Commits on Jul 19, 2016
  1. Merge pull request #208 from kentfredric/metafixes

    leejo committed on GitHub Jul 19, 2016
  2. Specify META v2.0 Data Generation for test_requires

    Version 2 META is a minimum for working prereqs.test.requires
    This metadata trips the metadata source into being META 2.0
    and properly declares test_requires as test_requires instead of
    META 2.0 Spec requires some resources to be declared differently.
    kentfredric committed Jul 19, 2016
  3. Remove empty META_ADD rules.

    These META_ADD rules *override* the metadata that EUMM generates
    with TEST_REQUIRES, meaning that TEST_REQUIRES never turns up in
    META.yml or META.json.
    On recent enough EUMMs, TEST_REQUIRES still turn up in MYMETA.*
    during install time, despite this, so its not a complete loss.
    But these are static dependencies and should be forward-declared as such
    kentfredric committed Jul 19, 2016
  4. ref #207 - Revert "Makefile.PL PREREQ_PM absorb TEST_REQUIRES"

    This reverts commit cc18e3a.
    This is a regression for end users who use CPAN Clients that support
    --no-testing, as it means they can no longer elide test dependencies.
    An example of a failing testers can be seen at:

    The correct action is to either ignore the invalid cpantesters reports,
    or to pursue the issue with the smoker and fix it there.
    leejo committed Jul 19, 2016
Commits on Jul 6, 2016
  1. resolve #206 - clarify reason for absolute URLs

    in calls to ->redirect, namely that the final URL is resolved by
    the user agent and that might not do what the user (server) expects
    leejo committed Jul 6, 2016
Commits on Jun 22, 2016
  1. resolve #205 - make perldoc CGI object consistent

    with the use of $q all over the place rather than a mix of $query
    and $q
    leejo committed Jun 22, 2016
Commits on Jun 14, 2016
  1. resolve #204 - req v0.17 File::Temp in Makefile.PL

    upload.t calls $rawhandle->seek, but File::Temp did not start
    inheriting from IO::Seekable until version 0.17.
    bump VERSION and Change for CPAN release
    leejo committed Jun 14, 2016
Commits on Jun 9, 2016
  1. restore VERSION vars to libs

    otherwise CPAN won't index them... AAAAAAAAAAArrrrrrgggggghhhhhh
    Revert " bump VERSION and Changes for CPAN release v4.28"
    This reverts commit e35acfa.
    leejo committed Jun 9, 2016
Commits on Jun 8, 2016
  1. Merge pull request #203 from pangyre/master

    Add SameSite support to Cookie handling
    leejo committed Jun 8, 2016
Commits on May 22, 2016
  1. remove VERSION from CGI::Carp

    leejo committed May 22, 2016
  2. rename MultipartBuffer package to CGI::MultipartBuffer.

    solve some permissions issues and standardise on package names across
    the distribution (apart from Fh, which is a back compat thing only)
    MultipartBuffer was (is) an undocumented internal package so should
    not be in use anywhere, however this has been done in a way to ensure
    any $MultipartBuffer package variables are still set correctly in
    CGI::MultipartBuffer. if you are explicitly using MultipartBuffer in
    a form such as:
    your code will break. you should be calling:
    	CGI->new->new_MultipartBuffer( $boundary,$length );
    to ensure the correctly package is called. if you are extending the
    MultipartBuffer package though use of ISA or base (or parent) then you
    will need to update your code to use CGI::MultipartBuffer
    VERSION has been remove from all but the main CGI package because i'm
    sick of having to update umpteen VERSION variables on each release
    fake using strict and warnings to appease CPANTS Kwalitee
    leejo committed May 22, 2016
Commits on Apr 19, 2016
  1. Makefile.PL PREREQ_PM absorb TEST_REQUIRES

    as i'm seeing some cpantesters failures due to lacking Test::Warn
    despite having this in the TEST_REQUIRES section of Makefile.PL
    tested against perl-5.24.0-RC1 and all seems good
    leejo committed Apr 19, 2016
Commits on Mar 14, 2016
  1. resolve #201 - under %QUERY_PARAM

    in initialize_globals, keeps mod_perl environment clean and stops
    file uploads leaking
    leejo committed Mar 14, 2016
Commits on Mar 11, 2016
  1. improve test coverage on CGI::Carp

    includes some mocking of the Apache and Apache2 libs in t/ to make
    sure the various require statements don't die. add these to the
    leejo committed Mar 11, 2016
  2. ref #199, ref #200 - tweak regression martrix

    to add more combinations of where we get params from
    leejo committed Mar 11, 2016
  3. ref #199, ref #200 - regression matrix for requests

    check param and url_param for combinations of request types and
    content body/query string to make sure we don't suddenly start
    getting params from different places
    note the TODO - w/r/t #199 we can start supporting content body
    with DELETE but only if the $CGI::ALLOW_DELETE_CONTENT var is set
    leejo committed Mar 11, 2016
Commits on Mar 2, 2016
  1. fix a couple of warnings in test harness

    and skip if Test::Warn is not found for t/param_list_context.t as
    for some reason, even though this is in the Makefile.PL, some of
    the reports on show it failing due to this module
    not being installed
    bump Version and Changes for CPAN release
    leejo committed Mar 2, 2016
Commits on Mar 1, 2016
  1. Merge pull request #198 from dnmfarrell/master

    Taint mode blocks vulnerability
    leejo committed Mar 1, 2016
  2. Taint mode blocks vulnerability

    If filename is `ARG`, the while loop will call `open()` on every thing in `@ARG` creating a remote execution vulnerability. Enabling taint mode prevents this. See my [article]( for details.
    Another way to fix would be to use the double diamond operator `<<$file>>` will not call `open()`. But it requires Perl 5.22.0 or higher, which most people won't have.
    dnmfarrell committed Mar 1, 2016
Commits on Feb 18, 2016
  1. fix a warnings in STORE subroutine

         Use of uninitialized value $vals in index at (eval $i) line $j
    check $vals is defined before calling index on it, since the check
    is !=1 on the index function we can short circuit this (and fix the
    warning) if $vals is not defined
    leejo committed Feb 18, 2016
Commits on Feb 4, 2016
  1. resolve #196 - sort HTML attributes by default

    this was originally done via an undocumented flag in CGI::Util but
    is now the default. The HTML spec does not require attributes to be
    sorted, but it's useful for testing to get a predictable order back
    and also for anything that is watching HTML pages for changes. any
    overhead here is moot, this will not be your bottleneck.
    bump version and Changes for CPAN release
    leejo committed Feb 4, 2016
Commits on Jan 23, 2016
Commits on Dec 21, 2015
Commits on Dec 20, 2015
  1. Merge pull request #194 from Manwar/fix-link-to-CONTRIBUTING-file-in-…

    - Fixed link to the in the lib/CGI/HTML/Functions.pod
    leejo committed Dec 20, 2015
  2. clarify there are no deprecation warnings for HTML

    generation functions, hence "soft" deprecation
    leejo committed Dec 20, 2015
  3. resolve #193 - only warn once

    on ->param called in list context, as suggested by @dadamail

    leejo committed Dec 20, 2015
Commits on Dec 17, 2015
  1. Merge pull request #192 from Manwar/fix-link-to-CONTRIBUTING-file

    - Fixed link to the file on GitHub.
    leejo committed Dec 17, 2015