in reply to Re: Path to scriptname in start_form()
in thread Path to scriptname in start_form()

CGI.pm 2.99 is absolutely broken, thanks to a rushed patch to fix a cross-site scripting problem. 3.00 is fixed again, thanks to my corrected patch.

Do not use CGI.pm 2.99 (it's broken), or any version prior to 2.99 (it has a cross-site scripting hole).

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

  • Comment on •Re: Re: Path to scriptname in start_form()

In Section Seekers of Perl Wisdom