thursday, april 9

late in the afternoon, or maybe early in the evening
i'm at my kitchen table fighting back panic
or just clawing away at some kind of immutable inertia
it's hard exactly to tell which

(this is a standard affliction
of bad poets,
frustrated novelists,
mediocre programmers)

pacing a circle outside my door for the dozenth time today
the sky mottled in cool blues and grays, greening things
obvious in a wind colder than you expect

this is that season when jackets are always a little too thin,
the winter's still-piled quilts at night a little too warm
the excited clarity of one moment always fading and glitching
into the scattered uncertainty of the next

CGI::Fast and multi_param()

A little while ago, changes were made to Perl’s CGI.pm because of a class of exploits arising from calling param() in list context.

I had code in a wrapper for Display that called param() in list context deliberately:

# Handle input from FastCGI:
while (my $query = CGI::Fast->new) {
  my @params = $query->param('keywords');
  print $d->display(@params);
}

In due course, I started getting warnings about calling param() in list context. They looked sort of like this:

brennen@exuberance 18:46:13 /home/brennen/www (master) ★ perl display.fcgi 2>&1 | head -1
CGI::param called in list context from package main line 38, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/local/share/perl/5.20.1/CGI.pm line 408.

Problematic, since a variable containing that list is exactly what I want. On googling, I found that in addition to the warning, CGI.pm had been amended to include multi_param() for the cases where you explicitly want a list. Ok, cool, I’ll use that.

Fast forward to just now. display.fcgi is blowing up on my local machine. Why?

[Thu Apr 09 18:28:29.606663 2015] [fcgid:warn] [pid 13984:tid 140343326992128] [client 127.0.0.1:41335] mod_fcgid: stderr: Undefined subroutine CGI::Fast::multi_param

Well, ok, I upgraded Ubuntu a while back. Maybe I need to reinstall CGI::Fast from CPAN because the Ubuntu packages aren’t up to date. So:

$ sudo cpan -i CGI::Fast

No dice. What am I missing here? Oh, right. CGI::Fast inherits from CGI.pm.

$ sudo cpan -i CGI

Golden.

Granted, I should probably stop using CGI.pm altogether.