http://www.perlmonks.org?node_id=1105159


in reply to CGI::param called in list context from package

Update CGI.pm to the latest version. CGI::Session calls CGI::param in list context with no arguments, and i made the warning a little more noisy than i should have in v4.05. This was changed to be a bit more lenient in CGI.pm v4.06.
  • Comment on Re: CGI::param called in list context from package

Replies are listed 'Best First'.
Re^2: CGI::param called in list context from package
by perlron (Pilgrim) on Oct 27, 2014 at 15:10 UTC
    thank you for taking the trouble to make me know this. im relieved im not in no mans land then! folks like you make perl understandable for beginners.
    However based on a quick test of the application after a cpanm update to CGI v4.09 i still see the error/warning in my apache logs.
     CGI::param called in list context from package CGI::Session line 364, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter"
    Do let me know if there is any way i can check if the issue is on my side. My detailed code is put up above.
    the pertinent call is
    my $session = $self->session(); my $query = $self->query(); #clearing the session before writing new values. $session->clear(); $session->save_param();
    Do not wait to strike when the iron is hot! Make it hot by striking - WB Yeats
      A ha! It looks like CGI::Session is calling ->param in list context with arguments: https://metacpan.org/source/MARKSTOS/CGI-Session-4.48/lib/CGI/Session.pm#L364 The temp solution to this is to set the following in your code: $CGI::LIST_CONTEXT_WARN = 0 An issue needs to be raised against CGI::Session to change it to use multi_param or switch off the warning. The slight irony is that i took over maintenance of CGI from Mark, the current author of CGI::Session...
        this works! $CGI::LIST_CONTEXT_WARN = 0
        he he.. i just casually chatted online with mark earlier last week, about how i loved his contribution to CGI:Application. I find the api very intuitive (call me lame to still like CGI::Application :D)
        btw.. i am still getting the error in my logs..im not sure why.
        Do not wait to strike when the iron is hot! Make it hot by striking - WB Yeats