summaryrefslogtreecommitdiff
path: root/Changes
diff options
context:
space:
mode:
Diffstat (limited to 'Changes')
-rw-r--r--Changes2132
1 files changed, 2132 insertions, 0 deletions
diff --git a/Changes b/Changes
new file mode 100644
index 0000000..8301d6d
--- /dev/null
+++ b/Changes
@@ -0,0 +1,2132 @@
+4.21 2015-06-16
+
+ [ RELEASE NOTES ]
+ - CGI.pm is now considered "done". See also "mature" and "legacy"
+ Features requests and none critical issues will be outright rejected.
+ The module is now in maintenance mode for critical issues only.
+
+ - This release removes the AUTOLOAD and compile optimisations from CGI.pm
+ that were introduced into CGI.pm twenty (20) years ago as a response to
+ its large size, which meant there was a significant compile time penalty.
+
+ - This optimisation is no longer relevant and makes the code difficult to
+ deal with as well as making test coverage metrics incorrect. Benchmarks
+ show that advantages of AUTOLOAD / lazy loading / deferred compile are
+ less than 0.05s, which will be dwarfed by just about any meaningful code
+ in a cgi script. If this is an issue for you then you should look at
+ running CGI.pm in a persistent environment (FCGI, etc)
+
+ - To offset some of the time added by removing the AUTOLOAD functionality
+ the dependencies have been made runtime rather than compile time. The
+ POD has also been split into its own file. CGI.pm now contains around
+ 4000 lines of code, which compared to some modules on CPAN isn't really
+ that much
+
+ - This essentially deprecates the -compile pragma and ->compile method. The
+ -compile pragma will no longer do anything, whereas the ->compile method
+ will raise a deprecation warning. More importantly this also REMOVES the
+ -any pragma because as per the documentation this pragma needed to be
+ "used with care or not at all" and allowing arbitrary HTML tags is almost
+ certainly a bad idea. If you are using the -any pragma and using arbitrary
+ tags (or have typo's in your code) your code will *BREAK*
+
+ - Although this release should be back compatible (with the exception of any
+ code using the -any pragma) you are encouraged to test it throughly as if
+ you are doing anything out of the ordinary with CGI.pm (i.e. have bugs
+ that may have been masked by the AUTOLOAD feature) you may see some issues.
+
+ - References: GH #162, GH #137, GH #164
+
+ [ SPEC / BUG FIXES ]
+ - make the list context warning in param show the filename rather than
+ the package so we have more information on exactly where the warning
+ has been raised from (GH #171)
+ - correct self_url when PATH_INFO and SCRIPT_NAME are the same but we
+ are not running under IIS (GH #176)
+ - Add the multi_param method to :cgi export (thanks to xblitz for the patch
+ and tests. GH #167)
+ - Fix warning for lack of HTTP_USER_AGENT in CGI::Carp (GH #168)
+ - Fix imports when called from CGI::Fast, restores the import of CGI functions
+ into the callers namespace for users of CGI::Fast (GH leejo/cgi-fast#11 and
+ GH leejo/cgi-fast#12)
+ - Fix regression of tmpFileName when calling with a plain string (GH #178,
+ thanks to Simon McVittie for the report and fix)
+
+ [ FEATURES ]
+ - CGI::Carp now has $CGI::Carp::FULL_PATH for displaying the full path to the
+ offending script in error messages
+ - CGI now has env_query_string() for getting the value of QUERY_STRING from
+ the environment and not that fiddled with by CGI.pm (which is what
+ query_string() does) (GH #161)
+ - CGI::ENCODE_ENTITIES var added to control which chracters are encoded by
+ the call to the HTML::Entities module - defaults to &<>"' (GH #157 - the
+ \x8b and \x9b chars have been removed from this list as we are concerned
+ more about unicode compat these days than old browser support.)
+
+ [ DOCUMENTATION ]
+ - Fix some typos (GH #173, GH #174)
+ - All *documentation* for HTML functionality in CGI has been moved into
+ its own namespace: CGI::HTML::Functions - although the functionality
+ continues to exist within CGI.pm so there are no code changes required
+ (GH #142)
+ - Add missing documentation for env variable fetching routines (GH #163)
+
+ [ TESTING ]
+ - Increase test coverage (GH #3)
+
+ [ INTERNALS ]
+ - Cwd made a TEST_REQUIRES rather than a BUILD_REQUIRES in Makefile.PL
+ (GH #170)
+ - AutoloadClass variables have been removed as AUTOLOAD was removed in
+ v4.14 so these are no longer necessary (GH #172 thanks to alexmv)
+ - Remove dependency on constant - internal DEBUG, XHTML_DTD and EBCDIC
+ constants changes to $_DEBUG, $_XHTML_DTD, and $_EBCDIC
+
+4.13 2014-12-18
+
+ [ RELEASE NOTES ]
+ - CGI::Pretty is now DEPRECATED and will be removed in a future release.
+ Please see GH #162 (https://github.com/leejo/CGI.pm/issues/162) for more
+ information and discussion (also GH #140 for HTML function deprecation
+ discussion: https://github.com/leejo/CGI.pm/issues/140)
+
+ [ TESTING ]
+ - fix t\rt-84767.t for failures on Win32 platforms related to file paths
+
+4.11 2014-12-02
+
+ [ SPEC / BUG FIXES ]
+ - more hash key ordering bugs fixed in HTML attribute output (GH #158,
+ thanks to Marcus Meissner for the patch and test case)
+
+ [ REFACTORING ]
+ - escapeHTML (and unescapeHTML) have been refactored to use the functions
+ exported by the HTML::Entities module (GH #157)
+ - change BUILD_REQUIRES to TEST_REQUIRES in Makefile.PL as these are test
+ dependencies not build dependencies (GH #159)
+
+ [ DOCUMENTATION ]
+ - replace any remaining uses of indirect object notation (new Object) with
+ the safer Object->new syntax (GH #156)
+
+4.10 2014-11-27
+
+ [ SPEC / BUG FIXES ]
+ - favour -content-type arg in header if -type and -charset options are also
+ passed in (GH #155, thanks to kaoru for the test case). this change also
+ sorts the hash keys in the rearrange method in CGI::Util meaning the order
+ of the arrangement will always be the same for params that have multiple
+ aliases. really you shouldn't be passing in multiple aliases, but this will
+ make it consistent should you do that
+
+ [ DOCUMENTATION ]
+ - fix some typos
+
+4.09 2014-10-21
+
+ [ RELEASE NOTES ]
+ - with this release the large backlog of issues against CGI.pm has been
+ cleared. All fixes have been made in the versions 4.00 and above so if
+ you are upgrading from 3.* you should thoroughly test your code against
+ recent versions of CGI.pm
+ - an effort has been made to retain back compatibility against previous
+ versions of CGI.pm for any fixes made, however some changes related to
+ the handling of temporary files may have consequences for your code
+ - please refer to the RELEASE NOTES for version 4.00 and above for all
+ recent changes and file an issue on github if there has been a regression.
+ - please do *NOT* file issues regarding HTML generating functions, these
+ are no longer being maintained (see perldoc for rationale)
+
+ [ SPEC / BUG FIXES ]
+ - tweak url to DTRT when the web server is IIS (RT #89827 / GH #152)
+ - fix temporary file handling when dealing with multiple files in MIME uploads
+ (GH #154, thanks to GeJ for the test case)
+
+4.08 2014-10-18
+
+ [ DOCUMENTATION ]
+ - note that calling headers without a -charset may lead to a nonsensical
+ charset being added to certain content types due to the default and the
+ workaround
+ - remove documentation stating that calls to escapeHTML with a changed
+ charset force numeric encoding of all characters, because that does not
+ happen
+ - documentation tweaks for calling param() in list context and the addition
+ of multi_param()
+
+ [ SPEC / BUG FIXES ]
+ - don't sub out PATH_INFO in url if PATH_INFO is the same as SCRIPT_NAME
+ (RT #89827)
+ - add multi_param() method to allow calling of param() in list context
+ without having to disable the $LIST_CONTEXT_WARN flag (see RELEASE NOTES
+ for version 4.05 on why calling param() in list context could be a bad
+ thing)
+
+4.07 2014-10-12
+
+ [ RELEASE NOTES ]
+ - please see changes for v4.05
+
+ [ TESTING ]
+ - typo and POD fixes, add test to check POD and compiles
+
+4.06 2014-10-10
+
+ [ RELEASE NOTES ]
+ - please see changes for v4.05
+
+ [ DOCUMENTATION ]
+ - make warning on list context call of ->param more lenient and don't
+ warn if called with no arguments
+
+4.05 2014-10-08
+
+ [ RELEASE NOTES ]
+ - this release includes *significant* refactoring of temporary file
+ handling in CGI.pm. See "Changes in temporary file handling" in perldoc
+
+ - this release adds a warning for when the param method is called
+ in list context, see the Warning in the perldoc for the section
+ "Fetching the value or values of a single named parameter" for why
+ this has been added and how to disable this warning
+
+ [ DOCUMENTATION ]
+ - change AUTHOR INFORMATION to LICENSE to please Kwalitee
+
+ [ TESTING ]
+ - t/arbitrary_handles.t to check need for patch in RT #54055, it
+ turns out there is no need - the first argument to CGI->new can
+ be an arbitrary handle
+ - add test case for incorrect unescaping of redirect headers
+ (RT #61120)
+ - add tests for the handle method (RT #85074, thanks to TONYC@cpan.org)
+
+ [ SPEC / BUG FIXES ]
+ - don't set binmode on STDOUT/STDERR/STDIN if a none standard layer
+ is already set on them on none UNIX platforms (RT #57524)
+ - make XForms:Model data accesible through POSTDATA/PUTDATA param
+ (RT #75628)
+ - prevent corruption of POSTDATA/PUTDATA when -utf8 flag is used and use
+ tempfiles to handle this data (RT #79102, thanks anonymous)
+ - unescape request URI *after* having removed the query string to prevent
+ removal of ? chars that are part of the original URI (and were encoded)
+ (RT #83265)
+ - fix q( to qq( in CGI::Carp so $@ is correct interpolated (RT #83360)
+ - don't call ->query_string in url unless -query is passed (RT #87790)
+ (optimisation and fits the current documented behaviour)
+
+4.04 2014-09-04
+
+ [ RELEASE NOTES ]
+ - this release removes some long deprecated modules/functions and
+ includes refactoring to the temporary file handling in CGI.pm. if
+ you are doing anything out of the ordinary with regards to temp
+ files you should test your code before deploying this update as
+ temp files may no longer be stored in previously used locations
+
+ [ REMOVED / DEPRECATIONS ]
+ - startform and endform methods removed (previously deprecated, you
+ should be using the start_form and end_form methods)
+ - both CGI::Apache and CGI::Switch have been removed as these modules
+ 1) have been deprecated for *years*, and 2) do nothing whatsoever
+
+ [ SPEC / BUG FIXES ]
+ - handle multiple values in X-Forwarded-Host header, we follow the
+ logic in most other frameworks and take the last value from the list
+ (RT #54487)
+ - reverse the order of TEMP dir placement for WINDOWS: TEMP > TMP > WINDIR
+ (RT #71799, thanks to jeff@math.tntech.edu), this returns the behaviour
+ to pre e24d04e9bc5fda7722444b02fec135d8cc2ff488 but with the undefined
+ fix still in place
+ - refactor CGITempFile::find_tempdir to use File::Spec->tmpdir
+ (related: RT #71799)
+ - fix warnings when QUERY_STRING has empty key=value pairs (RT #54511)
+ - pad custom 500 status response messages to > 512 for MSIE (RT #81946)
+ - make Vars tied hash delete method return the value deleted from the hash
+ making it act like perl's delete (RT #51020)
+
+ [ TESTING ]
+ - add .travis.yml (https://travis-ci.org)
+ - test case for RT #53966 - disallow filenames with ~ char
+ - test case for RT #55166 - calling Vars to get the filename does not return
+ a filehandle, so this cannot be used in the call to uploadinfo, also
+ update documentation for the uploadInfo to show that ->Vars should not be
+ used to get the filename for this method
+ - fix t/url.t to pass on Win32 platforms that have the SCRIPT_NAME env
+ variable set (RT #89992)
+ - add procedural call tests for upload and uploadInfo to confirm these work
+ as should (RT #91136)
+
+ [ DOCUMENTATION ]
+ - tweak perldoc for -utf8 option (RT #54341, thanks to Helmut Richter)
+ - explain the HTML generation functions should no longer be used and that
+ they may be deprecated in a future release
+
+4.03 2014-07-02
+
+ [ REMOVED / DEPRECATIONS ]
+ - the -multiple option to popup_menu is now IGNORED as this did not
+ function correctly. If you require a menu with multiple selections
+ use the scrolling_list method. (RT #30057)
+
+ [ SPEC / BUG FIXES ]
+ - support redirects in mod_perl2, or fall back to using env variable
+ for up to 5 redirects, when getting the query string (RT #36312)
+ - CGI::Cookie now correctly supports the -max-age argument, previously
+ if this was passed the value of the -expires argument would be used
+ meaning there was no way to supply *only* this argument (RT #50576)
+ - make :all actually import all methods, except for :cgi-lib, and add
+ :ssl to the :standard import (RT #70337)
+
+ [ DOCUMENTATION ]
+ - clarify documentation regarding query_string method (RT #48370)
+ - links fixed in some perldoc (Thanks to Michiel Beijen)
+
+ [ TESTING ]
+ - add t/changes.t for testing this Changes file
+ - test case for RT #31107 confirming multipart parsing is to spec
+ - improve t/rt-52469.t by adding a timeout check
+
+4.02 2014-06-09
+
+ [ NEW FEATURES ]
+ - CGI::Carp learns noTimestamp / $CGI::Carp::NO_TIMESTAMP to prevent
+ timestamp in messages (RT #82364, EDAVIS@cpan.org)
+ - multipart_init and multipart_start learn -charset option (RT #22737)
+
+ [ SPEC / BUG FIXES ]
+ - Support multiple cookies when passing an ARRAY ref with -set-cookie
+ (RT #15065, JWILLIAMS@cpan.org)
+
+ [ DOCUMENTATION ]
+ - Made licencing information consistent and remove duplicate comments
+ about licence details, corrected location to report bugs (RT #38285)
+
+4.01 2014-05-27
+
+ [ DOCUMENTATION ]
+ - CGI.pm hasn't been removed from core *just* yet, but will be soon:
+ http://perl5.git.perl.org/perl.git/commitdiff/e9fa5a80
+
+4.00 2014-05-22
+
+ [ INTERNALS ]
+ - CGI::Fast split out into its own distribution, related files and tests removed
+ - developer test added for building with perlbrew
+
+ [ DOCUMENTATION ]
+ - Update perldoc to explain that CGI.pm has been removed from perl core
+ - Make =head2 perldoc less shouty (RT #91140)
+ - Tickets migrated from RT to github issues (both CGI and CGI.pm distributions)
+ - Repointing bugtracker at newly forked github repo and note that Lee Johnson
+ is the current maintainer.
+ - Bump version to 4.00 for clear boundary of above changes
+
+Version 3.65 Feb 11, 2014
+
+ [INTERNALS]
+ - Update Makefile to refine where CGI.pm gets installed
+ (Thanks to bingo, rjbs: https://github.com/markstos/CGI.pm/pull/30)
+
+Version 3.64 Nov 23, 2013
+
+ [BUG FIXES]
+ - Avoid warning about "undefined variable in user_agent in some cases (RT#72882)
+
+ [INTERNALS]
+ - Avoiding warning about "unitialized value" in when calling user_agent() in some cases. (RT#72882, perl@max-maurer.de)
+ - Update minimum required version in Makefile.PL to 5.8.1. It had already been
+ updated to 5.8.1 in the CGI.pm module in 3.53.
+ - Fix POD errors reported by newer pod2man (Thanks to jmdh)
+ - Typo fixes, (dsteinbrunner).
+ - use deprecate.pm on perls 5.19.0 and later. (rjbs).
+
+ [DOCUMENTATION]
+ - Update CGI::Cookie docs to reflect that HttpOnly is widely supported now.
+
+
+Version 3.63 Nov 12, 2012
+
+ [SECURITY]
+ - CR escaping for Set-Cookie and P3P headers was improved. There was potential
+ for newline injection in these headers.
+ (Thanks to anazawa, https://github.com/markstos/CGI.pm/pull/23)
+
+Version 3.62, Nov 9th, 2012
+
+ [INTERNALS]
+ - Changed how the deprecated endform function was defined for compatibility
+ with the development version of Perl.
+ - Fix failures in t/tmpdir.t when run as root
+ https://github.com/markstos/CGI.pm/issues/22, RT#80659)
+
+ - Made it possible to force a sorted order for things like hash
+ attributes so that tests are not dependent on a particular hash
+ ordering. This will be required in modern perls which will
+ change the ordering per process. (Yves, RT#80659)
+
+Version 3.61 Nov 2nd, 2012
+
+ (No code changes)
+
+ [INTERNALS]
+ - formatting of CGI::Carp documentation was improved. Thanks to benkasminbullock.
+ - un-TODO some tests in t/tmpdir.t that were passing in most cases.
+ More on this:
+ https://github.com/markstos/CGI.pm/issues/19#
+ https://github.com/markstos/CGI.pm/commit/cc73dc9807b0fabb56b3cdf1a9726588b2eda0f7
+
+Version 3.60 Aug 15th, 2012
+
+ [BUG FIXES]
+ - In some caes, When unescapeHTML() hit something it didn't recognize with an ampersand and
+ and semicolon, it would throw away the semicolon and ampersand. It now does a better job.
+ of preserving content it doesn't recognize. Thanks to CEBJYRE@cpan.org (RT#75595)
+ - Remove trailing newline after <form> tag inserted by startform and start_form. It can
+ cause rendering problems in some cases. Thanks to SJOHNSTON@cpan.org (RT#67719)
+ - Workaround "Insecure Dependency" warning generated by some versions of Perl (RT#53733).
+ Thanks to degatcpan@ntlworld.com, klchu@lbl.gov and Anonymous Monk
+
+ [DOCUMENTATION]
+ - Clarify that when -status is used, the human-readable phase should be included, per RFC 2616.
+ Thanks to SREZIC@cpan.org (RT#76691).
+
+ [INTERNALS]
+ - More tests for header(), thanks to Ryo Anazawa.
+ - t/url.t has been fixed on VMS. Thanks to cberry@cpan.org (RT#72380)
+ - MANIFEST patched so that t/multipart_init.t is included again. Thanks to shay@cpan.org (RT#76189)
+
+Version 3.59 Dec 29th, 2011
+
+ [BUG FIXES]
+ - We no longer read from STDIN when the Content-Length is not set, preventing
+ requests with no Content-Length from freezing in some cases. This is consistent
+ with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old
+ behavior may have been expected by some command-line uses of CGI.pm.
+ Thanks to Philip Potter and Yanick Champoux. See RT#52469 for details:
+ https://rt.cpan.org/Public/Bug/Display.html?id=52469
+
+ [INTERNALS]
+ - remove tmpdirs more aggressively. Thanks to rjbs (RT#73288)
+ - use Text::ParseWords instead of ancient shellwords.pl. Thanks to AlexBio.
+ - remove use of define(@arr). Thanks to rjbs.
+ - spelling fixes. Thanks to Gregor Herrmann and Alessandro Ghedini.
+ - fix test count and warning in t/fast.t. Thanks to Yanick.
+
+Version 3.58 Nov 11th, 2011
+
+ [DOCUMENTATION]
+ - Clarify that using query_string() only has defined behavior when using the GET method. (RT#60813)
+
+Version 3.57 Nov 9th, 2011
+ [INTERNALS]
+ - test failure in t/fast.t introduced in 3.56 is fixed. (Thanks to zefram and chansen).
+ - Test::More requirement has been bumped to 0.98
+
+Version 3.56 Nov 8th, 2011
+
+ [SECURITY]
+ Use public and documented FCGI.pm API in CGI::Fast
+ CGI::Fast was using an FCGI API that was deprecated and removed from
+ documentation more than ten years ago. Usage of this deprecated API with
+ FCGI >= 0.70 or FCGI <= 0.73 introduces a security issue.
+ <https://rt.cpan.org/Public/Bug/Display.html?id=68380>
+ <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766>
+ (Thanks to chansen)
+
+ [INTERNALS]
+ - tmp files are now cleaned up on VMS ( RT#69210, thanks to cberry@cpan.org )
+ - Fixed test failure: done_testing() added to url.t (Thanks to Ryan Jendoubi)
+ - Clarify preferred bug submission location in docs, and note that Mark Stosberg
+ is the current maintainer.
+
+Version 3.55 June 3rd, 2011
+
+ [THINGS THAT MAY BREAK YOUR CODE]
+ url() was fixed to return "PATH_INFO" when it is explicitly requested
+ with either the path=>1 or path_info=>1 flag.
+
+ If your code is running under mod_rewrite (or compatible) and you are calling self_url() or
+ you are calling url() and passing path_info=>1, These methods will actually be
+ returning PATH_INFO now, as you have explicitly requested, or has self_url()
+ has requested on your behalf.
+
+ The PATH_INFO has been omitted in such URLs since the issue was introduced
+ in the 3.12 release in December, 2005.
+
+ This bug is so old your application may have come to depend on it or
+ workaround it. Check for application before upgrading to this release.
+
+ Examples of affected method calls:
+
+ $q->url(-absolute => 1, -query => 1, -path_info => 1 )
+ $q->url(-path=>1)
+ $q->url(-full=>1,-path=>1)
+ $q->url(-rewrite=>1,-path=>1)
+ $q->self_url();
+
+Version 3.54, Apr 28, 2011
+ No code changes
+
+ [INTERNALS]
+ - Address test failures in t/tmpdir.t, thanks to Niko Tyni.
+ Some tests here are failing on some platforms and have been marked as TODO.
+
+Version 3.53, Apr 25, 2011
+
+ [NEW FEATURES]
+ - The DELETE HTTP verb is now supported.
+ (RT#52614, James Robson, Eduardo Ari�o de la Rubia)
+
+ [INTERNALS]
+ - Correct t/tmpdir.t MANIFEST entry. (RT#64949)
+ - Update minimum required Perl version to be Perl 5.8.1, which
+ has been out since 2003. This allows us to drop some hacks
+ and exceptions (Mark Stosberg)
+
+Version 3.52, Jan 24, 2011
+
+ [DOCUMENTATION]
+ - The documentation for multi-line header handling was been updated to reflect
+ the changes in 3.51. (Mark Stosberg, ntyni@iki.fi)
+
+ [INTERNALS]
+ - Add missing t/tmpfile.t file. (RT#64949)
+ - Fix warning in t/cookie.t (RT#64570, Chris Williams, Rainer Tammer, Mark Stosberg)
+ - Fixed logic bug in t/multipart_init.t (RT#64261, Niko Tyni)
+
+Version 3.51, Jan 5, 2011
+
+ [NEW FEATURES]
+ - A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to explicitly
+ exclude a particular scope from triggering printing to the browser when
+ fatatlsToBrowser is set. (RT#62783, Thanks to papowell)
+ - The <script> tag now supports the "charset" attribute.
+ (RT#62907, Thanks to Fabrice Metge)
+ - In CGI::Cookie, "Max-Age" is now supported for better spec compliance.
+ (Mark Stosberg)
+
+ [BUG FIXES]
+ - Setting charset() now works for all content types, not just "text/*".
+ (RT#57945, Thanks to Yanick and Gerv.)
+ - support for user temporary directories ($HOME/tmp) was commented out
+ in 2.61 but the documentation wasn't updated (Peter Gervai, Niko Tyni)
+ - setting $CGITempFile::TMPDIRECTORY before loading CGI.pm has been
+ working but undocumented since 3.12 (which listed it in Changes as
+ $CGI::TMPDIRECTORY) (Peter Gervai, Niko Tyni)
+ - unfortunately the previous change broke the runtime check for looking
+ for a new temporary directory if the current one suddenly became
+ unwritable (Peter Gervai, Niko Tyni)
+ - A bug was fixed in CGI::Carp triggered by certain death cases in
+ the BEGIN phase of parent classes.
+ (RT#57224, Thanks to UNERA, Yanick Champoux, Mark Stosberg)
+ - CGI::Cookie->new() now follows the documentation and returns undef
+ if the -name and -value args aren't provided. This new behavior is also
+ consistent with the docs and code of CGI::Simple::Cookie. (Mark Stosberg)
+ - CGI::Cookie->parse() now trims leading and trailing whitespace from cookie
+ elements as intended. The change also makes this part of the parsing
+ identical to CGI::Simple::Cookie (Mark Stosberg)
+ - Temp file handling was improved (RT#62762)
+
+ [SECURITY]
+ - Further improvements have been made to guard against newline injections
+ in headers. (Thanks to Max Kanat-Alexander, Yanick Champoux, Mark Stosberg)
+
+ [PERFORMANCE]
+ - Make EBCDIC a compile-time constant so there's zero overhead (and less
+ compiled code) in subroutines that test for it. (Tim Bunce)
+ - If you just want to use CGI::Cookie, CGI.pm will no longer be loaded
+ unless you call the bake() method, which requires it. (Mark Stosberg)
+
+ [DOCUMENTATION]
+ - quit referring to the <link> tag as being "rarely used". (Victor Sanders)
+ - typo and whitespace fixes (RT#62785, thanks to scop@cpan.org)
+ - The -dtd argument to start_html() is now documented
+ (RT#60473, Thanks to giecrilj and steve@fisharerojo.org)
+ - CGI::Carp doc are updated to reflect that it can work with mod_perl 2.0.
+ - when creating a temporary file in the directory fails, the error message
+ could indicate the root of the problem better (Peter Gervai, Niko Tyni)
+
+ [INTERNALS]
+ - Re-fixing https test in http.t. (RT#54768, thanks to SPROUT)
+ - param_fetch no longer triggers a warning when called with no arguments (ysth, Mark Stosberg)
+
+Version 3.50, Nov 8, 2010
+
+ [SECURITY]
+ 1. The MIME boundary in multipart_init is now random.
+ Thanks to Byron Jones, Masahiro Yamada, Reed Loden, and Mark Stosberg
+ 2. Further improvements to handling of newlines embedded in header values.
+ An exception is thrown if header values contain invalid newlines.
+ Thanks to Michal Zalewski, Max Kanat-Alexander, Yanick Champoux,
+ Lincoln Stein, Fr�d�ric Buclin and Mark Stosberg
+
+ [DOCUMENTATION]
+ 1. Correcting/clarifying documentation for param_fetch(). Thanks to
+ Ren�e B�cker. (RT#59132)
+
+ [INTERNALS]
+ 1. Fixing https test in http.t. (RT#54768)
+ 2. Tests were added for multipart_init(). Thanks to Mark Stosberg and CGI::Simple.
+
+Version 3.49, Feb 5th, 2010
+
+ [BUG FIXES]
+ 1. Fix a regression since 3.44 involving a case when the header includes "Content-Length: 0".
+ Thanks to Alex Vandiver (RT#51109)
+ 2. Suppress uninitialized warnings under -w. Thanks to burak. (RT#50301)
+ 3. url() now uses virtual_port() instead of server_port(). Thanks to MKANAT and Yanick Champoux. (RT#51562)
+ 4. CGI::Carp now properly handles stringifiable objects, like Exception::Class throws (RT#39904)
+
+ [SECURITY]
+ 1. embedded newlines are now filtered out of header values in header().
+ Thanks to Mark Stosberg and Yanick Champoux.
+
+ [DOCUMENTATION]
+ 1. README was updated to reflect that CGI.pm was moved under ./lib.
+ Thanks to Alex Vandiver.
+
+ [INTERNALS]
+ 1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)
+ 2. Attempt to avoid test failures with t/fast, thanks to Steve Hay. (RT#49599)
+
+Version 3.48, Sep 25, 2009
+
+ [BUG FIXES]
+ 1. <optgroup> default values are now properly escaped.
+ Thanks to #raleigh.pm and Mark Stosberg. (RT#49606)
+ 2. The change to exception handling in CGI::Carp introduced in 3.47 has been
+ reverted for now. It caused regressions reported in RT#49630.
+ Thanks to mkanat for the report.
+
+ [DOCUMENTATION]
+ 1. Documentation for upload() has been overhauled, thanks to Mark Stosberg.
+ 2. Documentation for tmpFileName has been added. Thanks to Mark Stosberg and Nathaniel K. Smith.
+ 3. URLS were updated, thanks to Leon Brocard and Yanick Champoux. (RT#49770)
+
+ [INTERNALS]
+ 1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)
+
+Version 3.47, Sep 9, 2009
+
+ No code changes.
+
+ [INTERNALS]
+ Re-release of 3.46, which did not contain a proper MANIFEST
+
+Version 3.46
+
+ [BUG FIXES]
+ 1. In CGI::Pretty, we no longer add line breaks after tags we claim not to format. Thanks to rrt, Bob Kuo and
+ and Mark Stosberg. (RT#42114).
+ 2. unescapeHTML() no longer falsely recognizes certain text as entities. Thanks to Pete Gamanche, Mark Stosberg
+ and Bob Kuo. (RT#39122)
+ 3. checkbox_group() now correctly includes a space before the "checked" attribute.
+ Thanks to Andrew Speer and Bob Kuo. (RT#36583)
+ 4. Fix case-sensitivity in http() and https() according to docs. Make https()
+ return list of keys in list context. Thanks to riQyRoe and Rhesa Rozendaal. (RT#12909)
+ 5. XHTML is now automatically disabled for HTML 4, as well as HTML 2 and HTML 3. Thanks to
+ Dan Harkless and Yanick Champoux. (RT#27907)
+ 6. Pre-compiling 'end_form' with ':form' switch now works. Thanks to ryochin and Yanick Champoux. (RT#41530)
+ 7. Empty name/values pairs are now properly saved and restored from filehandles. Thanks to rlucas and
+ Rhesa Rozendaal (RT#13158)
+ 8. Some differences between startform() and start_form() have been fixed. Thanks to Slaven Rezic and
+ Shawn Corey. (RT#22046)
+ 9. url_param() has been updated to be more consistent with the documentation and param().
+ Thanks to Britton Kerin and Yanick Campoux. (RT#43587)
+ 10.hidden() now correctly supports multiple default values.
+ Thanks to david@dierauer.net and Russell Jenkins. (RT#20436)
+ 11.Calling CGI->new() no longer clobbers the value of $_ in the current scope.
+ Thanks to Alexey Tourbin, Bob Kuo and Mark Stosberg. (RT#25131)
+ 12.UTF-8 params should not get double-decoded now.
+ Thanks to Yves, Bodo, Burak G�rsoy, and Michael Schout. (RT#19913)
+ 13.We now give objects passed to CGI::Carp::die a chance to be stringified.
+ Thanks to teek and Yanick Champoux (RT#41530)
+ 14.Turning off autoEscape() now only affects the behavior of built-in HTML
+ generation fuctions. Explicit calls to escapeHTML() always escape HTML regardless
+ of the setting. Thanks to vindex, Bob Kuo and Mark Stosberg (RT#40748)
+ 15.In CGI::Fast, preferences set via pragmas are now preserved.
+ Thanks to heinst and Mark Stosberg (RT#32119)
+
+ [DOCUMENTATION]
+ 1. remote_addr() is now documented. Thanks to Yanick Champoux. (RT#38884)
+ 2. In CGI::Pretty in the list of tags left unformatted was updated to match the code. Thanks to Mark Stosberg. (RT#42114)
+ 3. In CGI::Pretty, performance concerns are now documented. Thanks to Jochen, Rhesa Rozendaal and Mark Stosberg (RT#13223)
+ 4. A number of outdated Netscape references have been removed. Thanks to Mark Stosberg.
+ 5. The documentation has been purged of examples of using indirect object notation. Thanks to Mark Stosberg.
+ 6. Some POD formatting was fixed. Thanks to Dave Mitchell (RT#48935).
+ 7. Docs and examples were updated to highlight start_form instead of startform.
+ Thanks to Slaven Rezic.
+ 8. Note that CGI::Carp::carpout() doesn't work with in-memory filehandles.
+ Thanks to rhubbell and Mark Stosberg.
+ 9. The documentation for the -newstyle_urls is now less confusing.
+ Thanks to Ryan Tate and Mark Stosberg (RT#49454)
+
+ [INTERNALS]
+ 1. Quit bundling an ancient copy of Test::More and and using a custom 'lib' path for the tests. Instead, Test::More
+ is now a dependency. Thanks to Ansgar and Mark Stosberg (RT#48811)
+ 2. Automated tests for hidden() have been added, thanks to Russel Jenkins and Mark Stosberg (RT#20436)
+ 3. t/util.t has been updated to use Test::More instead of a home-grown test function. Thanks to Bob Kuo.
+
+Version 3.45, Aug 14, 2009
+
+ [BUG FIXES]
+ 1. Prevent warnings about "uninitialized values" for REQUEST_URI, HTTP_USER_AGENT and other environment variables.
+ Patches by Callum Gibson, heiko and Mark Stosberg. (RT#24684, RT#29065)
+ 2. Avoid death in some cases when running under Taint mode on Windows.
+ Patch by Peter Hancock (RT#43796)
+ 3. Allow 0 to be used as a default value in popup_menu(). This was broken starting in 3.37.
+ Thanks to Haze, who was the first to report this and supply a patch, and pfschill, who pinpointed
+ when the bug was introduced. A regression test for this was also added. (RT#37908)
+ 4. Allow "+" as a valid character in file names, which fixes temp file creation on OS X Leopard.
+ Thanks to Andy Armstrong, and alech for patches. (RT#30504)
+ 5. Set binmode() on the Netware platform, thanks to Guenter Knauf (RT#27455)
+ 6. Don't allow a CGI::Carp error handler to die recursively. Print a warning and exit instead.
+ Thanks to Marc Chantreux. (RT#45956)
+ 7. The Dump() method now is fixed to escape HTML properly. Thanks to Mark Stosberg (RT#21341)
+ 8. Support for <optgroup> with scrolling_list() now works the same way as it does for popup_menu().
+ Thanks to Stuart Johnston (RT#30097)
+ 9. CGI::Pretty now works properly when $" is set to ''. Thanks to Jim Keenan (RT#12401)
+ 10. Fix crash when used in combination with PerlEx::DBI. Thanks to Burak G�rsoy (RT#19902)
+
+ [DOCUMENTATION]
+ 1. Several typos were fixed, Thanks to ambs. (RT#41105)
+ 2. A typo related to the nosticky pragma was fixed, thanks to Britton Kerin. (RT#43220)
+ 3. examples/nph-clock.cgi is now more portable, by calling localtime() rather than `/bin/date`,
+ thanks to Guenter Knauf. (RT#27456).
+ 4. In CGI::Carp, the SEE ALSO section was cleaned up, thanks to Slaven Rezic. (RT#32769)
+ 5. The docs for redirect() were updated to reflect that most headers are
+ ignored during redirection. Thanks to Mark Stosberg (RT#44911)
+
+ [INTERNALS]
+ 1. New t/unescapeHTML.t test script has been added. It includes a TODO test for a pre-existing
+ bug which could use a patch. Thanks to Pete Gamache and Mark Stosberg (RT#39122)
+ 2. New test scripts have been added for user_agent(), popup_menu() and query_string(), scrolling_list() and Dump()
+ Thanks to Mark Stosberg and Stuart Johnston. (RT#37908, RT#43006, RT#21341, RT#30097)
+ 3. CGI::Carp and CGI::Util have been updated to have non-developer version numbers.
+ Thanks to Slaven Rezic. (RT#48425)
+ 4. CGI::Switch and CGI::Apache now properly set their VERSION in their own name space.
+ Thanks to Alexey Tourbin (RT#11941,RT#11942)
+
+Version 3.44, Jul 30, 2009
+
+ 1. Patch from Kurt Jaeger to allow HTTP PUT even if the content length is unknown.
+ 2. Patch from Pavel merdin to fix a problem for one of the FireFox addons.
+ 3. Fixed issue in mod_perl & fastCGI environment of cookies returned from
+ CGI->cookie() leaking from one session to another.
+
+Version 3.43, Apr 06, 2009
+
+ 1. Documentation patch from MARKSTOS@cpan.org to replace all occurrences of
+ "new CGI" with CGI->new()" to reflect best perl practices.
+ 2. Patch from Stepan Kasal to fix utf-8 related problems in perl 5.10
+
+Version 3.42, Sep 08, 2008
+
+ 1. Added patch from Renee Baecker that makes it possible to subclass
+ CGI::Pretty.
+ 2. Added patch from Nicholas Clark to allow ~ characters in temporary directories.
+ 3. Added patch from Renee Baecker that fixes the inappropriate escaping of fields
+ in multipart headers.
+
+Version 3.41, Aug 25, 2008
+
+ 1. Fix url() returning incorrect path when query string contains escaped newline.
+ 2. Added additional windows temporary directories and environment variables, courtesy patch from Renee Baecker
+ 3. Added a handle() method to the lightweight upload
+ filehandles. This method returns a real IO::Handle object.
+ 4. Added patch from Tony Vanlingen to fix deep recursion warnings in CGI::Pretty.
+
+Version 3.40, Aug 06, 2008
+
+ 1. Fixed CGI::Fast docs to eliminate references to a "special"
+ version of Perl.
+ 2. Makefile.PL now depends on FCGI so that CGI::Fast installs properly.
+ 3. Fix script_name() call from Stephane Chazelas.
+
+Version 3.39, Jun 29, 2008
+
+ 1. Fixed regression in "exists" function when using tied interface to CGI via $q->Vars.
+
+Version 3.38, Jun 25, 2008
+
+ 1. Fix annoying warning in http://rt.cpan.org/Ticket/Display.html?id=34551
+ 2. Added nobr() function http://rt.cpan.org/Ticket/Display.html?id=35377
+ 3. popup_menu() allows multiple items to be selected by default, satisfying
+ http://rt.cpan.org/Ticket/Display.html?id=35376
+ 4. Patch from Renee Backer to avoid doubled <http-equiv> headers.
+ 5. Fixed documentation bug that describes what happens when a
+ parameter is empty (e.g. "?test1=").
+ 6. Fixed minor warning described at http://rt.cpan.org/Public/Bug/Display.html?id=36435
+ 7. Fixed overlap of attribute and parameter space described in http://rt.perl.org/rt3//Ticket/Display.html?id=24294
+
+Version 3.37, Apr 22, 2008
+
+ 1. Fix pragmas so that they persist over modperl invocations (e.g. RT 34761)
+ 2. Fixed handling of chunked multipart uploads; thanks to Michael Bernhardt
+ who reported and fixed the problem.
+
+Version 3.36
+
+ 1. Fix CGI::Cookie to support cookies that are separated by "," instead of ";".
+
+Version 3.35, Mar 27, 2008
+
+ 1. Resync with bleadperl, primarily fixing a bug in parsing semicolons in uploaded filenames.
+
+Version 3.34, Mar 18, 2008
+
+ 1. Handle Unicode %uXXXX escapes properly -- patch from DANKOGAI@cpan.org
+ 2. Fix url() method to not choke on path names that contain regex characters.
+
+Version 3.33, Jan 02, 2008
+
+ 1. Remove uninit variable warning when calling url(-relative=>1)
+ 2. Fix uninit variable warnings for two lc calls
+ 3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10
+
+Version 3.32, Dec 27, 2007
+
+ 1. Patch from Miguel Santinho to prevent sending premature headers under mod_perl 2.0
+
+Version 3.31, Nov 30, 2007
+
+ 1. Patch from Xavier Robin so that CGI::Carp issues a 500 Status code rather than a 200 status code.
+ 2. Patch from Alexander Klink to select correct temporary directory in OSX Leopard so that upload works.
+ 3. Possibly fixed "wrapped pack" error on 5.10 and higher.
+
+Version 3.30
+
+ 1. Patch from Mike Barry to handle POSTDATA in the same way as PUT.
+ 2. Patch from Rafael Garcia-Suarez to correctly reencode unicode values as byte values.
+
+Version 3.29, Apr 16, 2007
+
+ 1. The position of file handles is now reset to zero when CGI->new is called.
+ (Mark Stosberg)
+ 2. uploadInfo() now works across multiple object instances. Also, the first
+ tests for uploadInfo() were added as part of the fix. (CPAN bug 11895, with
+ contributions from drfrench and Mark Stosberg).
+
+Version 3.28, Mar 29, 2007
+
+ 1. Applied patch from Allen Day that makes Cookie parsing RFC2109 compliant
+ (attribute/values can be separated by commas as well as semicolons).
+ 2. Applied patch from Stephan Struckmann that allows script_name() to be set correctly.
+ 3. Fixed problem with url(-full) in which port number appears twice.
+
+Version 3.27, Feb 27, 2007
+
+ 1. Applied patch from Steve Taylor that allows checkbox_groups to be
+ disabled with a new -disabled=> option.
+
+Version 3.26
+
+ 1. Fixed alternate stylesheet behavior so that it is insensitive to order of declarations.
+ 2. Patch from John Binns to allow users to provide a callback to CGI::Carp.
+ 3. Added "~" as an unreserved character in escape().
+ 4. Patch from Chris Fedde to prevent HTTP_HOST from inhibiting SERVER_PORT in url() generation.
+ 5. Fixed outdated documentation (and behavior) of -language in start_html -script option.
+ 6. Fixed bug in seconds calculation in CGI::Util::expire_calc.
+
+Version 3.25, Sep 28, 2006
+
+ 1. Fixed the link to the Netscape frames page.
+ 2. Added ability to specify an alternate stylesheet.
+ 3. Add support for XForms POST submssion both as application/xml or as multipart/related
+
+Version 3.24
+
+ 1. In startform(), if request_uri() returns undef, then falls back
+ to self_url(). This should rarely happen except when run outside of
+ the CGI environment.
+ 2. image button alignment options were mistakenly being capitalized, causing xhtml validation to fail.
+
+Version 3.23, Aug 23, 2006
+
+ 1. Typo in upload() persisted, now fixed for real. Thanks to
+ Emanuele Zeppieri for correct patch and regression test.
+
+Version 3.22, Aug 23, 2006
+
+ 1. Typo in upload() function broke uploads. Now fixed (CPAN bug 21126).
+
+Version 3.21, Aug 21, 2006
+
+ 1. Don't try to read data at all when POST > $POST_MAX.
+ 2. Fixed bug that caused $cgi->param('name',undef,'value') to unset param('name') entirely.
+ 3. Fixed bug in which upload() sometimes returns empty. (CPAN bug #12694).
+ 4. Incorporated patch from BURAK@cpan.org to support HTTPcookies (CPAN bug 21019).
+
+Version 3.20
+
+ 1. Patch from David Wheeler for CGI::Cookie->bake(). Uses mod_perl headers_out->add()
+ rather than headers_out->set().
+ 2. Fixed problem identified by Andrei Voronkov in which start_form() output was screwed
+ up when initial argument begins with a dash and subsequent arguments do not.
+ 3. Quashed uninitialized variable warnings coming from script_name(), url() and other
+ functions that require access to the PATH_INFO environment variable.
+
+Version 3.19
+
+ 1. Added patch from Stephen Frost that allows one to suppress use of the temp file that is
+ created during uploads.
+ 2. Fixed problem noted by Martin Foster in which regular expression meta-character terms
+ in the path information were not quoted, causing URL parsing
+ to fail on URLs that contained metacharacters (such as +).
+ 3. More fixes to the url() method.
+ 4. Removed "hack to fix broken PATH_INFO in MSII".
+
+Version 3.18
+
+ 1. Doc typo fixes.
+ 2. Patch from Steve Peters to default the document type to match the charset.
+ 3. Fixed param() so that param(-name=>'foo',-values=>[]) sets the parameter to empty list.
+
+Version 3.17, Feb 24, 2006
+
+ 1. Added patch from Mike Hanafey which caused 0 arguments to CGI::Cookie->new() to
+ be treated as empty.
+ 2. Patch to CGI::Carp from Peter Whaite to fix the unfixable problem of CGI::Carp
+ not behaving correctly in an eval() context.
+ 3. CGI::Fast->new() calls CGI->_reset_globals to avoid contamination of one session
+ with another's variables.
+ 4. Fixed upload failure on files that contain semicolons in their names.
+
+Version 3.16, Feb 8, 2006
+
+ 1. header() -charset option now works even when the MIME type is not "text".
+ 2. Fixed documentation for cookie() function and fastCGI.
+ 3. Upload filehandles now only closed automatically on Windows systems.
+ 4. Apache::Cookie compatibility fix from David Wheeler
+ 5. CGI::Carp->fatalsToBrowser() does not work correctly with
+ mod_perl 2. No workaround is known.
+ 6. Fixed text status code associated with 302 redirects. Should be "Found"
+ but was "Moved".
+ 7. Fixed charset in start_html() and header() to be in synch.
+
+Version 3.15, Dec 7, 2005
+
+ 1. Remove extraneous "?" from self_url() when URI contains a ? but no query string.
+
+Version 3.14, Dec 6, 2005
+
+ 1. Fixed broken scrolling_list() select attribute.
+
+Version 3.13, Dec 4, 2005
+
+ 1. Removed extraneous empty "?" from end of self_url().
+
+Version 3.12, Dec 4, 2005
+
+ 1. Fixed virtual_port so that it works properly with https protocol.
+ 2. Fixed documentation for upload_hook().
+ 3. Added POSTDATA documentation.
+ 4. Made upload_hook() work in function-oriented mode.
+ 5. Fixed POST_MAX behavior so that it doesn't cause client to hang.
+ 6. Disabled automatic tab indexes and added new -tabindex pragma to
+ turn automatic indexes back on.
+ 7. The url() and self_url() methods now work better in the context of Apache
+ mod_rewrite. Be advised that path_info() may give you confusing results
+ when mod_rewrite is active because Apache calculates the path info *after*
+ rewriting. This is mostly worked around in url() and self_url(), but you
+ may notice some anomalies.
+ 8. Removed empty (and non-validating) <div> from code emitted by end_form().
+ 9. Fixed CGI::Carp to work correctly with Mod_perl 1.29 in an Apache 2 environment.
+ 10. Setting $CGI::TMPDIRECTORY should now be effective.
+
+Version 3.11, Aug 3, 2005
+
+ 1. Killed warning in CGI::Cookie about MOD_PERL_API_VERSION
+ 2. Fixed append() so that it works in function mode.
+ 3. Workaround for a bug that appears in Apache2 versions through 2.0.54
+ in which SCRIPT_NAME and PATH_INFO are incorrect if the additional path_info
+ contains a double slash. This workaround will handle the common case of
+ http://mysite.com/cgi-bin/log.cgi/http://www.some.other.site/args, but will
+ not handle the uncommon case of a ScriptAlias directive that adds additional
+ path information to the end of the translated URI.
+
+Version 3.10, May 13, 2005
+
+ 1. Added Apache2::RequestIO, which is necessary for mp2 interoperability.
+
+Version 3.09, May 5, 2005
+
+ 1. Fixed tabindex="0" when using CGI to create forms without a prior start_html
+ 2. Removed warning about non-numeric MOD_PERL_API_VERSION.
+
+Version 3.08, Apr 20, 2005
+
+ 1. update support for mod_perl 2.0. versions prior to
+ mod_perl 1.999_22 (2.0.0-RC5) are no longer supported.
+
+Version 3.07, Mar 14, 2005
+
+ 1. Fixed typo in mod_perl detection.
+
+Version 3.06, Mar 09, 2005
+
+ 1. Fixed bare call to script() in start_html
+ 2. Moved Fh::DESTROY out of autoloaded functions so as to avoid
+ clobbering $@ when CGI functions are executed in an eval{}
+ context.
+ 3. mod_perl 2.0 version detection patch in CGI::Cookie provided by
+ Allen Day.
+ 4. autoEscape() flag is now respected when generating extra
+ attributes.
+ 5. Tests for *tag start/end generation from Shlomi Fish.
+ 6. Support for can() method provided by Ron Savage.
+ 7. Fix for lang='' when outputting XHTML.
+ 8. Added support for chunked transfer encoding, as suggested by
+ Hakan Ardo
+ 9. Fixed clobbering of row and column headers in tableized radio
+ and checkbox groups, as reported by Nicolas Thierry-Mieg.
+ 10. <Label> tags are now associated with form elements, as suggested
+ by accessibility guidelines.
+ 11. The <?xml> directive produced by start_html is now turned off by
+ default and the charset is specified in a <meta> directive. Apparently
+ IE6 (and maybe some versions of Opera) were getting confused by this.
+ 12. Support for tab indexes.
+ 13. Retired the HTML docs. The POD docs are now primary documentation.
+ 14. CGI::Carp now correctly detects and handles Apache::Dispatch.
+ 15. CGI::Util::utf8_chr now correctly sets the UTF8 flag on 5.006 or
+ higher perls (fix courtesy Slaven Rezic).
+
+
+Version 3.05, Apr 12, 2004
+
+ 1. Fixed uninitialized variable warning on start_form() when running
+ from command line.
+ 2. Fixed CGI::_set_attributes so that attributes with a - are handled
+ correctly.
+ 3. Fixed CGI::Carp::die() so as to avoid problems from _longmess()
+ clobbering @_.
+ 4. If HTTP_X_FORWARDED_HOST is defined (i.e. running under a proxy),
+ the various functions that return HOST will use that instead.
+ 5. Fix for undefined utf8() call in CGI::Util.
+ 6. Changed the call to warningsToBrowser() in
+ CGI::Carp::fatalsToBrowser to call only after HTTP header is sent
+ (thanks to Didier Lebrun for noticing).
+ 7. Patches from Dan Harkless to make CGI.pm validatable against HTML
+ 3.2.
+ 8. Fixed an extraneous "foo=bar" appearing when extra style
+ parameters passed to start_html;
+ 9. Fixed cross-site scripting bug in startform() pointed out by Dan
+ Harkless.
+ 10. Fixed documentation to discuss list context behavior of
+ form-element generators explicitly.
+ 11. Fixed incorrect results from end_form() when called in OO manner.
+ 12. Fixed query string stripping in order to handle URLs containing
+ escaped newlines.
+ 13. During server push, set NPH to 0 rather than 1. This is supposed
+ to fix problems with Apache.
+ 14. Fixed incorrect processing of multipart form fields that contain
+ embedded quotes. There's still the issue of how to handle ones
+ that contain embedded semicolons, but no one has complained (yet).
+ 15. Fixed documentation bug in -style argument to start_html()
+ 16. Added -status argument to redirect().
+
+Version 3.04, Jan 18, 2004
+
+ 1. Fixed the problem with mod_perl crashing when "defaults" button
+ pressed.
+
+Version 3.03, Jan 13, 2004
+
+ 1. Fix upload hook functionality
+ 2. Workaround for CGI->unescape_html()
+ 3. Bumped version numbers in CGI::Fast and CGI::Util for 5.8.3-tobe
+
+Version 3.02
+
+ 1. Bring in Apache::Response just in case.
+ 2. File upload on EBCDIC systems now works.
+
+Version 3.01, Dec 10, 2003
+
+ 1. No fix yet for upload failures when running on EBCDIC server.
+ 2. Fixed uninitialized glob warnings that appeared when file
+ uploading under perl 5.8.2.
+ 3. Added patch from Schlomi Fish to allow debugging of PATH_INFO from
+ command line.
+ 4. Added patch from Steve Hay to correctly unlink tmp files under
+ mod_perl/windows
+ 5. Added upload_hook functionality from Jamie LeTaul
+ 6. Workarounds for mod_perl 2 IO issues. Check that file upload and
+ state saving still working.
+ 7. Added code for underreads.
+ 8. Fixed misleading description of redirect() and relative URLs in
+ the POD docs.
+ 9. Workaround for weird interaction of CGI::Carp with Safe module
+ reported by William McKee.
+ 10. Added patches from Ilmari Karonen to improve behavior of
+ CGI::Carp.
+ 11. Fixed documentation error in -style argument.
+ 12. Added virtual_port() method for finding out what port server is
+ listening on in a virtual-host aware fashion.
+
+Version 3.00, Aug 18, 2003
+
+ 1. Patch from Randal Schwartz to fix bug introduced by cross-site
+ scripting vulnerability "fix."
+ 2. Patch from JFreeman to replace UTF-8 escape constant of 0xfe with
+ 0xfc. Hope this is right!
+
+ Version 2.99
+
+ 1. Patch from Steve Hay to fix extra Content-type: appearing on
+ browser screen when FatalsToBrowser invoked.
+ 2. Patch from Ewann Corvellec to fix cross-site scripting
+ vulnerability.
+ 3. Fixed tmpdir routine for file uploading to solve problem that
+ occurs under mod_perl when tmpdir is writable at startup time, but
+ not at session time.
+
+ Version 2.98
+
+ 1. Fixed crash in Dump() function.
+
+ Version 2.97
+
+ 1. Sigh. Uploaded wrong 2.96 to CPAN.
+
+ Version 2.96
+
+ 1. More bugfixes to the -style argument.
+
+ Version 2.95
+
+ 1. Fixed bugs in start_html(-style=>...) support introduced in 2.94.
+
+ Version 2.94
+
+ 1. Removed warning from reset() method.
+ 2. Moved
+
+ and tags into the :html3 group. Hope this removes undefined CGI::Area
+ errors.
+
+ Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore
+ reporting of compile-time errors.
+
+ Fixed potential deadlock between web server and CGI.pm when aborting
+ a read due to POST_MAX (reported by Antti Lankila).
+
+ Fixed issue with tag-generating function not incorporating content
+ when first variable undef.
+
+ Fixed cross-site scripting bug reported by obscure.
+
+ Fixed Dump() function to return correctly formed XHTML - bug
+ reported by Ralph Siemsen.
+
+ Version 2.93
+
+ 1. Fixed embarassing bug in mp1 support.
+
+ Version 2.92
+
+ 1. Fix to be P3P compliant submitted from MPREWITT.
+ 2. Added CGI->r() API for mod_perl1/mod_perl2.
+ 3. Fixed bug in redirect() that was corrupting cookies.
+ 4. Minor fix to behavior of reset() button to make it consistent with
+ submit() button (first time this has been changed in 9 years).
+ 5. Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher.
+ 6. Patch from Steve Hay to make CGI::Carp's error messages appear on
+ MSIE browsers.
+ 7. Added Yair Lenga's patch for non-urlencoded postings.
+ 8. Added Stas Bekman's patches for mod_perl 2 compatibility.
+ 9. Fixed uninitialized escape behavior submitted by William Campbell.
+ 10. Fixed tied behavior so that you can pass arguments to tie()
+ 11. Fixed incorrect generation of URLs when the path_info contains +
+ and other odd characters.
+ 12. Fixed redirect(-cookies=>$cookie) problem.
+ 13. Fixed tag generation bug that affects -javascript passed to
+ start_html().
+
+ Version 2.91
+
+ 1. Attribute generation now correctly respects the value of
+ autoEscape().
+ 2. Fixed endofrm() syntax error introduced by Ben Edgington's patch.
+
+ Version 2.90
+
+ 1. Fixed bug in redirect header handling.
+ 2. Added P3P option to header().
+ 3. Patches from Alexey Mahotkin to make CGI::Carp work correctly with
+ object-oriented exceptions.
+ 4. Removed inaccurate description of how to set multiple cookies from
+ CGI::Cookie pod file.
+ 5. Patch from Kevin Mahony to prevent running out of filehandles when
+ uploading lots of files.
+ 6. Documentation enhancement from Mark Fisher to note that the
+ import_names() method transforms the parameter names into valid
+ Perl names.
+ 7. Patch from Dan Harkless to suppress lang attribute in <html> tag
+ if specified as a null string.
+ 8. Patch from Ben Edgington to fix broken XHTML-transitional 1.0
+ validation on endform().
+ 9. Custom html header fix from Steffen Beyer (first letter correctly
+ upcased now)
+ 10. Added a -verbatim option to stylesheet generation from Michael
+ Dickson
+ 11. Faster delete() method from Neelam Gupta
+ 12. Fixed broken Cygwin support.
+ 13. Added empty charset support from Bradley Baetz
+ 14. Patches from Doug Perham and Kevin Mahoney to fix file upload
+ failures when uploaded file is a multiple of 4096.
+
+ Version 2.89
+
+ 1. Fixed behavior of ACTION tag when POSTING to a URL that has a
+ query string.
+ 2. Added Patch from Michael Rommel to handle multipart/mixed uploads
+ from Opera
+
+ Version 2.88
+
+ 1. Fixed problem with uploads being refused under Perl 5.8 when under
+ Taint mode.
+ 2. Fixed uninitialized variable warnings under Perl 5.8.
+ 3. Fixed CGI::Pretty regression test failures.
+
+ Version 2.87
+
+ 1. Security hole patched: when processing multipart/form-data
+ postings, most arguments were being untainted silently. Returned
+ arguments are now tainted correctly. This may cause some scripts
+ to fail that used to work (thanks to Nick Cleaton for pointing
+ this out and persisting until it was fixed).
+ 2. Update for mod_perl 2.0.
+ 3. Pragmas such as -no_xhtml are now respected in mod_perl
+ environment.
+
+ Version 2.86
+
+ 1. Fixes for broken CGI::Cookie expiration dates introduced in 2.84.
+
+ Version 2.85
+
+ 1. Fix for broken autoEscape function introduced in 2.84.
+
+ Version 2.84
+
+ 1. Fix for failed file uploads on Cygwin platforms.
+ 2. HTML escaping code now replaced 0x8b and 0x9b with unicode
+ references < and *#8250;
+
+ Version 2.83
+
+ 1. Fixed autoEscape() documentation inconsistencies.
+ 2. Patch from Ville Skytt� to fix a number of XHTML inconsistencies.
+ 3. Added Max-Age to list of CGI::Cookie headers.
+
+ Version 2.82
+
+ 1. Patch from Rudolf Troller to add attribute setting and option
+ groups to form fields.
+ 2. Patch from Simon Perreault for silent crashes when using CGI::Carp
+ under mod_perl.
+ 3. Patch from Scott Gifford allows you to set the program name for
+ CGI::Carp.
+
+ Version 2.81
+
+ 1. Removed extraneous slash from end of stylesheet tags generated by
+ start_html in non-XHTML mode.
+ 2. Changed behavior of CGI::Carp with respect to eval{} contexts so
+ that output behaves properly in mod_perl environments.
+ 3. Fixed default DTD so that it validates with W3C validator.
+
+ Version 2.80
+
+ 1. Fixed broken messages in CGI::Carp.
+ 2. Changed checked="1" to checked="checked" for real XHTML
+ compatibility.
+ 3. Resurrected REQUEST_URI code so that url() works correctly with
+ multiviews.
+
+ Version 2.79
+
+ 1. Changes to CGI::Carp to avoid "subroutine redefined" error
+ messages.
+ 2. Default DTD is now XHTML 1.0 Transitional
+ 3. Patches to support all HTML4 tags.
+
+ Version 2.78
+
+ 1. Added ability to change encoding in <?xml> assertion.
+ 2. Fixed the old escapeHTML('CGI') ne "CGI" bug
+ 3. In accordance with XHTML requirements, there are no longer any
+ minimized attributes, such as "checked".
+ 4. Patched bug which caused file uploads of exactly 4096 bytes to be
+ truncated to 4094 (thanks to Kevin Mahony)
+ 5. New tests and fixes to CGI::Pretty (thanks to Michael Schwern).
+
+ Version 2.77
+
+ 1. No new features, but released in order to fix an apparent CPAN
+ bug.
+
+ Version 2.76
+
+ 1. New esc.t regression test for EBCDIC translations courtesy Peter
+ Prymmer.
+ 2. Patches from James Jurach to make compatible with FCGI-ProcManager
+ 3. Additional fields passed to header() (like -Content_disposition)
+ now honor initial capitalization.
+ 4. Patch from Andrew McNaughton to handle utf-8 escapes (%uXXXX
+ codes) in URLs.
+
+ Version 2.752
+
+ 1. Syntax error in the autoloaded Fh::new() subroutine.
+ 2. Better error reporting in autoloaded functions.
+
+ Version 2.751
+
+ 1. Tiny tweak to filename regular expression function on line 3355.
+
+ Version 2.75
+
+ 1. Fixed bug in server push boundary strings (CGI.pm and CGI::Push).
+ 2. Fixed bug that occurs when uploading files with funny characters
+ in the name
+ 3. Fixed non-XHTML-compliant attributes produced by textfield()
+ 4. Added EPOC support, courtesy Olaf Flebbe
+ 5. Fixed minor XHTML bugs.
+ 6. Made escape() and unescape() symmetric with respect to EBCDIC,
+ courtesy Roca, Ignasi <ignasi.roca@fujitsu.siemens.es>
+ 7. Removed uninitialized variable warning from CGI::Cookie, provided
+ by Atipat Rojnuckarin <rojnuca@yahoo.com>
+ 8. Fixed bug in CGI::Pretty that causes it to print partial end tags
+ when the $INDENT global is changed.
+ 9. Single quotes are changed to character entity ' for compatibility
+ with URLs.
+
+ Version 2.74
+
+ September 13, 2000
+ 1. Quashed one-character bug that caused CGI.pm to fail on file
+ uploads.
+
+ Version 2.73
+
+ September 12, 2000
+ 1. Added -base to the list of arguments accepted by url().
+ 2. Fixes to XHTML support.
+ 3. POST parameters no longer show up in the Location box.
+
+ Version 2.72
+
+ August 19, 2000
+ 1. Fixed the defaults button so that it works again
+ 2. Charset is now correctly saved and restored when saving to files
+ 3. url() now works correctly when given scripts with %20 and other
+ escapes in the additional path info. This undoes a patch
+ introduced in version 2.47 that I no longer understand the
+ rationale for.
+
+ Version 2.71
+
+ August 13, 2000
+ 1. Newlines in the value attributes of hidden fields and other form
+ elements are now escaped when using ISO-Latin.
+ 2. Inline script and style sections are now protected as CDATA
+ sections when XHTML mode is on (the default).
+
+ Version 2.70
+
+ August 4, 2000
+ 1. Fixed bug in scrolling_list() which omitted a space in front of
+ the "multiple" attribute.
+ 2. Squashed the "useless use of string in void context" message from
+ redirects.
+
+ Version 2.69
+
+ 1. startform() now creates default ACTION for POSTs as well as GETs.
+ This may break some browsers, but it no longer violates the HTML
+ spec.
+ 2. CGI.pm now emits XHTML by default. Disable with -no_xhtml.
+ 3. We no longer interpret &#ddd sequences in non-latin character
+ sets.
+
+ Version 2.68
+
+ 1. No longer attempts to escape characters when dealing with non
+ ISO-8861 character sets.
+ 2. checkbox() function now defaults to using -value as its label,
+ rather than -name. The current behavior is what has been
+ documented from the beginning.
+ 3. -style accepts array reference to incorporate multiple stylesheets
+ into document.
+
+ 1. Fixed two bugs that caused the -compile pragma to fail with a
+ syntax error.
+
+ Version 2.67
+
+ 1. Added XHTML support (incomplete; tags need to be lowercased).
+ 2. Fixed CGI/Carp when running under mod_perl. Probably broke in
+ other contexts.
+ 3. Fixed problems when passing multiple cookies.
+ 4. Suppress warnings from _tableize() that were appearing when using
+ -w switch with radio_group() and checkbox_group().
+ 5. Support for the header() -attachment argument, which can give
+ pages a default file name when saving to disk.
+
+ Version 2.66
+
+ 1. 2.65 changes in make_attributes() broke HTTP header functions
+ (including redirect), so made it context sensitive.
+
+ Version 2.65
+
+ 1. Fixed regression tests to skip tests that require implicit fork on
+ machines without fork().
+ 2. Changed make_attributes() to automatically escape any HTML
+ reserved characters.
+ 3. Minor documentation fix in javascript example.
+
+ Version 2.64
+
+ 1. Changes introduced in 2.63 broke param() when retrieving parameter
+ lists containing only a single argument. This is now fixed.
+ 2. self_url() now defaults to returning parameters delimited with
+ semicolon. Use the pragma -oldstyle_urls to get the old "&"
+ delimiter.
+
+ Version 2.63
+
+ 1. Fixed CGI::Push to pull out parameters correctly.
+ 2. Fixed redirect() so that it works with default character set
+ 3. Changed param() so as to returned empty string '' when referring
+ to variables passed in query strings like 'name1=&name2'
+
+ Version 2.62
+
+ 1. Fixed broken ReadParse() function, and added regression tests
+ 2. Fixed broken CGI::Pretty, and added regression tests
+
+ Version 2.61
+
+ 1. Moved more functions from CGI.pm proper into CGI/Util.pm.
+ CGI/Cookie should now be standalone.
+ 2. Disabled per-user temporary directories, which were causing grief.
+
+ Version 2.60
+
+ 1. Fixed junk appearing in autogenerated HTML functions when using
+ object-oriented mode.
+
+ Version 2.59
+
+ 1. autoescape functionality breaks too much existing code, removed
+ it.
+ 2. use escapeHTML() manually
+
+ Version 2.58
+
+ This is the release version of 2.57.
+
+ Version 2.57
+
+ 1. Added -debug pragma and turned off auto reading of STDIN.
+ 2. Default DTD updated to HTML 4.01 transitional.
+ 3. Added charset() method and the -charset argument to header().
+ 4. Fixed behavior of escapeHTML() to respect charset() and to escape
+ nasty Windows characters (thanks to Tom Christiansen).
+ 5. Handle REDIRECT_QUERY_STRING correctly.
+ 6. Removed use_named_parameters() because of dependency problems and
+ general lameness.
+ 7. Fixed problems with bad HREF links generated by url(-relative=>1)
+ when the url is like /people/.
+ 8. Silenced a warning on upload (patch provided by Jonas Liljegren)
+ 9. Fixed race condition in CGI::Carp when errors occur during parsing
+ (patch provided by Maurice Aubrey).
+ 10. Fixed failure of url(-path_info=>1) when path contains % signs.
+ 11. Fixed warning from CGI::Cookie when receiving foreign cookies that
+ don't use name=value format.
+ 12. Fixed incompatibilities with file uploading on VMS systems.
+
+ Version 2.56
+
+ 1. Fixed bugs in file upload introduced in version 2.55
+ 2. Fixed long-standing bug that prevented two files with identical
+ names from being uploaded.
+
+ Version 2.55
+
+ 1. Fixed cookie regression test so as not to produce an error.
+ 2. Fixed path_info() and self_url() to work correctly together when
+ path_info() modified.
+ 3. Removed manify warnings from CGI::{Switch,Apache}.
+
+ Version 2.54
+
+ 1. This will be the last release of the monolithic CGI.pm module.
+ Later versions will be modularized and optimized.
+ 2. DOMAIN tag no longer added to cookies by default. This will break
+ some versions of Internet Explorer, but will avoid breaking
+ networks which use host tables without fully qualified domain
+ names. For compatibility, please always add the -domain tag when
+ creating cookies.
+ 3. Fixed escape() method so that +'s are treated correctly.
+ 4. Updated CGI::Pretty module.
+
+ Version 2.53
+
+ 1. Forgot to upgrade regression tests before releasing 2.52. NOTHING
+ ELSE HAS CHANGED IN LIBRARY
+
+ Version 2.52
+
+ 1. Spurious newline in checkbox() routine removed. (courtesy John
+ Essen)
+ 2. TEXTAREA linebreaks now respected in dump() routine. (courtesy
+ John Essen)
+ 3. Patches for DOS ports (courtesy Robert Davies)
+ 4. Patches for VMS
+ 5. More fixes for cookie problems
+ 6. Fix CGI::Carp so that it doesn't affect eval{} blocks (courtesy
+ Byron Brummer)
+
+ Version 2.51
+
+ 1. Fixed problems with cookies not being remembered when sent to IE
+ 5.0 (and Netscape 5.0 too?)
+ 2. Numerous HTML compliance problems in cgi_docs.html; fixed thanks
+ to Michael Leahy
+
+ Version 2.50
+
+ 1. Added a new Vars() method to retrieve all parameters as a tied
+ hash.
+ 2. Untainted tainted tempfile name so that script doesn't fail on
+ terminal unlink.
+ 3. Made picking of upload tempfile name more intelligent so that
+ doesn't fail in case of name collision.
+ 4. Fixed handling of expire times when passed an absolute timestamp.
+ 5. Changed dump() to Dump() to avoid name clashes.
+
+ Version 2.49
+
+ 1. Fixes for FastCGI (globals not getting reset)
+ 2. Fixed url() to correctly handle query string and path under
+ MOD_PERL
+
+ Version 2.48
+
+ 1. Reverted detection of MOD_PERL to avoid breaking PerlEX.
+
+ Version 2.47
+
+ 1. Patch to fix file upload bug appearing in IE 3.01 for
+ Macintosh/PowerPC.
+ 2. Replaced use of $ENV{SCRIPT_NAME} with $ENV{REQUEST_URI} when
+ running under Apache, to fix self-referencing URIs.
+ 3. Fixed bug in escapeHTML() which caused certain constructs, such as
+ CGI->image_button(), to fail.
+ 4. Fixed bug which caused strong('CGI') to fail. Be careful to use
+ CGI::strong('CGI') and not CGI->strong('CGI'). The latter will
+ produce confusing results.
+ 5. Added upload() function, as a preferred replacement for the
+ "filehandle as string" feature.
+ 6. Added cgi_error() function.
+ 7. Rewrote file upload handling to return undef rather than dieing
+ when an error is encountered. Be sure to call cgi_error() to find
+ out what went wrong.
+
+ Version 2.46
+
+ 1. Fix for failure of the "include" tests under mod_perl
+ 2. Added end_multipart_form to prevent failures during qw(-compile
+ :all)
+
+ Version 2.45
+
+ 1. Multiple small documentation fixes
+ 2. CGI::Pretty didn't get into 2.44. Fixed now.
+
+ Version 2.44
+
+ 1. Fixed file descriptor leak in upload function.
+ 2. Fixed bug in header() that prevented fields from containing double
+ quotes.
+ 3. Added Brian Paulsen's CGI::Pretty package for pretty-printing
+ output HTML.
+ 4. Removed CGI::Apache and CGI::Switch from the distribution.
+ 5. Generated start_* shortcuts so that start_table(), end_table(),
+ start_ol(), end_ol(), and so forth now work (see the docs on how
+ to enable this feature).
+ 6. Changed accept() to Accept(), sub() to Sub(). There's still a
+ conflict with reset(), but this will break too many existing
+ scripts!
+
+ Version 2.43
+
+ 1. Fixed problem with "use strict" and file uploads (thanks to Peter
+ Haworth)
+ 2. Fixed problem with not MSIE 3.01 for the power_mac not doing file
+ uploads right.
+ 3. Fixed problem with file upload on IIS 4.0 when authorization in
+ use.
+ 4. -content_type and '-content-type' can now be provided to header()
+ as synonyms for -type.
+ 5. CGI::Carp now escapes the ampersand BEFORE escaping the > and <
+ signs.
+ 6. Fixed "not an array reference" error when passing a hash reference
+ to radio_group().
+ 7. Fixed non-removal of uploaded TMP files on NT platforms which
+ occurs when server runs on non-C drive (thanks to Steve Kilbane
+ for finding this one).
+
+ Version 2.42
+
+ 1. Too many screams of anguish at changed behavior of url(). Is now
+ back to its old behavior by default, with options to generate all
+ the variants.
+ 2. Added regression tests. "make test" now works.
+ 3. Documentation fixes.
+ 4. Fixes for Macintosh uploads, but uploads STILL do not work pending
+ changes to MacPerl.
+
+ Version 2.41
+
+ 1. url() method now includes the path info. Use script_name() to get
+ it without path info().
+ 2. Changed handling of empty attributes in HTML tag generation. Be
+ warned! Use table({-border=>undef}) rather than
+ table({-border=>''}).
+ 3. Changes to allow uploaded filenames to be compared to other
+ strings with "eq", "cmp" and "ne".
+ 4. Changes to allow CGI.pm to coexist more peacefully with
+ ActiveState PerlEX.
+ 5. Changes to prevent exported variables from clashing when importing
+ ":all" set in combination with cookies.
+
+ Version 2.40
+
+ 1. CGI::Carp patched to work better with mod_perl (thanks to Chris
+ Dean).
+ 2. Uploads of files whose names begin with numbers or the Windows
+ \\UNC\shared\file nomenclature should no longer fail.
+ 3. The <STYLE> tag (for cascading style sheets) now generates the
+ required TYPE attribute.
+ 4. Server push primitives added, thanks to Ed Jordan.
+ 5. Table and other HTML3 functions are now part of the :standard set.
+ 6. Small documentation fixes.
+
+ TO DO:
+ 1. Do something about the DTD mess. The module should generate
+ correct DTDs, or at least offer the programmer a way to specify
+ the correct one.
+ 2. Split CGI.pm into CGI processing and HTML-generating modules.
+ 3. More robust file upload (?still not working on the Macintosh?).
+ 4. Bring in all the HTML4 functionality, particular the accessibility
+ features.
+
+ Version 2.39
+
+ 1. file uploads failing because of VMS patch; fixed.
+ 2. -dtd parameter was not being properly processed.
+
+ Version 2.38
+
+ I finally got tired of all the 2.37 betas and released 2.38. The main
+ difference between this version and the last 2.37 beta (2.37b30) are
+ some fixes for VMS. This should allow file upload to work properly on
+ all VMS Web servers.
+
+ Version 2.37, various beta versions
+
+ 1. Added a CGI::Cookie::parse() method for lucky mod_perl users.
+ 2. No longer need separate -values and -labels arguments for
+ multi-valued form elements.
+ 3. Added better interface to raw cookies (fix courtesy Ken Fox,
+ kfox@ford.com)
+ 4. Added param_fetch() function for direct access to parameter list.
+ 5. Fix to checkbox() to allow for multi-valued single checkboxes
+ (weird problem).
+ 6. Added a compile() method for those who want to compile without
+ importing.
+ 7. Documented the import pragmas a little better.
+ 8. Added a -compile switch to the use clause for the long-suffering
+ mod_perl and Perl compiler users.
+ 9. Fixed initialization routines so that FileHandle and type globs
+ work correctly (and hash initialization doesn't fail!).
+ 10. Better deletion of temporary files on NT systems.
+ 11. Added documentation on escape(), unescape(), unescapeHTML() and
+ unescapeHTML() subroutines.
+ 12. Added documentation on creating subclasses.
+ 13. Fixed problem when calling $self->SUPER::foo() from inheriting
+ subclasses.
+ 14. Fixed problem using filehandles from within subroutines.
+ 15. Fixed inability to use the string "CGI" as a parameter.
+ 16. Fixed exponentially growing $FILLUNIT bug
+ 17. Check for undef filehandle in read_from_client()
+ 18. Now requires the UNIVERSAL.pm module, present in Perl 5.003_7 or
+ higher.
+ 19. Fixed problem with uppercase-only parameters being ignored.
+ 20. Fixed vanishing cookie problem.
+ 21. Fixed warning in initialize_globals() under mod_perl.
+ 22. File uploads from Macintosh versions of MSIE should now work.
+ 23. Pragmas now preceded by dashes (-nph) rather than colons (:nph).
+ Old style is supported for backward compatibility.
+ 24. Can now pass arguments to all functions using {} brackets,
+ resolving historical inconsistencies.
+ 25. Removed autoloader warnings about absent MultipartBuffer::DESTROY.
+ 26. Fixed non-sticky checkbox() when -name used without -value.
+ 27. Hack to fix path_info() in IIS 2.0. Doesn't help with IIS 3.0.
+ 28. Parameter syntax for debugging from command line now more
+ straightforward.
+ 29. Added $DISABLE_UPLOAD to disable file uploads.
+ 30. Added $POST_MAX to error out if POSTings exceed some ceiling.
+ 31. Fixed url_param(), which wasn't working at all.
+ 32. Fixed variable suicide problem in s///e expressions, where the
+ autoloader was needed during evaluation.
+ 33. Removed excess spaces between elements of checkbox and radio
+ groups
+ 34. Can now create "valueless" submit buttons
+ 35. Can now set path_info as well as read it.
+ 36. ReadParse() now returns a useful function result.
+ 37. import_names() now allows you to optionally clear out the
+ namespace before importing (for mod_perl users)
+ 38. Made it possible to have a popup menu or radio button with a value
+ of "0".
+ 39. link() changed to Link() to avoid overriding native link function.
+ 40. Takes advantage of mod_perl's register_cleanup() function to clear
+ globals.
+ 41. <LAYER> and <ILAYER> added to :html3 functions.
+ 42. Fixed problems with private tempfiles and NT/IIS systems.
+ 43. No longer prints the DTD by default (I bet no one will complain).
+ 44. Allow underscores to replace internal hyphens in parameter names.
+ 45. CGI::Push supports heterogeneous MIME types and adjustable delays
+ between pages.
+ 46. url_param() method added for retrieving URL parameters even when a
+ fill-out form is POSTed.
+ 47. Got rid of warnings when radio_group() is called.
+ 48. Cookies now moved to their very own module.
+ 49. Fixed documentation bug in CGI::Fast.
+ 50. Added a :no_debug pragma to the import list.
+
+ Version 2.36
+
+ 1. Expanded JavaScript functionality
+ 2. Preliminary support for cascading stylesheets
+ 3. Security fixes for file uploads:
+ + Module will bail out if its temporary file already exists
+ + Temporary files can now be made completely private to avoid
+ peeking by other users or CGI scripts.
+ 4. use CGI qw/:nph/ wasn't working correctly. Now it is.
+ 5. Cookie and HTTP date formats didn't meet spec. Thanks to Mark
+ Fisher (fisherm@indy.tce.com) for catching and fixing this.
+
+ p
+
+ Version 2.35
+
+ 1. Robustified multipart file upload against incorrect syntax in
+ POST.
+ 2. Fixed more problems with mod_perl.
+ 3. Added -noScript parameter to start_html().
+ 4. Documentation fixes.
+
+ Version 2.34
+
+ 1. Stupid typo fix
+
+ Version 2.33
+
+ 1. Fixed a warning about an undefined environment variable.
+ 2. Doug's patch for redirect() under mod_perl
+ 3. Partial fix for busted inheritence from CGI::Apache
+ 4. Documentation fixes.
+
+ Version 2.32
+
+ 1. Improved support for Apache's mod_perl.
+ 2. Changes to better support inheritance.
+ 3. Support for OS/2.
+
+ Version 2.31
+
+ 1. New uploadInfo() method to obtain header information from uploaded
+ files.
+ 2. cookie() without any arguments returns all the cookies passed to a
+ script.
+ 3. Removed annoying warnings about $ENV{NPH} when running with the -w
+ switch.
+ 4. Removed operator overloading throughout to make compatible with
+ new versions of perl.
+ 5. -expires now implies the -date header, to avoid clock skew.
+ 6. WebSite passes cookies in $ENV{COOKIE} rather than
+ $ENV{HTTP_COOKIE}. We now handle this, even though it's O'Reilly's
+ fault.
+ 7. Tested successfully against new sfio I/O layer.
+ 8. Documentation fixes.
+
+ Version 2.30
+
+ 1. Automatic detection of operating system at load time.
+ 2. Changed select() function to Select() in order to avoid conflict
+ with Perl built-in.
+ 3. Added Tr() as an alternative to TR(); some people think it looks
+ better that way.
+ 4. Fixed problem with autoloading of MultipartBuffer::DESTROY code.
+ 5. Added the following methods:
+ + virtual_host()
+ + server_software()
+ 6. Automatic NPH mode when running under Microsoft IIS server.
+
+ Version 2.29
+
+ 1. Fixed cookie bugs
+ 2. Fixed problems that cropped up when useNamedParameters was set to
+ 1.
+ 3. Prevent CGI::Carp::fatalsToBrowser() from crapping out when
+ encountering a die() within an eval().
+ 4. Fixed problems with filehandle initializers.
+
+ Version 2.28
+
+ 1. Added support for NPH scripts; also fixes problems with Microsoft
+ IIS.
+ 2. Fixed a problem with checkbox() values not being correctly saved
+ and restored.
+ 3. Fixed a bug in which CGI objects created with empty string
+ initializers took on default values from earlier CGI objects.
+ 4. Documentation fixes.
+
+ Version 2.27
+
+ 1. Small but important bug fix: the automatic capitalization of tag
+ attributes was accidentally capitalizing the VALUES as well as the
+ ATTRIBUTE names (oops).
+
+ Version 2.26
+
+ 1. Changed behavior of scrolling_list(), checkbox() and
+ checkbox_group() methods so that defaults are honored correctly.
+ The "fix" causes endform() to generate additional <INPUT
+ TYPE="HIDDEN"> tags -- don't be surpised.
+ 2. Fixed bug involving the detection of the SSL protocol.
+ 3. Fixed documentation error in position of the -meta argument in
+ start_html().
+ 4. HTML shortcuts now generate tags in ALL UPPERCASE.
+ 5. start_html() now generates correct SGML header:
+ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+
+ 6. CGI::Carp no longer fails "use strict refs" pragma.
+
+ Version 2.25
+
+ 1. Fixed bug that caused bad redirection on destination URLs with
+ arguments.
+ 2. Fixed bug involving use_named_parameters() followed by
+ start_multipart_form()
+ 3. Fixed bug that caused incorrect determination of binmode for
+ Macintosh.
+ 4. Spelling fixes on documentation.
+
+ Version 2.24
+
+ 1. Fixed bug that caused generation of lousy HTML for some form
+ elements
+ 2. Fixed uploading bug in Windows NT
+ 3. Some code cleanup (not enough)
+
+ Version 2.23
+
+ 1. Fixed an obscure bug that caused scripts to fail mysteriously.
+ 2. Fixed auto-caching bug.
+ 3. Fixed bug that prevented HTML shortcuts from passing taint checks.
+ 4. Fixed some -w warning problems.
+
+ Version 2.22
+
+ 1. New CGI::Fast module for use with FastCGI protocol. See pod
+ documentation for details.
+ 2. Fixed problems with inheritance and autoloading.
+ 3. Added TR() (<tr>) and PARAM() (<param>) methods to list of
+ exported HTML tag-generating functions.
+ 4. Moved all CGI-related I/O to a bottleneck method so that this can
+ be overridden more easily in mod_perl (thanks to Doug MacEachern).
+ 5. put() method as substitute for print() for use in mod_perl.
+ 6. Fixed crash in tmpFileName() method.
+ 7. Added tmpFileName(), startform() and endform() to export list.
+ 8. Fixed problems with attributes in HTML shortcuts.
+ 9. Functions that don't actually need access to the CGI object now no
+ longer generate a default one. May speed things up slightly.
+ 10. Aesthetic improvements in generated HTML.
+ 11. New examples.
+
+ Version 2.21
+
+ 1. Added the -meta argument to start_html().
+ 2. Fixed hidden fields (again).
+ 3. Radio_group() and checkbox_group() now return an appropriate
+ scalar value when called in a scalar context, rather than
+ returning a numeric value!
+ 4. Cleaned up the formatting of form elements to avoid unesthetic
+ extra spaces within the attributes.
+ 5. HTML elements now correctly include the closing tag when
+ parameters are present but null: em('')
+ 6. Added password_field() to the export list.
+
+ Version 2.20
+
+ 1. Dumped the SelfLoader because of problems with running with taint
+ checks and rolled my own. Performance is now significantly
+ improved.
+ 2. Added HTML shortcuts.
+ 3. import() now adheres to the Perl module conventions, allowing
+ CGI.pm to import any or all method names into the user's name
+ space.
+ 4. Added the ability to initialize CGI objects from strings and
+ associative arrays.
+ 5. Made it possible to initialize CGI objects with filehandle
+ references rather than filehandle strings.
+ 6. Added the delete_all() and append() methods.
+ 7. CGI objects correctly initialize from filehandles on NT/95 systems
+ now.
+ 8. Fixed the problem with binary file uploads on NT/95 systems.
+ 9. Fixed bug in redirect().
+ 10. Added '-Window-target' parameter to redirect().
+ 11. Fixed import_names() so that parameter names containing funny
+ characters work.
+ 12. Broke the unfortunate connection between cookie and CGI parameter
+ name space.
+ 13. Fixed problems with hidden fields whose values are 0.
+ 14. Cleaned up the documentation somewhat.
+
+ Version 2.19
+
+ 1. Added cookie() support routines.
+ 2. Added -expires parameter to header().
+ 3. Added cgi-lib.pl compatibility mode.
+ 4. Made the module more configurable for different operating systems.
+ 5. Fixed a dumb bug in JavaScript button() method.
+
+ Version 2.18
+
+ 1. Fixed a bug that corrects a hang that occurs on some platforms
+ when processing file uploads. Unfortunately this disables the
+ check for bad Netscape uploads.
+ 2. Fixed bizarre problem involving the inability to process uploaded
+ files that begin with a non alphabetic character in the file name.
+ 3. Fixed a bug in the hidden fields involving the -override directive
+ being ignored when scalar defaults were passed.
+ 4. Added documentation on how to disable the SelfLoader features.
+
+ Version 2.17
+
+ 1. Added support for the SelfLoader module.
+ 2. Added oodles of JavaScript support routines.
+ 3. Fixed bad bug in query_string() method that caused some parameters
+ to be silently dropped.
+ 4. Robustified file upload code to handle premature termination by
+ the client.
+ 5. Exported temporary file names on file upload.
+ 6. Removed spurious "uninitialized variable" warnings that appeared
+ when running under 5.002.
+ 7. Added the Carp.pm library to the standard distribution.
+ 8. Fixed a number of errors in this documentation, and probably added
+ a few more.
+ 9. Checkbox_group() and radio_group() now return the buttons as
+ arrays, so that you can incorporate the individual buttons into
+ specialized tables.
+ 10. Added the '-nolabels' option to checkbox_group() and
+ radio_group(). Probably should be added to all the other
+ HTML-generating routines.
+ 11. Added the url() method to recover the URL without the entire query
+ string appended.
+ 12. Added request_method() to list of environment variables available.
+ 13. Would you believe it? Fixed hidden fields again!
+
+ Version 2.16
+
+ 1. Fixed hidden fields yet again.
+ 2. Fixed subtle problems in the file upload method that caused
+ intermittent failures (thanks to Keven Hendrick for this one).
+ 3. Made file upload more robust in the face of bizarre behavior by
+ the Macintosh and Windows Netscape clients.
+ 4. Moved the POD documentation to the bottom of the module at the
+ request of Stephen Dahmen.
+ 5. Added the -xbase parameter to the start_html() method, also at the
+ request of Stephen Dahmen.
+ 6. Added JavaScript form buttons at Stephen's request. I'm not sure
+ how to use this Netscape extension correctly, however, so for now
+ the form() method is in the module as an undocumented feature. Use
+ at your own risk!
+
+ Version 2.15
+
+ 1. Added the -override parameter to all field-generating methods.
+ 2. Documented the user_name() and remote_user() methods.
+ 3. Fixed bugs that prevented empty strings from being recognized as
+ valid textfield contents.
+ 4. Documented the use of framesets and added a frameset example.
+
+ Version 2.14
+
+ This was an internal experimental version that was never released.
+
+ Version 2.13
+
+ 1. Fixed a bug that interfered with the value "0" being entered into
+ text fields.
+
+ Version 2.01
+
+ 1. Added -rows and -columns to the radio and checkbox groups. No
+ doubt this will cause much grief because it seems to promise a
+ level of meta-organization that it doesn't actually provide.
+ 2. Fixed a bug in the redirect() method -- it was not truly HTTP/1.0
+ compliant.
+
+ Version 2.0
+
+ The changes seemed to touch every line of code, so I decided to bump
+ up the major version number.
+ 1. Support for named parameter style method calls. This turns out
+ to be a big win for extending CGI.pm when Netscape adds new HTML
+ "features".
+ 2. Changed behavior of hidden fields back to the correct "sticky"
+ behavior. This is going to break some programs, but it is for
+ the best in the long run.
+ 3. Netscape 2.0b2 broke the file upload feature. CGI.pm now handles
+ both 2.0b1 and 2.0b2-style uploading. It will probably break again
+ in 2.0b3.
+ 4. There were still problems with library being unable to distinguish
+ between a form being loaded for the first time, and a subsequent
+ loading with all fields blank. We now forcibly create a default
+ name for the Submit button (if not provided) so that there's
+ always at least one parameter.
+ 5. More workarounds to prevent annoying spurious warning messages
+ when run under the -w switch. -w is seriously broken in perl
+ 5.001!
+
+ Version 1.57
+
+ 1. Support for the Netscape 2.0 "File upload" field.
+ 2. The handling of defaults for selected items in scrolling lists and
+ multiple checkboxes is now consistent.
+
+ Version 1.56
+
+ 1. Created true "pod" documentation for the module.
+ 2. Cleaned up the code to avoid many of the spurious "use of
+ uninitialized variable" warnings when running with the -w switch.
+ 3. Added the autoEscape() method. v
+ 4. Added string interpolation of the CGI object.
+ 5. Added the ability to pass additional parameters to the <BODY> tag.
+ 6. Added the ability to specify the status code in the HTTP header.
+
+ Bug fixes in version 1.55
+
+ 1. Every time self_url() was called, the parameter list would grow.
+ This was a bad "feature".
+ 2. Documented the fact that you can pass "-" to radio_group() in
+ order to prevent any button from being highlighted by default.
+
+ Bug fixes in version 1.54
+
+ 1. The user_agent() method is now documented;
+ 2. A potential security hole in import() is now plugged.
+ 3. Changed name of import() to import_names() for compatibility with
+ CGI:: modules.
+
+ Bug fixes in version 1.53
+
+ 1. Fixed several typos in the code that were causing the following
+ subroutines to fail in some circumstances
+ 1. checkbox()
+ 2. hidden()
+ 2. No features added
+
+ New features added in version 1.52
+
+ 1. Added backslashing, quotation marks, and other shell-style escape
+ sequences to the parameters passed in during debugging off-line.
+ 2. Changed the way that the hidden() method works so that the default
+ value always overrides the current one.
+ 3. Improved the handling of sticky values in forms. It's now less
+ likely that sticky values will get stuck.
+ 4. If you call server_name(), script_name() and several other methods
+ when running offline, the methods now create "dummy" values to
+ work with.
+
+ Bugs fixed in version 1.51
+
+ 1. param() when called without arguments was returning an array of
+ length 1 even when there were no parameters to be had. Bad bug!
+ Bad!
+ 2. The HTML code generated would break if input fields contained the
+ forbidden characters ">< or &. You can now use these characters
+ freely.
+
+ New features added in version 1.50
+
+ 1. import() method allows all the parameters to be imported into a
+ namespace in one fell swoop.
+ 2. Parameters are now returned in the same order in which they were
+ defined.
+
+ Bugs fixed in version 1.45
+
+ 1. delete() method didn't work correctly. This is now fixed.
+ 2. reset() method didn't allow you to set the name of the button.
+ Fixed.
+
+ Bugs fixed in version 1.44
+
+ 1. self_url() didn't include the path information. This is now fixed.
+
+ New features added in version 1.43
+
+ 1. Added the delete() method.
+
+ New features added in version 1.42
+
+ 1. The image_button() method to create clickable images.
+ 2. A few bug fixes involving forms embedded in <PRE> blocks.
+
+ New features added in version 1.4
+
+ 1. New header shortcut methods
+ + redirect() to create HTTP redirection messages.
+ + start_html() to create the HTML title, complete with the
+ recommended <LINK> tag that no one ever remembers to include.
+ + end_html() for completeness' sake.
+ 2. A new save() method that allows you to write out the state of an
+ script to a file or pipe.
+ 3. An improved version of the new() method that allows you to restore
+ the state of a script from a file or pipe. With (2) this gives you
+ dump and restore capabilities! (Wow, you can put a "121,931
+ customers served" banner at the bottom of your pages!)
+ 4. A self_url() method that allows you to create state-maintaining
+ hypertext links. In addition to allowing you to maintain the state
+ of your scripts between invocations, this lets you work around a
+ problem that some browsers have when jumping to internal links in
+ a document that contains a form -- the form information gets lost.
+ 5. The user-visible labels in checkboxes, radio buttons, popup menus
+ and scrolling lists have now been decoupled from the values sent
+ to your CGI script. Your script can know a checkbox by the name of
+ "cb1" while the user knows it by a more descriptive name. I've
+ also added some parameters that were missing from the text fields,
+ such as MAXLENGTH.
+ 6. A whole bunch of methods have been added to get at environment
+ variables involved in user verification and other obscure
+ features.
+
+ Bug fixes
+
+ 1. The problems with the hidden fields have (I hope at last) been
+ fixed.
+ 2. You can create multiple query objects and they will all be
+ initialized correctly. This simplifies the creation of multiple
+ forms on one page.
+ 3. The URL unescaping code works correctly now.
View Lorry Controller Status