/ 
Yukki-0.991_002
/ Yukki::Error
Security Advisories (5)
CVE-2021-23562 (2021-12-03)

This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.

CVE-2021-41182 (2021-10-26)

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

CVE-2021-41183 (2021-10-26)

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

CVE-2021-41184 (2021-10-26)

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.

CVE-2016-4566 (2016-05-22)

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.

NAME

Yukki::Error - Yukki's exception class

VERSION

version 0.991_002

SYNOPSIS

Yukki::Error->throw("Something really bad.", { ... });

DESCRIPTION

If you are familiar with HTTP::Throwable::Factory, this is similar to that (and is based on that).

However, there are two differences. First, the error message is given primacy rather than exception type, so you can just use this to throw an exception:

use Yukki::Error qw( http_throw );
http_throw('something went wrong');

Since you almost always want your exception to be an internal server error of some kind, this makes more sense to me than having to write:

use HTTP::Throwable::Factory qw( http_throw );
http_throw(InternalServerError => {
    message => 'something went wrong',
});

To specify the type of exception, us status:

use Yukki::Error qw( http_throw );
http_throw('something was not found', {
    status => 'NotFound',
});

The second difference is that all exceptions thrown by this factory inherit from Yukki::Error, so this works:

use Scalar::Util qw( blessed );
use Try::Tiny;
try { ... }
catch {
    if (blassed $_ && $_->isa("Yukki::Error") {
        # we now this is an application error from Yukki
    }
};

This makes it easy to know whether Yukki generated the exception or something else did.

EXPORTS

http_exception

my $error = http_exception('message', {
    status           => 'InternalServerError',
    show_stask_trace => 0,
});

Creates a new exception object. Calls the constructor for Yukki:Error and applied the HTTP::Throwable status role needed (prior to construction actually).

http_throw

http_throw('message', {
    status           => 'InternalServerError',
    show_stask_trace => 0,
});

Constructs the exception (via "http_exception") and throws it.

METHODS

body

Renders the HTML body for the error.

body_headers

Setup the HTTP headers.

as_string

Returns the message.

AUTHOR

Andrew Sterling Hanenkamp <hanenkamp@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2017 by Qubling Software LLC.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.