Closed jibsheet closed 10 years ago
Mason protects from the class of param() bugs which allow users to sneak in arguments as described here: http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/
Since CGI.pm 4.05 the only way to quiet this warning is by setting their variable as documented here https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-parameter
Mason has always allowed foo=1&foo=2 to end up available in a template as @foo = (1,2) so retain backcompat.
Quiets a warning in t/14-cgi.t tied to faking up CGI.pm
Reported in https://rt.cpan.org/Ticket/Display.html?id=99520
Mason protects from the class of param() bugs which allow users to sneak in arguments as described here: http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/
Since CGI.pm 4.05 the only way to quiet this warning is by setting their variable as documented here https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-parameter
Mason has always allowed foo=1&foo=2 to end up available in a template as @foo = (1,2) so retain backcompat.
Quiets a warning in t/14-cgi.t tied to faking up CGI.pm
Reported in https://rt.cpan.org/Ticket/Display.html?id=99520