14.53 2021-06-03 2 3 [ FIX ] 4 - fix typo in passing of max-age to CGI::Cookie (GH #247) 5 64.52 2021-05-04 7 8 [ FIX ] 9 - sort hash keys for deterministic behaviour (GH #245, GH #246) 10 114.51 2020-10-01 12 13 [ DOCUMENTATION ] 14 - Document support for SameSite=None cookies in CGI::Cookie (GH #244) 15 164.50 2020-06-22 17 18 [ ENHANCEMENT ] 19 - Add APPEND_QUERY_STRING option (GH #243, thanks to stevenh) 20 214.49 2020-06-08 22 23 [ FIX ] 24 - remove deprecation warning as no longer in core (GH #221) 25 264.48 2020-06-02 27 28 [ FIX ] 29 - fix CGI::Cookie->bake() doesn't work with mod_perl redirects (GH #240) 30 - thanks to sherrardb for the PR (GH #241) 31 324.47 2020-05-01 33 34 [ FIX / TESTING ] 35 - fix typo in variable name (GH #239) 36 374.46 2020-02-03 38 39 [ DOCUMENTATION ] 40 - Document support for SameSite=None cookies (GH #238) 41 424.45 2019-06-03 43 44 [ ENHANCEMENT ] 45 - Add support for SameSite=None cookies (GH #237, thanks to Dur09) 46 474.44 2019-06-03 48 49 [ ENHANCEMENT ] 50 - Replace only use of "base" with "parent" (GH #235) 51 524.43 2019-05-01 53 54 [ FIX / TESTING ] 55 - support unquoted multipart/form-data name values (GH #234) 56 574.42 2019-03-26 58 59 [ DOCUMENTATION ] 60 - clarify licence also in Makefile.PL (GH #232) 61 624.41 2019-03-26 63 64 [ DOCUMENTATION ] 65 - clarify licence (GH #232) 66 674.40 2018-08-15 68 69 [ FIX / TESTING ] 70 - support perls < 5.10.1 in Makefile.PL by being more dynamic 71 (GH #229, GH #230, thanks to Aristotle) 72 734.39 2018-08-13 74 75 [ FIX / TESTING ] 76 - specify CONFIGURE_REQUIRES in Makefile.PL so can use TEST_REQUIRES 77 to build with older perls (GH #228) 78 794.38 2017-12-01 80 81 [ TESTING ] 82 - command_line.t: Avoid -I for libs (GH #224, thanks to cpansprout) 83 844.37 2017-11-01 85 86 [ FIX ] 87 - Fix incorrect quoting of ? in ->url (GH #112, GH #222, with 88 thanks to Reuben Thomas) 89 904.36 2017-03-29 91 92 [ ENHANCEMENT ] 93 - Support PATCH HTTP method (thanks to GovtGeek for the... patch) 94 - pass through max_age and samesite to CGI::Cookie->new in the call 95 in CGI->cookie (GH #220) 96 97 [ FIX ] 98 - skip t/command_line.t on windows as it doesn't work 99 1004.35 2016-10-13 101 102 [ FIX ] 103 - revert changes from 4.34 as they broke stuff 104 105 1064.34 2016-10-13 107 108 [ ENHANCEMENT ] 109 - If running from the command line, url_param now picks up 110 parameters given on then command line or on stdin (GH #210) 111 112 [ DOCUMENTATION ] 113 - documentation for above addition 114 1154.33 2016-09-16 116 117 [ DOCUMENTATION ] 118 - clarify that ->param will return the first value if there are 119 multiple values (when not called in list context) 120 1214.32 2016-07-19 122 123 [ DOCUMENTATION ] 124 - make perldoc CGI object consistent (GH #205) 125 - clarify reason for absolute URLs (GH #206) 126 127 [ INTERNALS ] 128 - tweak dependency defs in Makefile.PL (GH #207, GH #208) 129 - (thanks to karenetheridge and kentfredric) 130 1314.31 2016-06-14 132 133 [ FEATURES ] 134 - Add SameSite support to Cookie handling (thanks to pangyre) 135 136 [ INTERNALS ] 137 - The MultipartBuffer package has been renamed to CGI::MultipartBuffer. 138 This has been done in a way to ensure any $MultipartBuffer package 139 variables are still set correctly in CGI::MultipartBuffer. if you are 140 explicitly using MultipartBuffer in a form such as: 141 142 MultipartBuffer->new 143 144 your code will break. you should be calling: 145 146 CGI->new->new_MultipartBuffer( $boundary,$length ); 147 148 to ensure the correctly package is called. if you are extending the 149 MultipartBuffer package though use of ISA or base (or parent) then you 150 will need to update your code to use CGI::MultipartBuffer 151 152 - fake using strict and warnings to appease CPANTS Kwalitee 153 154 - require File::Temp v0.17+ to get seekable file handles (GH #204) 155 1564.28 2016-03-14 157 158 [ RELEASE NOTES ] 159 - please see v4.21 Changes for any potentially impacting changes 160 161 [ SPEC / BUG FIXES ] 162 - undef %QUERY_PARAM in initialize_globals to clean mod_perl env 163 164 [ TESTING ] 165 - improve test coverage on request types (GH #199, GH #200) 166 - improve test coverage on CGI::Carp 167 1684.27 2016-03-02 169 170 [ RELEASE NOTES ] 171 - please see v4.21 Changes for any potentially impacting changes 172 173 [ INTERNALS ] 174 - fix a couple of warnings in test harness 175 - add taint flag to example file_upload 176 - fix a warnings in STORE subroutine 177 1784.26 2016-02-04 179 180 [ RELEASE NOTES ] 181 - please see v4.21 Changes for any potentially impacting changes 182 183 [ SPEC / BUG FIXES ] 184 - sort HTML attributes by default (GH #106, GH #196) 185 186 [ DOCUMENTATION ] 187 - clarifications about HTML function non removal 188 1894.25 2015-12-17 190 191 [ RELEASE NOTES ] 192 - please see v4.21 Changes for any potentially impacting changes 193 194 [ DOCUMENTATION ] 195 - fix link to CONTRIBUTING file (thanks to Manwar for the fix) 196 - clarify that "soft" deprecation means that the HTML functions 197 are deprecated but will not raise any deprecation warnings 198 199 [ SPEC / BUG FIXES ] 200 - make the list context warning only happen once per process (or 201 thread) to prevent excessive log noise in long running or in 202 persistent processes (thanks to @dadamail for the suggestion) 203 2044.23 2015-12-17 205 206 [ RELEASE NOTES ] 207 - Documentation fixes only - please see v4.21 Changes for any potentially 208 impacting changes 209 210 [ DOCUMENTATION ] 211 - add LICENSE file and LICENSE info to Makefile.PL 212 2134.22 2015-10-16 214 215 [ RELEASE NOTES ] 216 - Documentation fixes only - please see v4.21 Changes for any potentially 217 impacting changes 218 219 [ DOCUMENTATION ] 220 - fix typos in CONTRIBUTING file 221 - links to docs, stackoverflow and perlmonks 222 - clarify deprecation policy on HTML functions (GH #188) 223 - mention HTML::Tiny in CGI::HTML::Functions (thanks to osfameron for 224 the suggestion) 225 2264.21 2015-06-16 227 228 [ RELEASE NOTES ] 229 - CGI.pm is now considered "done". See also "mature" and "legacy" 230 Features requests and non-critical issues will be outright rejected. 231 The module is now in maintenance mode for critical issues only. 232 233 - This release removes the AUTOLOAD and compile optimisations from CGI.pm 234 that were introduced into CGI.pm twenty (20) years ago as a response to 235 its large size, which meant there was a significant compile time penalty. 236 237 - This optimisation is no longer relevant and makes the code difficult to 238 deal with as well as making test coverage metrics incorrect. Benchmarks 239 show that advantages of AUTOLOAD / lazy loading / deferred compile are 240 less than 0.05s, which will be dwarfed by just about any meaningful code 241 in a cgi script. If this is an issue for you then you should look at 242 running CGI.pm in a persistent environment (FCGI, etc) 243 244 - To offset some of the time added by removing the AUTOLOAD functionality 245 the dependencies have been made runtime rather than compile time. The 246 POD has also been split into its own file. CGI.pm now contains around 247 4000 lines of code, which compared to some modules on CPAN isn't really 248 that much 249 250 - This essentially deprecates the -compile pragma and ->compile method. The 251 -compile pragma will no longer do anything, whereas the ->compile method 252 will raise a deprecation warning. More importantly this also REMOVES the 253 -any pragma because as per the documentation this pragma needed to be 254 "used with care or not at all" and allowing arbitrary HTML tags is almost 255 certainly a bad idea. If you are using the -any pragma and using arbitrary 256 tags (or have typo's in your code) your code will *BREAK* 257 258 - Although this release should be back compatible (with the exception of any 259 code using the -any pragma) you are encouraged to test it throughly as if 260 you are doing anything out of the ordinary with CGI.pm (i.e. have bugs 261 that may have been masked by the AUTOLOAD feature) you may see some issues. 262 263 - References: GH #162, GH #137, GH #164 264 265 [ SPEC / BUG FIXES ] 266 - make the list context warning in param show the filename rather than 267 the package so we have more information on exactly where the warning 268 has been raised from (GH #171) 269 - correct self_url when PATH_INFO and SCRIPT_NAME are the same but we 270 are not running under IIS (GH #176) 271 - Add the multi_param method to :cgi export (thanks to xblitz for the patch 272 and tests. GH #167) 273 - Fix warning for lack of HTTP_USER_AGENT in CGI::Carp (GH #168) 274 - Fix imports when called from CGI::Fast, restores the import of CGI functions 275 into the callers namespace for users of CGI::Fast (GH leejo/cgi-fast#11 and 276 GH leejo/cgi-fast#12) 277 - Fix regression of tmpFileName when calling with a plain string (GH #178, 278 thanks to Simon McVittie for the report and fix) 279 280 [ FEATURES ] 281 - CGI::Carp now has $CGI::Carp::FULL_PATH for displaying the full path to the 282 offending script in error messages 283 - CGI now has env_query_string() for getting the value of QUERY_STRING from 284 the environment and not that fiddled with by CGI.pm (which is what 285 query_string() does) (GH #161) 286 - CGI::ENCODE_ENTITIES var added to control which chracters are encoded by 287 the call to the HTML::Entities module - defaults to &<>"' (GH #157 - the 288 \x8b and \x9b chars have been removed from this list as we are concerned 289 more about unicode compat these days than old browser support.) 290 291 [ DOCUMENTATION ] 292 - Fix some typos (GH #173, GH #174) 293 - All *documentation* for HTML functionality in CGI has been moved into 294 its own namespace: CGI::HTML::Functions - although the functionality 295 continues to exist within CGI.pm so there are no code changes required 296 (GH #142) 297 - Add missing documentation for env variable fetching routines (GH #163) 298 299 [ TESTING ] 300 - Increase test coverage (GH #3) 301 302 [ INTERNALS ] 303 - Cwd made a TEST_REQUIRES rather than a BUILD_REQUIRES in Makefile.PL 304 (GH #170) 305 - AutoloadClass variables have been removed as AUTOLOAD was removed in 306 v4.14 so these are no longer necessary (GH #172 thanks to alexmv) 307 - Remove dependency on constant - internal DEBUG, XHTML_DTD and EBCDIC 308 constants changes to $_DEBUG, $_XHTML_DTD, and $_EBCDIC 309 3104.13 2014-12-18 311 312 [ RELEASE NOTES ] 313 - CGI::Pretty is now DEPRECATED and will be removed in a future release. 314 Please see GH #162 (https://github.com/leejo/CGI.pm/issues/162) for more 315 information and discussion (also GH #140 for HTML function deprecation 316 discussion: https://github.com/leejo/CGI.pm/issues/140) 317 318 [ TESTING ] 319 - fix t\rt-84767.t for failures on Win32 platforms related to file paths 320 3214.11 2014-12-02 322 323 [ SPEC / BUG FIXES ] 324 - more hash key ordering bugs fixed in HTML attribute output (GH #158, 325 thanks to Marcus Meissner for the patch and test case) 326 327 [ REFACTORING ] 328 - escapeHTML (and unescapeHTML) have been refactored to use the functions 329 exported by the HTML::Entities module (GH #157) 330 - change BUILD_REQUIRES to TEST_REQUIRES in Makefile.PL as these are test 331 dependencies not build dependencies (GH #159) 332 333 [ DOCUMENTATION ] 334 - replace any remaining uses of indirect object notation (new Object) with 335 the safer Object->new syntax (GH #156) 336 3374.10 2014-11-27 338 339 [ SPEC / BUG FIXES ] 340 - favour -content-type arg in header if -type and -charset options are also 341 passed in (GH #155, thanks to kaoru for the test case). this change also 342 sorts the hash keys in the rearrange method in CGI::Util meaning the order 343 of the arrangement will always be the same for params that have multiple 344 aliases. really you shouldn't be passing in multiple aliases, but this will 345 make it consistent should you do that 346 347 [ DOCUMENTATION ] 348 - fix some typos 349 3504.09 2014-10-21 351 352 [ RELEASE NOTES ] 353 - with this release the large backlog of issues against CGI.pm has been 354 cleared. All fixes have been made in the versions 4.00 and above so if 355 you are upgrading from 3.* you should thoroughly test your code against 356 recent versions of CGI.pm 357 - an effort has been made to retain back compatibility against previous 358 versions of CGI.pm for any fixes made, however some changes related to 359 the handling of temporary files may have consequences for your code 360 - please refer to the RELEASE NOTES for version 4.00 and above for all 361 recent changes and file an issue on github if there has been a regression. 362 - please do *NOT* file issues regarding HTML generating functions, these 363 are no longer being maintained (see perldoc for rationale) 364 365 [ SPEC / BUG FIXES ] 366 - tweak url to DTRT when the web server is IIS (RT #89827 / GH #152) 367 - fix temporary file handling when dealing with multiple files in MIME uploads 368 (GH #154, thanks to GeJ for the test case) 369 3704.08 2014-10-18 371 372 [ DOCUMENTATION ] 373 - note that calling headers without a -charset may lead to a nonsensical 374 charset being added to certain content types due to the default and the 375 workaround 376 - remove documentation stating that calls to escapeHTML with a changed 377 charset force numeric encoding of all characters, because that does not 378 happen 379 - documentation tweaks for calling param() in list context and the addition 380 of multi_param() 381 382 [ SPEC / BUG FIXES ] 383 - don't sub out PATH_INFO in url if PATH_INFO is the same as SCRIPT_NAME 384 (RT #89827) 385 - add multi_param() method to allow calling of param() in list context 386 without having to disable the $LIST_CONTEXT_WARN flag (see RELEASE NOTES 387 for version 4.05 on why calling param() in list context could be a bad 388 thing) 389 3904.07 2014-10-12 391 392 [ RELEASE NOTES ] 393 - please see changes for v4.05 394 395 [ TESTING ] 396 - typo and POD fixes, add test to check POD and compiles 397 3984.06 2014-10-10 399 400 [ RELEASE NOTES ] 401 - please see changes for v4.05 402 403 [ DOCUMENTATION ] 404 - make warning on list context call of ->param more lenient and don't 405 warn if called with no arguments 406 4074.05 2014-10-08 408 409 [ RELEASE NOTES ] 410 - this release includes *significant* refactoring of temporary file 411 handling in CGI.pm. See "Changes in temporary file handling" in perldoc 412 413 - this release adds a warning for when the param method is called 414 in list context, see the Warning in the perldoc for the section 415 "Fetching the value or values of a single named parameter" for why 416 this has been added and how to disable this warning 417 418 [ DOCUMENTATION ] 419 - change AUTHOR INFORMATION to LICENSE to please Kwalitee 420 421 [ TESTING ] 422 - t/arbitrary_handles.t to check need for patch in RT #54055, it 423 turns out there is no need - the first argument to CGI->new can 424 be an arbitrary handle 425 - add test case for incorrect unescaping of redirect headers 426 (RT #61120) 427 - add tests for the handle method (RT #85074, thanks to TONYC@cpan.org) 428 429 [ SPEC / BUG FIXES ] 430 - don't set binmode on STDOUT/STDERR/STDIN if a none standard layer 431 is already set on them on none UNIX platforms (RT #57524) 432 - make XForms:Model data accesible through POSTDATA/PUTDATA param 433 (RT #75628) 434 - prevent corruption of POSTDATA/PUTDATA when -utf8 flag is used and use 435 tempfiles to handle this data (RT #79102, thanks anonymous) 436 - unescape request URI *after* having removed the query string to prevent 437 removal of ? chars that are part of the original URI (and were encoded) 438 (RT #83265) 439 - fix q( to qq( in CGI::Carp so $@ is correct interpolated (RT #83360) 440 - don't call ->query_string in url unless -query is passed (RT #87790) 441 (optimisation and fits the current documented behaviour) 442 4434.04 2014-09-04 444 445 [ RELEASE NOTES ] 446 - this release removes some long deprecated modules/functions and 447 includes refactoring to the temporary file handling in CGI.pm. if 448 you are doing anything out of the ordinary with regards to temp 449 files you should test your code before deploying this update as 450 temp files may no longer be stored in previously used locations 451 452 [ REMOVED / DEPRECATIONS ] 453 - startform and endform methods removed (previously deprecated, you 454 should be using the start_form and end_form methods) 455 - both CGI::Apache and CGI::Switch have been removed as these modules 456 1) have been deprecated for *years*, and 2) do nothing whatsoever 457 458 [ SPEC / BUG FIXES ] 459 - handle multiple values in X-Forwarded-Host header, we follow the 460 logic in most other frameworks and take the last value from the list 461 (RT #54487) 462 - reverse the order of TEMP dir placement for WINDOWS: TEMP > TMP > WINDIR 463 (RT #71799, thanks to jeff@math.tntech.edu), this returns the behaviour 464 to pre e24d04e9bc5fda7722444b02fec135d8cc2ff488 but with the undefined 465 fix still in place 466 - refactor CGITempFile::find_tempdir to use File::Spec->tmpdir 467 (related: RT #71799) 468 - fix warnings when QUERY_STRING has empty key=value pairs (RT #54511) 469 - pad custom 500 status response messages to > 512 for MSIE (RT #81946) 470 - make Vars tied hash delete method return the value deleted from the hash 471 making it act like perl's delete (RT #51020) 472 473 [ TESTING ] 474 - add .travis.yml (https://travis-ci.org) 475 - test case for RT #53966 - disallow filenames with ~ char 476 - test case for RT #55166 - calling Vars to get the filename does not return 477 a filehandle, so this cannot be used in the call to uploadinfo, also 478 update documentation for the uploadInfo to show that ->Vars should not be 479 used to get the filename for this method 480 - fix t/url.t to pass on Win32 platforms that have the SCRIPT_NAME env 481 variable set (RT #89992) 482 - add procedural call tests for upload and uploadInfo to confirm these work 483 as should (RT #91136) 484 485 [ DOCUMENTATION ] 486 - tweak perldoc for -utf8 option (RT #54341, thanks to Helmut Richter) 487 - explain the HTML generation functions should no longer be used and that 488 they may be deprecated in a future release 489 4904.03 2014-07-02 491 492 [ REMOVED / DEPRECATIONS ] 493 - the -multiple option to popup_menu is now IGNORED as this did not 494 function correctly. If you require a menu with multiple selections 495 use the scrolling_list method. (RT #30057) 496 497 [ SPEC / BUG FIXES ] 498 - support redirects in mod_perl2, or fall back to using env variable 499 for up to 5 redirects, when getting the query string (RT #36312) 500 - CGI::Cookie now correctly supports the -max-age argument, previously 501 if this was passed the value of the -expires argument would be used 502 meaning there was no way to supply *only* this argument (RT #50576) 503 - make :all actually import all methods, except for :cgi-lib, and add 504 :ssl to the :standard import (RT #70337) 505 506 [ DOCUMENTATION ] 507 - clarify documentation regarding query_string method (RT #48370) 508 - links fixed in some perldoc (Thanks to Michiel Beijen) 509 510 [ TESTING ] 511 - add t/changes.t for testing this Changes file 512 - test case for RT #31107 confirming multipart parsing is to spec 513 - improve t/rt-52469.t by adding a timeout check 514 5154.02 2014-06-09 516 517 [ NEW FEATURES ] 518 - CGI::Carp learns noTimestamp / $CGI::Carp::NO_TIMESTAMP to prevent 519 timestamp in messages (RT #82364, EDAVIS@cpan.org) 520 - multipart_init and multipart_start learn -charset option (RT #22737) 521 522 [ SPEC / BUG FIXES ] 523 - Support multiple cookies when passing an ARRAY ref with -set-cookie 524 (RT #15065, JWILLIAMS@cpan.org) 525 526 [ DOCUMENTATION ] 527 - Made licencing information consistent and remove duplicate comments 528 about licence details, corrected location to report bugs (RT #38285) 529 5304.01 2014-05-27 531 532 [ DOCUMENTATION ] 533 - CGI.pm hasn't been removed from core *just* yet, but will be soon: 534 http://perl5.git.perl.org/perl.git/commitdiff/e9fa5a80 535 5364.00 2014-05-22 537 538 [ INTERNALS ] 539 - CGI::Fast split out into its own distribution, related files and tests removed 540 - developer test added for building with perlbrew 541 542 [ DOCUMENTATION ] 543 - Update perldoc to explain that CGI.pm has been removed from perl core 544 - Make =head2 perldoc less shouty (RT #91140) 545 - Tickets migrated from RT to github issues (both CGI and CGI.pm distributions) 546 - Repointing bugtracker at newly forked github repo and note that Lee Johnson 547 is the current maintainer. 548 - Bump version to 4.00 for clear boundary of above changes 549 550Version 3.65 Feb 11, 2014 551 552 [INTERNALS] 553 - Update Makefile to refine where CGI.pm gets installed 554 (Thanks to bingo, rjbs: https://github.com/markstos/CGI.pm/pull/30) 555 556Version 3.64 Nov 23, 2013 557 558 [BUG FIXES] 559 - Avoid warning about "undefined variable in user_agent in some cases (RT#72882) 560 561 [INTERNALS] 562 - Avoiding warning about "unitialized value" in when calling user_agent() in some cases. (RT#72882, perl@max-maurer.de) 563 - Update minimum required version in Makefile.PL to 5.8.1. It had already been 564 updated to 5.8.1 in the CGI.pm module in 3.53. 565 - Fix POD errors reported by newer pod2man (Thanks to jmdh) 566 - Typo fixes, (dsteinbrunner). 567 - use deprecate.pm on perls 5.19.0 and later. (rjbs). 568 569 [DOCUMENTATION] 570 - Update CGI::Cookie docs to reflect that HttpOnly is widely supported now. 571 572 573Version 3.63 Nov 12, 2012 574 575 [SECURITY] 576 - CR escaping for Set-Cookie and P3P headers was improved. There was potential 577 for newline injection in these headers. 578 (Thanks to anazawa, https://github.com/markstos/CGI.pm/pull/23) 579 580Version 3.62, Nov 9th, 2012 581 582 [INTERNALS] 583 - Changed how the deprecated endform function was defined for compatibility 584 with the development version of Perl. 585 - Fix failures in t/tmpdir.t when run as root 586 https://github.com/markstos/CGI.pm/issues/22, RT#80659) 587 588 - Made it possible to force a sorted order for things like hash 589 attributes so that tests are not dependent on a particular hash 590 ordering. This will be required in modern perls which will 591 change the ordering per process. (Yves, RT#80659) 592 593Version 3.61 Nov 2nd, 2012 594 595 (No code changes) 596 597 [INTERNALS] 598 - formatting of CGI::Carp documentation was improved. Thanks to benkasminbullock. 599 - un-TODO some tests in t/tmpdir.t that were passing in most cases. 600 More on this: 601 https://github.com/markstos/CGI.pm/issues/19# 602 https://github.com/markstos/CGI.pm/commit/cc73dc9807b0fabb56b3cdf1a9726588b2eda0f7 603 604Version 3.60 Aug 15th, 2012 605 606 [BUG FIXES] 607 - In some caes, When unescapeHTML() hit something it didn't recognize with an ampersand and 608 and semicolon, it would throw away the semicolon and ampersand. It now does a better job. 609 of preserving content it doesn't recognize. Thanks to CEBJYRE@cpan.org (RT#75595) 610 - Remove trailing newline after <form> tag inserted by startform and start_form. It can 611 cause rendering problems in some cases. Thanks to SJOHNSTON@cpan.org (RT#67719) 612 - Workaround "Insecure Dependency" warning generated by some versions of Perl (RT#53733). 613 Thanks to degatcpan@ntlworld.com, klchu@lbl.gov and Anonymous Monk 614 615 [DOCUMENTATION] 616 - Clarify that when -status is used, the human-readable phase should be included, per RFC 2616. 617 Thanks to SREZIC@cpan.org (RT#76691). 618 619 [INTERNALS] 620 - More tests for header(), thanks to Ryo Anazawa. 621 - t/url.t has been fixed on VMS. Thanks to cberry@cpan.org (RT#72380) 622 - MANIFEST patched so that t/multipart_init.t is included again. Thanks to shay@cpan.org (RT#76189) 623 624Version 3.59 Dec 29th, 2011 625 626 [BUG FIXES] 627 - We no longer read from STDIN when the Content-Length is not set, preventing 628 requests with no Content-Length from freezing in some cases. This is consistent 629 with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old 630 behavior may have been expected by some command-line uses of CGI.pm. 631 Thanks to Philip Potter and Yanick Champoux. See RT#52469 for details: 632 https://rt.cpan.org/Public/Bug/Display.html?id=52469 633 634 [INTERNALS] 635 - remove tmpdirs more aggressively. Thanks to rjbs (RT#73288) 636 - use Text::ParseWords instead of ancient shellwords.pl. Thanks to AlexBio. 637 - remove use of define(@arr). Thanks to rjbs. 638 - spelling fixes. Thanks to Gregor Herrmann and Alessandro Ghedini. 639 - fix test count and warning in t/fast.t. Thanks to Yanick. 640 641Version 3.58 Nov 11th, 2011 642 643 [DOCUMENTATION] 644 - Clarify that using query_string() only has defined behavior when using the GET method. (RT#60813) 645 646Version 3.57 Nov 9th, 2011 647 [INTERNALS] 648 - test failure in t/fast.t introduced in 3.56 is fixed. (Thanks to zefram and chansen). 649 - Test::More requirement has been bumped to 0.98 650 651Version 3.56 Nov 8th, 2011 652 653 [SECURITY] 654 Use public and documented FCGI.pm API in CGI::Fast 655 CGI::Fast was using an FCGI API that was deprecated and removed from 656 documentation more than ten years ago. Usage of this deprecated API with 657 FCGI >= 0.70 or FCGI <= 0.73 introduces a security issue. 658 <https://rt.cpan.org/Public/Bug/Display.html?id=68380> 659 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766> 660 (Thanks to chansen) 661 662 [INTERNALS] 663 - tmp files are now cleaned up on VMS ( RT#69210, thanks to cberry@cpan.org ) 664 - Fixed test failure: done_testing() added to url.t (Thanks to Ryan Jendoubi) 665 - Clarify preferred bug submission location in docs, and note that Mark Stosberg 666 is the current maintainer. 667 668Version 3.55 June 3rd, 2011 669 670 [THINGS THAT MAY BREAK YOUR CODE] 671 url() was fixed to return "PATH_INFO" when it is explicitly requested 672 with either the path=>1 or path_info=>1 flag. 673 674 If your code is running under mod_rewrite (or compatible) and you are calling self_url() or 675 you are calling url() and passing path_info=>1, These methods will actually be 676 returning PATH_INFO now, as you have explicitly requested, or has self_url() 677 has requested on your behalf. 678 679 The PATH_INFO has been omitted in such URLs since the issue was introduced 680 in the 3.12 release in December, 2005. 681 682 This bug is so old your application may have come to depend on it or 683 workaround it. Check for application before upgrading to this release. 684 685 Examples of affected method calls: 686 687 $q->url(-absolute => 1, -query => 1, -path_info => 1 ) 688 $q->url(-path=>1) 689 $q->url(-full=>1,-path=>1) 690 $q->url(-rewrite=>1,-path=>1) 691 $q->self_url(); 692 693Version 3.54, Apr 28, 2011 694 No code changes 695 696 [INTERNALS] 697 - Address test failures in t/tmpdir.t, thanks to Niko Tyni. 698 Some tests here are failing on some platforms and have been marked as TODO. 699 700Version 3.53, Apr 25, 2011 701 702 [NEW FEATURES] 703 - The DELETE HTTP verb is now supported. 704 (RT#52614, James Robson, Eduardo Ari�o de la Rubia) 705 706 [INTERNALS] 707 - Correct t/tmpdir.t MANIFEST entry. (RT#64949) 708 - Update minimum required Perl version to be Perl 5.8.1, which 709 has been out since 2003. This allows us to drop some hacks 710 and exceptions (Mark Stosberg) 711 712Version 3.52, Jan 24, 2011 713 714 [DOCUMENTATION] 715 - The documentation for multi-line header handling was been updated to reflect 716 the changes in 3.51. (Mark Stosberg, ntyni@iki.fi) 717 718 [INTERNALS] 719 - Add missing t/tmpfile.t file. (RT#64949) 720 - Fix warning in t/cookie.t (RT#64570, Chris Williams, Rainer Tammer, Mark Stosberg) 721 - Fixed logic bug in t/multipart_init.t (RT#64261, Niko Tyni) 722 723Version 3.51, Jan 5, 2011 724 725 [NEW FEATURES] 726 - A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to explicitly 727 exclude a particular scope from triggering printing to the browser when 728 fatatlsToBrowser is set. (RT#62783, Thanks to papowell) 729 - The <script> tag now supports the "charset" attribute. 730 (RT#62907, Thanks to Fabrice Metge) 731 - In CGI::Cookie, "Max-Age" is now supported for better spec compliance. 732 (Mark Stosberg) 733 734 [BUG FIXES] 735 - Setting charset() now works for all content types, not just "text/*". 736 (RT#57945, Thanks to Yanick and Gerv.) 737 - support for user temporary directories ($HOME/tmp) was commented out 738 in 2.61 but the documentation wasn't updated (Peter Gervai, Niko Tyni) 739 - setting $CGITempFile::TMPDIRECTORY before loading CGI.pm has been 740 working but undocumented since 3.12 (which listed it in Changes as 741 $CGI::TMPDIRECTORY) (Peter Gervai, Niko Tyni) 742 - unfortunately the previous change broke the runtime check for looking 743 for a new temporary directory if the current one suddenly became 744 unwritable (Peter Gervai, Niko Tyni) 745 - A bug was fixed in CGI::Carp triggered by certain death cases in 746 the BEGIN phase of parent classes. 747 (RT#57224, Thanks to UNERA, Yanick Champoux, Mark Stosberg) 748 - CGI::Cookie->new() now follows the documentation and returns undef 749 if the -name and -value args aren't provided. This new behavior is also 750 consistent with the docs and code of CGI::Simple::Cookie. (Mark Stosberg) 751 - CGI::Cookie->parse() now trims leading and trailing whitespace from cookie 752 elements as intended. The change also makes this part of the parsing 753 identical to CGI::Simple::Cookie (Mark Stosberg) 754 - Temp file handling was improved (RT#62762) 755 756 [SECURITY] 757 - Further improvements have been made to guard against newline injections 758 in headers. (Thanks to Max Kanat-Alexander, Yanick Champoux, Mark Stosberg) 759 760 [PERFORMANCE] 761 - Make EBCDIC a compile-time constant so there's zero overhead (and less 762 compiled code) in subroutines that test for it. (Tim Bunce) 763 - If you just want to use CGI::Cookie, CGI.pm will no longer be loaded 764 unless you call the bake() method, which requires it. (Mark Stosberg) 765 766 [DOCUMENTATION] 767 - quit referring to the <link> tag as being "rarely used". (Victor Sanders) 768 - typo and whitespace fixes (RT#62785, thanks to scop@cpan.org) 769 - The -dtd argument to start_html() is now documented 770 (RT#60473, Thanks to giecrilj and steve@fisharerojo.org) 771 - CGI::Carp doc are updated to reflect that it can work with mod_perl 2.0. 772 - when creating a temporary file in the directory fails, the error message 773 could indicate the root of the problem better (Peter Gervai, Niko Tyni) 774 775 [INTERNALS] 776 - Re-fixing https test in http.t. (RT#54768, thanks to SPROUT) 777 - param_fetch no longer triggers a warning when called with no arguments (ysth, Mark Stosberg) 778 779Version 3.50, Nov 8, 2010 780 781 [SECURITY] 782 1. The MIME boundary in multipart_init is now random. 783 Thanks to Byron Jones, Masahiro Yamada, Reed Loden, and Mark Stosberg 784 2. Further improvements to handling of newlines embedded in header values. 785 An exception is thrown if header values contain invalid newlines. 786 Thanks to Michal Zalewski, Max Kanat-Alexander, Yanick Champoux, 787 Lincoln Stein, Fr�d�ric Buclin and Mark Stosberg 788 789 [DOCUMENTATION] 790 1. Correcting/clarifying documentation for param_fetch(). Thanks to 791 Ren�e B�cker. (RT#59132) 792 793 [INTERNALS] 794 1. Fixing https test in http.t. (RT#54768) 795 2. Tests were added for multipart_init(). Thanks to Mark Stosberg and CGI::Simple. 796 797Version 3.49, Feb 5th, 2010 798 799 [BUG FIXES] 800 1. Fix a regression since 3.44 involving a case when the header includes "Content-Length: 0". 801 Thanks to Alex Vandiver (RT#51109) 802 2. Suppress uninitialized warnings under -w. Thanks to burak. (RT#50301) 803 3. url() now uses virtual_port() instead of server_port(). Thanks to MKANAT and Yanick Champoux. (RT#51562) 804 4. CGI::Carp now properly handles stringifiable objects, like Exception::Class throws (RT#39904) 805 806 [SECURITY] 807 1. embedded newlines are now filtered out of header values in header(). 808 Thanks to Mark Stosberg and Yanick Champoux. 809 810 [DOCUMENTATION] 811 1. README was updated to reflect that CGI.pm was moved under ./lib. 812 Thanks to Alex Vandiver. 813 814 [INTERNALS] 815 1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485) 816 2. Attempt to avoid test failures with t/fast, thanks to Steve Hay. (RT#49599) 817 818Version 3.48, Sep 25, 2009 819 820 [BUG FIXES] 821 1. <optgroup> default values are now properly escaped. 822 Thanks to #raleigh.pm and Mark Stosberg. (RT#49606) 823 2. The change to exception handling in CGI::Carp introduced in 3.47 has been 824 reverted for now. It caused regressions reported in RT#49630. 825 Thanks to mkanat for the report. 826 827 [DOCUMENTATION] 828 1. Documentation for upload() has been overhauled, thanks to Mark Stosberg. 829 2. Documentation for tmpFileName has been added. Thanks to Mark Stosberg and Nathaniel K. Smith. 830 3. URLS were updated, thanks to Leon Brocard and Yanick Champoux. (RT#49770) 831 832 [INTERNALS] 833 1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485) 834 835Version 3.47, Sep 9, 2009 836 837 No code changes. 838 839 [INTERNALS] 840 Re-release of 3.46, which did not contain a proper MANIFEST 841 842Version 3.46 843 844 [BUG FIXES] 845 1. In CGI::Pretty, we no longer add line breaks after tags we claim not to format. Thanks to rrt, Bob Kuo and 846 and Mark Stosberg. (RT#42114). 847 2. unescapeHTML() no longer falsely recognizes certain text as entities. Thanks to Pete Gamanche, Mark Stosberg 848 and Bob Kuo. (RT#39122) 849 3. checkbox_group() now correctly includes a space before the "checked" attribute. 850 Thanks to Andrew Speer and Bob Kuo. (RT#36583) 851 4. Fix case-sensitivity in http() and https() according to docs. Make https() 852 return list of keys in list context. Thanks to riQyRoe and Rhesa Rozendaal. (RT#12909) 853 5. XHTML is now automatically disabled for HTML 4, as well as HTML 2 and HTML 3. Thanks to 854 Dan Harkless and Yanick Champoux. (RT#27907) 855 6. Pre-compiling 'end_form' with ':form' switch now works. Thanks to ryochin and Yanick Champoux. (RT#41530) 856 7. Empty name/values pairs are now properly saved and restored from filehandles. Thanks to rlucas and 857 Rhesa Rozendaal (RT#13158) 858 8. Some differences between startform() and start_form() have been fixed. Thanks to Slaven Rezic and 859 Shawn Corey. (RT#22046) 860 9. url_param() has been updated to be more consistent with the documentation and param(). 861 Thanks to Britton Kerin and Yanick Campoux. (RT#43587) 862 10.hidden() now correctly supports multiple default values. 863 Thanks to david@dierauer.net and Russell Jenkins. (RT#20436) 864 11.Calling CGI->new() no longer clobbers the value of $_ in the current scope. 865 Thanks to Alexey Tourbin, Bob Kuo and Mark Stosberg. (RT#25131) 866 12.UTF-8 params should not get double-decoded now. 867 Thanks to Yves, Bodo, Burak G�rsoy, and Michael Schout. (RT#19913) 868 13.We now give objects passed to CGI::Carp::die a chance to be stringified. 869 Thanks to teek and Yanick Champoux (RT#41530) 870 14.Turning off autoEscape() now only affects the behavior of built-in HTML 871 generation fuctions. Explicit calls to escapeHTML() always escape HTML regardless 872 of the setting. Thanks to vindex, Bob Kuo and Mark Stosberg (RT#40748) 873 15.In CGI::Fast, preferences set via pragmas are now preserved. 874 Thanks to heinst and Mark Stosberg (RT#32119) 875 876 [DOCUMENTATION] 877 1. remote_addr() is now documented. Thanks to Yanick Champoux. (RT#38884) 878 2. In CGI::Pretty in the list of tags left unformatted was updated to match the code. Thanks to Mark Stosberg. (RT#42114) 879 3. In CGI::Pretty, performance concerns are now documented. Thanks to Jochen, Rhesa Rozendaal and Mark Stosberg (RT#13223) 880 4. A number of outdated Netscape references have been removed. Thanks to Mark Stosberg. 881 5. The documentation has been purged of examples of using indirect object notation. Thanks to Mark Stosberg. 882 6. Some POD formatting was fixed. Thanks to Dave Mitchell (RT#48935). 883 7. Docs and examples were updated to highlight start_form instead of startform. 884 Thanks to Slaven Rezic. 885 8. Note that CGI::Carp::carpout() doesn't work with in-memory filehandles. 886 Thanks to rhubbell and Mark Stosberg. 887 9. The documentation for the -newstyle_urls is now less confusing. 888 Thanks to Ryan Tate and Mark Stosberg (RT#49454) 889 890 [INTERNALS] 891 1. Quit bundling an ancient copy of Test::More and and using a custom 'lib' path for the tests. Instead, Test::More 892 is now a dependency. Thanks to Ansgar and Mark Stosberg (RT#48811) 893 2. Automated tests for hidden() have been added, thanks to Russel Jenkins and Mark Stosberg (RT#20436) 894 3. t/util.t has been updated to use Test::More instead of a home-grown test function. Thanks to Bob Kuo. 895 896Version 3.45, Aug 14, 2009 897 898 [BUG FIXES] 899 1. Prevent warnings about "uninitialized values" for REQUEST_URI, HTTP_USER_AGENT and other environment variables. 900 Patches by Callum Gibson, heiko and Mark Stosberg. (RT#24684, RT#29065) 901 2. Avoid death in some cases when running under Taint mode on Windows. 902 Patch by Peter Hancock (RT#43796) 903 3. Allow 0 to be used as a default value in popup_menu(). This was broken starting in 3.37. 904 Thanks to Haze, who was the first to report this and supply a patch, and pfschill, who pinpointed 905 when the bug was introduced. A regression test for this was also added. (RT#37908) 906 4. Allow "+" as a valid character in file names, which fixes temp file creation on OS X Leopard. 907 Thanks to Andy Armstrong, and alech for patches. (RT#30504) 908 5. Set binmode() on the Netware platform, thanks to Guenter Knauf (RT#27455) 909 6. Don't allow a CGI::Carp error handler to die recursively. Print a warning and exit instead. 910 Thanks to Marc Chantreux. (RT#45956) 911 7. The Dump() method now is fixed to escape HTML properly. Thanks to Mark Stosberg (RT#21341) 912 8. Support for <optgroup> with scrolling_list() now works the same way as it does for popup_menu(). 913 Thanks to Stuart Johnston (RT#30097) 914 9. CGI::Pretty now works properly when $" is set to ''. Thanks to Jim Keenan (RT#12401) 915 10. Fix crash when used in combination with PerlEx::DBI. Thanks to Burak G�rsoy (RT#19902) 916 917 [DOCUMENTATION] 918 1. Several typos were fixed, Thanks to ambs. (RT#41105) 919 2. A typo related to the nosticky pragma was fixed, thanks to Britton Kerin. (RT#43220) 920 3. examples/nph-clock.cgi is now more portable, by calling localtime() rather than `/bin/date`, 921 thanks to Guenter Knauf. (RT#27456). 922 4. In CGI::Carp, the SEE ALSO section was cleaned up, thanks to Slaven Rezic. (RT#32769) 923 5. The docs for redirect() were updated to reflect that most headers are 924 ignored during redirection. Thanks to Mark Stosberg (RT#44911) 925 926 [INTERNALS] 927 1. New t/unescapeHTML.t test script has been added. It includes a TODO test for a pre-existing 928 bug which could use a patch. Thanks to Pete Gamache and Mark Stosberg (RT#39122) 929 2. New test scripts have been added for user_agent(), popup_menu() and query_string(), scrolling_list() and Dump() 930 Thanks to Mark Stosberg and Stuart Johnston. (RT#37908, RT#43006, RT#21341, RT#30097) 931 3. CGI::Carp and CGI::Util have been updated to have non-developer version numbers. 932 Thanks to Slaven Rezic. (RT#48425) 933 4. CGI::Switch and CGI::Apache now properly set their VERSION in their own name space. 934 Thanks to Alexey Tourbin (RT#11941,RT#11942) 935 936Version 3.44, Jul 30, 2009 937 938 1. Patch from Kurt Jaeger to allow HTTP PUT even if the content length is unknown. 939 2. Patch from Pavel merdin to fix a problem for one of the FireFox addons. 940 3. Fixed issue in mod_perl & fastCGI environment of cookies returned from 941 CGI->cookie() leaking from one session to another. 942 943Version 3.43, Apr 06, 2009 944 945 1. Documentation patch from MARKSTOS@cpan.org to replace all occurrences of 946 "new CGI" with CGI->new()" to reflect best perl practices. 947 2. Patch from Stepan Kasal to fix utf-8 related problems in perl 5.10 948 949Version 3.42, Sep 08, 2008 950 951 1. Added patch from Renee Baecker that makes it possible to subclass 952 CGI::Pretty. 953 2. Added patch from Nicholas Clark to allow ~ characters in temporary directories. 954 3. Added patch from Renee Baecker that fixes the inappropriate escaping of fields 955 in multipart headers. 956 957Version 3.41, Aug 25, 2008 958 959 1. Fix url() returning incorrect path when query string contains escaped newline. 960 2. Added additional windows temporary directories and environment variables, courtesy patch from Renee Baecker 961 3. Added a handle() method to the lightweight upload 962 filehandles. This method returns a real IO::Handle object. 963 4. Added patch from Tony Vanlingen to fix deep recursion warnings in CGI::Pretty. 964 965Version 3.40, Aug 06, 2008 966 967 1. Fixed CGI::Fast docs to eliminate references to a "special" 968 version of Perl. 969 2. Makefile.PL now depends on FCGI so that CGI::Fast installs properly. 970 3. Fix script_name() call from Stephane Chazelas. 971 972Version 3.39, Jun 29, 2008 973 974 1. Fixed regression in "exists" function when using tied interface to CGI via $q->Vars. 975 976Version 3.38, Jun 25, 2008 977 978 1. Fix annoying warning in http://rt.cpan.org/Ticket/Display.html?id=34551 979 2. Added nobr() function http://rt.cpan.org/Ticket/Display.html?id=35377 980 3. popup_menu() allows multiple items to be selected by default, satisfying 981 http://rt.cpan.org/Ticket/Display.html?id=35376 982 4. Patch from Renee Backer to avoid doubled <http-equiv> headers. 983 5. Fixed documentation bug that describes what happens when a 984 parameter is empty (e.g. "?test1="). 985 6. Fixed minor warning described at http://rt.cpan.org/Public/Bug/Display.html?id=36435 986 7. Fixed overlap of attribute and parameter space described in http://rt.perl.org/rt3//Ticket/Display.html?id=24294 987 988Version 3.37, Apr 22, 2008 989 990 1. Fix pragmas so that they persist over modperl invocations (e.g. RT 34761) 991 2. Fixed handling of chunked multipart uploads; thanks to Michael Bernhardt 992 who reported and fixed the problem. 993 994Version 3.36 995 996 1. Fix CGI::Cookie to support cookies that are separated by "," instead of ";". 997 998Version 3.35, Mar 27, 2008 999 1000 1. Resync with bleadperl, primarily fixing a bug in parsing semicolons in uploaded filenames. 1001 1002Version 3.34, Mar 18, 2008 1003 1004 1. Handle Unicode %uXXXX escapes properly -- patch from DANKOGAI@cpan.org 1005 2. Fix url() method to not choke on path names that contain regex characters. 1006 1007Version 3.33, Jan 02, 2008 1008 1009 1. Remove uninit variable warning when calling url(-relative=>1) 1010 2. Fix uninit variable warnings for two lc calls 1011 3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10 1012 1013Version 3.32, Dec 27, 2007 1014 1015 1. Patch from Miguel Santinho to prevent sending premature headers under mod_perl 2.0 1016 1017Version 3.31, Nov 30, 2007 1018 1019 1. Patch from Xavier Robin so that CGI::Carp issues a 500 Status code rather than a 200 status code. 1020 2. Patch from Alexander Klink to select correct temporary directory in OSX Leopard so that upload works. 1021 3. Possibly fixed "wrapped pack" error on 5.10 and higher. 1022 1023Version 3.30 1024 1025 1. Patch from Mike Barry to handle POSTDATA in the same way as PUT. 1026 2. Patch from Rafael Garcia-Suarez to correctly reencode unicode values as byte values. 1027 1028Version 3.29, Apr 16, 2007 1029 1030 1. The position of file handles is now reset to zero when CGI->new is called. 1031 (Mark Stosberg) 1032 2. uploadInfo() now works across multiple object instances. Also, the first 1033 tests for uploadInfo() were added as part of the fix. (CPAN bug 11895, with 1034 contributions from drfrench and Mark Stosberg). 1035 1036Version 3.28, Mar 29, 2007 1037 1038 1. Applied patch from Allen Day that makes Cookie parsing RFC2109 compliant 1039 (attribute/values can be separated by commas as well as semicolons). 1040 2. Applied patch from Stephan Struckmann that allows script_name() to be set correctly. 1041 3. Fixed problem with url(-full) in which port number appears twice. 1042 1043Version 3.27, Feb 27, 2007 1044 1045 1. Applied patch from Steve Taylor that allows checkbox_groups to be 1046 disabled with a new -disabled=> option. 1047 1048Version 3.26 1049 1050 1. Fixed alternate stylesheet behavior so that it is insensitive to order of declarations. 1051 2. Patch from John Binns to allow users to provide a callback to CGI::Carp. 1052 3. Added "~" as an unreserved character in escape(). 1053 4. Patch from Chris Fedde to prevent HTTP_HOST from inhibiting SERVER_PORT in url() generation. 1054 5. Fixed outdated documentation (and behavior) of -language in start_html -script option. 1055 6. Fixed bug in seconds calculation in CGI::Util::expire_calc. 1056 1057Version 3.25, Sep 28, 2006 1058 1059 1. Fixed the link to the Netscape frames page. 1060 2. Added ability to specify an alternate stylesheet. 1061 3. Add support for XForms POST submssion both as application/xml or as multipart/related 1062 1063Version 3.24 1064 1065 1. In startform(), if request_uri() returns undef, then falls back 1066 to self_url(). This should rarely happen except when run outside of 1067 the CGI environment. 1068 2. image button alignment options were mistakenly being capitalized, causing xhtml validation to fail. 1069 1070Version 3.23, Aug 23, 2006 1071 1072 1. Typo in upload() persisted, now fixed for real. Thanks to 1073 Emanuele Zeppieri for correct patch and regression test. 1074 1075Version 3.22, Aug 23, 2006 1076 1077 1. Typo in upload() function broke uploads. Now fixed (CPAN bug 21126). 1078 1079Version 3.21, Aug 21, 2006 1080 1081 1. Don't try to read data at all when POST > $POST_MAX. 1082 2. Fixed bug that caused $cgi->param('name',undef,'value') to unset param('name') entirely. 1083 3. Fixed bug in which upload() sometimes returns empty. (CPAN bug #12694). 1084 4. Incorporated patch from BURAK@cpan.org to support HTTPcookies (CPAN bug 21019). 1085 1086Version 3.20 1087 1088 1. Patch from David Wheeler for CGI::Cookie->bake(). Uses mod_perl headers_out->add() 1089 rather than headers_out->set(). 1090 2. Fixed problem identified by Andrei Voronkov in which start_form() output was screwed 1091 up when initial argument begins with a dash and subsequent arguments do not. 1092 3. Quashed uninitialized variable warnings coming from script_name(), url() and other 1093 functions that require access to the PATH_INFO environment variable. 1094 1095Version 3.19 1096 1097 1. Added patch from Stephen Frost that allows one to suppress use of the temp file that is 1098 created during uploads. 1099 2. Fixed problem noted by Martin Foster in which regular expression meta-character terms 1100 in the path information were not quoted, causing URL parsing 1101 to fail on URLs that contained metacharacters (such as +). 1102 3. More fixes to the url() method. 1103 4. Removed "hack to fix broken PATH_INFO in MSII". 1104 1105Version 3.18 1106 1107 1. Doc typo fixes. 1108 2. Patch from Steve Peters to default the document type to match the charset. 1109 3. Fixed param() so that param(-name=>'foo',-values=>[]) sets the parameter to empty list. 1110 1111Version 3.17, Feb 24, 2006 1112 1113 1. Added patch from Mike Hanafey which caused 0 arguments to CGI::Cookie->new() to 1114 be treated as empty. 1115 2. Patch to CGI::Carp from Peter Whaite to fix the unfixable problem of CGI::Carp 1116 not behaving correctly in an eval() context. 1117 3. CGI::Fast->new() calls CGI->_reset_globals to avoid contamination of one session 1118 with another's variables. 1119 4. Fixed upload failure on files that contain semicolons in their names. 1120 1121Version 3.16, Feb 8, 2006 1122 1123 1. header() -charset option now works even when the MIME type is not "text". 1124 2. Fixed documentation for cookie() function and fastCGI. 1125 3. Upload filehandles now only closed automatically on Windows systems. 1126 4. Apache::Cookie compatibility fix from David Wheeler 1127 5. CGI::Carp->fatalsToBrowser() does not work correctly with 1128 mod_perl 2. No workaround is known. 1129 6. Fixed text status code associated with 302 redirects. Should be "Found" 1130 but was "Moved". 1131 7. Fixed charset in start_html() and header() to be in synch. 1132 1133Version 3.15, Dec 7, 2005 1134 1135 1. Remove extraneous "?" from self_url() when URI contains a ? but no query string. 1136 1137Version 3.14, Dec 6, 2005 1138 1139 1. Fixed broken scrolling_list() select attribute. 1140 1141Version 3.13, Dec 4, 2005 1142 1143 1. Removed extraneous empty "?" from end of self_url(). 1144 1145Version 3.12, Dec 4, 2005 1146 1147 1. Fixed virtual_port so that it works properly with https protocol. 1148 2. Fixed documentation for upload_hook(). 1149 3. Added POSTDATA documentation. 1150 4. Made upload_hook() work in function-oriented mode. 1151 5. Fixed POST_MAX behavior so that it doesn't cause client to hang. 1152 6. Disabled automatic tab indexes and added new -tabindex pragma to 1153 turn automatic indexes back on. 1154 7. The url() and self_url() methods now work better in the context of Apache 1155 mod_rewrite. Be advised that path_info() may give you confusing results 1156 when mod_rewrite is active because Apache calculates the path info *after* 1157 rewriting. This is mostly worked around in url() and self_url(), but you 1158 may notice some anomalies. 1159 8. Removed empty (and non-validating) <div> from code emitted by end_form(). 1160 9. Fixed CGI::Carp to work correctly with Mod_perl 1.29 in an Apache 2 environment. 1161 10. Setting $CGI::TMPDIRECTORY should now be effective. 1162 1163Version 3.11, Aug 3, 2005 1164 1165 1. Killed warning in CGI::Cookie about MOD_PERL_API_VERSION 1166 2. Fixed append() so that it works in function mode. 1167 3. Workaround for a bug that appears in Apache2 versions through 2.0.54 1168 in which SCRIPT_NAME and PATH_INFO are incorrect if the additional path_info 1169 contains a double slash. This workaround will handle the common case of 1170 http://mysite.com/cgi-bin/log.cgi/http://www.some.other.site/args, but will 1171 not handle the uncommon case of a ScriptAlias directive that adds additional 1172 path information to the end of the translated URI. 1173 1174Version 3.10, May 13, 2005 1175 1176 1. Added Apache2::RequestIO, which is necessary for mp2 interoperability. 1177 1178Version 3.09, May 5, 2005 1179 1180 1. Fixed tabindex="0" when using CGI to create forms without a prior start_html 1181 2. Removed warning about non-numeric MOD_PERL_API_VERSION. 1182 1183Version 3.08, Apr 20, 2005 1184 1185 1. update support for mod_perl 2.0. versions prior to 1186 mod_perl 1.999_22 (2.0.0-RC5) are no longer supported. 1187 1188Version 3.07, Mar 14, 2005 1189 1190 1. Fixed typo in mod_perl detection. 1191 1192Version 3.06, Mar 09, 2005 1193 1194 1. Fixed bare call to script() in start_html 1195 2. Moved Fh::DESTROY out of autoloaded functions so as to avoid 1196 clobbering $@ when CGI functions are executed in an eval{} 1197 context. 1198 3. mod_perl 2.0 version detection patch in CGI::Cookie provided by 1199 Allen Day. 1200 4. autoEscape() flag is now respected when generating extra 1201 attributes. 1202 5. Tests for *tag start/end generation from Shlomi Fish. 1203 6. Support for can() method provided by Ron Savage. 1204 7. Fix for lang='' when outputting XHTML. 1205 8. Added support for chunked transfer encoding, as suggested by 1206 Hakan Ardo 1207 9. Fixed clobbering of row and column headers in tableized radio 1208 and checkbox groups, as reported by Nicolas Thierry-Mieg. 1209 10. <Label> tags are now associated with form elements, as suggested 1210 by accessibility guidelines. 1211 11. The <?xml> directive produced by start_html is now turned off by 1212 default and the charset is specified in a <meta> directive. Apparently 1213 IE6 (and maybe some versions of Opera) were getting confused by this. 1214 12. Support for tab indexes. 1215 13. Retired the HTML docs. The POD docs are now primary documentation. 1216 14. CGI::Carp now correctly detects and handles Apache::Dispatch. 1217 15. CGI::Util::utf8_chr now correctly sets the UTF8 flag on 5.006 or 1218 higher perls (fix courtesy Slaven Rezic). 1219 1220 1221Version 3.05, Apr 12, 2004 1222 1223 1. Fixed uninitialized variable warning on start_form() when running 1224 from command line. 1225 2. Fixed CGI::_set_attributes so that attributes with a - are handled 1226 correctly. 1227 3. Fixed CGI::Carp::die() so as to avoid problems from _longmess() 1228 clobbering @_. 1229 4. If HTTP_X_FORWARDED_HOST is defined (i.e. running under a proxy), 1230 the various functions that return HOST will use that instead. 1231 5. Fix for undefined utf8() call in CGI::Util. 1232 6. Changed the call to warningsToBrowser() in 1233 CGI::Carp::fatalsToBrowser to call only after HTTP header is sent 1234 (thanks to Didier Lebrun for noticing). 1235 7. Patches from Dan Harkless to make CGI.pm validatable against HTML 1236 3.2. 1237 8. Fixed an extraneous "foo=bar" appearing when extra style 1238 parameters passed to start_html; 1239 9. Fixed cross-site scripting bug in startform() pointed out by Dan 1240 Harkless. 1241 10. Fixed documentation to discuss list context behavior of 1242 form-element generators explicitly. 1243 11. Fixed incorrect results from end_form() when called in OO manner. 1244 12. Fixed query string stripping in order to handle URLs containing 1245 escaped newlines. 1246 13. During server push, set NPH to 0 rather than 1. This is supposed 1247 to fix problems with Apache. 1248 14. Fixed incorrect processing of multipart form fields that contain 1249 embedded quotes. There's still the issue of how to handle ones 1250 that contain embedded semicolons, but no one has complained (yet). 1251 15. Fixed documentation bug in -style argument to start_html() 1252 16. Added -status argument to redirect(). 1253 1254Version 3.04, Jan 18, 2004 1255 1256 1. Fixed the problem with mod_perl crashing when "defaults" button 1257 pressed. 1258 1259Version 3.03, Jan 13, 2004 1260 1261 1. Fix upload hook functionality 1262 2. Workaround for CGI->unescape_html() 1263 3. Bumped version numbers in CGI::Fast and CGI::Util for 5.8.3-tobe 1264 1265Version 3.02 1266 1267 1. Bring in Apache::Response just in case. 1268 2. File upload on EBCDIC systems now works. 1269 1270Version 3.01, Dec 10, 2003 1271 1272 1. No fix yet for upload failures when running on EBCDIC server. 1273 2. Fixed uninitialized glob warnings that appeared when file 1274 uploading under perl 5.8.2. 1275 3. Added patch from Schlomi Fish to allow debugging of PATH_INFO from 1276 command line. 1277 4. Added patch from Steve Hay to correctly unlink tmp files under 1278 mod_perl/windows 1279 5. Added upload_hook functionality from Jamie LeTaul 1280 6. Workarounds for mod_perl 2 IO issues. Check that file upload and 1281 state saving still working. 1282 7. Added code for underreads. 1283 8. Fixed misleading description of redirect() and relative URLs in 1284 the POD docs. 1285 9. Workaround for weird interaction of CGI::Carp with Safe module 1286 reported by William McKee. 1287 10. Added patches from Ilmari Karonen to improve behavior of 1288 CGI::Carp. 1289 11. Fixed documentation error in -style argument. 1290 12. Added virtual_port() method for finding out what port server is 1291 listening on in a virtual-host aware fashion. 1292 1293Version 3.00, Aug 18, 2003 1294 1295 1. Patch from Randal Schwartz to fix bug introduced by cross-site 1296 scripting vulnerability "fix." 1297 2. Patch from JFreeman to replace UTF-8 escape constant of 0xfe with 1298 0xfc. Hope this is right! 1299 1300 Version 2.99 1301 1302 1. Patch from Steve Hay to fix extra Content-type: appearing on 1303 browser screen when FatalsToBrowser invoked. 1304 2. Patch from Ewann Corvellec to fix cross-site scripting 1305 vulnerability. 1306 3. Fixed tmpdir routine for file uploading to solve problem that 1307 occurs under mod_perl when tmpdir is writable at startup time, but 1308 not at session time. 1309 1310 Version 2.98 1311 1312 1. Fixed crash in Dump() function. 1313 1314 Version 2.97 1315 1316 1. Sigh. Uploaded wrong 2.96 to CPAN. 1317 1318 Version 2.96 1319 1320 1. More bugfixes to the -style argument. 1321 1322 Version 2.95 1323 1324 1. Fixed bugs in start_html(-style=>...) support introduced in 2.94. 1325 1326 Version 2.94 1327 1328 1. Removed warning from reset() method. 1329 2. Moved 1330 1331 and tags into the :html3 group. Hope this removes undefined CGI::Area 1332 errors. 1333 1334 Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore 1335 reporting of compile-time errors. 1336 1337 Fixed potential deadlock between web server and CGI.pm when aborting 1338 a read due to POST_MAX (reported by Antti Lankila). 1339 1340 Fixed issue with tag-generating function not incorporating content 1341 when first variable undef. 1342 1343 Fixed cross-site scripting bug reported by obscure. 1344 1345 Fixed Dump() function to return correctly formed XHTML - bug 1346 reported by Ralph Siemsen. 1347 1348 Version 2.93 1349 1350 1. Fixed embarassing bug in mp1 support. 1351 1352 Version 2.92 1353 1354 1. Fix to be P3P compliant submitted from MPREWITT. 1355 2. Added CGI->r() API for mod_perl1/mod_perl2. 1356 3. Fixed bug in redirect() that was corrupting cookies. 1357 4. Minor fix to behavior of reset() button to make it consistent with 1358 submit() button (first time this has been changed in 9 years). 1359 5. Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher. 1360 6. Patch from Steve Hay to make CGI::Carp's error messages appear on 1361 MSIE browsers. 1362 7. Added Yair Lenga's patch for non-urlencoded postings. 1363 8. Added Stas Bekman's patches for mod_perl 2 compatibility. 1364 9. Fixed uninitialized escape behavior submitted by William Campbell. 1365 10. Fixed tied behavior so that you can pass arguments to tie() 1366 11. Fixed incorrect generation of URLs when the path_info contains + 1367 and other odd characters. 1368 12. Fixed redirect(-cookies=>$cookie) problem. 1369 13. Fixed tag generation bug that affects -javascript passed to 1370 start_html(). 1371 1372 Version 2.91 1373 1374 1. Attribute generation now correctly respects the value of 1375 autoEscape(). 1376 2. Fixed endofrm() syntax error introduced by Ben Edgington's patch. 1377 1378 Version 2.90 1379 1380 1. Fixed bug in redirect header handling. 1381 2. Added P3P option to header(). 1382 3. Patches from Alexey Mahotkin to make CGI::Carp work correctly with 1383 object-oriented exceptions. 1384 4. Removed inaccurate description of how to set multiple cookies from 1385 CGI::Cookie pod file. 1386 5. Patch from Kevin Mahony to prevent running out of filehandles when 1387 uploading lots of files. 1388 6. Documentation enhancement from Mark Fisher to note that the 1389 import_names() method transforms the parameter names into valid 1390 Perl names. 1391 7. Patch from Dan Harkless to suppress lang attribute in <html> tag 1392 if specified as a null string. 1393 8. Patch from Ben Edgington to fix broken XHTML-transitional 1.0 1394 validation on endform(). 1395 9. Custom html header fix from Steffen Beyer (first letter correctly 1396 upcased now) 1397 10. Added a -verbatim option to stylesheet generation from Michael 1398 Dickson 1399 11. Faster delete() method from Neelam Gupta 1400 12. Fixed broken Cygwin support. 1401 13. Added empty charset support from Bradley Baetz 1402 14. Patches from Doug Perham and Kevin Mahoney to fix file upload 1403 failures when uploaded file is a multiple of 4096. 1404 1405 Version 2.89 1406 1407 1. Fixed behavior of ACTION tag when POSTING to a URL that has a 1408 query string. 1409 2. Added Patch from Michael Rommel to handle multipart/mixed uploads 1410 from Opera 1411 1412 Version 2.88 1413 1414 1. Fixed problem with uploads being refused under Perl 5.8 when under 1415 Taint mode. 1416 2. Fixed uninitialized variable warnings under Perl 5.8. 1417 3. Fixed CGI::Pretty regression test failures. 1418 1419 Version 2.87 1420 1421 1. Security hole patched: when processing multipart/form-data 1422 postings, most arguments were being untainted silently. Returned 1423 arguments are now tainted correctly. This may cause some scripts 1424 to fail that used to work (thanks to Nick Cleaton for pointing 1425 this out and persisting until it was fixed). 1426 2. Update for mod_perl 2.0. 1427 3. Pragmas such as -no_xhtml are now respected in mod_perl 1428 environment. 1429 1430 Version 2.86 1431 1432 1. Fixes for broken CGI::Cookie expiration dates introduced in 2.84. 1433 1434 Version 2.85 1435 1436 1. Fix for broken autoEscape function introduced in 2.84. 1437 1438 Version 2.84 1439 1440 1. Fix for failed file uploads on Cygwin platforms. 1441 2. HTML escaping code now replaced 0x8b and 0x9b with unicode 1442 references < and *#8250; 1443 1444 Version 2.83 1445 1446 1. Fixed autoEscape() documentation inconsistencies. 1447 2. Patch from Ville Skytt� to fix a number of XHTML inconsistencies. 1448 3. Added Max-Age to list of CGI::Cookie headers. 1449 1450 Version 2.82 1451 1452 1. Patch from Rudolf Troller to add attribute setting and option 1453 groups to form fields. 1454 2. Patch from Simon Perreault for silent crashes when using CGI::Carp 1455 under mod_perl. 1456 3. Patch from Scott Gifford allows you to set the program name for 1457 CGI::Carp. 1458 1459 Version 2.81 1460 1461 1. Removed extraneous slash from end of stylesheet tags generated by 1462 start_html in non-XHTML mode. 1463 2. Changed behavior of CGI::Carp with respect to eval{} contexts so 1464 that output behaves properly in mod_perl environments. 1465 3. Fixed default DTD so that it validates with W3C validator. 1466 1467 Version 2.80 1468 1469 1. Fixed broken messages in CGI::Carp. 1470 2. Changed checked="1" to checked="checked" for real XHTML 1471 compatibility. 1472 3. Resurrected REQUEST_URI code so that url() works correctly with 1473 multiviews. 1474 1475 Version 2.79 1476 1477 1. Changes to CGI::Carp to avoid "subroutine redefined" error 1478 messages. 1479 2. Default DTD is now XHTML 1.0 Transitional 1480 3. Patches to support all HTML4 tags. 1481 1482 Version 2.78 1483 1484 1. Added ability to change encoding in <?xml> assertion. 1485 2. Fixed the old escapeHTML('CGI') ne "CGI" bug 1486 3. In accordance with XHTML requirements, there are no longer any 1487 minimized attributes, such as "checked". 1488 4. Patched bug which caused file uploads of exactly 4096 bytes to be 1489 truncated to 4094 (thanks to Kevin Mahony) 1490 5. New tests and fixes to CGI::Pretty (thanks to Michael Schwern). 1491 1492 Version 2.77 1493 1494 1. No new features, but released in order to fix an apparent CPAN 1495 bug. 1496 1497 Version 2.76 1498 1499 1. New esc.t regression test for EBCDIC translations courtesy Peter 1500 Prymmer. 1501 2. Patches from James Jurach to make compatible with FCGI-ProcManager 1502 3. Additional fields passed to header() (like -Content_disposition) 1503 now honor initial capitalization. 1504 4. Patch from Andrew McNaughton to handle utf-8 escapes (%uXXXX 1505 codes) in URLs. 1506 1507 Version 2.752 1508 1509 1. Syntax error in the autoloaded Fh::new() subroutine. 1510 2. Better error reporting in autoloaded functions. 1511 1512 Version 2.751 1513 1514 1. Tiny tweak to filename regular expression function on line 3355. 1515 1516 Version 2.75 1517 1518 1. Fixed bug in server push boundary strings (CGI.pm and CGI::Push). 1519 2. Fixed bug that occurs when uploading files with funny characters 1520 in the name 1521 3. Fixed non-XHTML-compliant attributes produced by textfield() 1522 4. Added EPOC support, courtesy Olaf Flebbe 1523 5. Fixed minor XHTML bugs. 1524 6. Made escape() and unescape() symmetric with respect to EBCDIC, 1525 courtesy Roca, Ignasi <ignasi.roca@fujitsu.siemens.es> 1526 7. Removed uninitialized variable warning from CGI::Cookie, provided 1527 by Atipat Rojnuckarin <rojnuca@yahoo.com> 1528 8. Fixed bug in CGI::Pretty that causes it to print partial end tags 1529 when the $INDENT global is changed. 1530 9. Single quotes are changed to character entity ' for compatibility 1531 with URLs. 1532 1533 Version 2.74 1534 1535 September 13, 2000 1536 1. Quashed one-character bug that caused CGI.pm to fail on file 1537 uploads. 1538 1539 Version 2.73 1540 1541 September 12, 2000 1542 1. Added -base to the list of arguments accepted by url(). 1543 2. Fixes to XHTML support. 1544 3. POST parameters no longer show up in the Location box. 1545 1546 Version 2.72 1547 1548 August 19, 2000 1549 1. Fixed the defaults button so that it works again 1550 2. Charset is now correctly saved and restored when saving to files 1551 3. url() now works correctly when given scripts with %20 and other 1552 escapes in the additional path info. This undoes a patch 1553 introduced in version 2.47 that I no longer understand the 1554 rationale for. 1555 1556 Version 2.71 1557 1558 August 13, 2000 1559 1. Newlines in the value attributes of hidden fields and other form 1560 elements are now escaped when using ISO-Latin. 1561 2. Inline script and style sections are now protected as CDATA 1562 sections when XHTML mode is on (the default). 1563 1564 Version 2.70 1565 1566 August 4, 2000 1567 1. Fixed bug in scrolling_list() which omitted a space in front of 1568 the "multiple" attribute. 1569 2. Squashed the "useless use of string in void context" message from 1570 redirects. 1571 1572 Version 2.69 1573 1574 1. startform() now creates default ACTION for POSTs as well as GETs. 1575 This may break some browsers, but it no longer violates the HTML 1576 spec. 1577 2. CGI.pm now emits XHTML by default. Disable with -no_xhtml. 1578 3. We no longer interpret &#ddd sequences in non-latin character 1579 sets. 1580 1581 Version 2.68 1582 1583 1. No longer attempts to escape characters when dealing with non 1584 ISO-8861 character sets. 1585 2. checkbox() function now defaults to using -value as its label, 1586 rather than -name. The current behavior is what has been 1587 documented from the beginning. 1588 3. -style accepts array reference to incorporate multiple stylesheets 1589 into document. 1590 1591 1. Fixed two bugs that caused the -compile pragma to fail with a 1592 syntax error. 1593 1594 Version 2.67 1595 1596 1. Added XHTML support (incomplete; tags need to be lowercased). 1597 2. Fixed CGI/Carp when running under mod_perl. Probably broke in 1598 other contexts. 1599 3. Fixed problems when passing multiple cookies. 1600 4. Suppress warnings from _tableize() that were appearing when using 1601 -w switch with radio_group() and checkbox_group(). 1602 5. Support for the header() -attachment argument, which can give 1603 pages a default file name when saving to disk. 1604 1605 Version 2.66 1606 1607 1. 2.65 changes in make_attributes() broke HTTP header functions 1608 (including redirect), so made it context sensitive. 1609 1610 Version 2.65 1611 1612 1. Fixed regression tests to skip tests that require implicit fork on 1613 machines without fork(). 1614 2. Changed make_attributes() to automatically escape any HTML 1615 reserved characters. 1616 3. Minor documentation fix in javascript example. 1617 1618 Version 2.64 1619 1620 1. Changes introduced in 2.63 broke param() when retrieving parameter 1621 lists containing only a single argument. This is now fixed. 1622 2. self_url() now defaults to returning parameters delimited with 1623 semicolon. Use the pragma -oldstyle_urls to get the old "&" 1624 delimiter. 1625 1626 Version 2.63 1627 1628 1. Fixed CGI::Push to pull out parameters correctly. 1629 2. Fixed redirect() so that it works with default character set 1630 3. Changed param() so as to returned empty string '' when referring 1631 to variables passed in query strings like 'name1=&name2' 1632 1633 Version 2.62 1634 1635 1. Fixed broken ReadParse() function, and added regression tests 1636 2. Fixed broken CGI::Pretty, and added regression tests 1637 1638 Version 2.61 1639 1640 1. Moved more functions from CGI.pm proper into CGI/Util.pm. 1641 CGI/Cookie should now be standalone. 1642 2. Disabled per-user temporary directories, which were causing grief. 1643 1644 Version 2.60 1645 1646 1. Fixed junk appearing in autogenerated HTML functions when using 1647 object-oriented mode. 1648 1649 Version 2.59 1650 1651 1. autoescape functionality breaks too much existing code, removed 1652 it. 1653 2. use escapeHTML() manually 1654 1655 Version 2.58 1656 1657 This is the release version of 2.57. 1658 1659 Version 2.57 1660 1661 1. Added -debug pragma and turned off auto reading of STDIN. 1662 2. Default DTD updated to HTML 4.01 transitional. 1663 3. Added charset() method and the -charset argument to header(). 1664 4. Fixed behavior of escapeHTML() to respect charset() and to escape 1665 nasty Windows characters (thanks to Tom Christiansen). 1666 5. Handle REDIRECT_QUERY_STRING correctly. 1667 6. Removed use_named_parameters() because of dependency problems and 1668 general lameness. 1669 7. Fixed problems with bad HREF links generated by url(-relative=>1) 1670 when the url is like /people/. 1671 8. Silenced a warning on upload (patch provided by Jonas Liljegren) 1672 9. Fixed race condition in CGI::Carp when errors occur during parsing 1673 (patch provided by Maurice Aubrey). 1674 10. Fixed failure of url(-path_info=>1) when path contains % signs. 1675 11. Fixed warning from CGI::Cookie when receiving foreign cookies that 1676 don't use name=value format. 1677 12. Fixed incompatibilities with file uploading on VMS systems. 1678 1679 Version 2.56 1680 1681 1. Fixed bugs in file upload introduced in version 2.55 1682 2. Fixed long-standing bug that prevented two files with identical 1683 names from being uploaded. 1684 1685 Version 2.55 1686 1687 1. Fixed cookie regression test so as not to produce an error. 1688 2. Fixed path_info() and self_url() to work correctly together when 1689 path_info() modified. 1690 3. Removed manify warnings from CGI::{Switch,Apache}. 1691 1692 Version 2.54 1693 1694 1. This will be the last release of the monolithic CGI.pm module. 1695 Later versions will be modularized and optimized. 1696 2. DOMAIN tag no longer added to cookies by default. This will break 1697 some versions of Internet Explorer, but will avoid breaking 1698 networks which use host tables without fully qualified domain 1699 names. For compatibility, please always add the -domain tag when 1700 creating cookies. 1701 3. Fixed escape() method so that +'s are treated correctly. 1702 4. Updated CGI::Pretty module. 1703 1704 Version 2.53 1705 1706 1. Forgot to upgrade regression tests before releasing 2.52. NOTHING 1707 ELSE HAS CHANGED IN LIBRARY 1708 1709 Version 2.52 1710 1711 1. Spurious newline in checkbox() routine removed. (courtesy John 1712 Essen) 1713 2. TEXTAREA linebreaks now respected in dump() routine. (courtesy 1714 John Essen) 1715 3. Patches for DOS ports (courtesy Robert Davies) 1716 4. Patches for VMS 1717 5. More fixes for cookie problems 1718 6. Fix CGI::Carp so that it doesn't affect eval{} blocks (courtesy 1719 Byron Brummer) 1720 1721 Version 2.51 1722 1723 1. Fixed problems with cookies not being remembered when sent to IE 1724 5.0 (and Netscape 5.0 too?) 1725 2. Numerous HTML compliance problems in cgi_docs.html; fixed thanks 1726 to Michael Leahy 1727 1728 Version 2.50 1729 1730 1. Added a new Vars() method to retrieve all parameters as a tied 1731 hash. 1732 2. Untainted tainted tempfile name so that script doesn't fail on 1733 terminal unlink. 1734 3. Made picking of upload tempfile name more intelligent so that 1735 doesn't fail in case of name collision. 1736 4. Fixed handling of expire times when passed an absolute timestamp. 1737 5. Changed dump() to Dump() to avoid name clashes. 1738 1739 Version 2.49 1740 1741 1. Fixes for FastCGI (globals not getting reset) 1742 2. Fixed url() to correctly handle query string and path under 1743 MOD_PERL 1744 1745 Version 2.48 1746 1747 1. Reverted detection of MOD_PERL to avoid breaking PerlEX. 1748 1749 Version 2.47 1750 1751 1. Patch to fix file upload bug appearing in IE 3.01 for 1752 Macintosh/PowerPC. 1753 2. Replaced use of $ENV{SCRIPT_NAME} with $ENV{REQUEST_URI} when 1754 running under Apache, to fix self-referencing URIs. 1755 3. Fixed bug in escapeHTML() which caused certain constructs, such as 1756 CGI->image_button(), to fail. 1757 4. Fixed bug which caused strong('CGI') to fail. Be careful to use 1758 CGI::strong('CGI') and not CGI->strong('CGI'). The latter will 1759 produce confusing results. 1760 5. Added upload() function, as a preferred replacement for the 1761 "filehandle as string" feature. 1762 6. Added cgi_error() function. 1763 7. Rewrote file upload handling to return undef rather than dieing 1764 when an error is encountered. Be sure to call cgi_error() to find 1765 out what went wrong. 1766 1767 Version 2.46 1768 1769 1. Fix for failure of the "include" tests under mod_perl 1770 2. Added end_multipart_form to prevent failures during qw(-compile 1771 :all) 1772 1773 Version 2.45 1774 1775 1. Multiple small documentation fixes 1776 2. CGI::Pretty didn't get into 2.44. Fixed now. 1777 1778 Version 2.44 1779 1780 1. Fixed file descriptor leak in upload function. 1781 2. Fixed bug in header() that prevented fields from containing double 1782 quotes. 1783 3. Added Brian Paulsen's CGI::Pretty package for pretty-printing 1784 output HTML. 1785 4. Removed CGI::Apache and CGI::Switch from the distribution. 1786 5. Generated start_* shortcuts so that start_table(), end_table(), 1787 start_ol(), end_ol(), and so forth now work (see the docs on how 1788 to enable this feature). 1789 6. Changed accept() to Accept(), sub() to Sub(). There's still a 1790 conflict with reset(), but this will break too many existing 1791 scripts! 1792 1793 Version 2.43 1794 1795 1. Fixed problem with "use strict" and file uploads (thanks to Peter 1796 Haworth) 1797 2. Fixed problem with not MSIE 3.01 for the power_mac not doing file 1798 uploads right. 1799 3. Fixed problem with file upload on IIS 4.0 when authorization in 1800 use. 1801 4. -content_type and '-content-type' can now be provided to header() 1802 as synonyms for -type. 1803 5. CGI::Carp now escapes the ampersand BEFORE escaping the > and < 1804 signs. 1805 6. Fixed "not an array reference" error when passing a hash reference 1806 to radio_group(). 1807 7. Fixed non-removal of uploaded TMP files on NT platforms which 1808 occurs when server runs on non-C drive (thanks to Steve Kilbane 1809 for finding this one). 1810 1811 Version 2.42 1812 1813 1. Too many screams of anguish at changed behavior of url(). Is now 1814 back to its old behavior by default, with options to generate all 1815 the variants. 1816 2. Added regression tests. "make test" now works. 1817 3. Documentation fixes. 1818 4. Fixes for Macintosh uploads, but uploads STILL do not work pending 1819 changes to MacPerl. 1820 1821 Version 2.41 1822 1823 1. url() method now includes the path info. Use script_name() to get 1824 it without path info(). 1825 2. Changed handling of empty attributes in HTML tag generation. Be 1826 warned! Use table({-border=>undef}) rather than 1827 table({-border=>''}). 1828 3. Changes to allow uploaded filenames to be compared to other 1829 strings with "eq", "cmp" and "ne". 1830 4. Changes to allow CGI.pm to coexist more peacefully with 1831 ActiveState PerlEX. 1832 5. Changes to prevent exported variables from clashing when importing 1833 ":all" set in combination with cookies. 1834 1835 Version 2.40 1836 1837 1. CGI::Carp patched to work better with mod_perl (thanks to Chris 1838 Dean). 1839 2. Uploads of files whose names begin with numbers or the Windows 1840 \\UNC\shared\file nomenclature should no longer fail. 1841 3. The <STYLE> tag (for cascading style sheets) now generates the 1842 required TYPE attribute. 1843 4. Server push primitives added, thanks to Ed Jordan. 1844 5. Table and other HTML3 functions are now part of the :standard set. 1845 6. Small documentation fixes. 1846 1847 TO DO: 1848 1. Do something about the DTD mess. The module should generate 1849 correct DTDs, or at least offer the programmer a way to specify 1850 the correct one. 1851 2. Split CGI.pm into CGI processing and HTML-generating modules. 1852 3. More robust file upload (?still not working on the Macintosh?). 1853 4. Bring in all the HTML4 functionality, particular the accessibility 1854 features. 1855 1856 Version 2.39 1857 1858 1. file uploads failing because of VMS patch; fixed. 1859 2. -dtd parameter was not being properly processed. 1860 1861 Version 2.38 1862 1863 I finally got tired of all the 2.37 betas and released 2.38. The main 1864 difference between this version and the last 2.37 beta (2.37b30) are 1865 some fixes for VMS. This should allow file upload to work properly on 1866 all VMS Web servers. 1867 1868 Version 2.37, various beta versions 1869 1870 1. Added a CGI::Cookie::parse() method for lucky mod_perl users. 1871 2. No longer need separate -values and -labels arguments for 1872 multi-valued form elements. 1873 3. Added better interface to raw cookies (fix courtesy Ken Fox, 1874 kfox@ford.com) 1875 4. Added param_fetch() function for direct access to parameter list. 1876 5. Fix to checkbox() to allow for multi-valued single checkboxes 1877 (weird problem). 1878 6. Added a compile() method for those who want to compile without 1879 importing. 1880 7. Documented the import pragmas a little better. 1881 8. Added a -compile switch to the use clause for the long-suffering 1882 mod_perl and Perl compiler users. 1883 9. Fixed initialization routines so that FileHandle and type globs 1884 work correctly (and hash initialization doesn't fail!). 1885 10. Better deletion of temporary files on NT systems. 1886 11. Added documentation on escape(), unescape(), unescapeHTML() and 1887 unescapeHTML() subroutines. 1888 12. Added documentation on creating subclasses. 1889 13. Fixed problem when calling $self->SUPER::foo() from inheriting 1890 subclasses. 1891 14. Fixed problem using filehandles from within subroutines. 1892 15. Fixed inability to use the string "CGI" as a parameter. 1893 16. Fixed exponentially growing $FILLUNIT bug 1894 17. Check for undef filehandle in read_from_client() 1895 18. Now requires the UNIVERSAL.pm module, present in Perl 5.003_7 or 1896 higher. 1897 19. Fixed problem with uppercase-only parameters being ignored. 1898 20. Fixed vanishing cookie problem. 1899 21. Fixed warning in initialize_globals() under mod_perl. 1900 22. File uploads from Macintosh versions of MSIE should now work. 1901 23. Pragmas now preceded by dashes (-nph) rather than colons (:nph). 1902 Old style is supported for backward compatibility. 1903 24. Can now pass arguments to all functions using {} brackets, 1904 resolving historical inconsistencies. 1905 25. Removed autoloader warnings about absent MultipartBuffer::DESTROY. 1906 26. Fixed non-sticky checkbox() when -name used without -value. 1907 27. Hack to fix path_info() in IIS 2.0. Doesn't help with IIS 3.0. 1908 28. Parameter syntax for debugging from command line now more 1909 straightforward. 1910 29. Added $DISABLE_UPLOAD to disable file uploads. 1911 30. Added $POST_MAX to error out if POSTings exceed some ceiling. 1912 31. Fixed url_param(), which wasn't working at all. 1913 32. Fixed variable suicide problem in s///e expressions, where the 1914 autoloader was needed during evaluation. 1915 33. Removed excess spaces between elements of checkbox and radio 1916 groups 1917 34. Can now create "valueless" submit buttons 1918 35. Can now set path_info as well as read it. 1919 36. ReadParse() now returns a useful function result. 1920 37. import_names() now allows you to optionally clear out the 1921 namespace before importing (for mod_perl users) 1922 38. Made it possible to have a popup menu or radio button with a value 1923 of "0". 1924 39. link() changed to Link() to avoid overriding native link function. 1925 40. Takes advantage of mod_perl's register_cleanup() function to clear 1926 globals. 1927 41. <LAYER> and <ILAYER> added to :html3 functions. 1928 42. Fixed problems with private tempfiles and NT/IIS systems. 1929 43. No longer prints the DTD by default (I bet no one will complain). 1930 44. Allow underscores to replace internal hyphens in parameter names. 1931 45. CGI::Push supports heterogeneous MIME types and adjustable delays 1932 between pages. 1933 46. url_param() method added for retrieving URL parameters even when a 1934 fill-out form is POSTed. 1935 47. Got rid of warnings when radio_group() is called. 1936 48. Cookies now moved to their very own module. 1937 49. Fixed documentation bug in CGI::Fast. 1938 50. Added a :no_debug pragma to the import list. 1939 1940 Version 2.36 1941 1942 1. Expanded JavaScript functionality 1943 2. Preliminary support for cascading stylesheets 1944 3. Security fixes for file uploads: 1945 + Module will bail out if its temporary file already exists 1946 + Temporary files can now be made completely private to avoid 1947 peeking by other users or CGI scripts. 1948 4. use CGI qw/:nph/ wasn't working correctly. Now it is. 1949 5. Cookie and HTTP date formats didn't meet spec. Thanks to Mark 1950 Fisher (fisherm@indy.tce.com) for catching and fixing this. 1951 1952 p 1953 1954 Version 2.35 1955 1956 1. Robustified multipart file upload against incorrect syntax in 1957 POST. 1958 2. Fixed more problems with mod_perl. 1959 3. Added -noScript parameter to start_html(). 1960 4. Documentation fixes. 1961 1962 Version 2.34 1963 1964 1. Stupid typo fix 1965 1966 Version 2.33 1967 1968 1. Fixed a warning about an undefined environment variable. 1969 2. Doug's patch for redirect() under mod_perl 1970 3. Partial fix for busted inheritence from CGI::Apache 1971 4. Documentation fixes. 1972 1973 Version 2.32 1974 1975 1. Improved support for Apache's mod_perl. 1976 2. Changes to better support inheritance. 1977 3. Support for OS/2. 1978 1979 Version 2.31 1980 1981 1. New uploadInfo() method to obtain header information from uploaded 1982 files. 1983 2. cookie() without any arguments returns all the cookies passed to a 1984 script. 1985 3. Removed annoying warnings about $ENV{NPH} when running with the -w 1986 switch. 1987 4. Removed operator overloading throughout to make compatible with 1988 new versions of perl. 1989 5. -expires now implies the -date header, to avoid clock skew. 1990 6. WebSite passes cookies in $ENV{COOKIE} rather than 1991 $ENV{HTTP_COOKIE}. We now handle this, even though it's O'Reilly's 1992 fault. 1993 7. Tested successfully against new sfio I/O layer. 1994 8. Documentation fixes. 1995 1996 Version 2.30 1997 1998 1. Automatic detection of operating system at load time. 1999 2. Changed select() function to Select() in order to avoid conflict 2000 with Perl built-in. 2001 3. Added Tr() as an alternative to TR(); some people think it looks 2002 better that way. 2003 4. Fixed problem with autoloading of MultipartBuffer::DESTROY code. 2004 5. Added the following methods: 2005 + virtual_host() 2006 + server_software() 2007 6. Automatic NPH mode when running under Microsoft IIS server. 2008 2009 Version 2.29 2010 2011 1. Fixed cookie bugs 2012 2. Fixed problems that cropped up when useNamedParameters was set to 2013 1. 2014 3. Prevent CGI::Carp::fatalsToBrowser() from crapping out when 2015 encountering a die() within an eval(). 2016 4. Fixed problems with filehandle initializers. 2017 2018 Version 2.28 2019 2020 1. Added support for NPH scripts; also fixes problems with Microsoft 2021 IIS. 2022 2. Fixed a problem with checkbox() values not being correctly saved 2023 and restored. 2024 3. Fixed a bug in which CGI objects created with empty string 2025 initializers took on default values from earlier CGI objects. 2026 4. Documentation fixes. 2027 2028 Version 2.27 2029 2030 1. Small but important bug fix: the automatic capitalization of tag 2031 attributes was accidentally capitalizing the VALUES as well as the 2032 ATTRIBUTE names (oops). 2033 2034 Version 2.26 2035 2036 1. Changed behavior of scrolling_list(), checkbox() and 2037 checkbox_group() methods so that defaults are honored correctly. 2038 The "fix" causes endform() to generate additional <INPUT 2039 TYPE="HIDDEN"> tags -- don't be surpised. 2040 2. Fixed bug involving the detection of the SSL protocol. 2041 3. Fixed documentation error in position of the -meta argument in 2042 start_html(). 2043 4. HTML shortcuts now generate tags in ALL UPPERCASE. 2044 5. start_html() now generates correct SGML header: 2045 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> 2046 2047 6. CGI::Carp no longer fails "use strict refs" pragma. 2048 2049 Version 2.25 2050 2051 1. Fixed bug that caused bad redirection on destination URLs with 2052 arguments. 2053 2. Fixed bug involving use_named_parameters() followed by 2054 start_multipart_form() 2055 3. Fixed bug that caused incorrect determination of binmode for 2056 Macintosh. 2057 4. Spelling fixes on documentation. 2058 2059 Version 2.24 2060 2061 1. Fixed bug that caused generation of lousy HTML for some form 2062 elements 2063 2. Fixed uploading bug in Windows NT 2064 3. Some code cleanup (not enough) 2065 2066 Version 2.23 2067 2068 1. Fixed an obscure bug that caused scripts to fail mysteriously. 2069 2. Fixed auto-caching bug. 2070 3. Fixed bug that prevented HTML shortcuts from passing taint checks. 2071 4. Fixed some -w warning problems. 2072 2073 Version 2.22 2074 2075 1. New CGI::Fast module for use with FastCGI protocol. See pod 2076 documentation for details. 2077 2. Fixed problems with inheritance and autoloading. 2078 3. Added TR() (<tr>) and PARAM() (<param>) methods to list of 2079 exported HTML tag-generating functions. 2080 4. Moved all CGI-related I/O to a bottleneck method so that this can 2081 be overridden more easily in mod_perl (thanks to Doug MacEachern). 2082 5. put() method as substitute for print() for use in mod_perl. 2083 6. Fixed crash in tmpFileName() method. 2084 7. Added tmpFileName(), startform() and endform() to export list. 2085 8. Fixed problems with attributes in HTML shortcuts. 2086 9. Functions that don't actually need access to the CGI object now no 2087 longer generate a default one. May speed things up slightly. 2088 10. Aesthetic improvements in generated HTML. 2089 11. New examples. 2090 2091 Version 2.21 2092 2093 1. Added the -meta argument to start_html(). 2094 2. Fixed hidden fields (again). 2095 3. Radio_group() and checkbox_group() now return an appropriate 2096 scalar value when called in a scalar context, rather than 2097 returning a numeric value! 2098 4. Cleaned up the formatting of form elements to avoid unesthetic 2099 extra spaces within the attributes. 2100 5. HTML elements now correctly include the closing tag when 2101 parameters are present but null: em('') 2102 6. Added password_field() to the export list. 2103 2104 Version 2.20 2105 2106 1. Dumped the SelfLoader because of problems with running with taint 2107 checks and rolled my own. Performance is now significantly 2108 improved. 2109 2. Added HTML shortcuts. 2110 3. import() now adheres to the Perl module conventions, allowing 2111 CGI.pm to import any or all method names into the user's name 2112 space. 2113 4. Added the ability to initialize CGI objects from strings and 2114 associative arrays. 2115 5. Made it possible to initialize CGI objects with filehandle 2116 references rather than filehandle strings. 2117 6. Added the delete_all() and append() methods. 2118 7. CGI objects correctly initialize from filehandles on NT/95 systems 2119 now. 2120 8. Fixed the problem with binary file uploads on NT/95 systems. 2121 9. Fixed bug in redirect(). 2122 10. Added '-Window-target' parameter to redirect(). 2123 11. Fixed import_names() so that parameter names containing funny 2124 characters work. 2125 12. Broke the unfortunate connection between cookie and CGI parameter 2126 name space. 2127 13. Fixed problems with hidden fields whose values are 0. 2128 14. Cleaned up the documentation somewhat. 2129 2130 Version 2.19 2131 2132 1. Added cookie() support routines. 2133 2. Added -expires parameter to header(). 2134 3. Added cgi-lib.pl compatibility mode. 2135 4. Made the module more configurable for different operating systems. 2136 5. Fixed a dumb bug in JavaScript button() method. 2137 2138 Version 2.18 2139 2140 1. Fixed a bug that corrects a hang that occurs on some platforms 2141 when processing file uploads. Unfortunately this disables the 2142 check for bad Netscape uploads. 2143 2. Fixed bizarre problem involving the inability to process uploaded 2144 files that begin with a non alphabetic character in the file name. 2145 3. Fixed a bug in the hidden fields involving the -override directive 2146 being ignored when scalar defaults were passed. 2147 4. Added documentation on how to disable the SelfLoader features. 2148 2149 Version 2.17 2150 2151 1. Added support for the SelfLoader module. 2152 2. Added oodles of JavaScript support routines. 2153 3. Fixed bad bug in query_string() method that caused some parameters 2154 to be silently dropped. 2155 4. Robustified file upload code to handle premature termination by 2156 the client. 2157 5. Exported temporary file names on file upload. 2158 6. Removed spurious "uninitialized variable" warnings that appeared 2159 when running under 5.002. 2160 7. Added the Carp.pm library to the standard distribution. 2161 8. Fixed a number of errors in this documentation, and probably added 2162 a few more. 2163 9. Checkbox_group() and radio_group() now return the buttons as 2164 arrays, so that you can incorporate the individual buttons into 2165 specialized tables. 2166 10. Added the '-nolabels' option to checkbox_group() and 2167 radio_group(). Probably should be added to all the other 2168 HTML-generating routines. 2169 11. Added the url() method to recover the URL without the entire query 2170 string appended. 2171 12. Added request_method() to list of environment variables available. 2172 13. Would you believe it? Fixed hidden fields again! 2173 2174 Version 2.16 2175 2176 1. Fixed hidden fields yet again. 2177 2. Fixed subtle problems in the file upload method that caused 2178 intermittent failures (thanks to Keven Hendrick for this one). 2179 3. Made file upload more robust in the face of bizarre behavior by 2180 the Macintosh and Windows Netscape clients. 2181 4. Moved the POD documentation to the bottom of the module at the 2182 request of Stephen Dahmen. 2183 5. Added the -xbase parameter to the start_html() method, also at the 2184 request of Stephen Dahmen. 2185 6. Added JavaScript form buttons at Stephen's request. I'm not sure 2186 how to use this Netscape extension correctly, however, so for now 2187 the form() method is in the module as an undocumented feature. Use 2188 at your own risk! 2189 2190 Version 2.15 2191 2192 1. Added the -override parameter to all field-generating methods. 2193 2. Documented the user_name() and remote_user() methods. 2194 3. Fixed bugs that prevented empty strings from being recognized as 2195 valid textfield contents. 2196 4. Documented the use of framesets and added a frameset example. 2197 2198 Version 2.14 2199 2200 This was an internal experimental version that was never released. 2201 2202 Version 2.13 2203 2204 1. Fixed a bug that interfered with the value "0" being entered into 2205 text fields. 2206 2207 Version 2.01 2208 2209 1. Added -rows and -columns to the radio and checkbox groups. No 2210 doubt this will cause much grief because it seems to promise a 2211 level of meta-organization that it doesn't actually provide. 2212 2. Fixed a bug in the redirect() method -- it was not truly HTTP/1.0 2213 compliant. 2214 2215 Version 2.0 2216 2217 The changes seemed to touch every line of code, so I decided to bump 2218 up the major version number. 2219 1. Support for named parameter style method calls. This turns out 2220 to be a big win for extending CGI.pm when Netscape adds new HTML 2221 "features". 2222 2. Changed behavior of hidden fields back to the correct "sticky" 2223 behavior. This is going to break some programs, but it is for 2224 the best in the long run. 2225 3. Netscape 2.0b2 broke the file upload feature. CGI.pm now handles 2226 both 2.0b1 and 2.0b2-style uploading. It will probably break again 2227 in 2.0b3. 2228 4. There were still problems with library being unable to distinguish 2229 between a form being loaded for the first time, and a subsequent 2230 loading with all fields blank. We now forcibly create a default 2231 name for the Submit button (if not provided) so that there's 2232 always at least one parameter. 2233 5. More workarounds to prevent annoying spurious warning messages 2234 when run under the -w switch. -w is seriously broken in perl 2235 5.001! 2236 2237 Version 1.57 2238 2239 1. Support for the Netscape 2.0 "File upload" field. 2240 2. The handling of defaults for selected items in scrolling lists and 2241 multiple checkboxes is now consistent. 2242 2243 Version 1.56 2244 2245 1. Created true "pod" documentation for the module. 2246 2. Cleaned up the code to avoid many of the spurious "use of 2247 uninitialized variable" warnings when running with the -w switch. 2248 3. Added the autoEscape() method. v 2249 4. Added string interpolation of the CGI object. 2250 5. Added the ability to pass additional parameters to the <BODY> tag. 2251 6. Added the ability to specify the status code in the HTTP header. 2252 2253 Bug fixes in version 1.55 2254 2255 1. Every time self_url() was called, the parameter list would grow. 2256 This was a bad "feature". 2257 2. Documented the fact that you can pass "-" to radio_group() in 2258 order to prevent any button from being highlighted by default. 2259 2260 Bug fixes in version 1.54 2261 2262 1. The user_agent() method is now documented; 2263 2. A potential security hole in import() is now plugged. 2264 3. Changed name of import() to import_names() for compatibility with 2265 CGI:: modules. 2266 2267 Bug fixes in version 1.53 2268 2269 1. Fixed several typos in the code that were causing the following 2270 subroutines to fail in some circumstances 2271 1. checkbox() 2272 2. hidden() 2273 2. No features added 2274 2275 New features added in version 1.52 2276 2277 1. Added backslashing, quotation marks, and other shell-style escape 2278 sequences to the parameters passed in during debugging off-line. 2279 2. Changed the way that the hidden() method works so that the default 2280 value always overrides the current one. 2281 3. Improved the handling of sticky values in forms. It's now less 2282 likely that sticky values will get stuck. 2283 4. If you call server_name(), script_name() and several other methods 2284 when running offline, the methods now create "dummy" values to 2285 work with. 2286 2287 Bugs fixed in version 1.51 2288 2289 1. param() when called without arguments was returning an array of 2290 length 1 even when there were no parameters to be had. Bad bug! 2291 Bad! 2292 2. The HTML code generated would break if input fields contained the 2293 forbidden characters ">< or &. You can now use these characters 2294 freely. 2295 2296 New features added in version 1.50 2297 2298 1. import() method allows all the parameters to be imported into a 2299 namespace in one fell swoop. 2300 2. Parameters are now returned in the same order in which they were 2301 defined. 2302 2303 Bugs fixed in version 1.45 2304 2305 1. delete() method didn't work correctly. This is now fixed. 2306 2. reset() method didn't allow you to set the name of the button. 2307 Fixed. 2308 2309 Bugs fixed in version 1.44 2310 2311 1. self_url() didn't include the path information. This is now fixed. 2312 2313 New features added in version 1.43 2314 2315 1. Added the delete() method. 2316 2317 New features added in version 1.42 2318 2319 1. The image_button() method to create clickable images. 2320 2. A few bug fixes involving forms embedded in <PRE> blocks. 2321 2322 New features added in version 1.4 2323 2324 1. New header shortcut methods 2325 + redirect() to create HTTP redirection messages. 2326 + start_html() to create the HTML title, complete with the 2327 recommended <LINK> tag that no one ever remembers to include. 2328 + end_html() for completeness' sake. 2329 2. A new save() method that allows you to write out the state of an 2330 script to a file or pipe. 2331 3. An improved version of the new() method that allows you to restore 2332 the state of a script from a file or pipe. With (2) this gives you 2333 dump and restore capabilities! (Wow, you can put a "121,931 2334 customers served" banner at the bottom of your pages!) 2335 4. A self_url() method that allows you to create state-maintaining 2336 hypertext links. In addition to allowing you to maintain the state 2337 of your scripts between invocations, this lets you work around a 2338 problem that some browsers have when jumping to internal links in 2339 a document that contains a form -- the form information gets lost. 2340 5. The user-visible labels in checkboxes, radio buttons, popup menus 2341 and scrolling lists have now been decoupled from the values sent 2342 to your CGI script. Your script can know a checkbox by the name of 2343 "cb1" while the user knows it by a more descriptive name. I've 2344 also added some parameters that were missing from the text fields, 2345 such as MAXLENGTH. 2346 6. A whole bunch of methods have been added to get at environment 2347 variables involved in user verification and other obscure 2348 features. 2349 2350 Bug fixes 2351 2352 1. The problems with the hidden fields have (I hope at last) been 2353 fixed. 2354 2. You can create multiple query objects and they will all be 2355 initialized correctly. This simplifies the creation of multiple 2356 forms on one page. 2357 3. The URL unescaping code works correctly now. 2358