From: Junio C Hamano <gitster@pobox.com>
To: Jeff King <peff@peff.net>
Cc: git@vger.kernel.org, Michael Haggerty <mhagger@alum.mit.edu>,
Jonathan Nieder <jrnieder@gmail.com>
Subject: Re: [PATCH] gitweb: hack around CGI's list-context param() handling
Date: Tue, 18 Nov 2014 09:58:26 -0800 [thread overview]
Message-ID: <xmqqfvdgwful.fsf@gitster.dls.corp.google.com> (raw)
In-Reply-To: <20141118171022.GA18799@peff.net> (Jeff King's message of "Tue, 18 Nov 2014 12:10:22 -0500")
Jeff King <peff@peff.net> writes:
> As of CGI.pm's 4.08 release, the behavior to call
> CGI::param() in a list context is deprecated (because it can
> be potentially unsafe if called inside a hash constructor).
> This cause gitweb to issue a warning for some of our code,
> which in turn causes the tests to fail.
>
> Our use is in fact _not_ one of the dangerous cases, as we
> are intentionally using a list context. The recommended
> route by 4.08 is to use the new CGI::multi_param() call to
> make it explicit that we know what we are doing.
> However, that function is only available in 4.08, which is
> about a month old; we cannot rely on having it.
>
> One option would be to set $CGI::LIST_CONTEXT_WARN globally,
> which turns off the warning. However, that would eliminate
> the protection these newer releases are trying to provide.
> We want to annotate each site as OK using the new function.
>
> So instead, let's check whether CGI provides the
> multi_param() function, and if not, provide an
> implementation that just wraps param(). That will work on
> both old and new versions of CGI. Sadly, we cannot just
> check defined(\&CGI::multi_param), because CGI uses the
> autoload feature, which claims that all functions are
> defined. Instead, we just do a version check.
The solution does look like the best in the messy situation. Thanks
for looking into it.
> +if (!defined($CGI::VERSION) || $CGI::VERSION < 4.08) {
> + eval 'sub CGI::multi_param { CGI::param(@_) }'
> +}
> +
> our $t0 = [ gettimeofday() ];
> our $number_of_git_cmds = 0;
>
> @@ -871,7 +875,7 @@ sub evaluate_query_params {
>
> while (my ($name, $symbol) = each %cgi_param_mapping) {
> if ($symbol eq 'opt') {
> - $input_params{$name} = [ map { decode_utf8($_) } $cgi->param($symbol) ];
> + $input_params{$name} = [ map { decode_utf8($_) } $cgi->multi_param($symbol) ];
> } else {
> $input_params{$name} = decode_utf8($cgi->param($symbol));
> }
next prev parent reply other threads:[~2014-11-18 17:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-18 17:10 [PATCH] gitweb: hack around CGI's list-context param() handling Jeff King
2014-11-18 17:58 ` Junio C Hamano [this message]
2014-11-18 18:01 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqfvdgwful.fsf@gitster.dls.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=jrnieder@gmail.com \
--cc=mhagger@alum.mit.edu \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.