[Omaha.pm] Change in CGI.pm from 5.8 to 5.10...?

Dan Linder dan at linder.org
Tue Feb 22 08:46:54 PST 2011


On Tue, Feb 22, 2011 at 10:33, Jay Hannah <jhannah at mutationgrid.com> wrote:

>   (In PHP "register_globals" has been deprecated sometime between 2002 and
> now.)
>

I remember that - I always knew pulling in user-supplied variables
automatically was a bad thing from a security standpoint.  It's too easy to
just pull them in and use them without actually knowing that they came from
user (i.e. hacker) land.


> These change(s) wouldn't be listed in the Perl change log, they'd be noted
> in CGI's Changes file:
>
>   http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.52/Changes
>
> Which, strangely, doesn't list the date of each release (when was 2.50
> released? maybe that was the change point for your behavior).
>

Doh!  Should have checked there too.


> RedHat deserves no fault nor credit for this change.   :)


None implied - there have been enough cooks in this kitchen that I'll place
the blame on me/us first.  And I think the param() method makes things a bit
easier to read and follow.

Thanks,
Dan

-- 
***************** ************* *********** ******* ***** *** **
"Quis custodiet ipsos custodes?"
    (Who can watch the watchmen?)
    -- from the Satires of Juvenal
"I do not fear computers, I fear the lack of them."
    -- Isaac Asimov (Author)
** *** ***** ******* *********** ************* *****************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/omaha-pm/attachments/20110222/f190fa86/attachment.html>


More information about the Omaha-pm mailing list