Closed Bug 1087400 Opened 5 years ago Closed 5 years ago

CGI 4.05 throws tons of "CGI::param called in list context" warnings

Categories

(Bugzilla :: Bugzilla-General, defect)

4.5.6
defect
Not set

Tracking

()

RESOLVED FIXED
Bugzilla 4.2

People

(Reporter: LpSolit, Assigned: LpSolit)

References

Details

Attachments

(1 file)

For security reasons, CGI 4.05 and newer throw "CGI::param called in list context" warnings if you write:

  @foo = $cgi->param('foo');

This is polluting web server logs (which can potentially alter performance). We should either set $LIST_CONTEXT_WARN = 0, or clone the upstream multi_param() subroutine into Bugzilla::CGI for installations which use CGI < 4.05 and use it instead of param() where appropriate.

For Bugzilla 5.0, maybe setting $LIST_CONTEXT_WARN = 0 is easier, but for Bugzilla 5.2, we should use multi_param() for security reasons (i.e. be explicit instead of hidding warnings).
(In reply to Frédéric Buclin from comment #0)
> For Bugzilla 5.0, maybe setting $LIST_CONTEXT_WARN = 0 is easier, but for
> Bugzilla 5.2, we should use multi_param() for security reasons (i.e. be
> explicit instead of hidding warnings).

+1
Do we also want to fix that in Bugzilla 4.4?
Flags: blocking5.0?
(In reply to Frédéric Buclin from comment #2)
> Do we also want to fix that in Bugzilla 4.4?

yes
Flags: blocking5.0? → blocking5.0+
Target Milestone: --- → Bugzilla 4.4
Attached patch patch, v1Splinter Review
Assignee: general → LpSolit
Status: NEW → ASSIGNED
Attachment #8509941 - Flags: review?(glob)
Blocks: 1088022
Comment on attachment 8509941 [details] [diff] [review]
patch, v1

Review of attachment 8509941 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob
Attachment #8509941 - Flags: review?(glob) → review+
Flags: approval5.0+
Flags: approval4.4+
Flags: approval+
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   36e2c74..0410aa4  master -> master

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   611bca7..1f49750  5.0 -> 5.0

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   f689b0d..9155570  4.4 -> 4.4
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Approved for 4.2 as well on the grounds that we need passing tests to tell if it's safe to release if we need to release it again.
Flags: approval4.2+
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   9d068ba..6bf9634  4.2 -> 4.2
Target Milestone: Bugzilla 4.4 → Bugzilla 4.2
You need to log in before you can comment on or make changes to this bug.