Front page | perl.perl5.porters |
Postings from March 2008
dual life module bug/patch workflow
Thread Next
From:
Nicholas Clark
Date:
March 13, 2008 09:29
Subject:
dual life module bug/patch workflow
Message ID:
20080313162908.GA62653@plum.flirble.org
It strikes me that this isn't making our lives easier...
On Fri, Jan 04, 2008 at 05:30:08AM -0800, Steve Peters wrote:
> Change 32826 by stevep@stevep-kirk on 2008/01/04 13:17:31
>
> Upgrade to CGI.pm-3.33. There are still differences between the
> core version and CPAN version, so, the version bump continues.
> $CGI::revision = '$Id: CGI.pm,v 1.240 2007/11/30 18:58:27 lstein Exp $';
> -$CGI::VERSION='3.32_01';
> +$CGI::VERSION='3.33_01';
>
Maybe we should by default send patches like the one below upstream, rather
than applying them ourselves?
Is there a good way to transfer tickets from rt.perl.org to rt.cpan.org?
If no, why do we run two separate RT instances? Clearly there are
disadvantages; what are the advantages?
Nicholas Clark
On Thu, Dec 20, 2007 at 07:15:03PM -0800, Steve Peters wrote:
> Change 32683 by stevep@stevep-kirk on 2007/12/21 03:14:20
>
> Subject: [perl #37607] CGI file upload file name parsing errors
> From: aspa@merlot.kronodoc.fi (Marko Asplund)
> Date: Fri, 4 Nov 2005 13:40:05 +0200 (EET)
> Message-ID: <5.8.7_13518_1131102897@merlot.kronodoc.fi>
>
> Affected files ...
>
> ... //depot/perl/lib/CGI.pm#69 edit
>
> Differences ...
>
> ==== //depot/perl/lib/CGI.pm#69 (text) ====
> Index: perl/lib/CGI.pm
> --- perl/lib/CGI.pm#68~32661~ 2007-12-19 11:55:00.000000000 -0800
> +++ perl/lib/CGI.pm 2007-12-20 19:14:20.000000000 -0800
> @@ -19,7 +19,7 @@
> # http://stein.cshl.org/WWW/software/CGI/
>
> $CGI::revision = '$Id: CGI.pm,v 1.240 2007/11/30 18:58:27 lstein Exp $';
> -$CGI::VERSION='3.31';
> +$CGI::VERSION='3.31_01';
>
> # HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
> # UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
> @@ -3379,7 +3379,11 @@
> $param .= $TAINTED;
>
> # Bug: Netscape doesn't escape quotation marks in file names!!!
> - my($filename) = $header{'Content-Disposition'}=~/ filename="([^"]*)"/;
> + # See RFC 1867, 2183, 2045
> + # NB: File content will be loaded into memory should
> + # content-disposition parsing fail.
> + my ($filename) = $header{'Content-Disposition'}=~/ filename=(("[^"]*")|([a-z\d!\#'\*\+,\.^_\`\{\}\|\~]*))/i;
> + $filename =~ s/^"([^"]*)"$/$1/;
> # Test for Opera's multiple upload feature
> my($multipart) = ( defined( $header{'Content-Type'} ) &&
> $header{'Content-Type'} =~ /multipart\/mixed/ ) ?
> End of Patch.
Thread Next
-
dual life module bug/patch workflow
by Nicholas Clark