AUBERTG / Perl-Critic-Policy-ValuesAndExpressions-PreventSQLInjection-v1.3.1 / Changes

Revision history for Perl-Critic-Policy-ValuesAndExpressions-PreventSQLInjection

v1.3.1  2014-04-20
        - Fixed "package version matches dist version" for CPANTS.
        - Fixed license declared in meta files.
        - Refactored to use String::InterpolatedVariables.

v1.3.0  2014-03-26
        - (GH-12) Fixed handling of ternary operators.
        - (GH-13) Added detection of function / class method calls, added
          support for marking functions / class methods as safe from SQL
          injection risks.
        - (GH-13) Allowed configuring the list of safe functions, class
          methods, and object methods via .perlcriticrc.
        - (GH-14) Fixed handling of quoted heredoc blocks (thanks Victor Efimov
          for finding the issue).
        - (GH-16) Fixed double-quoted string test.
        - Added many tests, thanks to Victor Efimov.
        - Updated list of current limitations of the module.
        - Clarified documentation.

v1.2.0  2013-12-30
        - Added support for commas (in addition to spaces) in safe variable
          lists (GH-9).
        - Fixed detection of array indexes in variables.
        - Fixed parsing of spaces in quoted hash keys.
        - Tightened detection of quoting methods.

v1.1.5  2013-12-05
        - Added detection of quote() and quote_identifier(), to prevent the
          detection of false-positives (GH-8).

v1.1.4  2013-12-03
        - Fixed whitelisting of concatenated variables (GH-7).

v1.1.3  2013-11-20
        - Decreased false-positive by looking for SQL keywords at the beginning
          of the strings (GH-6).

v1.1.2  2013-11-19
        - Fixed detection of the end of SQL statements in array elements
          (GH-5).

v1.1.1  2013-11-09
        - Support for Perl v5.8.

v1.1.0  2013-11-08
        - Added detection of SQL injection flaws introduced via
          heredoc blocks (GH-1) and concatenation (GH-2).

v1.0.1  2013-10-15
        - Added missing dependency.
        - Ignored warnings in dependencies when testing.

v1.0.0  2013-10-14
        - Public release.



Hosting generously
sponsored by Bytemark