Call CGI->param_fetch instead of CGI->param in array context

CGI->param has the misfeature that it is context-sensitive, and in
particular can expand to more than one scalar in function calls.
This led to a security vulnerability in Bugzilla, and recent versions
of CGI.pm will warn when it is used in this way.

In the situations where we do want to cope with more than one parameter
of the same name, CGI->param_fetch (which always returns an
array-reference) makes the intention clearer.

[commit message added by smcv]

IkiWiki/CGI.pm

@@ -122,7 +122,8 @@ sub decode_cgi_utf8 ($) {
 	if ($] < 5.01) {
 		my $cgi = shift;
 		foreach my $f ($cgi->param) {
-			$cgi->param($f, map { decode_utf8 $_ } $cgi->param($f));
+			$cgi->param($f, map { decode_utf8 $_ }
+				@{$cgi->param_fetch($f)});
 		}
 	}
 }

IkiWiki/Plugin/attachment.pm

@@ -144,7 +144,7 @@ sub formbuilder (@) {
 	if ($form->submitted eq "Insert Links") {
 		my $page=quotemeta(Encode::decode_utf8(scalar $q->param("page")));
 		my $add="";
-		foreach my $f ($q->param("attachment_select")) {
+		foreach my $f (@{$q->param_fetch("attachment_select")}) {
 			$f=Encode::decode_utf8($f);
 			$f=~s/^$page\///;
 			if (IkiWiki::isinlinableimage($f) &&