Randomise multipart boundary. Thanks to Yamada Masahiro.

lib/CGI/Simple.pm

@@ -1125,7 +1125,14 @@ sub multipart_init {
   my ( $self, @p ) = @_;
   use CGI::Simple::Util qw(rearrange);
   my ( $boundary, @other ) = rearrange( ['BOUNDARY'], @p );
-  $boundary = $boundary || '------- =_aaaaaaaaaa0';
+  if ( !$boundary ) {
+    $boundary = '------- =_';
+    my @chrs = ( '0' .. '9', 'A' .. 'Z', 'a' .. 'z' );
+    for ( 1 .. 17 ) {
+      $boundary .= $chrs[ rand( scalar @chrs ) ];
+    }
+  }
+
   my $CRLF = $self->crlf;    # get CRLF sequence
   my $warning
    = "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY.";

t/050.simple.t

@@ -945,10 +945,11 @@ $q = new CGI::Simple;
 $sv = $q->multipart_init();
 like(
   $sv,
-  qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_aaaaaaaaaa0"|,
+  qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_[a-zA-Z0-9]{17}"|,
   'multipart_init(), 1'
 );
-like( $sv, qr/--------- =_aaaaaaaaaa0$CRLF/, 'multipart_init(), 2' );
+like( $sv, qr/--------- =_[a-zA-Z0-9]{17}$CRLF/,
+  'multipart_init(), 2' );
 $sv = $q->multipart_init( 'this_is_the_boundary' );
 like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init(), 3' );
 $sv = $q->multipart_init( -boundary => 'this_is_another_boundary' );

t/070.standard.t

@@ -953,10 +953,12 @@ restore_parameters();
 $sv = multipart_init();
 like(
   $sv,
-  qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_aaaaaaaaaa0"|,
+  qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_[a-zA-Z0-9]{17}"|,
   'multipart_init(), 1'
 );
-like( $sv, qr/--------- =_aaaaaaaaaa0$CRLF/, 'multipart_init(), 2' );
+
+like( $sv, qr/--------- =_[a-zA-Z0-9]{17}$CRLF/,
+  'multipart_init(), 2' );
 $sv = multipart_init( 'this_is_the_boundary' );
 like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init(), 3' );
 $sv = multipart_init( -boundary => 'this_is_another_boundary' );