Re: A serious security problem with CGI.pm 3.01?

According to the readme for version 3.03, version 3.* of CGI is in alpha. This probably means that it shouldn't be used in production code. I don't think that it is wise to upgrade yet until it's fully tested.

I suggest contacting Lincoln Stein by email and let him know.

Error: Keyboard not attached. Press F1 to continue.

Comment on Re: A serious security problem with CGI.pm 3.01?

Replies are listed 'Best First'.
Re: Re: A serious security problem with CGI.pm 3.01? by tachyon (Chancellor) on Jul 12, 2001 at 05:03 UTC
Thanks $code_or_die, didn't know that. Old saying "No read manual, no have clue". That probably explains my sysadmins reluctance to install it! I just worry about a broken method, he gets to worry about the whole system. I'm sure the problem just relates to a hand install but it seems odd to have moved this particular code into a module to me, especially as it is important. But then again, I have never found the coding style in CGI.pm all that transparent. I will give it a day or two to see what gets added here and would like to see for myself if you can generate a functional but broken CGI.pm 3.01 with a hand install and a fully functional one with a regular install before I pester Lincoln. cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print	[reply]

Replies are listed 'Best First'.

Re: Re: A serious security problem with CGI.pm 3.01?
by tachyon (Chancellor) on Jul 12, 2001 at 05:03 UTC

Thanks $code_or_die, didn't know that. Old saying "No read manual, no have clue". That probably explains my sysadmins reluctance to install it! I just worry about a broken method, he gets to worry about the whole system.

I'm sure the problem just relates to a hand install but it seems odd to have moved this particular code into a module to me, especially as it is important. But then again, I have never found the coding style in CGI.pm all that transparent. I will give it a day or two to see what gets added here and would like to see for myself if you can generate a functional but broken CGI.pm 3.01 with a hand install and a fully functional one with a regular install before I pester Lincoln.

cheers

tachyon

s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

[reply]