From 310aea92aaa91fbcba353591bfd68b13b8b183a4 Mon Sep 17 00:00:00 2001
From: Niko Tyni <ntyni@debian.org>
Date: Sat, 4 Jul 2015 23:29:40 +0300
Subject: [PATCH] Disable warning about CGI::param called in list context

The code explicitly handles param() returning multiple values,
disarming the parameter injection vulnerability.

Bug-Debian: https://bugs.debian.org/791439
---
 Expand.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Expand.pm b/Expand.pm
index eb85850..e6be854 100644
--- a/Expand.pm
+++ b/Expand.pm
@@ -62,6 +62,8 @@ sub expand_cgi {
 
     # permit multiple values CGI style
     for ($cgi->param) {
+        # multiple values are explicitly handled
+        local $CGI::LIST_CONTEXT_WARN = 0;
         next if (/\.[xy]$/); # img_submit=val & img_submit.x=20 -> clash
         my @vals = $cgi->param($_);
         $args{$_} = @vals > 1 ? \@vals : $vals[0];
-- 
2.5.1