<br><br><div class="gmail_quote">On Tue, Feb 22, 2011 at 10:33, Jay Hannah <span dir="ltr"><<a href="mailto:jhannah@mutationgrid.com">jhannah@mutationgrid.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"> (In PHP "register_globals" has been deprecated sometime between 2002 and now.)</div></blockquote><div><br></div><div>I remember that - I always knew pulling in user-supplied variables automatically was a bad thing from a security standpoint. It's too easy to just pull them in and use them without actually knowing that they came from user (i.e. hacker) land.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
These change(s) wouldn't be listed in the Perl change log, they'd be noted in CGI's Changes file:<br>
<br>
<a href="http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.52/Changes" target="_blank">http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.52/Changes</a><br>
<br>
Which, strangely, doesn't list the date of each release (when was 2.50 released? maybe that was the change point for your behavior).<br>
</blockquote><div><br></div><div>Doh! Should have checked there too.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
RedHat deserves no fault nor credit for this change. :)</blockquote><div><br></div><div>None implied - there have been enough cooks in this kitchen that I'll place the blame on me/us first. And I think the param() method makes things a bit easier to read and follow.</div>
<div><br></div><div>Thanks,</div><div>Dan</div></div><br>-- <br>***************** ************* *********** ******* ***** *** **<br>"Quis custodiet ipsos custodes?"<br> (Who can watch the watchmen?)<br> -- from the Satires of Juvenal<br>
"I do not fear computers, I fear the lack of them."<br> -- Isaac Asimov (Author)<br>** *** ***** ******* *********** ************* *****************<br>