"Fossies" - the Fresh Open Source Software Archive

Member "CGI-Lite-3.02/CHANGES" (19 May 2018, 14336 Bytes) of package /linux/www/CGI-Lite-3.02.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "CHANGES": 3.01_vs_3.02.

    1 * v3.02 - 19th May 2018
    2 
    3 No changes from v3.01_02
    4 
    5 * v3.01_02 - 8th May 2018
    6 
    7 BUG FIX: Uploads on MSWin32 were not correctly converted if the first
    8     character of a buffer was LF. Changed regex to negative lookarounds.
    9 
   10 * v3.01_01 - 4th May 2018
   11 
   12 BUG FIX: Uploads could fail if n * buffer_size fell inside the boundary
   13     marker. Thanks pru-mike (PR 1). (possibly fixes issue 116670)
   14 
   15 BUG FIX: Changing the boundary marker for second and subsequent uploads
   16     causes errors. Thanks pru-mike (PR 1). (issue 125130)
   17 
   18 Test suite enhanced: now with Test::Vars (0.12) and fix of tmp filename
   19     race condition.
   20 
   21 * v3.01 - 10th December 2015
   22 
   23 No changes from v3.00_02
   24 
   25 * v3.00_02 - 27th November 2015
   26 
   27 Dual subs/methods have improved detection of how they have been called.
   28 
   29 Misc small documentation improvements.
   30 
   31 * v3.00_01 - 15th October 2015
   32 
   33 BUG FIX: Uploads with enctype "multipart/form-data" and at least one
   34     non-file param now process without warnings. (issue 107570)
   35 
   36 * v3.00 - 21st May 2015
   37 
   38 No changes from v2.99_04.
   39 
   40 * v2.99_04 (pre-release for 3.0) - 18th May 2015
   41 
   42 Uploaded files with duplicate field names are treated in the
   43 same ways as other data with duplicate field names.
   44 
   45 * v2.99_03 (pre-release for 3.0) - 5th April 2015
   46 
   47 BUG FIX: Additional change to forms.t to prevent MS Windows systems
   48     hanging. (issue 103315)
   49 
   50 * v2.99_02 (pre-release for 3.0) - 4th April 2015
   51 
   52 Added force_unique_cookies method and equivalent parsing code and tests.
   53 
   54 Improved test suite: better coverage, skipped failling tests for
   55 Microsoft systems which don't use/honour normal permissions, silenced
   56 noisy tests on older perls.
   57 
   58 * v2.99_01 (pre-release for 3.0) - 31st March 2015
   59 
   60 Source amended to pass perlcritic. String evals removed or replaced.
   61 Strictures added to module and examples. All filehandles are now
   62 lexicals. Consistent source formatting applied to module (perltidy).
   63 
   64 deny_uploads and set_size_limit added.
   65 
   66 All active public subroutines are now methods.
   67 
   68 print_cookie_data and print_form_data have been removed. They had been
   69 deprecated for well over a decade.
   70 
   71 escape_dangerous_chars has been removed. It has been considered a
   72 security risk since version 2.0.
   73 
   74 * v2.04_05 - 11th October 2014
   75 
   76 binmode forced on all file writes to avoid corruption when converting
   77 EOLs on MSWin32.
   78 
   79 * v2.04_04 - 8th October 2014
   80 
   81 Conversion section of _store() replaced to remove dependence on \K
   82 escape which was only introduced in perl 5.10.
   83 
   84 * v2.04_03 - Not released
   85 
   86 Upload tests fixed again to solve problems for MSWin32 users:
   87 binmode had been erroneously left off the inputs.
   88 
   89 Fixed generation of MYMETA/META files as spec 2.0 not yet supported
   90 in the local build environment.
   91 
   92 * v2.04_02 - 7th October 2014
   93 
   94 Upload tests fixed to solve two problems for MSWin32 users:
   95 permissions-based tests skipped and coversion algorithms for text MIME
   96 types improved.
   97 
   98 * v2.04_01 - 6th October 2014
   99 
  100 Full test coverage of non-deprecated features.
  101 
  102 BUG FIX: Multi-file uploads could break if the buffer end occured in the
  103     headers of one of the files. (issue 99294)
  104 
  105 BUG FIX: $cgi->set_platform ('macintosh') erroneously set platform to
  106     'PC' because the regex was not anchored to the start. 'macintosh'
  107     now results in platform 'Mac' as it should.
  108 
  109 Version control moved to git.
  110 
  111 Makefile.PL extended to include resources (where available).
  112 
  113 * v2.04 - 4th July 2014
  114 
  115 Minor documentation fixes and explanation of the proposed split into
  116 legacy/trunk branches. No code changes from 2.03_02.
  117 
  118 * v2.03_02 - 17th June 2014
  119 
  120 The uploads have had a minor change which may solve the windows size
  121 difference failures. More diagnostics were added to the failures if it
  122 does not.
  123 
  124 * v2.03_01 - 13th June 2014
  125 
  126 The test multi-part upload data in the test suite has been fixed to have
  127 the correct (CRLF) line terminators. These tests should now pass for
  128 Microsoft users.
  129 
  130 The documentation has been amended to reflect the change of maintainer.
  131 
  132 * v2.03 - 25th May 2014
  133 
  134 Maintainer change: Pete Houston has taken over maintenance from Smylers.
  135 
  136 A test suite has been created.
  137 
  138 BUG FIX: Cleared up some uninitialised value warnings emitted when query
  139 	strings are missing an entire key-value pair eg: "&foo=bar" (issue
  140 	38448).
  141 
  142 BUG FIX: If the user calls parse_form_data as a class method without a
  143 	query string, the method now gives up early and silently
  144 	(issue 6180).
  145 
  146 BUG FIX: In form-data uploads, the boundary string was not properly
  147 	escaped and therefore would not match when it contained
  148 	metacharacters (issue 29053).
  149 
  150 BUG FIX: The content type for url-encoded forms now matches on the MIME
  151 	type only, so additional charset fields are allowed (issues 16236,
  152 	34827 and 41666).
  153 
  154 BUG FIX: Leading/trailling whitespace is now stripped from cookie names
  155 	and values.
  156 
  157 BUG FIX: Cookies now no longer need to be separated by whitespace.
  158 	Commas can now be used as separators too. (issue 32329).
  159 
  160 BUG FIX: The semicolon is now a permitted delimiter in the query string
  161 	along with the ampersand (issue 8212).
  162 
  163 * v2.02 - May 18, 2003
  164 
  165 I've taken over CGI::Lite.  Thanks to Andreas for making the security release,
  166 and ensuring the transfer went so well.
  167 
  168 url_decode now interprets "+"s correctly, as encoded spaces.
  169 
  170 url_encode ensures that all hex-encodings are padded correctly, to 2 digits (so
  171 "%09" for a tab, not "%9").  The fake-encoding done on standard input when
  172 testing at the command-line has been fixed equivalently.
  173 
  174 url_encode also converts spaces to "+"s and emits hex characters in upper-case,
  175 since this what web-browsers seem to do.  Encoding is now performed on all but
  176 known-safe characters, rather listing all the characters believed to be in need
  177 of encoding.
  178 
  179 The internal method _decode_url_encoded_data now uses url_decode, rather than
  180 duplicating its content.
  181 
  182 Thanks to Aaron Crane for the above fixes.
  183 
  184 This file has been renamed from HISTORY to CHANGES, with the hope that that
  185 will make it show up on search.cpan.org.
  186 
  187 More development of this module is planned.  I'm making this release now to get
  188 those bug fixes available as soon as possible, and to get the hang of making a
  189 CPAN release.  Future changes will have tickets in the CPAN Request Tracker
  190 queue for this distribution.
  191 
  192 (The version number v2.01 has been skipped, to avoid possible confusion with
  193 v2.001.)
  194 
  195 Smylers <smylers@cpan.org> 
  196 
  197 
  198 * v2.001 - Feb 17, 2003
  199 
  200 This 2.001 release is just an emergency release that fixes the most urgent
  201 security need. It is not endorsed by the original author. It was put together
  202 by me after the advisory on the bugtraq mailing list:
  203 
  204   http://msgs.securepoint.com/cgi-bin/get/bugtraq0302/94.html
  205   
  206 Thanks to Ronald F. Guilmette for bringing up this issue.
  207 
  208 andreas koenig
  209 
  210 * v2.0 - Aug 20, 2000 b.d.low@ieee.org
  211 
  212 I (Ben Low) have assumed maintenance over CGI_Lite. First point of action 
  213 (and probably last, the module is quite stable both bug- and feature-wise :-) 
  214 is to change the name to fit in with perl's module naming conventions: 
  215 CGI_Lite is dead, long live CGI::Lite.
  216 
  217 * v1.9 - Jan 31, 1999; Apr 17, 2000 BDL
  218 
  219 Added parse_new_form_data(), for use under persistant applications 
  220 (e.g. FCGI, mod_perl). This function simply clears the CGI object's 
  221 state before calling parse_form_data().
  222 i.e. rather than creating a new CGI object for each request, you can 
  223 now write
  224   $CGI = new CGI_Lite;
  225   while (FCGI::accept > 0)
  226   {
  227       $Query = $CGI->parse_new_form_data();
  228       <process query>
  229   }
  230 
  231 Minor change in _decode_url_encoded_data() to avoid warnings when 
  232 no value is provided in the query. 
  233 
  234 All changes marked with "BDL". Ben Low <ben@snrc.uow.edu.au>
  235 
  236 * v1.8 - May 10, 1997
  237 
  238 Removed $` and $' from the code, and "optimized" an important regexp.
  239 As a result, the module is much more efficient. Fixed a minor bug in 
  240 multipart boundary parsing. Corrected an error when storing a key that 
  241 has multiple values which caused more than one array to be allocated. 
  242 Just a note: if you call get_multiple_values method with a scalar
  243 value, the method no longer returns an undef, but the value itself.
  244 
  245 As of this version, you can pass a request method (optional) to the 
  246 parse_form_data method. This gives you a bit more flexibility when 
  247 dealing with forms.
  248 
  249 The set_file_type method now works as it should. In earlier versions,
  250 CGI_Lite created "handles" in all cases. Added the close_all_files
  251 method to close uploaded files that are opened as a result of passing
  252 "handle" to set_file_type.
  253 
  254 The print_form_data and print_cookie_data are deprecated as of this
  255 version, but have not been removed (for compatibility reasons). It's 
  256 better to use the print_data method, which prints the key/value pairs 
  257 in the order they were parsed. As a side effect of this change,
  258 if you want to parse form data and cookies in an application,
  259 you have to create two instances of the CGI_Lite object, which
  260 only makes sense.
  261 
  262 Added the get_ordered_keys method which will return the list
  263 of _keys_ in the order in which they were parsed. Modified the
  264 wrap_textarea method; it now works properly.
  265 
  266 Also, added the add_mime_type, remove_mime_type and get_mime_types
  267 methods to deal with EOL translation based on MIME types. Added
  268 the filter_filename method to alter the way in which uploaded
  269 files are named. Added the add_timestamp method which allows you 
  270 to turn off timestamps on uploaded files. NOTE: CGI_Lite no longer 
  271 returns the full path of the uploaded file, but simply, the file name.
  272 
  273 Added a set of miscellaneous functions: browser_escape, url_encode,
  274 url_decode, is_dangerous, escape_dangerous_chars. CGI_Lite now handles
  275 errors better; you can use the newly implemented is_error, and 
  276 get_error_message methods. I've bought back the return_error
  277 method, which you can use to return errors to the browser and
  278 exit. However, this method no longer outputs the HTTP header,
  279 as it did in versions prior to v1.7.
  280 
  281 In addition, this version allows you to debug your CGI scripts
  282 "offline" by letting you pass query information through standard
  283 input. I got this idea from CGI.pm, though it's handled a bit
  284 differently. Thanks Lincoln!
  285 
  286 * v1.7 - December 28, 1996
  287 
  288 Maybe, I should release this version as 2.0 :-) There were a lot of 
  289 changes made:
  290 
  291     - *Totally* re-wrote the multipart form parsing algorithm. It's
  292       _much_ more efficient with large uploads. It still needs tweaking
  293       to remove the $` and $' -- maybe in the next release.
  294     - Multiple values per field are no longer returned as a null-character
  295       delimited string. Instead, a reference to an array is returned.
  296       You need to de-reference, or call the get_multiple_values method
  297       to get at the array. There was no way I could make this backward
  298       compatible. Please check your scripts, because a few might break.
  299       I apologize.
  300     - Fields containing more than one value in multipart forms are now
  301       handled correctly.      
  302     - Added the wrap_textarea method that allows you to neatly "wrap" 
  303       long strings.
  304     - You can now parse/decode cookies in much the same manner as forms.
  305     - When saving uploaded files, the module adds a timestamp. As of this
  306       version, the timestamp is added to the front of the file,
  307       as opposed to the end, so that file extensions are preserved.
  308       Note: this module makes no effort to URL decode the filename for
  309       security reasons.
  310     - Added the following new methods: set_buffer_size, parse_cookies,
  311       print_cookie_data, wrap_textarea, get_multiple_values and
  312       create_variables.
  313     - Removed the return_error subroutine and, instead, added _error,
  314       which dumps a message to STDERR and dies.
  315     - You can now install this module in a convenient manner. Also,
  316       fixed up the docs, moved this list of revisions from the module
  317       to a separate file, and added a directory with simple examples.
  318     - Fixed up numerous little bugs, including the "Use of uninitialized..."
  319       warnings.
  320 
  321 * v1.62 - January 17, 1996
  322 
  323 Modified the parse_multipart_data subroutine so that it
  324 returns the name of the file as the filehandle -- if set_file_type
  325 function is called with the "handle" parameter.
  326 
  327 Added the function determine_package to determine the 
  328 calling package.
  329 
  330 * v1.61 - January 1, 1996
  331 
  332 Fixed a minor bug that resulted in end of line characters being removed
  333 from certain binary files.
  334 
  335 * v1.6 - December 30, 1995
  336 
  337 Added code to handle other header information that the browser might
  338 send after the "Content-Disposition" header.
  339 
  340 Added set_platform function so that uploaded text files display
  341 properly.
  342 
  343 The function set_file_type no longer returns a status.
  344 
  345 Fixed spacing within code.
  346 
  347 * v1.5 - November 13, 1995
  348 
  349 Corrected two major bugs that caused several fields to be lost (when
  350 the fields before them were either too small or too large).
  351 
  352 Added code to make sure that there are no "\r\n" characters in the
  353 regular form fields. Textarea elements and fields that contain uploaded
  354 information from different platforms (i.e Macintosh and PC) will
  355 contain "\r" characters.
  356 
  357 * v1.4 - October 15, 1995
  358 
  359 Added pod style documentation. Now you can see this manual page by doing
  360 the following:
  361 
  362     pod2man CGI_Lite.pm | nroff -man | more
  363 
  364 Also, modified the parse_form_data method so that it can return
  365 the actual associative array (if called within an array context).
  366 
  367 * v1.3 - October 12, 1995
  368 
  369 Completely modified the parse_multipart_data method. It no longer
  370 reads the multipart message line by line, but rather in small size
  371 blocks (or "chunks"). This also eliminated a major bug that caused
  372 Netscape to hang.
  373 
  374 Since some browsers do not send a "\r\n" character string at the end
  375 of header lines, the parse_multipart_data method conditionally checks
  376 for and removes them. This also allows you to emulate a multipart/form-data
  377 request by storing a sample request in a file and piping it to your program:
  378 
  379     cat multipart.txt | test.pl
  380 
  381 * v1.2 - October 12, 1995
  382 
  383 Added the set_file_type method to return filehandles for the stored
  384 files.
  385 
  386 * v1.1 - October 10, 1995
  387 
  388 The environment variable CONTENT_TYPE is used to determine the type of
  389 encoding scheme. In v1.0, the body of the POST request was parsed.
  390 
  391 This module no longer outputs an error message if an invalid directory
  392 is passed to the set_directory method. Instead, it returns a status
  393 of 0 to indicate failure.
  394 
  395 * v1.0 - September 26, 1995
  396 
  397 Initial Release
  398