Security Advisories (4)

CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CPANSA-libwww-perl-2001-01 (2001-03-14)

If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for "http_proxy" permits "HTTP_PROXY" to be found, but this can be trivially set by the web client using the "Proxy:" header.

CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

https://github.com/libwww-perl/libwww-perl/pull/270

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

NAME

LWP::MediaTypes - guess media type for a file or a URL.

SYNOPSIS

use LWP::MediaTypes qw(guess_media_type);
$type = guess_media_type("/tmp/foo.gif");

DESCRIPTION

This module provides functions for handling of media (also known as MIME) types and encodings. The mapping from file extentions to media types is defined by the media.types file. If the ~/.media.types file exist it is used as a replacement. For backwards compatability we will also look for ~/.mime.types.

The following functions are available (and exported by default):

guess_media_type($filename_or_url, [$header_to_modify])

This function tries to guess media type and encoding for given file. In scalar context it returns only the content-type. In array context it returns an array consisting of content-type followed by any content-encodings applied.

The guess_media_type function also accepts a URI::URL object as argument.

If the type can not be deduced from looking at the file name only, then guess_media_type() will take a look at the actual file using the -T perl operator in order to determine if this is a text file (text/plain). If this does not work it will return application/octet-stream as the type.

The optional second argument should be a reference to a HTTP::Headers object (or some HTTP::Message object). When present this function will set the value of the 'Content-Type' and 'Content-Encoding' for this header.

media_suffix($type,...)

This function will return all suffixes that can be used to denote the specified media type(s). Wildcard types can be used. In scalar context it will return the first suffix found.

Examples:

@suffixes = media_suffix('image/*', 'audio/basic');
$suffix = media_suffix('text/html');

COPYRIGHT

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install LWP, copy and paste the appropriate command in to your terminal.

cpanm

cpanm LWP

CPAN shell

perl -MCPAN -e shell
install LWP

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

COPYRIGHT

Module Install Instructions

Keyboard Shortcuts