diff options
| author | Steve Hay <steve.m.hay@googlemail.com> | 2013-10-18 15:10:31 +0100 |
|---|---|---|
| committer | Steve Hay <steve.m.hay@googlemail.com> | 2013-10-18 18:21:25 +0100 |
| commit | 8db6555210da586fd395dac83edcff64f4451570 (patch) | |
| tree | 90efa84dda3db78dc6279146a4f76adc1e9d4d11 /cpan/CGI | |
| parent | d04bf9eb48f4d379a58de5e8ba2f6fbd17b7d27a (diff) | |
| download | perl-8db6555210da586fd395dac83edcff64f4451570.tar.gz | |
Remove all IGNORABLE files under cpan/
This was discussed on p5p:
http://www.nntp.perl.org/group/perl.perl5.porters/2013/10/msg208635.html
One LICENSE file (Locale-Codes) has been removed (contrary to one suggestion
in that thread) since it was the only one, and only says "This module is
free software; you can redistribute it and/or modify it under the same
terms as Perl itself." anyway.
Two files that I had previously suggested retaining for the sake of tests
have also been removed. In one case, a test script has been modified (in
Digest-MD5; I will send a ticket upstream); in the other case (in
Test-Harness) I have removed the test which depended on the MANIFEST files,
as suggested in the above thread.
Diffstat (limited to 'cpan/CGI')
| -rw-r--r-- | cpan/CGI/Changes | 1785 |
1 files changed, 0 insertions, 1785 deletions
diff --git a/cpan/CGI/Changes b/cpan/CGI/Changes deleted file mode 100644 index 731f4f28b3..0000000000 --- a/cpan/CGI/Changes +++ /dev/null @@ -1,1785 +0,0 @@ -Version 3.63 Nov 12, 2012 - - [SECURITY] - - CR escaping for Set-Cookie and P3P headers was improved. There was potential - for newline injection in these headers. - (Thanks to anazawa, https://github.com/markstos/CGI.pm/pull/23) - -Version 3.62, Nov 9th, 2012 - - [INTERNALS] - - Changed how the deprecated endform function was defined for compatibilty - with the development version of Perl. - - Fix failures in t/tmpdir.t when run as root - https://github.com/markstos/CGI.pm/issues/22, RT#80659) - - - Made it possible to force a sorted order for things like hash - attributes so that tests are not dependent on a particular hash - ordering. This will be required in modern perls which will - change the ordering per process. (Yves, RT#80659) - -Version 3.61 Nov 2nd, 2012 - - (No code changes) - - [INTERNALS] - - formatting of CGI::Carp documentation was improved. Thanks to benkasminbullock. - - un-TODO some tests in t/tmpdir.t that were passing in most cases. - More on this: - https://github.com/markstos/CGI.pm/issues/19# - https://github.com/markstos/CGI.pm/commit/cc73dc9807b0fabb56b3cdf1a9726588b2eda0f7 - -Version 3.60 Aug 15th, 2012 - - [BUG FIXES] - - In some caes, When unescapeHTML() hit something it didn't recognize with an ampersand and - and semicolon, it would throw away the semicolon and ampersand. It now does a better job. - of preserving content it doesn't recognize. Thanks to CEBJYRE@cpan.org (RT#75595) - - Remove trailing newline after <form> tag inserted by startform and start_form. It can - cause rendering problems in some cases. Thanks to SJOHNSTON@cpan.org (RT#67719) - - Workaround "Insecure Dependency" warning generated by some versions of Perl (RT#53733). - Thanks to degatcpan@ntlworld.com, klchu@lbl.gov and Anonymous Monk - - [DOCUMENTATION] - - Clarify that when -status is used, the human-readable phase should be included, per RFC 2616. - Thanks to SREZIC@cpan.org (RT#76691). - - [INTERNALS] - - More tests for header(), thanks to Ryo Anazawa. - - t/url.t has been fixed on VMS. Thanks to cberry@cpan.org (RT#72380) - - MANIFEST patched so that t/multipart_init.t is included again. Thanks to shay@cpan.org (RT#76189) - -Version 3.59 Dec 29th, 2011 - - [BUG FIXES] - - We no longer read from STDIN when the Content-Length is not set, preventing - requests with no Content-Length from freezing in some cases. This is consistent - with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old - behavior may have been expected by some command-line uses of CGI.pm. - Thanks to Philip Potter and Yanick Champoux. See RT#52469 for details: - https://rt.cpan.org/Public/Bug/Display.html?id=52469 - - [INTERNALS] - - remove tmpdirs more aggressively. Thanks to rjbs (RT#73288) - - use Text::ParseWords instead of ancient shellwords.pl. Thanks to AlexBio. - - remove use of define(@arr). Thanks to rjbs. - - spelling fixes. Thanks to Gregor Herrmann and Alessandro Ghedini. - - fix test count and warning in t/fast.t. Thanks to Yanick. - -Version 3.58 Nov 11th, 2011 - - [DOCUMENTATION] - - Clarify that using query_string() only has defined behavior when using the GET method. (RT#60813) - -Version 3.57 Nov 9th, 2011 - [INTERNALS] - - test failure in t/fast.t introduced in 3.56 is fixed. (Thanks to zefram and chansen). - - Test::More requirement has been bumped to 0.98 - -Version 3.56 Nov 8th, 2011 - - [SECURITY] - Use public and documented FCGI.pm API in CGI::Fast - CGI::Fast was using an FCGI API that was deprecated and removed from - documentation more than ten years ago. Usage of this deprecated API with - FCGI >= 0.70 or FCGI <= 0.73 introduces a security issue. - <https://rt.cpan.org/Public/Bug/Display.html?id=68380> - <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766> - (Thanks to chansen) - - [INTERNALS] - - tmp files are now cleaned up on VMS ( RT#69210, thanks to cberry@cpan.org ) - - Fixed test failure: done_testing() added to url.t (Thanks to Ryan Jendoubi) - - Clarify preferred bug submission location in docs, and note that Mark Stosberg - is the current maintainer. - -Version 3.55 June 3rd, 2011 - - [THINGS THAT MAY BREAK YOUR CODE] - url() was fixed to return "PATH_INFO" when it is explicitly requested - with either the path=>1 or path_info=>1 flag. - - If your code is running under mod_rewrite (or compatible) and you are calling self_url() or - you are calling url() and passing path_info=>1, These methods will actually be - returning PATH_INFO now, as you have explicitly requested, or has self_url() - has requested on your behalf. - - The PATH_INFO has been omitted in such URLs since the issue was introduced - in the 3.12 release in December, 2005. - - This bug is so old your application may have come to depend on it or - workaround it. Check for application before upgrading to this release. - - Examples of affected method calls: - - $q->url(-absolute => 1, -query => 1, -path_info => 1 ) - $q->url(-path=>1) - $q->url(-full=>1,-path=>1) - $q->url(-rewrite=>1,-path=>1) - $q->self_url(); - -Version 3.54, Apr 28, 2011 - No code changes - - [INTERNALS] - - Address test failures in t/tmpdir.t, thanks to Niko Tyni. - Some tests here are failing on some platforms and have been marked as TODO. - -Version 3.53, Apr 25, 2011 - - [NEW FEATURES] - - The DELETE HTTP verb is now supported. - (RT#52614, James Robson, Eduardo Ari�o de la Rubia) - - [INTERNALS] - - Correct t/tmpdir.t MANIFEST entry. (RT#64949) - - Update minimum required Perl version to be Perl 5.8.1, which - has been out since 2003. This allows us to drop some hacks - and exceptions (Mark Stosberg) - -Version 3.52, Jan 24, 2011 - - [DOCUMENTATION] - - The documentation for multi-line header handling was been updated to reflect - the changes in 3.51. (Mark Stosberg, ntyni@iki.fi) - - [INTERNALS] - - Add missing t/tmpfile.t file. (RT#64949) - - Fix warning in t/cookie.t (RT#64570, Chris Williams, Rainer Tammer, Mark Stosberg) - - Fixed logic bug in t/multipart_init.t (RT#64261, Niko Tyni) - -Version 3.51, Jan 5, 2011 - - [NEW FEATURES] - - A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to explicitly - exclude a particular scope from triggering printing to the browser when - fatatlsToBrowser is set. (RT#62783, Thanks to papowell) - - The <script> tag now supports the "charset" attribute. - (RT#62907, Thanks to Fabrice Metge) - - In CGI::Cookie, "Max-Age" is now supported for better spec compliance. - (Mark Stosberg) - - [BUG FIXES] - - Setting charset() now works for all content types, not just "text/*". - (RT#57945, Thanks to Yanick and Gerv.) - - support for user temporary directories ($HOME/tmp) was commented out - in 2.61 but the documentation wasn't updated (Peter Gervai, Niko Tyni) - - setting $CGITempFile::TMPDIRECTORY before loading CGI.pm has been - working but undocumented since 3.12 (which listed it in Changes as - $CGI::TMPDIRECTORY) (Peter Gervai, Niko Tyni) - - unfortunately the previous change broke the runtime check for looking - for a new temporary directory if the current one suddenly became - unwritable (Peter Gervai, Niko Tyni) - - A bug was fixed in CGI::Carp triggered by certain death cases in - the BEGIN phase of parent classes. - (RT#57224, Thanks to UNERA, Yanick Champoux, Mark Stosberg) - - CGI::Cookie->new() now follows the documentation and returns undef - if the -name and -value args aren't provided. This new behavior is also - consistent with the docs and code of CGI::Simple::Cookie. (Mark Stosberg) - - CGI::Cookie->parse() now trims leading and trailing whitespace from cookie - elements as intended. The change also makes this part of the parsing - identical to CGI::Simple::Cookie (Mark Stosberg) - - Temp file handling was improved (RT#62762) - - [SECURITY] - - Further improvements have been made to guard against newline injections - in headers. (Thanks to Max Kanat-Alexander, Yanick Champoux, Mark Stosberg) - - [PERFORMANCE] - - Make EBCDIC a compile-time constant so there's zero overhead (and less - compiled code) in subroutines that test for it. (Tim Bunce) - - If you just want to use CGI::Cookie, CGI.pm will no longer be loaded - unless you call the bake() method, which requires it. (Mark Stosberg) - - [DOCUMENTATION] - - quit referring to the <link> tag as being "rarely used". (Victor Sanders) - - typo and whitespace fixes (RT#62785, thanks to scop@cpan.org) - - The -dtd argument to start_html() is now documented - (RT#60473, Thanks to giecrilj and steve@fisharerojo.org) - - CGI::Carp doc are updated to reflect that it can work with mod_perl 2.0. - - when creating a temporary file in the directory fails, the error message - could indicate the root of the problem better (Peter Gervai, Niko Tyni) - - [INTERNALS] - - Re-fixing https test in http.t. (RT#54768, thanks to SPROUT) - - param_fetch no longer triggers a warning when called with no arguments (ysth, Mark Stosberg) - -Version 3.50, Nov 8, 2010 - - [SECURITY] - 1. The MIME boundary in multipart_init is now random. - Thanks to Byron Jones, Masahiro Yamada, Reed Loden, and Mark Stosberg - 2. Further improvements to handling of newlines embedded in header values. - An exception is thrown if header values contain invalid newlines. - Thanks to Michal Zalewski, Max Kanat-Alexander, Yanick Champoux, - Lincoln Stein, Fr�d�ric Buclin and Mark Stosberg - - [DOCUMENTATION] - 1. Correcting/clarifying documentation for param_fetch(). Thanks to - Ren�e B�cker. (RT#59132) - - [INTERNALS] - 1. Fixing https test in http.t. (RT#54768) - 2. Tests were added for multipart_init(). Thanks to Mark Stosberg and CGI::Simple. - -Version 3.49, Feb 5th, 2010 - - [BUG FIXES] - 1. Fix a regression since 3.44 involving a case when the header includes "Content-Length: 0". - Thanks to Alex Vandiver (RT#51109) - 2. Suppress uninitialized warnings under -w. Thanks to burak. (RT#50301) - 3. url() now uses virtual_port() instead of server_port(). Thanks to MKANAT and Yanick Champoux. (RT#51562) - 4. CGI::Carp now properly handles stringifiable objects, like Exception::Class throws (RT#39904) - - [SECURITY] - 1. embedded newlines are now filtered out of header values in header(). - Thanks to Mark Stosberg and Yanick Champoux. - - [DOCUMENTATION] - 1. README was updated to reflect that CGI.pm was moved under ./lib. - Thanks to Alex Vandiver. - - [INTERNALS] - 1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485) - 2. Attempt to avoid test failures with t/fast, thanks to Steve Hay. (RT#49599) - -Version 3.48, Sep 25, 2009 - - [BUG FIXES] - 1. <optgroup> default values are now properly escaped. - Thanks to #raleigh.pm and Mark Stosberg. (RT#49606) - 2. The change to exception handling in CGI::Carp introduced in 3.47 has been - reverted for now. It caused regressions reported in RT#49630. - Thanks to mkanat for the report. - - [DOCUMENTATION] - 1. Documentation for upload() has been overhauled, thanks to Mark Stosberg. - 2. Documentation for tmpFileName has been added. Thanks to Mark Stosberg and Nathaniel K. Smith. - 3. URLS were updated, thanks to Leon Brocard and Yanick Champoux. (RT#49770) - - [INTERNALS] - 1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485) - -Version 3.47, Sep 9, 2009 - - No code changes. - - [INTERNALS] - Re-release of 3.46, which did not contain a proper MANIFEST - -Version 3.46 - - [BUG FIXES] - 1. In CGI::Pretty, we no longer add line breaks after tags we claim not to format. Thanks to rrt, Bob Kuo and - and Mark Stosberg. (RT#42114). - 2. unescapeHTML() no longer falsely recognizes certain text as entities. Thanks to Pete Gamanche, Mark Stosberg - and Bob Kuo. (RT#39122) - 3. checkbox_group() now correctly includes a space before the "checked" attribute. - Thanks to Andrew Speer and Bob Kuo. (RT#36583) - 4. Fix case-sensitivity in http() and https() according to docs. Make https() - return list of keys in list context. Thanks to riQyRoe and Rhesa Rozendaal. (RT#12909) - 5. XHTML is now automatically disabled for HTML 4, as well as HTML 2 and HTML 3. Thanks to - Dan Harkless and Yanick Champoux. (RT#27907) - 6. Pre-compiling 'end_form' with ':form' switch now works. Thanks to ryochin and Yanick Champoux. (RT#41530) - 7. Empty name/values pairs are now properly saved and restored from filehandles. Thanks to rlucas and - Rhesa Rozendaal (RT#13158) - 8. Some differences between startform() and start_form() have been fixed. Thanks to Slaven Rezic and - Shawn Corey. (RT#22046) - 9. url_param() has been updated to be more consistent with the documentation and param(). - Thanks to Britton Kerin and Yanick Campoux. (RT#43587) - 10.hidden() now correctly supports multiple default values. - Thanks to david@dierauer.net and Russell Jenkins. (RT#20436) - 11.Calling CGI->new() no longer clobbers the value of $_ in the current scope. - Thanks to Alexey Tourbin, Bob Kuo and Mark Stosberg. (RT#25131) - 12.UTF-8 params should not get double-decoded now. - Thanks to Yves, Bodo, Burak G�rsoy, and Michael Schout. (RT#19913) - 13.We now give objects passed to CGI::Carp::die a chance to be stringified. - Thanks to teek and Yanick Champoux (RT#41530) - 14.Turning off autoEscape() now only affects the behavior of built-in HTML - generation fuctions. Explicit calls to escapeHTML() always escape HTML regardless - of the setting. Thanks to vindex, Bob Kuo and Mark Stosberg (RT#40748) - 15.In CGI::Fast, preferences set via pragmas are now preserved. - Thanks to heinst and Mark Stosberg (RT#32119) - - [DOCUMENTATION] - 1. remote_addr() is now documented. Thanks to Yanick Champoux. (RT#38884) - 2. In CGI::Pretty in the list of tags left unformatted was updated to match the code. Thanks to Mark Stosberg. (RT#42114) - 3. In CGI::Pretty, performance concerns are now documented. Thanks to Jochen, Rhesa Rozendaal and Mark Stosberg (RT#13223) - 4. A number of outdated Netscape references have been removed. Thanks to Mark Stosberg. - 5. The documentation has been purged of examples of using indirect object notation. Thanks to Mark Stosberg. - 6. Some POD formatting was fixed. Thanks to Dave Mitchell (RT#48935). - 7. Docs and examples were updated to highlight start_form instead of startform. - Thanks to Slaven Rezic. - 8. Note that CGI::Carp::carpout() doesn't work with in-memory filehandles. - Thanks to rhubbell and Mark Stosberg. - 9. The documentation for the -newstyle_urls is now less confusing. - Thanks to Ryan Tate and Mark Stosberg (RT#49454) - - [INTERNALS] - 1. Quit bundling an ancient copy of Test::More and and using a custom 'lib' path for the tests. Instead, Test::More - is now a dependency. Thanks to Ansgar and Mark Stosberg (RT#48811) - 2. Automated tests for hidden() have been added, thanks to Russel Jenkins and Mark Stosberg (RT#20436) - 3. t/util.t has been updated to use Test::More instead of a home-grown test function. Thanks to Bob Kuo. - -Version 3.45, Aug 14, 2009 - - [BUG FIXES] - 1. Prevent warnings about "uninitialized values" for REQUEST_URI, HTTP_USER_AGENT and other environment variables. - Patches by Callum Gibson, heiko and Mark Stosberg. (RT#24684, RT#29065) - 2. Avoid death in some cases when running under Taint mode on Windows. - Patch by Peter Hancock (RT#43796) - 3. Allow 0 to be used as a default value in popup_menu(). This was broken starting in 3.37. - Thanks to Haze, who was the first to report this and supply a patch, and pfschill, who pinpointed - when the bug was introduced. A regression test for this was also added. (RT#37908) - 4. Allow "+" as a valid character in file names, which fixes temp file creation on OS X Leopard. - Thanks to Andy Armstrong, and alech for patches. (RT#30504) - 5. Set binmode() on the Netware platform, thanks to Guenter Knauf (RT#27455) - 6. Don't allow a CGI::Carp error handler to die recursively. Print a warning and exit instead. - Thanks to Marc Chantreux. (RT#45956) - 7. The Dump() method now is fixed to escape HTML properly. Thanks to Mark Stosberg (RT#21341) - 8. Support for <optgroup> with scrolling_list() now works the same way as it does for popup_menu(). - Thanks to Stuart Johnston (RT#30097) - 9. CGI::Pretty now works properly when $" is set to ''. Thanks to Jim Keenan (RT#12401) - 10. Fix crash when used in combination with PerlEx::DBI. Thanks to Burak G�rsoy (RT#19902) - - [DOCUMENTATION] - 1. Several typos were fixed, Thanks to ambs. (RT#41105) - 2. A typo related to the nosticky pragma was fixed, thanks to Britton Kerin. (RT#43220) - 3. examples/nph-clock.cgi is now more portable, by calling localtime() rather than `/bin/date`, - thanks to Guenter Knauf. (RT#27456). - 4. In CGI::Carp, the SEE ALSO section was cleaned up, thanks to Slaven Rezic. (RT#32769) - 5. The docs for redirect() were updated to reflect that most headers are - ignored during redirection. Thanks to Mark Stosberg (RT#44911) - - [INTERNALS] - 1. New t/unescapeHTML.t test script has been added. It includes a TODO test for a pre-existing - bug which could use a patch. Thanks to Pete Gamache and Mark Stosberg (RT#39122) - 2. New test scripts have been added for user_agent(), popup_menu() and query_string(), scrolling_list() and Dump() - Thanks to Mark Stosberg and Stuart Johnston. (RT#37908, RT#43006, RT#21341, RT#30097) - 3. CGI::Carp and CGI::Util have been updated to have non-developer version numbers. - Thanks to Slaven Rezic. (RT#48425) - 4. CGI::Switch and CGI::Apache now properly set their VERSION in their own name space. - Thanks to Alexey Tourbin (RT#11941,RT#11942) - -Version 3.44, Jul 30, 2009 - - 1. Patch from Kurt Jaeger to allow HTTP PUT even if the content length is unknown. - 2. Patch from Pavel merdin to fix a problem for one of the FireFox addons. - 3. Fixed issue in mod_perl & fastCGI environment of cookies returned from - CGI->cookie() leaking from one session to another. - -Version 3.43, Apr 06, 2009 - - 1. Documentation patch from MARKSTOS@cpan.org to replace all occurrences of - "new CGI" with CGI->new()" to reflect best perl practices. - 2. Patch from Stepan Kasal to fix utf-8 related problems in perl 5.10 - -Version 3.42, Sep 08, 2008 - - 1. Added patch from Renee Baecker that makes it possible to subclass - CGI::Pretty. - 2. Added patch from Nicholas Clark to allow ~ characters in temporary directories. - 3. Added patch from Renee Baecker that fixes the inappropriate escaping of fields - in multipart headers. - -Version 3.41, Aug 25, 2008 - - 1. Fix url() returning incorrect path when query string contains escaped newline. - 2. Added additional windows temporary directories and environment variables, courtesy patch from Renee Baecker - 3. Added a handle() method to the lightweight upload - filehandles. This method returns a real IO::Handle object. - 4. Added patch from Tony Vanlingen to fix deep recursion warnings in CGI::Pretty. - -Version 3.40, Aug 06, 2008 - - 1. Fixed CGI::Fast docs to eliminate references to a "special" - version of Perl. - 2. Makefile.PL now depends on FCGI so that CGI::Fast installs properly. - 3. Fix script_name() call from Stephane Chazelas. - -Version 3.39, Jun 29, 2008 - - 1. Fixed regression in "exists" function when using tied interface to CGI via $q->Vars. - -Version 3.38, Jun 25, 2008 - - 1. Fix annoying warning in http://rt.cpan.org/Ticket/Display.html?id=34551 - 2. Added nobr() function http://rt.cpan.org/Ticket/Display.html?id=35377 - 3. popup_menu() allows multiple items to be selected by default, satisfying - http://rt.cpan.org/Ticket/Display.html?id=35376 - 4. Patch from Renee Backer to avoid doubled <http-equiv> headers. - 5. Fixed documentation bug that describes what happens when a - parameter is empty (e.g. "?test1="). - 6. Fixed minor warning described at http://rt.cpan.org/Public/Bug/Display.html?id=36435 - 7. Fixed overlap of attribute and parameter space described in http://rt.perl.org/rt3//Ticket/Display.html?id=24294 - -Version 3.37, Apr 22, 2008 - - 1. Fix pragmas so that they persist over modperl invocations (e.g. RT 34761) - 2. Fixed handling of chunked multipart uploads; thanks to Michael Bernhardt - who reported and fixed the problem. - -Version 3.36 - - 1. Fix CGI::Cookie to support cookies that are separated by "," instead of ";". - -Version 3.35, Mar 27, 2008 - - 1. Resync with bleadperl, primarily fixing a bug in parsing semicolons in uploaded filenames. - -Version 3.34, Mar 18, 2008 - - 1. Handle Unicode %uXXXX escapes properly -- patch from DANKOGAI@cpan.org - 2. Fix url() method to not choke on path names that contain regex characters. - -Version 3.33, Jan 02, 2008 - - 1. Remove uninit variable warning when calling url(-relative=>1) - 2. Fix uninit variable warnings for two lc calls - 3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10 - -Version 3.32, Dec 27, 2007 - - 1. Patch from Miguel Santinho to prevent sending premature headers under mod_perl 2.0 - -Version 3.31, Nov 30, 2007 - - 1. Patch from Xavier Robin so that CGI::Carp issues a 500 Status code rather than a 200 status code. - 2. Patch from Alexander Klink to select correct temporary directory in OSX Leopard so that upload works. - 3. Possibly fixed "wrapped pack" error on 5.10 and higher. - -Version 3.30 - - 1. Patch from Mike Barry to handle POSTDATA in the same way as PUT. - 2. Patch from Rafael Garcia-Suarez to correctly reencode unicode values as byte values. - -Version 3.29, Apr 16, 2007 - - 1. The position of file handles is now reset to zero when CGI->new is called. - (Mark Stosberg) - 2. uploadInfo() now works across multiple object instances. Also, the first - tests for uploadInfo() were added as part of the fix. (CPAN bug 11895, with - contributions from drfrench and Mark Stosberg). - -Version 3.28, Mar 29, 2007 - - 1. Applied patch from Allen Day that makes Cookie parsing RFC2109 compliant - (attribute/values can be separated by commas as well as semicolons). - 2. Applied patch from Stephan Struckmann that allows script_name() to be set correctly. - 3. Fixed problem with url(-full) in which port number appears twice. - -Version 3.27, Feb 27, 2007 - - 1. Applied patch from Steve Taylor that allows checkbox_groups to be - disabled with a new -disabled=> option. - -Version 3.26 - - 1. Fixed alternate stylesheet behavior so that it is insensitive to order of declarations. - 2. Patch from John Binns to allow users to provide a callback to CGI::Carp. - 3. Added "~" as an unreserved character in escape(). - 4. Patch from Chris Fedde to prevent HTTP_HOST from inhibiting SERVER_PORT in url() generation. - 5. Fixed outdated documentation (and behavior) of -language in start_html -script option. - 6. Fixed bug in seconds calculation in CGI::Util::expire_calc. - -Version 3.25, Sep 28, 2006 - - 1. Fixed the link to the Netscape frames page. - 2. Added ability to specify an alternate stylesheet. - 3. Add support for XForms POST submssion both as application/xml or as multipart/related - -Version 3.24 - - 1. In startform(), if request_uri() returns undef, then falls back - to self_url(). This should rarely happen except when run outside of - the CGI environment. - 2. image button alignment options were mistakenly being capitalized, causing xhtml validation to fail. - -Version 3.23, Aug 23, 2006 - - 1. Typo in upload() persisted, now fixed for real. Thanks to - Emanuele Zeppieri for correct patch and regression test. - -Version 3.22, Aug 23, 2006 - - 1. Typo in upload() function broke uploads. Now fixed (CPAN bug 21126). - -Version 3.21, Aug 21, 2006 - - 1. Don't try to read data at all when POST > $POST_MAX. - 2. Fixed bug that caused $cgi->param('name',undef,'value') to unset param('name') entirely. - 3. Fixed bug in which upload() sometimes returns empty. (CPAN bug #12694). - 4. Incorporated patch from BURAK@cpan.org to support HTTPcookies (CPAN bug 21019). - -Version 3.20 - - 1. Patch from David Wheeler for CGI::Cookie->bake(). Uses mod_perl headers_out->add() - rather than headers_out->set(). - 2. Fixed problem identified by Andrei Voronkov in which start_form() output was screwed - up when initial argument begins with a dash and subsequent arguments do not. - 3. Quashed uninitialized variable warnings coming from script_name(), url() and other - functions that require access to the PATH_INFO environment variable. - -Version 3.19 - - 1. Added patch from Stephen Frost that allows one to suppress use of the temp file that is - created during uploads. - 2. Fixed problem noted by Martin Foster in which regular expression meta-character terms - in the path information were not quoted, causing URL parsing - to fail on URLs that contained metacharacters (such as +). - 3. More fixes to the url() method. - 4. Removed "hack to fix broken PATH_INFO in MSII". - -Version 3.18 - - 1. Doc typo fixes. - 2. Patch from Steve Peters to default the document type to match the charset. - 3. Fixed param() so that param(-name=>'foo',-values=>[]) sets the parameter to empty list. - -Version 3.17, Feb 24, 2006 - - 1. Added patch from Mike Hanafey which caused 0 arguments to CGI::Cookie->new() to - be treated as empty. - 2. Patch to CGI::Carp from Peter Whaite to fix the unfixable problem of CGI::Carp - not behaving correctly in an eval() context. - 3. CGI::Fast->new() calls CGI->_reset_globals to avoid contamination of one session - with another's variables. - 4. Fixed upload failure on files that contain semicolons in their names. - -Version 3.16, Feb 8, 2006 - - 1. header() -charset option now works even when the MIME type is not "text". - 2. Fixed documentation for cookie() function and fastCGI. - 3. Upload filehandles now only closed automatically on Windows systems. - 4. Apache::Cookie compatibility fix from David Wheeler - 5. CGI::Carp->fatalsToBrowser() does not work correctly with - mod_perl 2. No workaround is known. - 6. Fixed text status code associated with 302 redirects. Should be "Found" - but was "Moved". - 7. Fixed charset in start_html() and header() to be in synch. - -Version 3.15, Dec 7, 2005 - - 1. Remove extraneous "?" from self_url() when URI contains a ? but no query string. - -Version 3.14, Dec 6, 2005 - - 1. Fixed broken scrolling_list() select attribute. - -Version 3.13, Dec 4, 2005 - - 1. Removed extraneous empty "?" from end of self_url(). - -Version 3.12, Dec 4, 2005 - - 1. Fixed virtual_port so that it works properly with https protocol. - 2. Fixed documentation for upload_hook(). - 3. Added POSTDATA documentation. - 4. Made upload_hook() work in function-oriented mode. - 5. Fixed POST_MAX behavior so that it doesn't cause client to hang. - 6. Disabled automatic tab indexes and added new -tabindex pragma to - turn automatic indexes back on. - 7. The url() and self_url() methods now work better in the context of Apache - mod_rewrite. Be advised that path_info() may give you confusing results - when mod_rewrite is active because Apache calculates the path info *after* - rewriting. This is mostly worked around in url() and self_url(), but you - may notice some anomalies. - 8. Removed empty (and non-validating) <div> from code emitted by end_form(). - 9. Fixed CGI::Carp to work correctly with Mod_perl 1.29 in an Apache 2 environment. - 10. Setting $CGI::TMPDIRECTORY should now be effective. - -Version 3.11, Aug 3, 2005 - - 1. Killed warning in CGI::Cookie about MOD_PERL_API_VERSION - 2. Fixed append() so that it works in function mode. - 3. Workaround for a bug that appears in Apache2 versions through 2.0.54 - in which SCRIPT_NAME and PATH_INFO are incorrect if the additional path_info - contains a double slash. This workaround will handle the common case of - http://mysite.com/cgi-bin/log.cgi/http://www.some.other.site/args, but will - not handle the uncommon case of a ScriptAlias directive that adds additional - path information to the end of the translated URI. - -Version 3.10, May 13, 2005 - - 1. Added Apache2::RequestIO, which is necessary for mp2 interoperability. - -Version 3.09, May 5, 2005 - - 1. Fixed tabindex="0" when using CGI to create forms without a prior start_html - 2. Removed warning about non-numeric MOD_PERL_API_VERSION. - -Version 3.08, Apr 20, 2005 - - 1. update support for mod_perl 2.0. versions prior to - mod_perl 1.999_22 (2.0.0-RC5) are no longer supported. - -Version 3.07, Mar 14, 2005 - - 1. Fixed typo in mod_perl detection. - -Version 3.06, Mar 09, 2005 - - 1. Fixed bare call to script() in start_html - 2. Moved Fh::DESTROY out of autoloaded functions so as to avoid - clobbering $@ when CGI functions are executed in an eval{} - context. - 3. mod_perl 2.0 version detection patch in CGI::Cookie provided by - Allen Day. - 4. autoEscape() flag is now respected when generating extra - attributes. - 5. Tests for *tag start/end generation from Shlomi Fish. - 6. Support for can() method provided by Ron Savage. - 7. Fix for lang='' when outputting XHTML. - 8. Added support for chunked transfer encoding, as suggested by - Hakan Ardo - 9. Fixed clobbering of row and column headers in tableized radio - and checkbox groups, as reported by Nicolas Thierry-Mieg. - 10. <Label> tags are now associated with form elements, as suggested - by accessibility guidelines. - 11. The <?xml> directive produced by start_html is now turned off by - default and the charset is specified in a <meta> directive. Apparently - IE6 (and maybe some versions of Opera) were getting confused by this. - 12. Support for tab indexes. - 13. Retired the HTML docs. The POD docs are now primary documentation. - 14. CGI::Carp now correctly detects and handles Apache::Dispatch. - 15. CGI::Util::utf8_chr now correctly sets the UTF8 flag on 5.006 or - higher perls (fix courtesy Slaven Rezic). - - -Version 3.05, Apr 12, 2004 - - 1. Fixed uninitialized variable warning on start_form() when running - from command line. - 2. Fixed CGI::_set_attributes so that attributes with a - are handled - correctly. - 3. Fixed CGI::Carp::die() so as to avoid problems from _longmess() - clobbering @_. - 4. If HTTP_X_FORWARDED_HOST is defined (i.e. running under a proxy), - the various functions that return HOST will use that instead. - 5. Fix for undefined utf8() call in CGI::Util. - 6. Changed the call to warningsToBrowser() in - CGI::Carp::fatalsToBrowser to call only after HTTP header is sent - (thanks to Didier Lebrun for noticing). - 7. Patches from Dan Harkless to make CGI.pm validatable against HTML - 3.2. - 8. Fixed an extraneous "foo=bar" appearing when extra style - parameters passed to start_html; - 9. Fixed cross-site scripting bug in startform() pointed out by Dan - Harkless. - 10. Fixed documentation to discuss list context behavior of - form-element generators explicitly. - 11. Fixed incorrect results from end_form() when called in OO manner. - 12. Fixed query string stripping in order to handle URLs containing - escaped newlines. - 13. During server push, set NPH to 0 rather than 1. This is supposed - to fix problems with Apache. - 14. Fixed incorrect processing of multipart form fields that contain - embedded quotes. There's still the issue of how to handle ones - that contain embedded semicolons, but no one has complained (yet). - 15. Fixed documentation bug in -style argument to start_html() - 16. Added -status argument to redirect(). - -Version 3.04, Jan 18, 2004 - - 1. Fixed the problem with mod_perl crashing when "defaults" button - pressed. - -Version 3.03, Jan 13, 2004 - - 1. Fix upload hook functionality - 2. Workaround for CGI->unescape_html() - 3. Bumped version numbers in CGI::Fast and CGI::Util for 5.8.3-tobe - -Version 3.02 - - 1. Bring in Apache::Response just in case. - 2. File upload on EBCDIC systems now works. - -Version 3.01, Dec 10, 2003 - - 1. No fix yet for upload failures when running on EBCDIC server. - 2. Fixed uninitialized glob warnings that appeared when file - uploading under perl 5.8.2. - 3. Added patch from Schlomi Fish to allow debugging of PATH_INFO from - command line. - 4. Added patch from Steve Hay to correctly unlink tmp files under - mod_perl/windows - 5. Added upload_hook functionality from Jamie LeTaul - 6. Workarounds for mod_perl 2 IO issues. Check that file upload and - state saving still working. - 7. Added code for underreads. - 8. Fixed misleading description of redirect() and relative URLs in - the POD docs. - 9. Workaround for weird interaction of CGI::Carp with Safe module - reported by William McKee. - 10. Added patches from Ilmari Karonen to improve behavior of - CGI::Carp. - 11. Fixed documentation error in -style argument. - 12. Added virtual_port() method for finding out what port server is - listening on in a virtual-host aware fashion. - -Version 3.00, Aug 18, 2003 - - 1. Patch from Randal Schwartz to fix bug introduced by cross-site - scripting vulnerability "fix." - 2. Patch from JFreeman to replace UTF-8 escape constant of 0xfe with - 0xfc. Hope this is right! - - Version 2.99 - - 1. Patch from Steve Hay to fix extra Content-type: appearing on - browser screen when FatalsToBrowser invoked. - 2. Patch from Ewann Corvellec to fix cross-site scripting - vulnerability. - 3. Fixed tmpdir routine for file uploading to solve problem that - occurs under mod_perl when tmpdir is writable at startup time, but - not at session time. - - Version 2.98 - - 1. Fixed crash in Dump() function. - - Version 2.97 - - 1. Sigh. Uploaded wrong 2.96 to CPAN. - - Version 2.96 - - 1. More bugfixes to the -style argument. - - Version 2.95 - - 1. Fixed bugs in start_html(-style=>...) support introduced in 2.94. - - Version 2.94 - - 1. Removed warning from reset() method. - 2. Moved - - and tags into the :html3 group. Hope this removes undefined CGI::Area - errors. - - Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore - reporting of compile-time errors. - - Fixed potential deadlock between web server and CGI.pm when aborting - a read due to POST_MAX (reported by Antti Lankila). - - Fixed issue with tag-generating function not incorporating content - when first variable undef. - - Fixed cross-site scripting bug reported by obscure. - - Fixed Dump() function to return correctly formed XHTML - bug - reported by Ralph Siemsen. - - Version 2.93 - - 1. Fixed embarassing bug in mp1 support. - - Version 2.92 - - 1. Fix to be P3P compliant submitted from MPREWITT. - 2. Added CGI->r() API for mod_perl1/mod_perl2. - 3. Fixed bug in redirect() that was corrupting cookies. - 4. Minor fix to behavior of reset() button to make it consistent with - submit() button (first time this has been changed in 9 years). - 5. Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher. - 6. Patch from Steve Hay to make CGI::Carp's error messages appear on - MSIE browsers. - 7. Added Yair Lenga's patch for non-urlencoded postings. - 8. Added Stas Bekman's patches for mod_perl 2 compatibility. - 9. Fixed uninitialized escape behavior submitted by William Campbell. - 10. Fixed tied behavior so that you can pass arguments to tie() - 11. Fixed incorrect generation of URLs when the path_info contains + - and other odd characters. - 12. Fixed redirect(-cookies=>$cookie) problem. - 13. Fixed tag generation bug that affects -javascript passed to - start_html(). - - Version 2.91 - - 1. Attribute generation now correctly respects the value of - autoEscape(). - 2. Fixed endofrm() syntax error introduced by Ben Edgington's patch. - - Version 2.90 - - 1. Fixed bug in redirect header handling. - 2. Added P3P option to header(). - 3. Patches from Alexey Mahotkin to make CGI::Carp work correctly with - object-oriented exceptions. - 4. Removed inaccurate description of how to set multiple cookies from - CGI::Cookie pod file. - 5. Patch from Kevin Mahony to prevent running out of filehandles when - uploading lots of files. - 6. Documentation enhancement from Mark Fisher to note that the - import_names() method transforms the parameter names into valid - Perl names. - 7. Patch from Dan Harkless to suppress lang attribute in <html> tag - if specified as a null string. - 8. Patch from Ben Edgington to fix broken XHTML-transitional 1.0 - validation on endform(). - 9. Custom html header fix from Steffen Beyer (first letter correctly - upcased now) - 10. Added a -verbatim option to stylesheet generation from Michael - Dickson - 11. Faster delete() method from Neelam Gupta - 12. Fixed broken Cygwin support. - 13. Added empty charset support from Bradley Baetz - 14. Patches from Doug Perham and Kevin Mahoney to fix file upload - failures when uploaded file is a multiple of 4096. - - Version 2.89 - - 1. Fixed behavior of ACTION tag when POSTING to a URL that has a - query string. - 2. Added Patch from Michael Rommel to handle multipart/mixed uploads - from Opera - - Version 2.88 - - 1. Fixed problem with uploads being refused under Perl 5.8 when under - Taint mode. - 2. Fixed uninitialized variable warnings under Perl 5.8. - 3. Fixed CGI::Pretty regression test failures. - - Version 2.87 - - 1. Security hole patched: when processing multipart/form-data - postings, most arguments were being untainted silently. Returned - arguments are now tainted correctly. This may cause some scripts - to fail that used to work (thanks to Nick Cleaton for pointing - this out and persisting until it was fixed). - 2. Update for mod_perl 2.0. - 3. Pragmas such as -no_xhtml are now respected in mod_perl - environment. - - Version 2.86 - - 1. Fixes for broken CGI::Cookie expiration dates introduced in 2.84. - - Version 2.85 - - 1. Fix for broken autoEscape function introduced in 2.84. - - Version 2.84 - - 1. Fix for failed file uploads on Cygwin platforms. - 2. HTML escaping code now replaced 0x8b and 0x9b with unicode - references < and *#8250; - - Version 2.83 - - 1. Fixed autoEscape() documentation inconsistencies. - 2. Patch from Ville Skytt� to fix a number of XHTML inconsistencies. - 3. Added Max-Age to list of CGI::Cookie headers. - - Version 2.82 - - 1. Patch from Rudolf Troller to add attribute setting and option - groups to form fields. - 2. Patch from Simon Perreault for silent crashes when using CGI::Carp - under mod_perl. - 3. Patch from Scott Gifford allows you to set the program name for - CGI::Carp. - - Version 2.81 - - 1. Removed extraneous slash from end of stylesheet tags generated by - start_html in non-XHTML mode. - 2. Changed behavior of CGI::Carp with respect to eval{} contexts so - that output behaves properly in mod_perl environments. - 3. Fixed default DTD so that it validates with W3C validator. - - Version 2.80 - - 1. Fixed broken messages in CGI::Carp. - 2. Changed checked="1" to checked="checked" for real XHTML - compatibility. - 3. Resurrected REQUEST_URI code so that url() works correctly with - multiviews. - - Version 2.79 - - 1. Changes to CGI::Carp to avoid "subroutine redefined" error - messages. - 2. Default DTD is now XHTML 1.0 Transitional - 3. Patches to support all HTML4 tags. - - Version 2.78 - - 1. Added ability to change encoding in <?xml> assertion. - 2. Fixed the old escapeHTML('CGI') ne "CGI" bug - 3. In accordance with XHTML requirements, there are no longer any - minimized attributes, such as "checked". - 4. Patched bug which caused file uploads of exactly 4096 bytes to be - truncated to 4094 (thanks to Kevin Mahony) - 5. New tests and fixes to CGI::Pretty (thanks to Michael Schwern). - - Version 2.77 - - 1. No new features, but released in order to fix an apparent CPAN - bug. - - Version 2.76 - - 1. New esc.t regression test for EBCDIC translations courtesy Peter - Prymmer. - 2. Patches from James Jurach to make compatible with FCGI-ProcManager - 3. Additional fields passed to header() (like -Content_disposition) - now honor initial capitalization. - 4. Patch from Andrew McNaughton to handle utf-8 escapes (%uXXXX - codes) in URLs. - - Version 2.752 - - 1. Syntax error in the autoloaded Fh::new() subroutine. - 2. Better error reporting in autoloaded functions. - - Version 2.751 - - 1. Tiny tweak to filename regular expression function on line 3355. - - Version 2.75 - - 1. Fixed bug in server push boundary strings (CGI.pm and CGI::Push). - 2. Fixed bug that occurs when uploading files with funny characters - in the name - 3. Fixed non-XHTML-compliant attributes produced by textfield() - 4. Added EPOC support, courtesy Olaf Flebbe - 5. Fixed minor XHTML bugs. - 6. Made escape() and unescape() symmetric with respect to EBCDIC, - courtesy Roca, Ignasi <ignasi.roca@fujitsu.siemens.es> - 7. Removed uninitialized variable warning from CGI::Cookie, provided - by Atipat Rojnuckarin <rojnuca@yahoo.com> - 8. Fixed bug in CGI::Pretty that causes it to print partial end tags - when the $INDENT global is changed. - 9. Single quotes are changed to character entity ' for compatibility - with URLs. - - Version 2.74 - - September 13, 2000 - 1. Quashed one-character bug that caused CGI.pm to fail on file - uploads. - - Version 2.73 - - September 12, 2000 - 1. Added -base to the list of arguments accepted by url(). - 2. Fixes to XHTML support. - 3. POST parameters no longer show up in the Location box. - - Version 2.72 - - August 19, 2000 - 1. Fixed the defaults button so that it works again - 2. Charset is now correctly saved and restored when saving to files - 3. url() now works correctly when given scripts with %20 and other - escapes in the additional path info. This undoes a patch - introduced in version 2.47 that I no longer understand the - rationale for. - - Version 2.71 - - August 13, 2000 - 1. Newlines in the value attributes of hidden fields and other form - elements are now escaped when using ISO-Latin. - 2. Inline script and style sections are now protected as CDATA - sections when XHTML mode is on (the default). - - Version 2.70 - - August 4, 2000 - 1. Fixed bug in scrolling_list() which omitted a space in front of - the "multiple" attribute. - 2. Squashed the "useless use of string in void context" message from - redirects. - - Version 2.69 - - 1. startform() now creates default ACTION for POSTs as well as GETs. - This may break some browsers, but it no longer violates the HTML - spec. - 2. CGI.pm now emits XHTML by default. Disable with -no_xhtml. - 3. We no longer interpret &#ddd sequences in non-latin character - sets. - - Version 2.68 - - 1. No longer attempts to escape characters when dealing with non - ISO-8861 character sets. - 2. checkbox() function now defaults to using -value as its label, - rather than -name. The current behavior is what has been - documented from the beginning. - 3. -style accepts array reference to incorporate multiple stylesheets - into document. - - 1. Fixed two bugs that caused the -compile pragma to fail with a - syntax error. - - Version 2.67 - - 1. Added XHTML support (incomplete; tags need to be lowercased). - 2. Fixed CGI/Carp when running under mod_perl. Probably broke in - other contexts. - 3. Fixed problems when passing multiple cookies. - 4. Suppress warnings from _tableize() that were appearing when using - -w switch with radio_group() and checkbox_group(). - 5. Support for the header() -attachment argument, which can give - pages a default file name when saving to disk. - - Version 2.66 - - 1. 2.65 changes in make_attributes() broke HTTP header functions - (including redirect), so made it context sensitive. - - Version 2.65 - - 1. Fixed regression tests to skip tests that require implicit fork on - machines without fork(). - 2. Changed make_attributes() to automatically escape any HTML - reserved characters. - 3. Minor documentation fix in javascript example. - - Version 2.64 - - 1. Changes introduced in 2.63 broke param() when retrieving parameter - lists containing only a single argument. This is now fixed. - 2. self_url() now defaults to returning parameters delimited with - semicolon. Use the pragma -oldstyle_urls to get the old "&" - delimiter. - - Version 2.63 - - 1. Fixed CGI::Push to pull out parameters correctly. - 2. Fixed redirect() so that it works with default character set - 3. Changed param() so as to returned empty string '' when referring - to variables passed in query strings like 'name1=&name2' - - Version 2.62 - - 1. Fixed broken ReadParse() function, and added regression tests - 2. Fixed broken CGI::Pretty, and added regression tests - - Version 2.61 - - 1. Moved more functions from CGI.pm proper into CGI/Util.pm. - CGI/Cookie should now be standalone. - 2. Disabled per-user temporary directories, which were causing grief. - - Version 2.60 - - 1. Fixed junk appearing in autogenerated HTML functions when using - object-oriented mode. - - Version 2.59 - - 1. autoescape functionality breaks too much existing code, removed - it. - 2. use escapeHTML() manually - - Version 2.58 - - This is the release version of 2.57. - - Version 2.57 - - 1. Added -debug pragma and turned off auto reading of STDIN. - 2. Default DTD updated to HTML 4.01 transitional. - 3. Added charset() method and the -charset argument to header(). - 4. Fixed behavior of escapeHTML() to respect charset() and to escape - nasty Windows characters (thanks to Tom Christiansen). - 5. Handle REDIRECT_QUERY_STRING correctly. - 6. Removed use_named_parameters() because of dependency problems and - general lameness. - 7. Fixed problems with bad HREF links generated by url(-relative=>1) - when the url is like /people/. - 8. Silenced a warning on upload (patch provided by Jonas Liljegren) - 9. Fixed race condition in CGI::Carp when errors occur during parsing - (patch provided by Maurice Aubrey). - 10. Fixed failure of url(-path_info=>1) when path contains % signs. - 11. Fixed warning from CGI::Cookie when receiving foreign cookies that - don't use name=value format. - 12. Fixed incompatibilities with file uploading on VMS systems. - - Version 2.56 - - 1. Fixed bugs in file upload introduced in version 2.55 - 2. Fixed long-standing bug that prevented two files with identical - names from being uploaded. - - Version 2.55 - - 1. Fixed cookie regression test so as not to produce an error. - 2. Fixed path_info() and self_url() to work correctly together when - path_info() modified. - 3. Removed manify warnings from CGI::{Switch,Apache}. - - Version 2.54 - - 1. This will be the last release of the monolithic CGI.pm module. - Later versions will be modularized and optimized. - 2. DOMAIN tag no longer added to cookies by default. This will break - some versions of Internet Explorer, but will avoid breaking - networks which use host tables without fully qualified domain - names. For compatibility, please always add the -domain tag when - creating cookies. - 3. Fixed escape() method so that +'s are treated correctly. - 4. Updated CGI::Pretty module. - - Version 2.53 - - 1. Forgot to upgrade regression tests before releasing 2.52. NOTHING - ELSE HAS CHANGED IN LIBRARY - - Version 2.52 - - 1. Spurious newline in checkbox() routine removed. (courtesy John - Essen) - 2. TEXTAREA linebreaks now respected in dump() routine. (courtesy - John Essen) - 3. Patches for DOS ports (courtesy Robert Davies) - 4. Patches for VMS - 5. More fixes for cookie problems - 6. Fix CGI::Carp so that it doesn't affect eval{} blocks (courtesy - Byron Brummer) - - Version 2.51 - - 1. Fixed problems with cookies not being remembered when sent to IE - 5.0 (and Netscape 5.0 too?) - 2. Numerous HTML compliance problems in cgi_docs.html; fixed thanks - to Michael Leahy - - Version 2.50 - - 1. Added a new Vars() method to retrieve all parameters as a tied - hash. - 2. Untainted tainted tempfile name so that script doesn't fail on - terminal unlink. - 3. Made picking of upload tempfile name more intelligent so that - doesn't fail in case of name collision. - 4. Fixed handling of expire times when passed an absolute timestamp. - 5. Changed dump() to Dump() to avoid name clashes. - - Version 2.49 - - 1. Fixes for FastCGI (globals not getting reset) - 2. Fixed url() to correctly handle query string and path under - MOD_PERL - - Version 2.48 - - 1. Reverted detection of MOD_PERL to avoid breaking PerlEX. - - Version 2.47 - - 1. Patch to fix file upload bug appearing in IE 3.01 for - Macintosh/PowerPC. - 2. Replaced use of $ENV{SCRIPT_NAME} with $ENV{REQUEST_URI} when - running under Apache, to fix self-referencing URIs. - 3. Fixed bug in escapeHTML() which caused certain constructs, such as - CGI->image_button(), to fail. - 4. Fixed bug which caused strong('CGI') to fail. Be careful to use - CGI::strong('CGI') and not CGI->strong('CGI'). The latter will - produce confusing results. - 5. Added upload() function, as a preferred replacement for the - "filehandle as string" feature. - 6. Added cgi_error() function. - 7. Rewrote file upload handling to return undef rather than dieing - when an error is encountered. Be sure to call cgi_error() to find - out what went wrong. - - Version 2.46 - - 1. Fix for failure of the "include" tests under mod_perl - 2. Added end_multipart_form to prevent failures during qw(-compile - :all) - - Version 2.45 - - 1. Multiple small documentation fixes - 2. CGI::Pretty didn't get into 2.44. Fixed now. - - Version 2.44 - - 1. Fixed file descriptor leak in upload function. - 2. Fixed bug in header() that prevented fields from containing double - quotes. - 3. Added Brian Paulsen's CGI::Pretty package for pretty-printing - output HTML. - 4. Removed CGI::Apache and CGI::Switch from the distribution. - 5. Generated start_* shortcuts so that start_table(), end_table(), - start_ol(), end_ol(), and so forth now work (see the docs on how - to enable this feature). - 6. Changed accept() to Accept(), sub() to Sub(). There's still a - conflict with reset(), but this will break too many existing - scripts! - - Version 2.43 - - 1. Fixed problem with "use strict" and file uploads (thanks to Peter - Haworth) - 2. Fixed problem with not MSIE 3.01 for the power_mac not doing file - uploads right. - 3. Fixed problem with file upload on IIS 4.0 when authorization in - use. - 4. -content_type and '-content-type' can now be provided to header() - as synonyms for -type. - 5. CGI::Carp now escapes the ampersand BEFORE escaping the > and < - signs. - 6. Fixed "not an array reference" error when passing a hash reference - to radio_group(). - 7. Fixed non-removal of uploaded TMP files on NT platforms which - occurs when server runs on non-C drive (thanks to Steve Kilbane - for finding this one). - - Version 2.42 - - 1. Too many screams of anguish at changed behavior of url(). Is now - back to its old behavior by default, with options to generate all - the variants. - 2. Added regression tests. "make test" now works. - 3. Documentation fixes. - 4. Fixes for Macintosh uploads, but uploads STILL do not work pending - changes to MacPerl. - - Version 2.41 - - 1. url() method now includes the path info. Use script_name() to get - it without path info(). - 2. Changed handling of empty attributes in HTML tag generation. Be - warned! Use table({-border=>undef}) rather than - table({-border=>''}). - 3. Changes to allow uploaded filenames to be compared to other - strings with "eq", "cmp" and "ne". - 4. Changes to allow CGI.pm to coexist more peacefully with - ActiveState PerlEX. - 5. Changes to prevent exported variables from clashing when importing - ":all" set in combination with cookies. - - Version 2.40 - - 1. CGI::Carp patched to work better with mod_perl (thanks to Chris - Dean). - 2. Uploads of files whose names begin with numbers or the Windows - \\UNC\shared\file nomenclature should no longer fail. - 3. The <STYLE> tag (for cascading style sheets) now generates the - required TYPE attribute. - 4. Server push primitives added, thanks to Ed Jordan. - 5. Table and other HTML3 functions are now part of the :standard set. - 6. Small documentation fixes. - - TO DO: - 1. Do something about the DTD mess. The module should generate - correct DTDs, or at least offer the programmer a way to specify - the correct one. - 2. Split CGI.pm into CGI processing and HTML-generating modules. - 3. More robust file upload (?still not working on the Macintosh?). - 4. Bring in all the HTML4 functionality, particular the accessibility - features. - - Version 2.39 - - 1. file uploads failing because of VMS patch; fixed. - 2. -dtd parameter was not being properly processed. - - Version 2.38 - - I finally got tired of all the 2.37 betas and released 2.38. The main - difference between this version and the last 2.37 beta (2.37b30) are - some fixes for VMS. This should allow file upload to work properly on - all VMS Web servers. - - Version 2.37, various beta versions - - 1. Added a CGI::Cookie::parse() method for lucky mod_perl users. - 2. No longer need separate -values and -labels arguments for - multi-valued form elements. - 3. Added better interface to raw cookies (fix courtesy Ken Fox, - kfox@ford.com) - 4. Added param_fetch() function for direct access to parameter list. - 5. Fix to checkbox() to allow for multi-valued single checkboxes - (weird problem). - 6. Added a compile() method for those who want to compile without - importing. - 7. Documented the import pragmas a little better. - 8. Added a -compile switch to the use clause for the long-suffering - mod_perl and Perl compiler users. - 9. Fixed initialization routines so that FileHandle and type globs - work correctly (and hash initialization doesn't fail!). - 10. Better deletion of temporary files on NT systems. - 11. Added documentation on escape(), unescape(), unescapeHTML() and - unescapeHTML() subroutines. - 12. Added documentation on creating subclasses. - 13. Fixed problem when calling $self->SUPER::foo() from inheriting - subclasses. - 14. Fixed problem using filehandles from within subroutines. - 15. Fixed inability to use the string "CGI" as a parameter. - 16. Fixed exponentially growing $FILLUNIT bug - 17. Check for undef filehandle in read_from_client() - 18. Now requires the UNIVERSAL.pm module, present in Perl 5.003_7 or - higher. - 19. Fixed problem with uppercase-only parameters being ignored. - 20. Fixed vanishing cookie problem. - 21. Fixed warning in initialize_globals() under mod_perl. - 22. File uploads from Macintosh versions of MSIE should now work. - 23. Pragmas now preceded by dashes (-nph) rather than colons (:nph). - Old style is supported for backward compatibility. - 24. Can now pass arguments to all functions using {} brackets, - resolving historical inconsistencies. - 25. Removed autoloader warnings about absent MultipartBuffer::DESTROY. - 26. Fixed non-sticky checkbox() when -name used without -value. - 27. Hack to fix path_info() in IIS 2.0. Doesn't help with IIS 3.0. - 28. Parameter syntax for debugging from command line now more - straightforward. - 29. Added $DISABLE_UPLOAD to disable file uploads. - 30. Added $POST_MAX to error out if POSTings exceed some ceiling. - 31. Fixed url_param(), which wasn't working at all. - 32. Fixed variable suicide problem in s///e expressions, where the - autoloader was needed during evaluation. - 33. Removed excess spaces between elements of checkbox and radio - groups - 34. Can now create "valueless" submit buttons - 35. Can now set path_info as well as read it. - 36. ReadParse() now returns a useful function result. - 37. import_names() now allows you to optionally clear out the - namespace before importing (for mod_perl users) - 38. Made it possible to have a popup menu or radio button with a value - of "0". - 39. link() changed to Link() to avoid overriding native link function. - 40. Takes advantage of mod_perl's register_cleanup() function to clear - globals. - 41. <LAYER> and <ILAYER> added to :html3 functions. - 42. Fixed problems with private tempfiles and NT/IIS systems. - 43. No longer prints the DTD by default (I bet no one will complain). - 44. Allow underscores to replace internal hyphens in parameter names. - 45. CGI::Push supports heterogeneous MIME types and adjustable delays - between pages. - 46. url_param() method added for retrieving URL parameters even when a - fill-out form is POSTed. - 47. Got rid of warnings when radio_group() is called. - 48. Cookies now moved to their very own module. - 49. Fixed documentation bug in CGI::Fast. - 50. Added a :no_debug pragma to the import list. - - Version 2.36 - - 1. Expanded JavaScript functionality - 2. Preliminary support for cascading stylesheets - 3. Security fixes for file uploads: - + Module will bail out if its temporary file already exists - + Temporary files can now be made completely private to avoid - peeking by other users or CGI scripts. - 4. use CGI qw/:nph/ wasn't working correctly. Now it is. - 5. Cookie and HTTP date formats didn't meet spec. Thanks to Mark - Fisher (fisherm@indy.tce.com) for catching and fixing this. - - p - - Version 2.35 - - 1. Robustified multipart file upload against incorrect syntax in - POST. - 2. Fixed more problems with mod_perl. - 3. Added -noScript parameter to start_html(). - 4. Documentation fixes. - - Version 2.34 - - 1. Stupid typo fix - - Version 2.33 - - 1. Fixed a warning about an undefined environment variable. - 2. Doug's patch for redirect() under mod_perl - 3. Partial fix for busted inheritence from CGI::Apache - 4. Documentation fixes. - - Version 2.32 - - 1. Improved support for Apache's mod_perl. - 2. Changes to better support inheritance. - 3. Support for OS/2. - - Version 2.31 - - 1. New uploadInfo() method to obtain header information from uploaded - files. - 2. cookie() without any arguments returns all the cookies passed to a - script. - 3. Removed annoying warnings about $ENV{NPH} when running with the -w - switch. - 4. Removed operator overloading throughout to make compatible with - new versions of perl. - 5. -expires now implies the -date header, to avoid clock skew. - 6. WebSite passes cookies in $ENV{COOKIE} rather than - $ENV{HTTP_COOKIE}. We now handle this, even though it's O'Reilly's - fault. - 7. Tested successfully against new sfio I/O layer. - 8. Documentation fixes. - - Version 2.30 - - 1. Automatic detection of operating system at load time. - 2. Changed select() function to Select() in order to avoid conflict - with Perl built-in. - 3. Added Tr() as an alternative to TR(); some people think it looks - better that way. - 4. Fixed problem with autoloading of MultipartBuffer::DESTROY code. - 5. Added the following methods: - + virtual_host() - + server_software() - 6. Automatic NPH mode when running under Microsoft IIS server. - - Version 2.29 - - 1. Fixed cookie bugs - 2. Fixed problems that cropped up when useNamedParameters was set to - 1. - 3. Prevent CGI::Carp::fatalsToBrowser() from crapping out when - encountering a die() within an eval(). - 4. Fixed problems with filehandle initializers. - - Version 2.28 - - 1. Added support for NPH scripts; also fixes problems with Microsoft - IIS. - 2. Fixed a problem with checkbox() values not being correctly saved - and restored. - 3. Fixed a bug in which CGI objects created with empty string - initializers took on default values from earlier CGI objects. - 4. Documentation fixes. - - Version 2.27 - - 1. Small but important bug fix: the automatic capitalization of tag - attributes was accidentally capitalizing the VALUES as well as the - ATTRIBUTE names (oops). - - Version 2.26 - - 1. Changed behavior of scrolling_list(), checkbox() and - checkbox_group() methods so that defaults are honored correctly. - The "fix" causes endform() to generate additional <INPUT - TYPE="HIDDEN"> tags -- don't be surpised. - 2. Fixed bug involving the detection of the SSL protocol. - 3. Fixed documentation error in position of the -meta argument in - start_html(). - 4. HTML shortcuts now generate tags in ALL UPPERCASE. - 5. start_html() now generates correct SGML header: - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> - - 6. CGI::Carp no longer fails "use strict refs" pragma. - - Version 2.25 - - 1. Fixed bug that caused bad redirection on destination URLs with - arguments. - 2. Fixed bug involving use_named_parameters() followed by - start_multipart_form() - 3. Fixed bug that caused incorrect determination of binmode for - Macintosh. - 4. Spelling fixes on documentation. - - Version 2.24 - - 1. Fixed bug that caused generation of lousy HTML for some form - elements - 2. Fixed uploading bug in Windows NT - 3. Some code cleanup (not enough) - - Version 2.23 - - 1. Fixed an obscure bug that caused scripts to fail mysteriously. - 2. Fixed auto-caching bug. - 3. Fixed bug that prevented HTML shortcuts from passing taint checks. - 4. Fixed some -w warning problems. - - Version 2.22 - - 1. New CGI::Fast module for use with FastCGI protocol. See pod - documentation for details. - 2. Fixed problems with inheritance and autoloading. - 3. Added TR() (<tr>) and PARAM() (<param>) methods to list of - exported HTML tag-generating functions. - 4. Moved all CGI-related I/O to a bottleneck method so that this can - be overridden more easily in mod_perl (thanks to Doug MacEachern). - 5. put() method as substitute for print() for use in mod_perl. - 6. Fixed crash in tmpFileName() method. - 7. Added tmpFileName(), startform() and endform() to export list. - 8. Fixed problems with attributes in HTML shortcuts. - 9. Functions that don't actually need access to the CGI object now no - longer generate a default one. May speed things up slightly. - 10. Aesthetic improvements in generated HTML. - 11. New examples. - - Version 2.21 - - 1. Added the -meta argument to start_html(). - 2. Fixed hidden fields (again). - 3. Radio_group() and checkbox_group() now return an appropriate - scalar value when called in a scalar context, rather than - returning a numeric value! - 4. Cleaned up the formatting of form elements to avoid unesthetic - extra spaces within the attributes. - 5. HTML elements now correctly include the closing tag when - parameters are present but null: em('') - 6. Added password_field() to the export list. - - Version 2.20 - - 1. Dumped the SelfLoader because of problems with running with taint - checks and rolled my own. Performance is now significantly - improved. - 2. Added HTML shortcuts. - 3. import() now adheres to the Perl module conventions, allowing - CGI.pm to import any or all method names into the user's name - space. - 4. Added the ability to initialize CGI objects from strings and - associative arrays. - 5. Made it possible to initialize CGI objects with filehandle - references rather than filehandle strings. - 6. Added the delete_all() and append() methods. - 7. CGI objects correctly initialize from filehandles on NT/95 systems - now. - 8. Fixed the problem with binary file uploads on NT/95 systems. - 9. Fixed bug in redirect(). - 10. Added '-Window-target' parameter to redirect(). - 11. Fixed import_names() so that parameter names containing funny - characters work. - 12. Broke the unfortunate connection between cookie and CGI parameter - name space. - 13. Fixed problems with hidden fields whose values are 0. - 14. Cleaned up the documentation somewhat. - - Version 2.19 - - 1. Added cookie() support routines. - 2. Added -expires parameter to header(). - 3. Added cgi-lib.pl compatibility mode. - 4. Made the module more configurable for different operating systems. - 5. Fixed a dumb bug in JavaScript button() method. - - Version 2.18 - - 1. Fixed a bug that corrects a hang that occurs on some platforms - when processing file uploads. Unfortunately this disables the - check for bad Netscape uploads. - 2. Fixed bizarre problem involving the inability to process uploaded - files that begin with a non alphabetic character in the file name. - 3. Fixed a bug in the hidden fields involving the -override directive - being ignored when scalar defaults were passed. - 4. Added documentation on how to disable the SelfLoader features. - - Version 2.17 - - 1. Added support for the SelfLoader module. - 2. Added oodles of JavaScript support routines. - 3. Fixed bad bug in query_string() method that caused some parameters - to be silently dropped. - 4. Robustified file upload code to handle premature termination by - the client. - 5. Exported temporary file names on file upload. - 6. Removed spurious "uninitialized variable" warnings that appeared - when running under 5.002. - 7. Added the Carp.pm library to the standard distribution. - 8. Fixed a number of errors in this documentation, and probably added - a few more. - 9. Checkbox_group() and radio_group() now return the buttons as - arrays, so that you can incorporate the individual buttons into - specialized tables. - 10. Added the '-nolabels' option to checkbox_group() and - radio_group(). Probably should be added to all the other - HTML-generating routines. - 11. Added the url() method to recover the URL without the entire query - string appended. - 12. Added request_method() to list of environment variables available. - 13. Would you believe it? Fixed hidden fields again! - - Version 2.16 - - 1. Fixed hidden fields yet again. - 2. Fixed subtle problems in the file upload method that caused - intermittent failures (thanks to Keven Hendrick for this one). - 3. Made file upload more robust in the face of bizarre behavior by - the Macintosh and Windows Netscape clients. - 4. Moved the POD documentation to the bottom of the module at the - request of Stephen Dahmen. - 5. Added the -xbase parameter to the start_html() method, also at the - request of Stephen Dahmen. - 6. Added JavaScript form buttons at Stephen's request. I'm not sure - how to use this Netscape extension correctly, however, so for now - the form() method is in the module as an undocumented feature. Use - at your own risk! - - Version 2.15 - - 1. Added the -override parameter to all field-generating methods. - 2. Documented the user_name() and remote_user() methods. - 3. Fixed bugs that prevented empty strings from being recognized as - valid textfield contents. - 4. Documented the use of framesets and added a frameset example. - - Version 2.14 - - This was an internal experimental version that was never released. - - Version 2.13 - - 1. Fixed a bug that interfered with the value "0" being entered into - text fields. - - Version 2.01 - - 1. Added -rows and -columns to the radio and checkbox groups. No - doubt this will cause much grief because it seems to promise a - level of meta-organization that it doesn't actually provide. - 2. Fixed a bug in the redirect() method -- it was not truly HTTP/1.0 - compliant. - - Version 2.0 - - The changes seemed to touch every line of code, so I decided to bump - up the major version number. - 1. Support for named parameter style method calls. This turns out - to be a big win for extending CGI.pm when Netscape adds new HTML - "features". - 2. Changed behavior of hidden fields back to the correct "sticky" - behavior. This is going to break some programs, but it is for - the best in the long run. - 3. Netscape 2.0b2 broke the file upload feature. CGI.pm now handles - both 2.0b1 and 2.0b2-style uploading. It will probably break again - in 2.0b3. - 4. There were still problems with library being unable to distinguish - between a form being loaded for the first time, and a subsequent - loading with all fields blank. We now forcibly create a default - name for the Submit button (if not provided) so that there's - always at least one parameter. - 5. More workarounds to prevent annoying spurious warning messages - when run under the -w switch. -w is seriously broken in perl - 5.001! - - Version 1.57 - - 1. Support for the Netscape 2.0 "File upload" field. - 2. The handling of defaults for selected items in scrolling lists and - multiple checkboxes is now consistent. - - Version 1.56 - - 1. Created true "pod" documentation for the module. - 2. Cleaned up the code to avoid many of the spurious "use of - uninitialized variable" warnings when running with the -w switch. - 3. Added the autoEscape() method. v - 4. Added string interpolation of the CGI object. - 5. Added the ability to pass additional parameters to the <BODY> tag. - 6. Added the ability to specify the status code in the HTTP header. - - Bug fixes in version 1.55 - - 1. Every time self_url() was called, the parameter list would grow. - This was a bad "feature". - 2. Documented the fact that you can pass "-" to radio_group() in - order to prevent any button from being highlighted by default. - - Bug fixes in version 1.54 - - 1. The user_agent() method is now documented; - 2. A potential security hole in import() is now plugged. - 3. Changed name of import() to import_names() for compatibility with - CGI:: modules. - - Bug fixes in version 1.53 - - 1. Fixed several typos in the code that were causing the following - subroutines to fail in some circumstances - 1. checkbox() - 2. hidden() - 2. No features added - - New features added in version 1.52 - - 1. Added backslashing, quotation marks, and other shell-style escape - sequences to the parameters passed in during debugging off-line. - 2. Changed the way that the hidden() method works so that the default - value always overrides the current one. - 3. Improved the handling of sticky values in forms. It's now less - likely that sticky values will get stuck. - 4. If you call server_name(), script_name() and several other methods - when running offline, the methods now create "dummy" values to - work with. - - Bugs fixed in version 1.51 - - 1. param() when called without arguments was returning an array of - length 1 even when there were no parameters to be had. Bad bug! - Bad! - 2. The HTML code generated would break if input fields contained the - forbidden characters ">< or &. You can now use these characters - freely. - - New features added in version 1.50 - - 1. import() method allows all the parameters to be imported into a - namespace in one fell swoop. - 2. Parameters are now returned in the same order in which they were - defined. - - Bugs fixed in version 1.45 - - 1. delete() method didn't work correctly. This is now fixed. - 2. reset() method didn't allow you to set the name of the button. - Fixed. - - Bugs fixed in version 1.44 - - 1. self_url() didn't include the path information. This is now fixed. - - New features added in version 1.43 - - 1. Added the delete() method. - - New features added in version 1.42 - - 1. The image_button() method to create clickable images. - 2. A few bug fixes involving forms embedded in <PRE> blocks. - - New features added in version 1.4 - - 1. New header shortcut methods - + redirect() to create HTTP redirection messages. - + start_html() to create the HTML title, complete with the - recommended <LINK> tag that no one ever remembers to include. - + end_html() for completeness' sake. - 2. A new save() method that allows you to write out the state of an - script to a file or pipe. - 3. An improved version of the new() method that allows you to restore - the state of a script from a file or pipe. With (2) this gives you - dump and restore capabilities! (Wow, you can put a "121,931 - customers served" banner at the bottom of your pages!) - 4. A self_url() method that allows you to create state-maintaining - hypertext links. In addition to allowing you to maintain the state - of your scripts between invocations, this lets you work around a - problem that some browsers have when jumping to internal links in - a document that contains a form -- the form information gets lost. - 5. The user-visible labels in checkboxes, radio buttons, popup menus - and scrolling lists have now been decoupled from the values sent - to your CGI script. Your script can know a checkbox by the name of - "cb1" while the user knows it by a more descriptive name. I've - also added some parameters that were missing from the text fields, - such as MAXLENGTH. - 6. A whole bunch of methods have been added to get at environment - variables involved in user verification and other obscure - features. - - Bug fixes - - 1. The problems with the hidden fields have (I hope at last) been - fixed. - 2. You can create multiple query objects and they will all be - initialized correctly. This simplifies the creation of multiple - forms on one page. - 3. The URL unescaping code works correctly now. |