source: trunk/essentials/dev-lang/perl/lib/CGI/Changes

  Version 3.15 Wed Dec  7 15:13:22 EST 2005
   1. Remove extraneous "?" from self_url() when URI contains a ? but no query string.

  Version 3.14 Tue Dec  6 17:12:03 EST 2005
   1. Fixed broken scrolling_list() select attribute.
        
  Version 3.13
    1. Removed extraneous empty "?" from end of self_url().

  Version 3.12
    1. Fixed virtual_port so that it works properly with https protocol.
    2. Fixed documentation for upload_hook().
    3. Added POSTDATA documentation.
    4. Made upload_hook() work in function-oriented mode.
    5. Fixed POST_MAX behavior so that it doesn't cause client to hang.
    6. Disabled automatic tab indexes and added new -tabindex pragma to
        turn automatic indexes back on.
    7. The url() and self_url() methods now work better in the context of Apache
       mod_rewrite. Be advised that path_info() may give you confusing results
       when mod_rewrite is active because Apache calculates the path info *after*
       rewriting. This is mostly worked around in url() and self_url(), but you
       may notice some anomalies.
    8. Removed empty (and non-validating) <div> from code emitted by end_form().
    9. Fixed CGI::Carp to work correctly with Mod_perl 1.29 in an Apache 2 environment.
   10. Setting $CGI::TMPDIRECTORY should now be effective.

  Version 3.11
    1. Killed warning in CGI::Cookie about MOD_PERL_API_VERSION
    2. Fixed append() so that it works in function mode.
    3. Workaround for a bug that appears in Apache2 versions through 2.0.54 
       in which SCRIPT_NAME and PATH_INFO are incorrect if the additional path_info
       contains a double slash. This workaround will handle the common case of
       http://mysite.com/cgi-bin/log.cgi/http://www.some.other.site/args, but will
       not handle the uncommon case of a ScriptAlias directive that adds additional
       path information to the end of the translated URI.

  Version 3.10
    1. Added Apache2::RequestIO, which is necessary for mp2 interoperability.

  Version 3.09
    1. Fixed tabindex="0" when using CGI to create forms without a prior start_html
    2. Removed warning about non-numeric MOD_PERL_API_VERSION.

  Version 3.08
    1. update support for mod_perl 2.0.  versions prior to
       mod_perl 1.999_22 (2.0.0-RC5) are no longer supported.

  Version 3.07
    1. Fixed typo in mod_perl detection.

  Version 3.06

    1. Fixed bare call to script() in start_html
    2. Moved Fh::DESTROY out of autoloaded functions so as to avoid
       clobbering $@ when CGI functions are executed in an eval{}
       context.
    3. mod_perl 2.0 version detection patch in CGI::Cookie provided by
       Allen Day.
    4. autoEscape() flag is now respected when generating extra
       attributes.
    5. Tests for *tag start/end generation from Shlomi Fish.
    6. Support for can() method provided by Ron Savage.
    7. Fix for lang='' when outputting XHTML.
    8. Added support for chunked transfer encoding, as suggested by 
        Hakan Ardo
    9. Fixed clobbering of row and column headers in tableized radio
        and checkbox groups, as reported by Nicolas Thierry-Mieg.
   10. <Label> tags are now associated with form elements, as suggested
        by accessibility guidelines.
   11. The <?xml> directive produced by start_html is now turned off by
        default and the charset is specified in a <meta> directive.  Apparently
        IE6 (and maybe some versions of Opera) were getting confused by this.
   12. Support for tab indexes.
   13. Retired the HTML docs.  The POD docs are now primary documentation.
   14. CGI::Carp now correctly detects and handles Apache::Dispatch.
   15. CGI::Util::utf8_chr now correctly sets the UTF8 flag on 5.006 or
        higher perls (fix courtesy Slaven Rezic).


  Version 3.05

    1. Fixed uninitialized variable warning on start_form() when running
       from command line.
    2. Fixed CGI::_set_attributes so that attributes with a - are handled
       correctly.
    3. Fixed CGI::Carp::die() so as to avoid problems from _longmess()
       clobbering @_.
    4. If HTTP_X_FORWARDED_HOST is defined (i.e. running under a proxy),
       the various functions that return HOST will use that instead.
    5. Fix for undefined utf8() call in CGI::Util.
    6. Changed the call to warningsToBrowser() in
       CGI::Carp::fatalsToBrowser to call only after HTTP header is sent
       (thanks to Didier Lebrun for noticing).
    7. Patches from Dan Harkless to make CGI.pm validatable against HTML
       3.2.
    8. Fixed an extraneous "foo=bar" appearing when extra style
       parameters passed to start_html;
    9. Fixed cross-site scripting bug in startform() pointed out by Dan
       Harkless.
   10. Fixed documentation to discuss list context behavior of
       form-element generators explicitly.
   11. Fixed incorrect results from end_form() when called in OO manner.
   12. Fixed query string stripping in order to handle URLs containing
       escaped newlines.
   13. During server push, set NPH to 0 rather than 1. This is supposed
       to fix problems with Apache.
   14. Fixed incorrect processing of multipart form fields that contain
       embedded quotes. There's still the issue of how to handle ones
       that contain embedded semicolons, but no one has complained (yet).
   15. Fixed documentation bug in -style argument to start_html()
   16. Added -status argument to redirect().

  Version 3.04

    1. Fixed the problem with mod_perl crashing when "defaults" button
       pressed.

  Version 3.03

    1. Fix upload hook functionality
    2. Workaround for CGI->unescape_html()
    3. Bumped version numbers in CGI::Fast and CGI::Util for 5.8.3-tobe

  Version 3.02

    1. Bring in Apache::Response just in case.
    2. File upload on EBCDIC systems now works.

  Version 3.01

    1. No fix yet for upload failures when running on EBCDIC server.
    2. Fixed uninitialized glob warnings that appeared when file
       uploading under perl 5.8.2.
    3. Added patch from Schlomi Fish to allow debugging of PATH_INFO from
       command line.
    4. Added patch from Steve Hay to correctly unlink tmp files under
       mod_perl/windows
    5. Added upload_hook functionality from Jamie LeTaul
    6. Workarounds for mod_perl 2 IO issues. Check that file upload and
       state saving still working.
    7. Added code for underreads.
    8. Fixed misleading description of redirect() and relative URLs in
       the POD docs.
    9. Workaround for weird interaction of CGI::Carp with Safe module
       reported by William McKee.
   10. Added patches from Ilmari Karonen to improve behavior of
       CGI::Carp.
   11. Fixed documentation error in -style argument.
   12. Added virtual_port() method for finding out what port server is
       listening on in a virtual-host aware fashion.

  Version 3.00

    1. Patch from Randal Schwartz to fix bug introduced by cross-site
       scripting vulnerability "fix."
    2. Patch from JFreeman to replace UTF-8 escape constant of 0xfe with
       0xfc. Hope this is right!

  Version 2.99

    1. Patch from Steve Hay to fix extra Content-type: appearing on
       browser screen when FatalsToBrowser invoked.
    2. Patch from Ewann Corvellec to fix cross-site scripting
       vulnerability.
    3. Fixed tmpdir routine for file uploading to solve problem that
       occurs under mod_perl when tmpdir is writable at startup time, but
       not at session time.

  Version 2.98

    1. Fixed crash in Dump() function.

  Version 2.97

    1. Sigh. Uploaded wrong 2.96 to CPAN.

  Version 2.96

    1. More bugfixes to the -style argument.

  Version 2.95

    1. Fixed bugs in start_html(-style=>...) support introduced in 2.94.

  Version 2.94

    1. Removed warning from reset() method.
    2. Moved

   and tags into the :html3 group. Hope this removes undefined CGI::Area
   errors.

     Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore
   reporting of compile-time errors.

     Fixed potential deadlock between web server and CGI.pm when aborting
   a read due to POST_MAX (reported by Antti Lankila).

     Fixed issue with tag-generating function not incorporating content
   when first variable undef.

     Fixed cross-site scripting bug reported by obscure.

     Fixed Dump() function to return correctly formed XHTML - bug
   reported by Ralph Siemsen.

  Version 2.93

    1. Fixed embarassing bug in mp1 support.

  Version 2.92

    1. Fix to be P3P compliant submitted from MPREWITT.
    2. Added CGI->r() API for mod_perl1/mod_perl2.
    3. Fixed bug in redirect() that was corrupting cookies.
    4. Minor fix to behavior of reset() button to make it consistent with
       submit() button (first time this has been changed in 9 years).
    5. Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher.
    6. Patch from Steve Hay to make CGI::Carp's error messages appear on
       MSIE browsers.
    7. Added Yair Lenga's patch for non-urlencoded postings.
    8. Added Stas Bekman's patches for mod_perl 2 compatibility.
    9. Fixed uninitialized escape behavior submitted by William Campbell.
   10. Fixed tied behavior so that you can pass arguments to tie()
   11. Fixed incorrect generation of URLs when the path_info contains +
       and other odd characters.
   12. Fixed redirect(-cookies=>$cookie) problem.
   13. Fixed tag generation bug that affects -javascript passed to
       start_html().

  Version 2.91

    1. Attribute generation now correctly respects the value of
       autoEscape().
    2. Fixed endofrm() syntax error introduced by Ben Edgington's patch.

  Version 2.90

    1. Fixed bug in redirect header handling.
    2. Added P3P option to header().
    3. Patches from Alexey Mahotkin to make CGI::Carp work correctly with
       object-oriented exceptions.
    4. Removed inaccurate description of how to set multiple cookies from
       CGI::Cookie pod file.
    5. Patch from Kevin Mahony to prevent running out of filehandles when
       uploading lots of files.
    6. Documentation enhancement from Mark Fisher to note that the
       import_names() method transforms the parameter names into valid
       Perl names.
    7. Patch from Dan Harkless to suppress lang attribute in <html> tag
       if specified as a null string.
    8. Patch from Ben Edgington to fix broken XHTML-transitional 1.0
       validation on endform().
    9. Custom html header fix from Steffen Beyer (first letter correctly
       upcased now)
   10. Added a -verbatim option to stylesheet generation from Michael
       Dickson
   11. Faster delete() method from Neelam Gupta
   12. Fixed broken Cygwin support.
   13. Added empty charset support from Bradley Baetz
   14. Patches from Doug Perham and Kevin Mahoney to fix file upload
       failures when uploaded file is a multiple of 4096.

  Version 2.89

    1. Fixed behavior of ACTION tag when POSTING to a URL that has a
       query string.
    2. Added Patch from Michael Rommel to handle multipart/mixed uploads
       from Opera

  Version 2.88

    1. Fixed problem with uploads being refused under Perl 5.8 when under
       Taint mode.
    2. Fixed uninitialized variable warnings under Perl 5.8.
    3. Fixed CGI::Pretty regression test failures.

  Version 2.87

    1. Security hole patched: when processing multipart/form-data
       postings, most arguments were being untainted silently. Returned
       arguments are now tainted correctly. This may cause some scripts
       to fail that used to work (thanks to Nick Cleaton for pointing
       this out and persisting until it was fixed).
    2. Update for mod_perl 2.0.
    3. Pragmas such as -no_xhtml are now respected in mod_perl
       environment.

  Version 2.86

    1. Fixes for broken CGI::Cookie expiration dates introduced in 2.84.

  Version 2.85

    1. Fix for broken autoEscape function introduced in 2.84.

  Version 2.84

    1. Fix for failed file uploads on Cygwin platforms.
    2. HTML escaping code now replaced 0x8b and 0x9b with unicode
       references < and *#8250;

  Version 2.83

    1. Fixed autoEscape() documentation inconsistencies.
    2. Patch from Ville Skyttä to fix a number of XHTML inconsistencies.
    3. Added Max-Age to list of CGI::Cookie headers.

  Version 2.82

    1. Patch from Rudolf Troller to add attribute setting and option
       groups to form fields.
    2. Patch from Simon Perreault for silent crashes when using CGI::Carp
       under mod_perl.
    3. Patch from Scott Gifford allows you to set the program name for
       CGI::Carp.

  Version 2.81

    1. Removed extraneous slash from end of stylesheet tags generated by
       start_html in non-XHTML mode.
    2. Changed behavior of CGI::Carp with respect to eval{} contexts so
       that output behaves properly in mod_perl environments.
    3. Fixed default DTD so that it validates with W3C validator.

  Version 2.80

    1. Fixed broken messages in CGI::Carp.
    2. Changed checked="1" to checked="checked" for real XHTML
       compatibility.
    3. Resurrected REQUEST_URI code so that url() works correctly with
       multiviews.

  Version 2.79

    1. Changes to CGI::Carp to avoid "subroutine redefined" error
       messages.
    2. Default DTD is now XHTML 1.0 Transitional
    3. Patches to support all HTML4 tags.

  Version 2.78

    1. Added ability to change encoding in <?xml> assertion.
    2. Fixed the old escapeHTML('CGI') ne "CGI" bug
    3. In accordance with XHTML requirements, there are no longer any
       minimized attributes, such as "checked".
    4. Patched bug which caused file uploads of exactly 4096 bytes to be
       truncated to 4094 (thanks to Kevin Mahony)
    5. New tests and fixes to CGI::Pretty (thanks to Michael Schwern).

  Version 2.77

    1. No new features, but released in order to fix an apparent CPAN
       bug.

  Version 2.76

    1. New esc.t regression test for EBCDIC translations courtesy Peter
       Prymmer.
    2. Patches from James Jurach to make compatible with FCGI-ProcManager