Closed Bug 1087400 Opened 10 years ago Closed 10 years ago

CGI 4.05 throws tons of "CGI::param called in list context" warnings

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Version:
4.5.6
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 4.2

People

(Reporter: LpSolit, Assigned: LpSolit)

References

Details

Attachments

(1 file)

patch, v1
325 bytes, patch
glob
: review+
Details | Diff | Splinter Review 
For security reasons, CGI 4.05 and newer throw "CGI::param called in list context" warnings if you write:

  @foo = $cgi->param('foo');

This is polluting web server logs (which can potentially alter performance). We should either set $LIST_CONTEXT_WARN = 0, or clone the upstream multi_param() subroutine into Bugzilla::CGI for installations which use CGI < 4.05 and use it instead of param() where appropriate.

For Bugzilla 5.0, maybe setting $LIST_CONTEXT_WARN = 0 is easier, but for Bugzilla 5.2, we should use multi_param() for security reasons (i.e. be explicit instead of hidding warnings).
(In reply to Frédéric Buclin from comment #0)
> For Bugzilla 5.0, maybe setting $LIST_CONTEXT_WARN = 0 is easier, but for
> Bugzilla 5.2, we should use multi_param() for security reasons (i.e. be
> explicit instead of hidding warnings).

+1
Do we also want to fix that in Bugzilla 4.4?
Flags: blocking5.0?
(In reply to Frédéric Buclin from comment #2)
> Do we also want to fix that in Bugzilla 4.4?

yes
Flags: blocking5.0? → blocking5.0+
Target Milestone: --- → Bugzilla 4.4
Attached patch patch, v1Splinter Review 
Assignee: general → LpSolit
Status: NEW → ASSIGNED

        Attachment #8509941 -
        Flags: review?(glob)

    
  
Blocks: 1088022

    
    

    
  
Comment on attachment 8509941 [details] [diff] [review]
patch, v1

Review of attachment 8509941 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob

        Attachment #8509941 -
        Flags: review?(glob) → review+

    
  
Flags: approval5.0+
Flags: approval4.4+
Flags: approval+

    
    

    
  
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   36e2c74..0410aa4  master -> master

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   611bca7..1f49750  5.0 -> 5.0

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   f689b0d..9155570  4.4 -> 4.4
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED

    
    

    
  
Approved for 4.2 as well on the grounds that we need passing tests to tell if it's safe to release if we need to release it again.
Flags: approval4.2+

    
    

    
  
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   9d068ba..6bf9634  4.2 -> 4.2
Target Milestone: Bugzilla 4.4 → Bugzilla 4.2

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: