="/foobar" enctype="multipart/form-data">
-},
+ qq{<form method="get" action="/foobar" enctype="multipart/form-data">},
'start_form() + XHTML + MULTIPART');
is(start_multipart_form("GET", "/foobar"),
- qq{<form method="get" action="/foobar" enctype="multipart/form-data">
-},
+ qq{<form method="get" action="/foobar" enctype="multipart/form-data">},
'start_multipart_form() + XHTML');
is(start_multipart_form("GET", "/foobar","name=\"foobar\""),
- qq{<form method="get" action="/foobar" enctype="multipart/form-data" name="foobar">
-},
+ qq{<form method="get" action="/foobar" enctype="multipart/form-data" name="foobar">},
'start_multipart_form() + XHTML + additional args');
# set no XHTML
$CGI::XHTML = 0;
is(start_form("GET","/foobar"),
- qq{<form method="get" action="/foobar" enctype="application/x-www-form-urlencoded">
-},
+ qq{<form method="get" action="/foobar" enctype="application/x-www-form-urlencoded">},
'start_form() + NO_XHTML');
is(start_form("GET", "/foobar",&CGI::URL_ENCODED),
- qq{<form method="get" action="/foobar" enctype="application/x-www-form-urlencoded">
-},
+ qq{<form method="get" action="/foobar" enctype="application/x-www-form-urlencoded">},
'start_form() + NO_XHTML + URL_ENCODED');
is(start_form("GET", "/foobar",&CGI::MULTIPART),
- qq{<form method="get" action="/foobar" enctype="multipart/form-data">
-},
+ qq{<form method="get" action="/foobar" enctype="multipart/form-data">},
'start_form() + NO_XHTML + MULTIPART');
is(start_multipart_form("GET", "/foobar"),
- qq{<form method="get" action="/foobar" enctype="multipart/form-data">
-},
+ qq{<form method="get" action="/foobar" enctype="multipart/form-data">},
'start_multipart_form() + NO_XHTML');
is(start_multipart_form("GET", "/foobar","name=\"foobar\""),
- qq{<form method="get" action="/foobar" enctype="multipart/form-data" name="foobar">
-},
+ qq{<form method="get" action="/foobar" enctype="multipart/form-data" name="foobar">},
'start_multipart_form() + NO_XHTML + additional args');
# restoring value
test(31, header(-foo=>'bar') eq "Foo: bar${CRLF}Content-Type: text/html${CRLF}${CRLF}", "Custom header");
-test(32, start_form(-action=>'one',name=>'two',onsubmit=>'three') eq qq(<form method="post" action="one" enctype="multipart/form-data" onsubmit="three" name="two">\n), "initial dash followed by undashed arguments");
+test(32, start_form(-action=>'one',name=>'two',onsubmit=>'three') eq qq(<form method="post" action="one" enctype="multipart/form-data" onsubmit="three" name="two">), "initial dash followed by undashed arguments");
--- /dev/null
+use Test::More 'no_plan';
+
+use CGI;
+
+my $q = CGI->new;
+
+my $sv = $q->multipart_init;
+like( $sv, qr|Content-Type: multipart/x-mixed-replace;boundary="------- =|, 'multipart_init(), basic');
+
+like( $sv, qr/$CGI::CRLF$/, 'multipart_init(), ends in CRLF' );
+
+$sv = $q->multipart_init( 'this_is_the_boundary' );
+like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init("simple_boundary")' );
+$sv = $q->multipart_init( -boundary => 'this_is_another_boundary' );
+like($sv,
+ qr/boundary="this_is_another_boundary"/, "multipart_init( -boundary => 'this_is_another_boundary')");
+
+{
+ my $sv = $q->multipart_init;
+ my $sv2 = $q->multipart_init;
+ isnt($sv,$sv2,"due to random boundaries, multiple calls produce different results");
+}
-use Test::More tests => 4;
+use Test::More tests => 6;
use CGI 'unescapeHTML';
is( unescapeHTML( '&'), '&', 'unescapeHTML: &');
is( unescapeHTML( '<'), '<', 'unescapeHTML: < (using a numbered sequence)');
is( unescapeHTML( 'Bob & Tom went to the store; Where did you go?'),
'Bob & Tom went to the store; Where did you go?', 'unescapeHTML: a case where &...; should not be escaped.');
+is( unescapeHTML( 'This_string_contains_both_escaped_&_unescaped_<entities>'),
+ 'This_string_contains_both_escaped_&_unescaped_<entities>', 'unescapeHTML: partially-escaped string.');
+is( unescapeHTML( 'This escaped string kind of looks like it has an escaped entity &x; it does not'),
+ 'This escaped string kind of looks like it has an escaped entity &x; it does not', 'unescapeHTML: Another case where &...; should not be escaped.');
=item *
+L<CGI> has been upgraded from version 3.59 to 3.60. Unrecognized HTML escape
+sequences are now handled better, problematic trailing newlines are no longer
+inserted after L<lt>formL<gt> tags by C<startform()> or C<start_form()>, and
+bogus "Insecure Dependency" warnings appearing with some versions of perl are
+now worked around.
+
+=item *
+
L<Compress::Raw::Bzip2> has been upgraded from version 2.05201 to 2.055. The
misuse of Perl's "magic" API has been fixed.
https://perl5.git.perl.org / perl5.git / commitdiff