Closed
Bug 1087400
Opened 10 years ago
Closed 10 years ago
CGI 4.05 throws tons of "CGI::param called in list context" warnings
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 4.2
People
(Reporter: LpSolit, Assigned: LpSolit)
References
Details
Attachments
(1 file)
325 bytes,
patch
|
glob
:
review+
|
Details | Diff | Splinter Review |
For security reasons, CGI 4.05 and newer throw "CGI::param called in list context" warnings if you write: @foo = $cgi->param('foo'); This is polluting web server logs (which can potentially alter performance). We should either set $LIST_CONTEXT_WARN = 0, or clone the upstream multi_param() subroutine into Bugzilla::CGI for installations which use CGI < 4.05 and use it instead of param() where appropriate. For Bugzilla 5.0, maybe setting $LIST_CONTEXT_WARN = 0 is easier, but for Bugzilla 5.2, we should use multi_param() for security reasons (i.e. be explicit instead of hidding warnings).
(In reply to Frédéric Buclin from comment #0) > For Bugzilla 5.0, maybe setting $LIST_CONTEXT_WARN = 0 is easier, but for > Bugzilla 5.2, we should use multi_param() for security reasons (i.e. be > explicit instead of hidding warnings). +1
(In reply to Frédéric Buclin from comment #2) > Do we also want to fix that in Bugzilla 4.4? yes
Flags: blocking5.0? → blocking5.0+
Target Milestone: --- → Bugzilla 4.4
Assignee | ||
Comment 4•10 years ago
|
||
Comment on attachment 8509941 [details] [diff] [review] patch, v1 Review of attachment 8509941 [details] [diff] [review]: ----------------------------------------------------------------- r=glob
Attachment #8509941 -
Flags: review?(glob) → review+
Assignee | ||
Comment 6•10 years ago
|
||
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 36e2c74..0410aa4 master -> master To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 611bca7..1f49750 5.0 -> 5.0 To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git f689b0d..9155570 4.4 -> 4.4
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Comment 7•9 years ago
|
||
Approved for 4.2 as well on the grounds that we need passing tests to tell if it's safe to release if we need to release it again.
Flags: approval4.2+
Assignee | ||
Comment 8•9 years ago
|
||
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 9d068ba..6bf9634 4.2 -> 4.2
Target Milestone: Bugzilla 4.4 → Bugzilla 4.2
You need to log in
before you can comment on or make changes to this bug.
Description
•