[cgiapp] $CGI::LIST_CONTEXT_WARN in CGI::App
Justin J
justin at dadamailproject.com
Thu Mar 5 13:54:31 EST 2015
Hello everyone,
I've been working on closing the bug/vulnerability/annoyance described here:
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/
in my CGI::App. For the most part, it's relatively straightforward. I'm having trouble with one module: HTML::FillInForm::Lite, that seems to cause the following warning to be printed in my error log:
[Thu Mar 5 11:46:12 2015] app.cgi: CGI::param called in list context from package HTML::FillInForm::Lite line 373, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at [yadda yadda]
There doesn't seemed to be a patched version of this module. Is there a way to set the $CGI::LIST_CONTEXT_WARN from within CGI::App? This does assume that CGI.pm is the query object used. Would this generally be a Good Idea?:
$app->query()->LIST_CONTEXT_WARN = 0;
# Do my HTML::FillinForm::Lite Work…
$app->query()->LIST_CONTEXT_WARN = 1;
--
Justin J: Lead Dadaist.
url: http://dadamailproject.com
email: justin at dadamailproject.com
twitter: @dadamail
skype: leaddadaist
Dada Mail Announcements:
http://dadamailproject.com/cgi-bin/dada/mail.cgi/list/dada_announce/
More information about the cgiapp
mailing list