On Tue, Feb 22, 2011 at 10:33, Jay Hannah
<jhannah@mutationgrid.com> wrote:
(In PHP "register_globals" has been deprecated sometime between 2002 and now.)
I remember that - I always knew pulling in user-supplied variables automatically was a bad thing from a security standpoint. It's too easy to just pull them in and use them without actually knowing that they came from user (i.e. hacker) land.
These change(s) wouldn't be listed in the Perl change log, they'd be noted in CGI's Changes file:
http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.52/Changes
Which, strangely, doesn't list the date of each release (when was 2.50 released? maybe that was the change point for your behavior).
Doh! Should have checked there too.
RedHat deserves no fault nor credit for this change. :)
None implied - there have been enough cooks in this kitchen that I'll place the blame on me/us first. And I think the param() method makes things a bit easier to read and follow.
Thanks,
Dan