From 7f92e913a723c2bba1f19d536a5e9d2d6cbc9d2a Mon Sep 17 00:00:00 2001
From: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date: Fri, 30 Dec 2011 15:35:54 +0000
Subject: [PATCH] Update CGI to CPAN version 3.59

  [DELTA]

  Version 3.59 Dec 29th, 2011

  [BUG FIXES]
  - We no longer read from STDIN when the Content-Length is not set, preventing
    requests with no Content-Length from freezing in some cases. This is consistent
    with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old
    behavior may have been expected by some command-line uses of CGI.pm.
    Thanks to Philip Potter and Yanick Champoux. See RT#52469 for details:
    https://rt.cpan.org/Public/Bug/Display.html?id=52469

  [INTERNALS]
  - remove tmpdirs more aggressively. Thanks to rjbs (RT#73288)
  - use Text::ParseWords instead of ancient shellwords.pl. Thanks to AlexBio.
  - remove use of define(@arr). Thanks to rjbs.
  - spelling fixes. Thanks to Gregor Herrmann and Alessandro Ghedini.
  - fix test count and warning in t/fast.t. Thanks to Yanick.
---
 MANIFEST                 |  1 +
 Porting/Maintainers.pl   |  1 -
 cpan/CGI/Changes         | 23 ++++++++++++++++---
 cpan/CGI/lib/CGI.pm      | 59 ++++--------------------------------------------
 cpan/CGI/t/rt-52469.t    | 14 ++++++++++++
 cpan/CGI/t/tmpdir.t      |  2 +-
 pod/perldelta.pod        |  9 ++++++++
 t/porting/customized.dat |  1 -
 8 files changed, 50 insertions(+), 60 deletions(-)
 create mode 100644 cpan/CGI/t/rt-52469.t

diff --git a/MANIFEST b/MANIFEST
index 53acd0c..0c4b1c5 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -197,6 +197,7 @@ cpan/CGI/t/pretty.t			See if CGI.pm works
 cpan/CGI/t/push.t			See if CGI::Push works
 cpan/CGI/t/query_string.t		See if CGI->query_string() works
 cpan/CGI/t/request.t			See if CGI.pm works
+cpan/CGI/t/rt-52469.t			See if CGI.pm works
 cpan/CGI/t/save_read_roundtrip.t	See if CGI.pm works
 cpan/CGI/t/start_end_asterisk.t		See if CGI.pm works
 cpan/CGI/t/start_end_end.t		See if CGI.pm works
diff --git a/Porting/Maintainers.pl b/Porting/Maintainers.pl
index 35de34e..b4ca87b 100755
--- a/Porting/Maintainers.pl
+++ b/Porting/Maintainers.pl
@@ -353,7 +353,6 @@ use File::Glob qw(:case);
                 ),
         ],
         'UPSTREAM'   => 'cpan',
-        'CUSTOMIZED' => ['t/tmpdir.t'],
     },
 
     'Class::Struct' => {
diff --git a/cpan/CGI/Changes b/cpan/CGI/Changes
index 1c1b9c9..07bd6fd 100644
--- a/cpan/CGI/Changes
+++ b/cpan/CGI/Changes
@@ -1,3 +1,20 @@
+Version 3.59 Dec 29th, 2011
+
+ [BUG FIXES]
+ - We no longer read from STDIN when the Content-Length is not set, preventing
+   requests with no Content-Length from freezing in some cases. This is consistent
+   with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old
+   behavior may have been expected by some command-line uses of CGI.pm.
+   Thanks to Philip Potter and Yanick Champoux. See RT#52469 for details:
+   https://rt.cpan.org/Public/Bug/Display.html?id=52469
+
+ [INTERNALS]
+ - remove tmpdirs more aggressively. Thanks to rjbs (RT#73288)
+ - use Text::ParseWords instead of ancient shellwords.pl. Thanks to AlexBio.
+ - remove use of define(@arr). Thanks to rjbs.
+ - spelling fixes. Thanks to Gregor Herrmann and Alessandro Ghedini.
+ - fix test count and warning in t/fast.t. Thanks to Yanick.
+
 Version 3.58 Nov 11th, 2011
 
     [DOCUMENTATION]
@@ -1259,7 +1276,7 @@ Version 3.00, Aug 18, 2003
    21. Fixed warning in initialize_globals() under mod_perl.
    22. File uploads from Macintosh versions of MSIE should now work.
    23. Pragmas now preceded by dashes (-nph) rather than colons (:nph).
-       Old style is supported for backward compatability.
+       Old style is supported for backward compatibility.
    24. Can now pass arguments to all functions using {} brackets,
        resolving historical inconsistencies.
    25. Removed autoloader warnings about absent MultipartBuffer::DESTROY.
@@ -1491,7 +1508,7 @@ Version 3.00, Aug 18, 2003
 
     1. Added cookie() support routines.
     2. Added -expires parameter to header().
-    3. Added cgi-lib.pl compatability mode.
+    3. Added cgi-lib.pl compatibility mode.
     4. Made the module more configurable for different operating systems.
     5. Fixed a dumb bug in JavaScript button() method.
 
@@ -1621,7 +1638,7 @@ Version 3.00, Aug 18, 2003
 
     1. The user_agent() method is now documented;
     2. A potential security hole in import() is now plugged.
-    3. Changed name of import() to import_names() for compatability with
+    3. Changed name of import() to import_names() for compatibility with
        CGI:: modules.
 
   Bug fixes in version 1.53
diff --git a/cpan/CGI/lib/CGI.pm b/cpan/CGI/lib/CGI.pm
index 65fdb59..6084f0f 100644
--- a/cpan/CGI/lib/CGI.pm
+++ b/cpan/CGI/lib/CGI.pm
@@ -20,7 +20,7 @@ use Carp 'croak';
 
 # The revision is no longer being updated since moving to git. 
 $CGI::revision = '$Id: CGI.pm,v 1.266 2009/07/30 16:32:34 lstein Exp $';
-$CGI::VERSION='3.58';
+$CGI::VERSION='3.59';
 
 # HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
 # UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
@@ -525,7 +525,7 @@ sub init {
     # if we get called more than once, we want to initialize
     # ourselves from the original query (which may be gone
     # if it was read from STDIN originally.)
-    if (defined(@QUERY_PARAM) && !defined($initializer)) {
+    if (@QUERY_PARAM && !defined($initializer)) {
         for my $name (@QUERY_PARAM) {
             my $val = $QUERY_PARAM{$name}; # always an arrayref;
             $self->param('-name'=>$name,'-value'=> $val);
@@ -664,14 +664,6 @@ sub init {
 	  if ( $content_length > 0 ) {
 	    $self->read_from_client(\$query_string,$content_length,0);
 	  }
-	  elsif (not defined $ENV{CONTENT_LENGTH}) {
-	    $self->read_from_stdin(\$query_string);
-	    # should this be PUTDATA in case of PUT ?
-	    my($param) = $meth . 'DATA' ;
-	    $self->add_parameter($param) ;
-	    push (@{$self->{param}{$param}},$query_string);
-	    undef $query_string ;
-	  }
 	  # Some people want to have their cake and eat it too!
 	  # Uncomment this line to have the contents of the query string
 	  # APPENDED to the POST data.
@@ -1024,47 +1016,6 @@ sub read_from_client {
 }
 END_OF_FUNC
 
-'read_from_stdin' => <<'END_OF_FUNC',
-# Read data from stdin until all is read
-sub read_from_stdin {
-    my($self, $buff) = @_;
-    local $^W=0;                # prevent a warning
-
-    #
-    # TODO: loop over STDIN until all is read
-    #
-
-    my($eoffound) = 0;
-    my($localbuf) = '';
-    my($tempbuf) = '';
-    my($bufsiz) = 1024;
-    my($res);
-    while ($eoffound == 0) {
-	if ( $MOD_PERL ) {
-	    $res = $self->r->read($tempbuf, $bufsiz, 0)
-	}
-	else {
-	    $res = read(\*STDIN, $tempbuf, $bufsiz);
-	}
-
-	if ( !defined($res) ) {
-	    # TODO: how to do error reporting ?
-	    $eoffound = 1;
-	    last;
-	}
-	if ( $res == 0 ) {
-	    $eoffound = 1;
-	    last;
-	}
-	$localbuf .= $tempbuf;
-    }
-
-    $$buff = $localbuf;
-
-    return $res;
-}
-END_OF_FUNC
-
 'delete' => <<'END_OF_FUNC',
 #### Method: delete
 # Deletes the named parameter entirely.
@@ -3530,11 +3481,11 @@ sub read_from_cmdline {
     if ($DEBUG && @ARGV) {
 	@words = @ARGV;
     } elsif ($DEBUG > 1) {
-	require "shellwords.pl";
+	require Text::ParseWords;
 	print STDERR "(offline mode: enter name=value pairs on standard input; press ^D or ^Z when done)\n";
 	chomp(@lines = <STDIN>); # remove newlines
 	$input = join(" ",@lines);
-	@words = &shellwords($input);    
+	@words = &Text::ParseWords::old_shellwords($input);    
     }
     for (@words) {
 	s/\\=/%3D/g;
@@ -7950,7 +7901,7 @@ C<:cgi-lib> and C<:standard> method:
 
 =head2 Cgi-lib functions that are available in CGI.pm
 
-In compatability mode, the following cgi-lib.pl functions are
+In compatibility mode, the following cgi-lib.pl functions are
 available for your use:
 
  ReadParse()
diff --git a/cpan/CGI/t/rt-52469.t b/cpan/CGI/t/rt-52469.t
new file mode 100644
index 0000000..4c713ed
--- /dev/null
+++ b/cpan/CGI/t/rt-52469.t
@@ -0,0 +1,14 @@
+use strict;
+use warnings;
+
+use Test::More tests => 1;                      # last test to print
+
+use CGI;
+
+$ENV{REQUEST_METHOD} = 'PUT';
+
+my $cgi = CGI->new;
+
+pass 'new() returned';
+
+
diff --git a/cpan/CGI/t/tmpdir.t b/cpan/CGI/t/tmpdir.t
index 6e3fcbd..1407356 100644
--- a/cpan/CGI/t/tmpdir.t
+++ b/cpan/CGI/t/tmpdir.t
@@ -37,4 +37,4 @@ isnt($CGITempFile::TMPDIRECTORY, $testdir,
  "unwritable \$ENV{TMPDIR} not overridden with an unwritable \$CGITempFile::TMPDIRECTORY");
 }
 
-END { rmdir for ($testdir, $testdir2) }
+END { for ($testdir, $testdir2) { chmod 0700, $_; rmdir; } }
diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index 5fdc904..2eb3222 100644
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -103,6 +103,15 @@ XXX
 
 =item *
 
+L<CGI> has been upgraded from version 3.58 to version 3.59.
+
+We no longer read from STDIN when the Content-Length is not set, preventing
+requests with no Content-Length from freezing in some cases. This is consistent
+with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old
+behavior may have been expected by some command-line uses of CGI.pm.
+
+=item *
+
 L<CPANPLUS> has been upgraded from version 0.9113 to version 0.9115.
 
 =item *
diff --git a/t/porting/customized.dat b/t/porting/customized.dat
index e2ef05d..f962044 100644
--- a/t/porting/customized.dat
+++ b/t/porting/customized.dat
@@ -11,4 +11,3 @@ CPANPLUS cpan/CPANPLUS/Makefile.PL 5d533f6722af6aae73204755beb8d6c008fc0d4a
 Text-Tabs+Wrap cpan/Text-Tabs/t/fill.t a960d2c4f66b7e30557b5479e0da2da1bf7a7f45
 Text-Tabs+Wrap cpan/Text-Tabs/t/tabs.t 63a67b3a319c858d7e66306b8a653de1951153dc
 Sys::Syslog cpan/Sys-Syslog/t/syslog.t 647571fc90918883b871ff7e005ed7ab8a223784
-CGI cpan/CGI/t/tmpdir.t 83c913c36712f00412ce42475ae8a2bd1eba52ea
-- 
2.7.4