/ 
libwww-perl-5.41
/ LWP::MediaTypes
Security Advisories (4)
CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CPANSA-libwww-perl-2001-01 (2001-03-14)

If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for "http_proxy" permits "HTTP_PROXY" to be found, but this can be trivially set by the web client using the "Proxy:" header.

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

NAME

LWP::MediaTypes - guess media type for a file or a URL

SYNOPSIS

use LWP::MediaTypes qw(guess_media_type);
$type = guess_media_type("/tmp/foo.gif");

DESCRIPTION

This module provides functions for handling of media (also known as MIME) types and encodings. The mapping from file extentions to media types is defined by the media.types file. If the ~/.media.types file exist it is used as a replacement. For backwards compatability we will also look for ~/.mime.types.

The following functions are exported by default:

guess_media_type($filename_or_url, [$header_to_modify])

This function tries to guess media type and encoding for given file. It returns the content-type, which is a string like "text/html". In array context it also returns any content-encodings applied (in the order used to encode the file). You can pass a URI object reference, instead of the file name, as the first parameter too.

If the type can not be deduced from looking at the file name only, then guess_media_type() will let the -T Perl operator take a look. If this works (and -T returns a TRUE value) then we return text/plain as the type, otherwise we return application/octet-stream as the type.

The optional second argument should be a reference to a HTTP::Headers object (or any object that implement the $obj->header method in a similar way). When present we will set the values of the 'Content-Type' and 'Content-Encoding' for this header.

media_suffix($type,...)

This function will return all suffixes that can be used to denote the specified media type(s). Wildcard types can be used. In scalar context it will return the first suffix found.

Examples:

@suffixes = media_suffix('image/*', 'audio/basic');
$suffix = media_suffix('text/html');

The following functions are only exported by explict request:

add_type($type, @exts)

Associate a list of file extensions with the given media type.

Example:

add_type("x-world/x-vrml" => qw(wrl vrml));
add_encoding($type, @ext)

Associate a list of file extensions with and encoding type.

Example:

add_encoding("x-gzip" => "gz");
read_media_types(@files)

Parse a media types file from disk and add the type mappings found there.

Example:

read_media_types("conf/mime.types");

COPYRIGHT

Copyright 1995-1998 Gisle Aas.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.