Feature Proposal: CGI object should handle the a method like CPAN:CGI

Motivation

At least 5 plugins don't work or have to upgrade to work again with TWiki >=5.0

Description and Documentation

Before TWiki 5.0 it was no problem to get a CGI object (TWiki::Func::getCgiQuery()) and to create HTML code like <a href="http://www.w3.org/">link</a> with a statement like $cgi->a({-href=>"http://www.w3.org/"},'link');

Examples

Impact

Implementation

-- Contributors: DanielRohde - 2010-08-19

Discussion

Sensible request. Can be safely done for patch release, e.g. TWiki-5.0.1

-- PeterThoeny - 2010-08-19

After my upgrade session for 6 plugins I've found much more unsupported methods for HTML generation. I solved that by creating my own empty CGI object.

I (and others maybe too) need a secure way to generate HTML code in plugins. This protects TWiki against defacements, XSS attacks and so on. But it is an ugly way to handle POST/GET query parameters with TWiki's own CGI and create a fat CPAN:CGI object for HTML generation. I don't know whats happen if CPAN:CGI and TWikis own CGI implementation working parallel, and how secure is TWikis POST/GET parameter handling.

-- DanielRohde - 2010-08-20

Daniel, I appreciate making your plugins compatible with the existing TWiki-5.0.0!

I do not know what the motivation was to re-implement an incomplete CGI class, I assume there have been reasons besides NIH. A simple solution might be to have CPAN:CGI the superclass of TWiki's CGI.

-- PeterThoeny - 2010-08-20