The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.

Changes for version 1.113 - 2010-12-27

  • (thanks to Yamada Masahiro) randomise multipart boundary string (security).
  • Numerous changes from Mark Stosberg:
    • Port max-age support from, to improve compatibility and RFC-compliance
    • Correct header comment in cookie.t
    • It claims that is a simple copy/paste/modify from's test by the same name, but this has not been true for some time-- CGI::Simple added
    • httponly tests that lacks, for example.
    • Sync cookie references with add reference to the newer RFC 2695
    • "Interface to browse cookies" looks like it was typo for "browser". HTTP is more precise.
    • Fix awkward "" language. It looks like it probably originated from the form. "CGI::Simple" is used instead.
    • Best Practice: eliminate indirect object notation from new(), parse() and fetch() calls
    • Security: Fix handling of embedded malicious newlines in header values This is a direct port of the same security fix that
    • Security: use a random MIME boundary by default in multipart_init(). This is a direct port of the same issue which was addressed in, preventing some kinds of potential header injection attacks.
    • Port from Fix multi-line header parsing. This fix is covered by the tests in t/header.t added in the previous patch. If you run those tests without this patch, you'll see how the headers would be malformed without this fix.
    • Port CRLF injection prevention from
    • Optimize Vars(): Don't build %hash if we aren't going to use it.
    • Micro-optimization to Vars(): Don't call "tie" unless we need to.
  • Numerous changes from K. Berov:
    • Added "+" to the mime character class.
    • Added tests for C<$mime = $q->upload_info( $filename, 'mime' );>
    • Fixed wrong match for mimetypes. Example: matched only 'application/vnd' instead of 'application/'.
    • Added "\." to the mime character class


A Simple totally OO CGI interface that is compliant
Interface to HTTP cookies
a wrapper module for CGI::Simple that provides a function style interface
Internal utilities used by CGI::Simple module