Re: "CGI::param called in list context" confusion

> how do I figure out if the code that throws these warnings is really vulnerable, how do I fix code that is?

warnings will show you a line number, if you are only expecting a scalar to be returned use scalar like Corion showed.

But if you really expect multi values from http for the same element you should look into CGI for recommended workaround.š

HTH! :)

Cheers Rolf
_{(addicted to the Perl Programming Language and ☆☆☆☆ :)}

PS: Je suis Charlie!

š) you can disable this warning by setting $CGI::LIST_CONTEXT_WARN to 0 or by using the multi_param() method instead

Comment on Re: "CGI::param called in list context" confusion

Replies are listed 'Best First'.
Re^2: "CGI::param called in list context" confusion by afoken (Chancellor) on Mar 19, 2015 at 17:29 UTC
you can disable this warning by setting $CGI::LIST_CONTEXT_WARN to 0 or by using the multi_param() method instead Nice to know, I wasn't aware of that change. But: I would have expected a big fat warning (or at least a hint) right at the top of the documentation of CGI.pm. There is a warning that CGI.pm is no longer part of the Perl core, and another one deprecating HTML generating functions, but no obvious hint for experienced CGI.pm v3.x users. Sure, I could have read the `Changes` file, but I would expect API changes like this one to be announced in the main documentation. To make things worse, the main documentation (still) has porting notes for the ancient cgi-lib.pl that hopefully nobody uses any more, but no notes for porting from the v3.x series to the v4.x series. Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply] [d/l]

Replies are listed 'Best First'.

Re^2: "CGI::param called in list context" confusion
by afoken (Chancellor) on Mar 19, 2015 at 17:29 UTC

you can disable this warning by setting $CGI::LIST_CONTEXT_WARN to 0 or by using the multi_param() method instead

Nice to know, I wasn't aware of that change.

But: I would have expected a big fat warning (or at least a hint) right at the top of the documentation of CGI.pm. There is a warning that CGI.pm is no longer part of the Perl core, and another one deprecating HTML generating functions, but no obvious hint for experienced CGI.pm v3.x users. Sure, I could have read the Changes file, but I would expect API changes like this one to be announced in the main documentation.

To make things worse, the main documentation (still) has porting notes for the ancient cgi-lib.pl that hopefully nobody uses any more, but no notes for porting from the v3.x series to the v4.x series.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

[reply]
[d/l]