diff -Nru libmojolicious-perl-8.71+dfsg/Changes libmojolicious-perl-9.22+dfsg/Changes --- libmojolicious-perl-8.71+dfsg/Changes 2021-01-17 14:44:36.000000000 +0000 +++ libmojolicious-perl-9.22+dfsg/Changes 2021-10-16 11:05:25.000000000 +0000 @@ -1,4 +1,159 @@ +9.22 2021-10-16 + - Added a referer method to Mojo::Headers, as an alias for the referrer method. + - Fixed response status log message to use the "trace" log level instead of "debug". + +9.21 2021-08-13 + - Added EXPERIMENTAL support for top-level await to Mojo::Promise. + - Updated Future::AsyncAwait requirement to 0.52 for new features and bug fixes. + - Improved *_attr and *_text methods in Test::Mojo to return undef instead of empty string for values that do not + exist. (tim-2) + - Fixed Mojo::DOM not to auto-close tags in and blocks. (mkende) + +9.20 2021-08-09 + - Added trace log level to Mojo::Log. + - Changed default log level in Mojo::Log from "debug" to "trace" and moved all built-in "debug" log messages to the + level "trace". That will allow for the "debug" level to be used exclusively for user defined log messages. + +9.19 2021-06-01 + - This release contains fixes for security issues, everybody should upgrade! + - Swiched from HMAC-SHA1 to HMAC-SHA256 for signed cookies. Note that this means that all sessions will be reset. + - Improved signed cookie based sessions to pad short values, to make it harder to brute force attack the application + secret. (jberger) + +9.18 2021-05-09 + - Remove Font Awesome from distribution. + +9.17 2021-04-12 + - Deprecated ?format=* parameter in favor of ?_format=* for content negotiation in Mojolicious::Renderer. + +9.16 2021-04-08 + - Added support for format inheritance. + - Improved Mojo::Server::CGI with support for before_server_start hook. + +9.15 2021-03-30 + - Improved form generator in Mojo::UserAgent::Transactor to allow custom Content-Disposition headers. + +9.14 2021-03-23 + - Added EXPERIMENTAL support for :text pseudo-class to Mojo::DOM::CSS. + +9.13 2021-03-22 + - Improved request_id attribute in Mojo::Message::Request to be a little more unique. + - Fixed Mojolicious::Plugin::Mount to share the logger of the host application. + +9.12 2021-03-21 + - Improved mojo script startup time slightly with a Mojo::HelloWorld optimization. + - Improved design of built-in templates. + +9.11 2021-03-20 + - This release contains fixes for security issues, everybody should upgrade! + - Disabled format detection by default to fix vulnerabilities in many Mojolicious applications. That means some of + your routes that previously matched "/foo" and "/foo.json", will only match "/foo" after upgrading. From now on you + will have to explicitly declare the formats your routes are allowed to handle. + # /foo + # /foo.html + # /foo.json + $r->get('/foo')->to('bar#yada'); + becomes + $r->get('/foo' => [format => ['html', 'json']])->to('bar#yada', format => undef); + And if you are certain that your application is not vulnerable, you also have the option to re-enable format + detection for a route and all its nested routes. Due to the high risk of vulnerabilities, this feature is going to + be removed again in a future release however. + my $active = $r->any([format => 1]); + $active->get('/foo')->to('Test#first'); + $active->put('/bar')->to('Test#second'); + - Improved built-in templates not to show embedded apps in the stash snapshot. + - Improved built-in development not found page to include tooltips with the compiled regular expressions for each + route. + - Improved Mojo::UserAgent to include "Content-Length: 0" with non-GET requests for better compatibility with broken + web servers. + +9.10 2021-03-14 + - Fixed top-level --help and -h options in Mojolicious::Commands. + +9.09 2021-03-13 + - Added comma_separated filter to Mojolicious::Validator. + - Fixed built-in templates to be a bit more responsive. + - Fixed filter list handling in Mojolicious::Validator::Validation. + +9.08 2021-03-12 + - Fixed a bug in Test::Mojo where Test::Mojo->new($app) would not work correctly. + +9.07 2021-03-11 + - Improved config override feature to work for Mojolicious::Lite applications. + - Improved Mojo::UserAgent performance slightly by not including unnecessary "Content-Length: 0" request headers. + +9.03 2021-03-05 + - Fixed a bug in Mojo::Transaction::WebSocket where finish event handlers would not always get the same number of + arguments passed. + +9.02 2021-02-17 + - Fixed finally method in Mojo::Promise to deal correctly with promises returned by the handler. + - Improved Mojo::Server::Daemon to include random ports in the "Web application available at ..." message. + +9.01 2021-02-16 + - Added EXPERIMENTAL color attribute to Mojo::Log. + - Added EXPERIMENTAL MOJO_LOG_COLOR environment variable to Mojo::Log. + - Fixed Windows support of network_contains function in Mojo::Util. (jberger) + +9.0 2021-02-14 + - Code name "Waffle", this is a major release. + - Added support for deployment specific plugins. + - Removed Mojo::IOLoop::Delay. + - Removed hidden attribute from Mojolicious::Routes. + - Removed hide and is_hidden methods from Mojolicious::Routes. + - Removed deprecated success method from Mojo::Transaction. + - Removed deprecated detour, over, route and via methods from Mojolicious::Routes::Route. + - Removed deprecated local_address method from Mojo::UserAgent. + - Removed deprecated tls_ciphers, tls_protocols, tls_verify and tls_version options from Mojo::IOLoop::TLS. + - Removed deprecated local_address option from Mojo::IOLoop::Client. + - Removed deprecated config stash value. + - Changed Mojo::Log to join mutiple log messages with a whitespace instead of a newline. + - Added is_reserved method to Mojolicious::Routes::Route. + - Improved Mojolicious::Routes to disallow the use of reserved stash values, such as "/:action", in route patterns. + - Improved Mojolicious::Routes to throw exceptions for missing controllers. + - Improved Mojolicious::Routes to throw exceptions for routes with controllers but without action. + - Improved Mojolicious::Routes to disallow namespace without controller for routing. + - Improved Mojolicious::Routes to die if auto rendering failed. + - Improved render method in Mojolicious::Controller to die if no response could be rendered. + - Improved reply->static helper to die if the requested file does not exist. + - Improved contextual logging feature in Mojo::Log not to concatenate log messages and context. + - Improved all_text method in Mojo::DOM to exclude "Login Manager + <%= content %> + begin + % if (param 'user') { + Wrong name or password, please try again.
+ % } + Name:
+ %= text_field 'user' +
Password:
+ %= password_field 'pass' +
+ %= submit_button 'Login' +% end diff -Nru libmojolicious-perl-8.71+dfsg/examples/login/templates/login/protected.html.ep libmojolicious-perl-9.22+dfsg/examples/login/templates/login/protected.html.ep --- libmojolicious-perl-8.71+dfsg/examples/login/templates/login/protected.html.ep 1970-01-01 00:00:00.000000000 +0000 +++ libmojolicious-perl-9.22+dfsg/examples/login/templates/login/protected.html.ep 2021-06-30 13:58:00.000000000 +0000 @@ -0,0 +1,6 @@ +% layout 'default'; +% if (my $msg = flash 'message') { + <%= $msg %>
+% } +Welcome <%= session 'user' %>.
+%= link_to Logout => 'logout' diff -Nru libmojolicious-perl-8.71+dfsg/lib/Mojo/Asset/Memory.pm libmojolicious-perl-9.22+dfsg/lib/Mojo/Asset/Memory.pm --- libmojolicious-perl-8.71+dfsg/lib/Mojo/Asset/Memory.pm 2021-01-17 14:57:03.000000000 +0000 +++ libmojolicious-perl-9.22+dfsg/lib/Mojo/Asset/Memory.pm 2021-06-30 13:58:00.000000000 +0000 @@ -144,7 +144,7 @@ =head2 slurp - my $bytes = mem->slurp; + my $bytes = $mem->slurp; Read all asset data at once. diff -Nru libmojolicious-perl-8.71+dfsg/lib/Mojo/Base.pm libmojolicious-perl-9.22+dfsg/lib/Mojo/Base.pm --- libmojolicious-perl-8.71+dfsg/lib/Mojo/Base.pm 2021-01-17 14:57:15.000000000 +0000 +++ libmojolicious-perl-9.22+dfsg/lib/Mojo/Base.pm 2021-08-13 14:59:32.000000000 +0000 @@ -16,10 +16,10 @@ # Role support requires Role::Tiny 2.000001+ use constant ROLES => !!(eval { require Role::Tiny; Role::Tiny->VERSION('2.000001'); 1 }); -# async/await support requires Future::AsyncAwait 0.36+ +# async/await support requires Future::AsyncAwait 0.52+ use constant ASYNC => $ENV{MOJO_NO_ASYNC} ? 0 - : !!(eval { require Future::AsyncAwait; Future::AsyncAwait->VERSION('0.36'); 1 }); + : !!(eval { require Future::AsyncAwait; Future::AsyncAwait->VERSION('0.52'); 1 }); # Protect subclasses using AUTOLOAD sub DESTROY { } @@ -116,7 +116,7 @@ # async/await elsif ($flag eq '-async_await') { - Carp::croak 'Future::AsyncAwait 0.36+ is required for async/await' unless ASYNC; + Carp::croak 'Future::AsyncAwait 0.52+ is required for async/await' unless ASYNC; require Mojo::Promise; Future::AsyncAwait->import_into($caller, future_class => 'Mojo::Promise'); } @@ -125,7 +125,7 @@ elsif ($flag eq '-signatures') { Carp::croak 'Subroutine signatures require Perl 5.20+' if $] < 5.020; require experimental; - experimental->import('signatures'); + experimental->import($_) for qw(signatures postderef); } # Module @@ -250,7 +250,7 @@ use Mojo::Base 'SomeBaseClass', -signatures; use Mojo::Base -role, -signatures; -If you have L 0.36+ installed you can also use the C<-async_await> flag to activate the C +If you have L 0.52+ installed you can also use the C<-async_await> flag to activate the C and C keywords to deal much more efficiently with promises. Note that this feature is B and might change without warning! diff -Nru libmojolicious-perl-8.71+dfsg/lib/Mojo/Content/MultiPart.pm libmojolicious-perl-9.22+dfsg/lib/Mojo/Content/MultiPart.pm --- libmojolicious-perl-8.71+dfsg/lib/Mojo/Content/MultiPart.pm 2021-01-17 14:57:05.000000000 +0000 +++ libmojolicious-perl-9.22+dfsg/lib/Mojo/Content/MultiPart.pm 2021-06-30 13:58:00.000000000 +0000 @@ -207,7 +207,7 @@ =head1 EVENTS -L inherits all events from L and can emit the following new ones. +L inherits all events from L and can emit the following new ones. =head2 part diff -Nru libmojolicious-perl-8.71+dfsg/lib/Mojo/DOM/CSS.pm libmojolicious-perl-9.22+dfsg/lib/Mojo/DOM/CSS.pm --- libmojolicious-perl-8.71+dfsg/lib/Mojo/DOM/CSS.pm 2021-01-17 14:57:11.000000000 +0000 +++ libmojolicious-perl-9.22+dfsg/lib/Mojo/DOM/CSS.pm 2021-06-30 13:58:00.000000000 +0000 @@ -108,6 +108,9 @@ elsif ($css =~ /\G:([\w\-]+)(?:\(((?:\([^)]+\)|[^)])+)\))?/gcs) { my ($name, $args) = (lc $1, $2); + # ":text" (raw text) + $args = [$args =~ m!^/(.+)/$! ? qr/$1/ : qr/\Q$args\E/i] if $name eq 'text'; + # ":is" and ":not" (contains more selectors) $args = _compile($args, %ns) if $name eq 'has' || $name eq 'is' || $name eq 'not'; @@ -137,8 +140,6 @@ return $group; } -sub _empty { $_[0][0] eq 'comment' || $_[0][0] eq 'pi' } - sub _equation { return [0, 0] unless my $equation = shift; @@ -214,11 +215,15 @@ return !!_select(1, $current, $args) if $class eq 'has'; # ":empty" - return !grep { !_empty($_) } @$current[4 .. $#$current] if $class eq 'empty'; + return !grep { !($_->[0] eq 'comment' || $_->[0] eq 'pi') } @$current[4 .. $#$current] if $class eq 'empty'; # ":root" return $current->[3] && $current->[3][0] eq 'root' if $class eq 'root'; + # ":text" + return grep { ($_->[0] eq 'text' || $_->[0] eq 'raw') && $_->[1] =~ $args->[0] } @$current[4 .. $#$current] + if $class eq 'text'; + # ":any-link", ":link" and ":visited" if ($class eq 'any-link' || $class eq 'link' || $class eq 'visited') { return undef unless $current->[0] eq 'tag' && exists $current->[2]{href}; @@ -635,6 +640,23 @@ Also be aware that this feature is currently marked C, so there is a high chance that it will get removed completely. +=head2 E:text(string_or_regex) + +An C element containing text content that substring matches C case-insensitively or that regex +matches C. For regular expressions use the format C<:text(/.../)>. Note that this selector is +B and might change without warning! + + # Substring match + my $login = $css->select(':text(Log in)'); + + # Regex match + my $login = $css->select(':text(/Log ?in/)'); + + # Regex match (case-insensitive) + my $login = $css->select(':text(/(?i:Log ?in)/)'); + +This is a custom selector for L and not part of any spec. + =head2 A|E An C element that belongs to the namespace alias C from L 1 } qw(math svg); + # HTML table elements with optional end tags my %TABLE = map { $_ => 1 } qw(colgroup tbody td tfoot th thead tr); @@ -182,6 +185,9 @@ # Ignore useless end tag return if $next->[0] eq 'root'; + # Don’t traverse a container tag + return if $SCOPE{$next->[1]} && $next->[1] ne $end; + # Right tag return $$current = $next->[3] if $next->[1] eq $end; diff -Nru libmojolicious-perl-8.71+dfsg/lib/Mojo/DOM.pm libmojolicious-perl-9.22+dfsg/lib/Mojo/DOM.pm --- libmojolicious-perl-8.71+dfsg/lib/Mojo/DOM.pm 2021-01-17 14:57:15.000000000 +0000 +++ libmojolicious-perl-9.22+dfsg/lib/Mojo/DOM.pm 2021-06-30 13:58:00.000000000 +0000 @@ -15,7 +15,7 @@ use Scalar::Util qw(blessed weaken); use Storable qw(dclone); -sub all_text { _text(_nodes(shift->tree), 1) } +sub all_text { _text(_nodes($_[0]->tree), $_[0]->xml, 1) } sub ancestors { _select($_[0]->_collect([_ancestors($_[0]->tree)]), $_[1]) } @@ -166,7 +166,7 @@ sub tap { shift->Mojo::Base::tap(@_) } -sub text { _text(_nodes(shift->tree), 0) } +sub text { _text(_nodes(shift->tree), 0, 0) } sub to_string { ${shift()}->render } @@ -319,7 +319,7 @@ sub _start { $_[0][0] eq 'root' ? 1 : 4 } sub _text { - my ($nodes, $all) = @_; + my ($nodes, $xml, $all) = @_; my $text = ''; while (my $node = shift @$nodes) { @@ -329,7 +329,9 @@ if ($type eq 'text' || $type eq 'cdata' || $type eq 'raw') { $text .= $node->[1] } # Nested tag - elsif ($type eq 'tag' && $all) { unshift @$nodes, @{_nodes($node)} } + elsif ($type eq 'tag' && $all) { + unshift @$nodes, @{_nodes($node)} if $xml || ($node->[1] ne 'script' && $node->[1] ne 'style'); + } } return $text; @@ -460,7 +462,8 @@ my $text = $dom->all_text; -Extract text content from all descendant nodes of this element. +Extract text content from all descendant nodes of this element. For HTML documents C - +