Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re^2: CGI::param called in list context from package

by perlron (Pilgrim)
on Oct 27, 2014 at 15:10 UTC ( [id://1105162]=note: print w/replies, xml ) Need Help??


in reply to Re: CGI::param called in list context from package
in thread CGI::param called in list context from package

thank you for taking the trouble to make me know this. im relieved im not in no mans land then! folks like you make perl understandable for beginners.
However based on a quick test of the application after a cpanm update to CGI v4.09 i still see the error/warning in my apache logs.
 CGI::param called in list context from package CGI::Session line 364, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter"
Do let me know if there is any way i can check if the issue is on my side. My detailed code is put up above.
the pertinent call is
my $session = $self->session(); my $query = $self->query(); #clearing the session before writing new values. $session->clear(); $session->save_param();
Do not wait to strike when the iron is hot! Make it hot by striking - WB Yeats

Replies are listed 'Best First'.
Re^3: CGI::param called in list context from package
by leej (Scribe) on Oct 27, 2014 at 15:22 UTC
    A ha! It looks like CGI::Session is calling ->param in list context with arguments: https://metacpan.org/source/MARKSTOS/CGI-Session-4.48/lib/CGI/Session.pm#L364 The temp solution to this is to set the following in your code: $CGI::LIST_CONTEXT_WARN = 0 An issue needs to be raised against CGI::Session to change it to use multi_param or switch off the warning. The slight irony is that i took over maintenance of CGI from Mark, the current author of CGI::Session...
        thanks! thats very helpful sir! I would like to add that during my testing i found that even calling save param with
        $session->save_param(scalar $query->param('param_name')) OR even
        $session->save_param($query->param('param_name')
        was causing my module to die without writing to the logs. I had mentioned this in the initial post .
        Do not wait to strike when the iron is hot! Make it hot by striking - WB Yeats
      he he.. i just casually chatted online with mark earlier last week, about how i loved his contribution to CGI:Application. I find the api very intuitive (call me lame to still like CGI::Application :D)
      btw.. i am still getting the error in my logs..im not sure why.
      Do not wait to strike when the iron is hot! Make it hot by striking - WB Yeats
        You're getting the errors still even setting: $CGI::LIST_CONTEXT_WARN = 0 in your code?
      this works! $CGI::LIST_CONTEXT_WARN = 0

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1105162]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others surveying the Monastery: (5)
As of 2024-09-13 17:05 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    The PerlMonks site front end has:





    Results (21 votes). Check out past polls.

    Notices?
    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.