/ 
Yukki-0.99_01
/ Yukki::Types
Security Advisories (5)
CVE-2021-23562 (2021-12-03)

This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.

CVE-2021-41182 (2021-10-26)

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

CVE-2021-41183 (2021-10-26)

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

CVE-2021-41184 (2021-10-26)

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.

CVE-2016-4566 (2016-05-22)

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.

NAME

Yukki::Types - standard types for use in Yukki

VERSION

version 0.99_01

SYNOPSIS

use Yukki::Types qw( LoginName AccessLevel );

has login_name => ( isa => LoginName );
has access_level => ( isa => AccessLevel );

DESCRIPTION

A standard type library for Yukki.

TYPES

LoginName

This is a valid login name. Login names may only contain letters and numbers, as of this writing.

AccessLevel

This is a valid access level. This includes any of the following values:

read
write
none

This is an array of hashes formatted like:

{
    label => 'Label',
    href  => '/link/to/somewhere',
    sort  => 40,
}

This is a hash of "NavigationLinks".

BaseURL

This is either an absolute URL or the words SCRIPT_NAME or REWRITE.

This is an array of hashes formatted like:

{
    label => 'Label',
    href  => '/link/to/somewhere',
}

RepositoryMap

This is a hash of Yukki::Settings::Repository objects.

PluginConfig

A plugin configuration is an array of hashes. Each hash must have at least one key named "module" defined.

PluginList

A plugin list is a loaded set of plugin objects.

COERCIONS

In addition to the types above, these coercions are provided for other types.

EmailAddress

Coerces a Str into an Email::Address.

YukkiSettings

Coerces a HashRef into this object by passing the value to the constructor.

YukkiWebSettings

Coerces a HashRef into a Yukki::Web::Settings.

YukkiSettingsAnonymous

Coerces a HashRef into this object by passing the value to the constructor.

AUTHOR

Andrew Sterling Hanenkamp <hanenkamp@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2017 by Qubling Software LLC.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.