This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Retract #12436 (Abhijit already did this at #12426)
[perl5.git] / lib / CGI.pm
CommitLineData
54310121 1package CGI;
424ec8fa 2require 5.004;
ba056755 3use Carp 'croak';
54310121 4
5# See the bottom of this file for the POD documentation. Search for the
6# string '=head'.
7
8# You can run this file through either pod2man or pod2html to produce pretty
9# documentation in manual or html file format (these utilities are part of the
10# Perl 5 distribution).
11
424ec8fa 12# Copyright 1995-1998 Lincoln D. Stein. All rights reserved.
54310121 13# It may be used and modified freely, but I do request that this copyright
14# notice remain attached to the file. You may modify this module as you
15# wish, but if you redistribute a modified version, please attach a note
16# listing the modifications you have made.
17
18# The most recent version and complete docs are available at:
71f3e297 19# http://stein.cshl.org/WWW/software/CGI/
54310121 20
69c89ae7
JH		 21$CGI::revision = '$Id: CGI.pm,v 1.51 2001/08/07 12:28:43 lstein Exp $';
22$CGI::VERSION='2.77';
54310121 23
24# HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
25# UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
26# $TempFile::TMPDIRECTORY = '/usr/tmp';
3d1a2ec4 27use CGI::Util qw(rearrange make_attributes unescape escape expires);
54310121 28
ba056755
JH		 29use constant XHTML_DTD => ['-//W3C//DTD XHTML Basic 1.0//EN',
30 'http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd'];
6b4ac661 31
424ec8fa
GS		 32# >>>>> Here are some globals that you might want to adjust <<<<<<
33sub initialize_globals {
34 # Set this to 1 to enable copious autoloader debugging messages
35 $AUTOLOAD_DEBUG = 0;
6b4ac661
JH		 36
37 # Set this to 1 to generate XTML-compatible output
38 $XHTML = 1;
424ec8fa
GS		 39
40 # Change this to the preferred DTD to print in start_html()
41 # or use default_dtd('text of DTD to use');
3d1a2ec4
GS		 42 $DEFAULT_DTD = [ '-//W3C//DTD HTML 4.01 Transitional//EN',
43 'http://www.w3.org/TR/html4/loose.dtd' ] ;
44
45 # Set this to 1 to enable NOSTICKY scripts
46 # or:
47 # 1) use CGI qw(-nosticky)
48 # 2) $CGI::nosticky(1)
49 $NOSTICKY = 0;
424ec8fa
GS		 50
51 # Set this to 1 to enable NPH scripts
52 # or:
53 # 1) use CGI qw(-nph)
3d1a2ec4 54 # 2) CGI::nph(1)
424ec8fa
GS		 55 # 3) print header(-nph=>1)
56 $NPH = 0;
57
3d1a2ec4
GS		 58 # Set this to 1 to enable debugging from @ARGV
59 # Set to 2 to enable debugging from STDIN
60 $DEBUG = 1;
424ec8fa
GS		 61
62 # Set this to 1 to make the temporary files created
63 # during file uploads safe from prying eyes
64 # or do...
65 # 1) use CGI qw(:private_tempfiles)
3d1a2ec4 66 # 2) CGI::private_tempfiles(1);
424ec8fa
GS		 67 $PRIVATE_TEMPFILES = 0;
68
69 # Set this to a positive value to limit the size of a POSTing
70 # to a certain number of bytes:
71 $POST_MAX = -1;
72
73 # Change this to 1 to disable uploads entirely:
74 $DISABLE_UPLOADS = 0;
75
3538e1d5
GS		 76 # Automatically determined -- don't change
77 $EBCDIC = 0;
78
71f3e297
JH		 79 # Change this to 1 to suppress redundant HTTP headers
80 $HEADERS_ONCE = 0;
81
82 # separate the name=value pairs by semicolons rather than ampersands
3d1a2ec4 83 $USE_PARAM_SEMICOLONS = 1;
71f3e297 84
199d4a26
JH		 85 # Do not include undefined params parsed from query string
86 # use CGI qw(-no_undef_params);
87 $NO_UNDEF_PARAMS = 0;
88
424ec8fa
GS		 89 # Other globals that you shouldn't worry about.
90 undef $Q;
91 $BEEN_THERE = 0;
92 undef @QUERY_PARAM;
93 undef %EXPORT;
d45d855d
JH		 94 undef $QUERY_CHARSET;
95 undef %QUERY_FIELDNAMES;
424ec8fa
GS		 96
97 # prevent complaints by mod_perl
98 1;
99}
100
54310121 101# ------------------ START OF THE LIBRARY ------------
102
424ec8fa
GS		 103# make mod_perlhappy
104initialize_globals();
105
54310121 106# FIGURE OUT THE OS WE'RE RUNNING UNDER
107# Some systems support the $^O variable. If not
108# available then require() the Config library
109unless ($OS) {
110 unless ($OS = $^O) {
111 require Config;
112 $OS = $Config::Config{'osname'};
113 }
114}
ac1855b3 115if ($OS =~ /^MSWin/i) {
3538e1d5 116 $OS = 'WINDOWS';
ac1855b3 117} elsif ($OS =~ /^VMS/i) {
3538e1d5 118 $OS = 'VMS';
ac1855b3 119} elsif ($OS =~ /^dos/i) {
3538e1d5 120 $OS = 'DOS';
ac1855b3 121} elsif ($OS =~ /^MacOS/i) {
54310121 122 $OS = 'MACINTOSH';
ac1855b3 123} elsif ($OS =~ /^os2/i) {
54310121 124 $OS = 'OS2';
ac1855b3 125} elsif ($OS =~ /^epoc/i) {
fa6a1c44 126 $OS = 'EPOC';
54310121 127} else {
128 $OS = 'UNIX';
129}
130
131# Some OS logic. Binary mode enabled on DOS, NT and VMS
3538e1d5 132$needs_binmode = $OS=~/^(WINDOWS|DOS|OS2|MSWin)/;
54310121 133
134# This is the default class for the CGI object to use when all else fails.
135$DefaultClass = 'CGI' unless defined $CGI::DefaultClass;
424ec8fa 136
54310121 137# This is where to look for autoloaded routines.
138$AutoloadClass = $DefaultClass unless defined $CGI::AutoloadClass;
139
140# The path separator is a slash, backslash or semicolon, depending
141# on the paltform.
142$SL = {
ba056755
JH		 143 UNIX=>'/', OS2=>'\\', EPOC=>'/',
144 WINDOWS=>'\\', DOS=>'\\', MACINTOSH=>':', VMS=>'/'
54310121 145 }->{$OS};
146
424ec8fa 147# This no longer seems to be necessary
54310121 148# Turn on NPH scripts by default when running under IIS server!
424ec8fa
GS		 149# $NPH++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/;
150$IIS++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/;
54310121 151
152# Turn on special checking for Doug MacEachern's modperl
71f3e297
JH		 153if (exists $ENV{'GATEWAY_INTERFACE'}
154 &&
3538e1d5 155 ($MOD_PERL = $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-Perl\//))
424ec8fa 156{
54310121 157 $| = 1;
424ec8fa
GS		 158 require Apache;
159}
160# Turn on special checking for ActiveState's PerlEx
161$PERLEX++ if defined($ENV{'GATEWAY_INTERFACE'}) && $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-PerlEx/;
162
163# Define the CRLF sequence. I can't use a simple "\r\n" because the meaning
164# of "\n" is different on different OS's (sometimes it generates CRLF, sometimes LF
165# and sometimes CR). The most popular VMS web server
166# doesn't accept CRLF -- instead it wants a LR. EBCDIC machines don't
167# use ASCII, so \015\012 means something different. I find this all
168# really annoying.
169$EBCDIC = "\t" ne "\011";
170if ($OS eq 'VMS') {
3538e1d5 171 $CRLF = "\n";
424ec8fa 172} elsif ($EBCDIC) {
3538e1d5 173 $CRLF= "\r\n";
424ec8fa 174} else {
3538e1d5
GS		 175 $CRLF = "\015\012";
176}
177
54310121 178if ($needs_binmode) {
179 $CGI::DefaultClass->binmode(main::STDOUT);
180 $CGI::DefaultClass->binmode(main::STDIN);
181 $CGI::DefaultClass->binmode(main::STDERR);
182}
183
54310121 184%EXPORT_TAGS = (
424ec8fa
GS		 185 ':html2'=>['h1'..'h6',qw/p br hr ol ul li dl dt dd menu code var strong em
186 tt u i b blockquote pre img a address cite samp dfn html head
187 base body Link nextid title meta kbd start_html end_html
3d1a2ec4 188 input Select option comment charset escapeHTML/],
71f3e297 189 ':html3'=>[qw/div table caption th td TR Tr sup Sub strike applet Param
424ec8fa
GS		 190 embed basefont style span layer ilayer font frameset frame script small big/],
191 ':netscape'=>[qw/blink fontsize center/],
192 ':form'=>[qw/textfield textarea filefield password_field hidden checkbox checkbox_group
193 submit reset defaults radio_group popup_menu button autoEscape
194 scrolling_list image_button start_form end_form startform endform
71f3e297 195 start_multipart_form end_multipart_form isindex tmpFileName uploadInfo URL_ENCODED MULTIPART/],
3538e1d5
GS		 196 ':cgi'=>[qw/param upload path_info path_translated url self_url script_name cookie Dump
197 raw_cookie request_method query_string Accept user_agent remote_host content_type
424ec8fa 198 remote_addr referer server_name server_software server_port server_protocol
3d1a2ec4 199 virtual_host remote_ident auth_type http
424ec8fa 200 save_parameters restore_parameters param_fetch
3538e1d5
GS		 201 remote_user user_name header redirect import_names put
202 Delete Delete_all url_param cgi_error/],
424ec8fa 203 ':ssl' => [qw/https/],
71f3e297 204 ':imagemap' => [qw/Area Map/],
3538e1d5 205 ':cgi-lib' => [qw/ReadParse PrintHeader HtmlTop HtmlBot SplitParam Vars/],
424ec8fa
GS		 206 ':html' => [qw/:html2 :html3 :netscape/],
207 ':standard' => [qw/:html2 :html3 :form :cgi/],
ba056755 208 ':push' => [qw/multipart_init multipart_start multipart_end multipart_final/],
424ec8fa
GS		 209 ':all' => [qw/:html2 :html3 :netscape :form :cgi :internal/]
210 );
54310121 211
212# to import symbols into caller
213sub import {
214 my $self = shift;
424ec8fa
GS		 215
216# This causes modules to clash.
217# undef %EXPORT_OK;
218# undef %EXPORT;
219
220 $self->_setup_symbols(@_);
54310121 221 my ($callpack, $callfile, $callline) = caller;
424ec8fa 222
54310121 223 # To allow overriding, search through the packages
224 # Till we find one in which the correct subroutine is defined.
225 my @packages = ($self,@{"$self\:\:ISA"});
226 foreach $sym (keys %EXPORT) {
227 my $pck;
228 my $def = ${"$self\:\:AutoloadClass"} || $DefaultClass;
229 foreach $pck (@packages) {
230 if (defined(&{"$pck\:\:$sym"})) {
231 $def = $pck;
232 last;
233 }
234 }
235 *{"${callpack}::$sym"} = \&{"$def\:\:$sym"};
236 }
237}
238
424ec8fa
GS		 239sub compile {
240 my $pack = shift;
241 $pack->_setup_symbols('-compile',@_);
242}
243
54310121 244sub expand_tags {
245 my($tag) = @_;
71f3e297 246 return ("start_$1","end_$1") if $tag=~/^(?:\*|start_|end_)(.+)/;
54310121 247 my(@r);
248 return ($tag) unless $EXPORT_TAGS{$tag};
249 foreach (@{$EXPORT_TAGS{$tag}}) {
250 push(@r,&expand_tags($_));
251 }
252 return @r;
253}
254
255#### Method: new
256# The new routine. This will check the current environment
257# for an existing query string, and initialize itself, if so.
258####
259sub new {
260 my($class,$initializer) = @_;
261 my $self = {};
262 bless $self,ref $class || $class || $DefaultClass;
3d1a2ec4
GS		 263 if ($MOD_PERL && defined Apache->request) {
264 Apache->request->register_cleanup(\&CGI::_reset_globals);
265 undef $NPH;
424ec8fa
GS		 266 }
267 $self->_reset_globals if $PERLEX;
54310121 268 $self->init($initializer);
269 return $self;
270}
271
272# We provide a DESTROY method so that the autoloader
273# doesn't bother trying to find it.
274sub DESTROY { }
275
276#### Method: param
277# Returns the value(s)of a named parameter.
278# If invoked in a list context, returns the
279# entire list. Otherwise returns the first
280# member of the list.
281# If name is not provided, return a list of all
282# the known parameters names available.
283# If more than one argument is provided, the
284# second and subsequent arguments are used to
285# set the value of the parameter.
286####
287sub param {
288 my($self,@p) = self_or_default(@_);
289 return $self->all_parameters unless @p;
290 my($name,$value,@other);
291
292 # For compatibility between old calling style and use_named_parameters() style,
293 # we have to special case for a single parameter present.
294 if (@p > 1) {
3d1a2ec4 295 ($name,$value,@other) = rearrange([NAME,[DEFAULT,VALUE,VALUES]],@p);
54310121 296 my(@values);
297
3d1a2ec4 298 if (substr($p[0],0,1) eq '-') {
54310121 299 @values = defined($value) ? (ref($value) && ref($value) eq 'ARRAY' ? @{$value} : $value) : ();
300 } else {
301 foreach ($value,@other) {
302 push(@values,$_) if defined($_);
303 }
304 }
305 # If values is provided, then we set it.
306 if (@values) {
307 $self->add_parameter($name);
308 $self->{$name}=[@values];
309 }
310 } else {
311 $name = $p[0];
312 }
313
71f3e297 314 return unless defined($name) && $self->{$name};
54310121 315 return wantarray ? @{$self->{$name}} : $self->{$name}->[0];
316}
317
54310121 318sub self_or_default {
424ec8fa 319 return @_ if defined($_[0]) && (!ref($_[0])) &&($_[0] eq 'CGI');
54310121 320 unless (defined($_[0]) &&
424ec8fa
GS		 321 (ref($_[0]) eq 'CGI' || UNIVERSAL::isa($_[0],'CGI')) # slightly optimized for common case
322 ) {
54310121 323 $Q = $CGI::DefaultClass->new unless defined($Q);
324 unshift(@_,$Q);
325 }
3d1a2ec4 326 return wantarray ? @_ : $Q;
54310121 327}
328
54310121 329sub self_or_CGI {
330 local $^W=0; # prevent a warning
331 if (defined($_[0]) &&
332 (substr(ref($_[0]),0,3) eq 'CGI'
424ec8fa 333 || UNIVERSAL::isa($_[0],'CGI'))) {
54310121 334 return @_;
335 } else {
336 return ($DefaultClass,@_);
337 }
338}
339
54310121 340########################################
341# THESE METHODS ARE MORE OR LESS PRIVATE
342# GO TO THE __DATA__ SECTION TO SEE MORE
343# PUBLIC METHODS
344########################################
345
346# Initialize the query object from the environment.
347# If a parameter list is found, this object will be set
348# to an associative array in which parameter names are keys
349# and the values are stored as lists
350# If a keyword list is found, this method creates a bogus
351# parameter list with the single parameter 'keywords'.
352
353sub init {
354 my($self,$initializer) = @_;
424ec8fa 355 my($query_string,$meth,$content_length,$fh,@lines) = ('','','','');
71f3e297 356 local($/) = "\n";
54310121 357
358 # if we get called more than once, we want to initialize
359 # ourselves from the original query (which may be gone
360 # if it was read from STDIN originally.)
d45d855d 361 if (defined(@QUERY_PARAM) && !defined($initializer)) {
54310121 362 foreach (@QUERY_PARAM) {
363 $self->param('-name'=>$_,'-value'=>$QUERY_PARAM{$_});
364 }
d45d855d
JH		 365 $self->charset($QUERY_CHARSET);
366 $self->{'.fieldnames'} = {%QUERY_FIELDNAMES};
54310121 367 return;
368 }
369
370 $meth=$ENV{'REQUEST_METHOD'} if defined($ENV{'REQUEST_METHOD'});
424ec8fa 371 $content_length = defined($ENV{'CONTENT_LENGTH'}) ? $ENV{'CONTENT_LENGTH'} : 0;
3538e1d5 372
424ec8fa 373 $fh = to_filehandle($initializer) if $initializer;
54310121 374
a3b3a725
JH		 375 # set charset to the safe ISO-8859-1
376 $self->charset('ISO-8859-1');
377
54310121 378 METHOD: {
54310121 379
3538e1d5
GS		 380 # avoid unreasonably large postings
381 if (($POST_MAX > 0) && ($content_length > $POST_MAX)) {
382 $self->cgi_error("413 Request entity too large");
383 last METHOD;
384 }
385
424ec8fa
GS		 386 # Process multipart postings, but only if the initializer is
387 # not defined.
388 if ($meth eq 'POST'
389 && defined($ENV{'CONTENT_TYPE'})
390 && $ENV{'CONTENT_TYPE'}=~m|^multipart/form-data|
391 && !defined($initializer)
392 ) {
71f3e297 393 my($boundary) = $ENV{'CONTENT_TYPE'} =~ /boundary=\"?([^\";,]+)\"?/;
424ec8fa
GS		 394 $self->read_multipart($boundary,$content_length);
395 last METHOD;
396 }
397
398 # If initializer is defined, then read parameters
399 # from it.
400 if (defined($initializer)) {
401 if (UNIVERSAL::isa($initializer,'CGI')) {
402 $query_string = $initializer->query_string;
403 last METHOD;
404 }
54310121 405 if (ref($initializer) && ref($initializer) eq 'HASH') {
406 foreach (keys %$initializer) {
407 $self->param('-name'=>$_,'-value'=>$initializer->{$_});
408 }
409 last METHOD;
410 }
411
424ec8fa
GS		 412 if (defined($fh) && ($fh ne '')) {
413 while (<$fh>) {
54310121 414 chomp;
415 last if /^=/;
416 push(@lines,$_);
417 }
418 # massage back into standard format
419 if ("@lines" =~ /=/) {
420 $query_string=join("&",@lines);
421 } else {
422 $query_string=join("+",@lines);
423 }
424 last METHOD;
425 }
424ec8fa
GS		 426
427 # last chance -- treat it as a string
428 $initializer = $$initializer if ref($initializer) eq 'SCALAR';
54310121 429 $query_string = $initializer;
424ec8fa 430
54310121 431 last METHOD;
432 }
54310121 433
424ec8fa
GS		 434 # If method is GET or HEAD, fetch the query from
435 # the environment.
436 if ($meth=~/^(GET|HEAD)$/) {
3538e1d5
GS		 437 if ($MOD_PERL) {
438 $query_string = Apache->request->args;
439 } else {
440 $query_string = $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
3d1a2ec4 441 $query_string ||= $ENV{'REDIRECT_QUERY_STRING'} if defined $ENV{'REDIRECT_QUERY_STRING'};
3538e1d5 442 }
424ec8fa
GS		 443 last METHOD;
444 }
54310121 445
424ec8fa
GS		 446 if ($meth eq 'POST') {
447 $self->read_from_client(\*STDIN,\$query_string,$content_length,0)
448 if $content_length > 0;
54310121 449 # Some people want to have their cake and eat it too!
450 # Uncomment this line to have the contents of the query string
451 # APPENDED to the POST data.
424ec8fa 452 # $query_string .= (length($query_string) ? '&' : '') . $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
54310121 453 last METHOD;
454 }
424ec8fa
GS		 455
456 # If $meth is not of GET, POST or HEAD, assume we're being debugged offline.
54310121 457 # Check the command line and then the standard input for data.
458 # We use the shellwords package in order to behave the way that
459 # UN*X programmers expect.
3d1a2ec4 460 $query_string = read_from_cmdline() if $DEBUG;
54310121 461 }
424ec8fa 462
54310121 463 # We now have the query string in hand. We do slightly
464 # different things for keyword lists and parameter lists.
ba056755 465 if (defined $query_string && length $query_string) {
3d1a2ec4 466 if ($query_string =~ /[&=;]/) {
54310121 467 $self->parse_params($query_string);
468 } else {
469 $self->add_parameter('keywords');
470 $self->{'keywords'} = [$self->parse_keywordlist($query_string)];
471 }
472 }
473
474 # Special case. Erase everything if there is a field named
475 # .defaults.
476 if ($self->param('.defaults')) {
477 undef %{$self};
478 }
479
480 # Associative array containing our defined fieldnames
481 $self->{'.fieldnames'} = {};
482 foreach ($self->param('.cgifields')) {
483 $self->{'.fieldnames'}->{$_}++;
484 }
485
486 # Clear out our default submission button flag if present
487 $self->delete('.submit');
488 $self->delete('.cgifields');
3d1a2ec4 489
54310121 490 $self->save_request unless $initializer;
54310121 491}
492
54310121 493# FUNCTIONS TO OVERRIDE:
54310121 494# Turn a string into a filehandle
495sub to_filehandle {
424ec8fa
GS		 496 my $thingy = shift;
497 return undef unless $thingy;
498 return $thingy if UNIVERSAL::isa($thingy,'GLOB');
499 return $thingy if UNIVERSAL::isa($thingy,'FileHandle');
500 if (!ref($thingy)) {
501 my $caller = 1;
502 while (my $package = caller($caller++)) {
503 my($tmp) = $thingy=~/[\':]/ ? $thingy : "$package\:\:$thingy";
504 return $tmp if defined(fileno($tmp));
505 }
54310121 506 }
424ec8fa 507 return undef;
54310121 508}
509
510# send output to the browser
511sub put {
512 my($self,@p) = self_or_default(@_);
513 $self->print(@p);
514}
515
516# print to standard output (for overriding in mod_perl)
517sub print {
518 shift;
519 CORE::print(@_);
520}
521
3538e1d5
GS		 522# get/set last cgi_error
523sub cgi_error {
524 my ($self,$err) = self_or_default(@_);
525 $self->{'.cgi_error'} = $err if defined $err;
526 return $self->{'.cgi_error'};
527}
528
54310121 529sub save_request {
530 my($self) = @_;
531 # We're going to play with the package globals now so that if we get called
532 # again, we initialize ourselves in exactly the same way. This allows
533 # us to have several of these objects.
534 @QUERY_PARAM = $self->param; # save list of parameters
535 foreach (@QUERY_PARAM) {
3d1a2ec4
GS		 536 next unless defined $_;
537 $QUERY_PARAM{$_}=$self->{$_};
54310121 538 }
d45d855d
JH		 539 $QUERY_CHARSET = $self->charset;
540 %QUERY_FIELDNAMES = %{$self->{'.fieldnames'}};
54310121 541}
542
54310121 543sub parse_params {
544 my($self,$tosplit) = @_;
71f3e297 545 my(@pairs) = split(/[&;]/,$tosplit);
54310121 546 my($param,$value);
547 foreach (@pairs) {
424ec8fa 548 ($param,$value) = split('=',$_,2);
69c89ae7 549 next if $NO_UNDEF_PARAMS and not defined $value;
3d1a2ec4 550 $value = '' unless defined $value;
424ec8fa
GS		 551 $param = unescape($param);
552 $value = unescape($value);
54310121 553 $self->add_parameter($param);
554 push (@{$self->{$param}},$value);
555 }
556}
557
558sub add_parameter {
559 my($self,$param)=@_;
3d1a2ec4 560 return unless defined $param;
54310121 561 push (@{$self->{'.parameters'}},$param)
562 unless defined($self->{$param});
563}
564
565sub all_parameters {
566 my $self = shift;
567 return () unless defined($self) && $self->{'.parameters'};
568 return () unless @{$self->{'.parameters'}};
569 return @{$self->{'.parameters'}};
570}
571
424ec8fa
GS		 572# put a filehandle into binary mode (DOS)
573sub binmode {
574 CORE::binmode($_[1]);
575}
576
577sub _make_tag_func {
71f3e297 578 my ($self,$tagname) = @_;
3538e1d5 579 my $func = qq(
3d1a2ec4
GS		 580 sub $tagname {
581 shift if \$_[0] &&
582 (ref(\$_[0]) &&
583 (substr(ref(\$_[0]),0,3) eq 'CGI' ||
584 UNIVERSAL::isa(\$_[0],'CGI')));
424ec8fa
GS		 585 my(\$attr) = '';
586 if (ref(\$_[0]) && ref(\$_[0]) eq 'HASH') {
3d1a2ec4 587 my(\@attr) = make_attributes(shift()||undef,1);
424ec8fa
GS		 588 \$attr = " \@attr" if \@attr;
589 }
3538e1d5 590 );
71f3e297 591 if ($tagname=~/start_(\w+)/i) {
6b4ac661 592 $func .= qq! return "<\L$1\E\$attr>";} !;
71f3e297 593 } elsif ($tagname=~/end_(\w+)/i) {
6b4ac661 594 $func .= qq! return "<\L/$1\E>"; } !;
71f3e297
JH		 595 } else {
596 $func .= qq#
6b4ac661
JH		 597 return \$XHTML ? "\L<$tagname\E\$attr />" : "\L<$tagname\E\$attr>" unless \@_;
598 my(\$tag,\$untag) = ("\L<$tagname\E\$attr>","\L</$tagname>\E");
3d1a2ec4
GS		 599 my \@result = map { "\$tag\$_\$untag" }
600 (ref(\$_[0]) eq 'ARRAY') ? \@{\$_[0]} : "\@_";
424ec8fa 601 return "\@result";
71f3e297
JH		 602 }#;
603 }
604return $func;
54310121 605}
606
607sub AUTOLOAD {
608 print STDERR "CGI::AUTOLOAD for $AUTOLOAD\n" if $CGI::AUTOLOAD_DEBUG;
424ec8fa
GS		 609 my $func = &_compile;
610 goto &$func;
54310121 611}
612
424ec8fa
GS		 613sub _compile {
614 my($func) = $AUTOLOAD;
615 my($pack,$func_name);
616 {
617 local($1,$2); # this fixes an obscure variable suicide problem.
618 $func=~/(.+)::([^:]+)$/;
619 ($pack,$func_name) = ($1,$2);
620 $pack=~s/::SUPER$//; # fix another obscure problem
621 $pack = ${"$pack\:\:AutoloadClass"} || $CGI::DefaultClass
622 unless defined(${"$pack\:\:AUTOLOADED_ROUTINES"});
623
624 my($sub) = \%{"$pack\:\:SUBS"};
625 unless (%$sub) {
626 my($auto) = \${"$pack\:\:AUTOLOADED_ROUTINES"};
627 eval "package $pack; $$auto";
ba056755 628 croak("$AUTOLOAD: $@") if $@;
424ec8fa
GS		 629 $$auto = ''; # Free the unneeded storage (but don't undef it!!!)
630 }
631 my($code) = $sub->{$func_name};
632
633 $code = "sub $AUTOLOAD { }" if (!$code and $func_name eq 'DESTROY');
634 if (!$code) {
71f3e297 635 (my $base = $func_name) =~ s/^(start_|end_)//i;
424ec8fa
GS		 636 if ($EXPORT{':any'} ||
637 $EXPORT{'-any'} ||
71f3e297 638 $EXPORT{$base} ||
424ec8fa 639 (%EXPORT_OK || grep(++$EXPORT_OK{$_},&expand_tags(':html')))
71f3e297
JH		 640 && $EXPORT_OK{$base}) {
641 $code = $CGI::DefaultClass->_make_tag_func($func_name);
424ec8fa
GS		 642 }
643 }
ba056755 644 croak("Undefined subroutine $AUTOLOAD\n") unless $code;
424ec8fa
GS		 645 eval "package $pack; $code";
646 if ($@) {
647 $@ =~ s/ at .*\n//;
ba056755 648 croak("$AUTOLOAD: $@");
424ec8fa
GS		 649 }
650 }
3538e1d5 651 CORE::delete($sub->{$func_name}); #free storage
424ec8fa
GS		 652 return "$pack\:\:$func_name";
653}
654
655sub _reset_globals { initialize_globals(); }
656
657sub _setup_symbols {
658 my $self = shift;
659 my $compile = 0;
660 foreach (@_) {
71f3e297
JH		 661 $HEADERS_ONCE++, next if /^[:-]unique_headers$/;
662 $NPH++, next if /^[:-]nph$/;
3d1a2ec4
GS		 663 $NOSTICKY++, next if /^[:-]nosticky$/;
664 $DEBUG=0, next if /^[:-]no_?[Dd]ebug$/;
665 $DEBUG=2, next if /^[:-][Dd]ebug$/;
71f3e297 666 $USE_PARAM_SEMICOLONS++, next if /^[:-]newstyle_urls$/;
6b4ac661
JH		 667 $XHTML++, next if /^[:-]xhtml$/;
668 $XHTML=0, next if /^[:-]no_?xhtml$/;
3d1a2ec4 669 $USE_PARAM_SEMICOLONS=0, next if /^[:-]oldstyle_urls$/;
71f3e297
JH		 670 $PRIVATE_TEMPFILES++, next if /^[:-]private_tempfiles$/;
671 $EXPORT{$_}++, next if /^[:-]any$/;
672 $compile++, next if /^[:-]compile$/;
199d4a26 673 $NO_UNDEF_PARAMS++, next if /^[:-]no_undef_params$/;
424ec8fa 674
71f3e297 675 # This is probably extremely evil code -- to be deleted some day.
424ec8fa
GS		 676 if (/^[-]autoload$/) {
677 my($pkg) = caller(1);
678 *{"${pkg}::AUTOLOAD"} = sub {
679 my($routine) = $AUTOLOAD;
680 $routine =~ s/^.*::/CGI::/;
681 &$routine;
682 };
683 next;
684 }
685
686 foreach (&expand_tags($_)) {
687 tr/a-zA-Z0-9_//cd; # don't allow weird function names
688 $EXPORT{$_}++;
54310121 689 }
54310121 690 }
424ec8fa 691 _compile_all(keys %EXPORT) if $compile;
54310121 692}
693
3d1a2ec4
GS		 694sub charset {
695 my ($self,$charset) = self_or_default(@_);
696 $self->{'.charset'} = $charset if defined $charset;
697 $self->{'.charset'};
698}
699
54310121 700###############################################################################
701################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
702###############################################################################
703$AUTOLOADED_ROUTINES = ''; # get rid of -w warning
704$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
705
706%SUBS = (
707
708'URL_ENCODED'=> <<'END_OF_FUNC',
709sub URL_ENCODED { 'application/x-www-form-urlencoded'; }
710END_OF_FUNC
711
712'MULTIPART' => <<'END_OF_FUNC',
713sub MULTIPART { 'multipart/form-data'; }
714END_OF_FUNC
715
424ec8fa 716'SERVER_PUSH' => <<'END_OF_FUNC',
ba056755 717sub SERVER_PUSH { 'multipart/x-mixed-replace;boundary="' . shift() . '"'; }
424ec8fa
GS		 718END_OF_FUNC
719
424ec8fa
GS		 720'new_MultipartBuffer' => <<'END_OF_FUNC',
721# Create a new multipart buffer
722sub new_MultipartBuffer {
723 my($self,$boundary,$length,$filehandle) = @_;
724 return MultipartBuffer->new($self,$boundary,$length,$filehandle);
725}
726END_OF_FUNC
727
728'read_from_client' => <<'END_OF_FUNC',
729# Read data from a file handle
730sub read_from_client {
731 my($self, $fh, $buff, $len, $offset) = @_;
732 local $^W=0; # prevent a warning
733 return undef unless defined($fh);
734 return read($fh, $$buff, $len, $offset);
735}
736END_OF_FUNC
737
738'delete' => <<'END_OF_FUNC',
739#### Method: delete
740# Deletes the named parameter entirely.
741####
742sub delete {
6b4ac661
JH		 743 my($self,@p) = self_or_default(@_);
744 my($name) = rearrange([NAME],@p);
3538e1d5
GS		 745 CORE::delete $self->{$name};
746 CORE::delete $self->{'.fieldnames'}->{$name};
424ec8fa
GS		 747 @{$self->{'.parameters'}}=grep($_ ne $name,$self->param());
748 return wantarray ? () : undef;
749}
750END_OF_FUNC
751
752#### Method: import_names
753# Import all parameters into the given namespace.
754# Assumes namespace 'Q' if not specified
755####
756'import_names' => <<'END_OF_FUNC',
757sub import_names {
758 my($self,$namespace,$delete) = self_or_default(@_);
759 $namespace = 'Q' unless defined($namespace);
760 die "Can't import names into \"main\"\n" if \%{"${namespace}::"} == \%::;
3538e1d5 761 if ($delete || $MOD_PERL || exists $ENV{'FCGI_ROLE'}) {
424ec8fa
GS		 762 # can anyone find an easier way to do this?
763 foreach (keys %{"${namespace}::"}) {
764 local *symbol = "${namespace}::${_}";
765 undef $symbol;
766 undef @symbol;
767 undef %symbol;
54310121 768 }
424ec8fa
GS		 769 }
770 my($param,@value,$var);
771 foreach $param ($self->param) {
772 # protect against silly names
773 ($var = $param)=~tr/a-zA-Z0-9_/_/c;
774 $var =~ s/^(?=\d)/_/;
775 local *symbol = "${namespace}::$var";
776 @value = $self->param($param);
777 @symbol = @value;
778 $symbol = $value[0];
54310121 779 }
780}
781END_OF_FUNC
782
783#### Method: keywords
784# Keywords acts a bit differently. Calling it in a list context
785# returns the list of keywords.
786# Calling it in a scalar context gives you the size of the list.
787####
788'keywords' => <<'END_OF_FUNC',
789sub keywords {
790 my($self,@values) = self_or_default(@_);
791 # If values is provided, then we set it.
475342a6 792 $self->{'keywords'}=[@values] if @values;
424ec8fa 793 my(@result) = defined($self->{'keywords'}) ? @{$self->{'keywords'}} : ();
54310121 794 @result;
795}
796END_OF_FUNC
797
798# These are some tie() interfaces for compatibility
799# with Steve Brenner's cgi-lib.pl routines
3538e1d5
GS		 800'Vars' => <<'END_OF_FUNC',
801sub Vars {
ffd2dff2 802 my $q = shift;
3538e1d5 803 my %in;
ffd2dff2 804 tie(%in,CGI,$q);
3538e1d5
GS		 805 return %in if wantarray;
806 return \%in;
807}
808END_OF_FUNC
809
810# These are some tie() interfaces for compatibility
811# with Steve Brenner's cgi-lib.pl routines
54310121 812'ReadParse' => <<'END_OF_FUNC',
813sub ReadParse {
814 local(*in);
815 if (@_) {
816 *in = $_[0];
817 } else {
818 my $pkg = caller();
819 *in=*{"${pkg}::in"};
820 }
821 tie(%in,CGI);
424ec8fa 822 return scalar(keys %in);
54310121 823}
824END_OF_FUNC
825
826'PrintHeader' => <<'END_OF_FUNC',
827sub PrintHeader {
828 my($self) = self_or_default(@_);
829 return $self->header();
830}
831END_OF_FUNC
832
833'HtmlTop' => <<'END_OF_FUNC',
834sub HtmlTop {
835 my($self,@p) = self_or_default(@_);
836 return $self->start_html(@p);
837}
838END_OF_FUNC
839
840'HtmlBot' => <<'END_OF_FUNC',
841sub HtmlBot {
842 my($self,@p) = self_or_default(@_);
843 return $self->end_html(@p);
844}
845END_OF_FUNC
846
847'SplitParam' => <<'END_OF_FUNC',
848sub SplitParam {
849 my ($param) = @_;
850 my (@params) = split ("\0", $param);
851 return (wantarray ? @params : $params[0]);
852}
853END_OF_FUNC
854
855'MethGet' => <<'END_OF_FUNC',
856sub MethGet {
857 return request_method() eq 'GET';
858}
859END_OF_FUNC
860
861'MethPost' => <<'END_OF_FUNC',
862sub MethPost {
863 return request_method() eq 'POST';
864}
865END_OF_FUNC
866
867'TIEHASH' => <<'END_OF_FUNC',
868sub TIEHASH {
ffd2dff2 869 return $_[1] if defined $_[1];
3d1a2ec4 870 return $Q ||= new shift;
54310121 871}
872END_OF_FUNC
873
874'STORE' => <<'END_OF_FUNC',
875sub STORE {
3d1a2ec4
GS		 876 my $self = shift;
877 my $tag = shift;
6b4ac661
JH		 878 my $vals = shift;
879 my @vals = index($vals,"\0")!=-1 ? split("\0",$vals) : $vals;
3d1a2ec4 880 $self->param(-name=>$tag,-value=>\@vals);
54310121 881}
882END_OF_FUNC
883
884'FETCH' => <<'END_OF_FUNC',
885sub FETCH {
886 return $_[0] if $_[1] eq 'CGI';
887 return undef unless defined $_[0]->param($_[1]);
888 return join("\0",$_[0]->param($_[1]));
889}
890END_OF_FUNC
891
892'FIRSTKEY' => <<'END_OF_FUNC',
893sub FIRSTKEY {
894 $_[0]->{'.iterator'}=0;
895 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++];
896}
897END_OF_FUNC
898
899'NEXTKEY' => <<'END_OF_FUNC',
900sub NEXTKEY {
901 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++];
902}
903END_OF_FUNC
904
905'EXISTS' => <<'END_OF_FUNC',
906sub EXISTS {
907 exists $_[0]->{$_[1]};
908}
909END_OF_FUNC
910
911'DELETE' => <<'END_OF_FUNC',
912sub DELETE {
913 $_[0]->delete($_[1]);
914}
915END_OF_FUNC
916
917'CLEAR' => <<'END_OF_FUNC',
918sub CLEAR {
919 %{$_[0]}=();
920}
921####
922END_OF_FUNC
923
924####
925# Append a new value to an existing query
926####
927'append' => <<'EOF',
928sub append {
929 my($self,@p) = @_;
3d1a2ec4 930 my($name,$value) = rearrange([NAME,[VALUE,VALUES]],@p);
54310121 931 my(@values) = defined($value) ? (ref($value) ? @{$value} : $value) : ();
932 if (@values) {
933 $self->add_parameter($name);
934 push(@{$self->{$name}},@values);
935 }
936 return $self->param($name);
937}
938EOF
939
940#### Method: delete_all
941# Delete all parameters
942####
943'delete_all' => <<'EOF',
944sub delete_all {
945 my($self) = self_or_default(@_);
946 undef %{$self};
947}
948EOF
949
424ec8fa
GS		 950'Delete' => <<'EOF',
951sub Delete {
952 my($self,@p) = self_or_default(@_);
953 $self->delete(@p);
954}
955EOF
956
957'Delete_all' => <<'EOF',
958sub Delete_all {
959 my($self,@p) = self_or_default(@_);
960 $self->delete_all(@p);
961}
962EOF
963
54310121 964#### Method: autoescape
965# If you want to turn off the autoescaping features,
966# call this method with undef as the argument
967'autoEscape' => <<'END_OF_FUNC',
968sub autoEscape {
969 my($self,$escape) = self_or_default(@_);
970 $self->{'dontescape'}=!$escape;
971}
972END_OF_FUNC
973
974
975#### Method: version
976# Return the current version
977####
978'version' => <<'END_OF_FUNC',
979sub version {
980 return $VERSION;
981}
982END_OF_FUNC
983
424ec8fa
GS		 984#### Method: url_param
985# Return a parameter in the QUERY_STRING, regardless of
986# whether this was a POST or a GET
987####
988'url_param' => <<'END_OF_FUNC',
989sub url_param {
990 my ($self,@p) = self_or_default(@_);
991 my $name = shift(@p);
992 return undef unless exists($ENV{QUERY_STRING});
993 unless (exists($self->{'.url_param'})) {
994 $self->{'.url_param'}={}; # empty hash
995 if ($ENV{QUERY_STRING} =~ /=/) {
71f3e297 996 my(@pairs) = split(/[&;]/,$ENV{QUERY_STRING});
424ec8fa
GS		 997 my($param,$value);
998 foreach (@pairs) {
999 ($param,$value) = split('=',$_,2);
1000 $param = unescape($param);
1001 $value = unescape($value);
1002 push(@{$self->{'.url_param'}->{$param}},$value);
1003 }
1004 } else {
1005 $self->{'.url_param'}->{'keywords'} = [$self->parse_keywordlist($ENV{QUERY_STRING})];
1006 }
1007 }
1008 return keys %{$self->{'.url_param'}} unless defined($name);
1009 return () unless $self->{'.url_param'}->{$name};
1010 return wantarray ? @{$self->{'.url_param'}->{$name}}
1011 : $self->{'.url_param'}->{$name}->[0];
1012}
1013END_OF_FUNC
1014
3d1a2ec4 1015#### Method: Dump
54310121 1016# Returns a string in which all the known parameter/value
1017# pairs are represented as nested lists, mainly for the purposes
1018# of debugging.
1019####
3d1a2ec4
GS		 1020'Dump' => <<'END_OF_FUNC',
1021sub Dump {
54310121 1022 my($self) = self_or_default(@_);
1023 my($param,$value,@result);
1024 return '<UL></UL>' unless $self->param;
1025 push(@result,"<UL>");
1026 foreach $param ($self->param) {
1027 my($name)=$self->escapeHTML($param);
1028 push(@result,"<LI><STRONG>$param</STRONG>");
1029 push(@result,"<UL>");
1030 foreach $value ($self->param($param)) {
1031 $value = $self->escapeHTML($value);
3538e1d5 1032 $value =~ s/\n/<BR>\n/g;
54310121 1033 push(@result,"<LI>$value");
1034 }
1035 push(@result,"</UL>");
1036 }
69c89ae7 1037 push(@result,"</UL>");
54310121 1038 return join("\n",@result);
1039}
1040END_OF_FUNC
1041
424ec8fa
GS		 1042#### Method as_string
1043#
1044# synonym for "dump"
1045####
1046'as_string' => <<'END_OF_FUNC',
1047sub as_string {
3d1a2ec4 1048 &Dump(@_);
424ec8fa
GS		 1049}
1050END_OF_FUNC
1051
1052#### Method: save
1053# Write values out to a filehandle in such a way that they can
1054# be reinitialized by the filehandle form of the new() method
54310121 1055####
1056'save' => <<'END_OF_FUNC',
1057sub save {
1058 my($self,$filehandle) = self_or_default(@_);
54310121 1059 $filehandle = to_filehandle($filehandle);
424ec8fa
GS		 1060 my($param);
1061 local($,) = ''; # set print field separator back to a sane value
71f3e297 1062 local($\) = ''; # set output line separator to a sane value
54310121 1063 foreach $param ($self->param) {
424ec8fa 1064 my($escaped_param) = escape($param);
54310121 1065 my($value);
1066 foreach $value ($self->param($param)) {
3538e1d5 1067 print $filehandle "$escaped_param=",escape("$value"),"\n";
54310121 1068 }
1069 }
d45d855d
JH		 1070 foreach (keys %{$self->{'.fieldnames'}}) {
1071 print $filehandle ".cgifields=",escape("$_"),"\n";
1072 }
54310121 1073 print $filehandle "=\n"; # end of record
1074}
1075END_OF_FUNC
1076
1077
424ec8fa
GS		 1078#### Method: save_parameters
1079# An alias for save() that is a better name for exportation.
1080# Only intended to be used with the function (non-OO) interface.
1081####
1082'save_parameters' => <<'END_OF_FUNC',
1083sub save_parameters {
1084 my $fh = shift;
1085 return save(to_filehandle($fh));
1086}
1087END_OF_FUNC
1088
1089#### Method: restore_parameters
1090# A way to restore CGI parameters from an initializer.
1091# Only intended to be used with the function (non-OO) interface.
1092####
1093'restore_parameters' => <<'END_OF_FUNC',
1094sub restore_parameters {
1095 $Q = $CGI::DefaultClass->new(@_);
1096}
1097END_OF_FUNC
1098
1099#### Method: multipart_init
1100# Return a Content-Type: style header for server-push
ba056755 1101# This has to be NPH on most web servers, and it is advisable to set $| = 1
424ec8fa
GS		 1102#
1103# Many thanks to Ed Jordan <ed@fidalgo.net> for this
ba056755 1104# contribution, updated by Andrew Benham (adsb@bigfoot.com)
424ec8fa
GS		 1105####
1106'multipart_init' => <<'END_OF_FUNC',
1107sub multipart_init {
1108 my($self,@p) = self_or_default(@_);
3d1a2ec4 1109 my($boundary,@other) = rearrange([BOUNDARY],@p);
424ec8fa 1110 $boundary = $boundary || '------- =_aaaaaaaaaa0';
ba056755
JH		 1111 $self->{'separator'} = "$CRLF--$boundary$CRLF";
1112 $self->{'final_separator'} = "$CRLF--$boundary--$CRLF";
424ec8fa
GS		 1113 $type = SERVER_PUSH($boundary);
1114 return $self->header(
1115 -nph => 1,
1116 -type => $type,
1117 (map { split "=", $_, 2 } @other),
ba056755 1118 ) . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $self->multipart_end;
424ec8fa
GS		 1119}
1120END_OF_FUNC
1121
1122
1123#### Method: multipart_start
1124# Return a Content-Type: style header for server-push, start of section
1125#
1126# Many thanks to Ed Jordan <ed@fidalgo.net> for this
ba056755 1127# contribution, updated by Andrew Benham (adsb@bigfoot.com)
424ec8fa
GS		 1128####
1129'multipart_start' => <<'END_OF_FUNC',
1130sub multipart_start {
ba056755 1131 my(@header);
424ec8fa 1132 my($self,@p) = self_or_default(@_);
3d1a2ec4 1133 my($type,@other) = rearrange([TYPE],@p);
424ec8fa 1134 $type = $type || 'text/html';
ba056755
JH		 1135 push(@header,"Content-Type: $type");
1136
1137 # rearrange() was designed for the HTML portion, so we
1138 # need to fix it up a little.
1139 foreach (@other) {
1140 next unless my($header,$value) = /([^\s=]+)=\"?(.+?)\"?$/;
1141 ($_ = $header) =~ s/^(\w)(.*)/$1 . lc ($2) . ': '.$self->unescapeHTML($value)/e;
1142 }
1143 push(@header,@other);
1144 my $header = join($CRLF,@header)."${CRLF}${CRLF}";
1145 return $header;
424ec8fa
GS		 1146}
1147END_OF_FUNC
1148
1149
1150#### Method: multipart_end
ba056755 1151# Return a MIME boundary separator for server-push, end of section
424ec8fa
GS		 1152#
1153# Many thanks to Ed Jordan <ed@fidalgo.net> for this
1154# contribution
1155####
1156'multipart_end' => <<'END_OF_FUNC',
1157sub multipart_end {
1158 my($self,@p) = self_or_default(@_);
1159 return $self->{'separator'};
1160}
1161END_OF_FUNC
1162
1163
ba056755
JH		 1164#### Method: multipart_final
1165# Return a MIME boundary separator for server-push, end of all sections
1166#
1167# Contributed by Andrew Benham (adsb@bigfoot.com)
1168####
1169'multipart_final' => <<'END_OF_FUNC',
1170sub multipart_final {
1171 my($self,@p) = self_or_default(@_);
1172 return $self->{'final_separator'} . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $CRLF;
1173}
1174END_OF_FUNC
1175
1176
54310121 1177#### Method: header
1178# Return a Content-Type: style header
1179#
1180####
1181'header' => <<'END_OF_FUNC',
1182sub header {
1183 my($self,@p) = self_or_default(@_);
1184 my(@header);
1185
71f3e297
JH		 1186 return undef if $self->{'.header_printed'}++ and $HEADERS_ONCE;
1187
6b4ac661 1188 my($type,$status,$cookie,$target,$expires,$nph,$charset,$attachment,@other) =
3d1a2ec4
GS		 1189 rearrange([['TYPE','CONTENT_TYPE','CONTENT-TYPE'],
1190 'STATUS',['COOKIE','COOKIES'],'TARGET',
6b4ac661
JH		 1191 'EXPIRES','NPH','CHARSET',
1192 'ATTACHMENT'],@p);
3d1a2ec4
GS		 1193
1194 $nph ||= $NPH;
1195 if (defined $charset) {
1196 $self->charset($charset);
1197 } else {
1198 $charset = $self->charset;
1199 }
54310121 1200
1201 # rearrange() was designed for the HTML portion, so we
1202 # need to fix it up a little.
1203 foreach (@other) {
71f3e297 1204 next unless my($header,$value) = /([^\s=]+)=\"?(.+?)\"?$/;
a3b3a725 1205 ($_ = $header) =~ s/^(\w)(.*)/$1 . lc ($2) . ': '.$self->unescapeHTML($value)/e;
69c89ae7 1206 $header = ucfirst($header);
54310121 1207 }
1208
71f3e297 1209 $type ||= 'text/html' unless defined($type);
6b4ac661 1210 $type .= "; charset=$charset" if $type ne '' and $type =~ m!^text/! and $type !~ /\bcharset\b/;
54310121 1211
424ec8fa
GS		 1212 # Maybe future compatibility. Maybe not.
1213 my $protocol = $ENV{SERVER_PROTOCOL} || 'HTTP/1.0';
1214 push(@header,$protocol . ' ' . ($status || '200 OK')) if $nph;
ba056755 1215 push(@header,"Server: " . &server_software()) if $nph;
424ec8fa 1216
54310121 1217 push(@header,"Status: $status") if $status;
424ec8fa 1218 push(@header,"Window-Target: $target") if $target;
54310121 1219 # push all the cookies -- there may be several
1220 if ($cookie) {
424ec8fa 1221 my(@cookie) = ref($cookie) && ref($cookie) eq 'ARRAY' ? @{$cookie} : $cookie;
54310121 1222 foreach (@cookie) {
71f3e297
JH		 1223 my $cs = UNIVERSAL::isa($_,'CGI::Cookie') ? $_->as_string : $_;
1224 push(@header,"Set-Cookie: $cs") if $cs ne '';
54310121 1225 }
1226 }
1227 # if the user indicates an expiration time, then we need
1228 # both an Expires and a Date header (so that the browser is
1229 # uses OUR clock)
424ec8fa 1230 push(@header,"Expires: " . expires($expires,'http'))
7d37aa8e 1231 if $expires;
ba056755 1232 push(@header,"Date: " . expires(0,'http')) if $expires || $cookie || $nph;
54310121 1233 push(@header,"Pragma: no-cache") if $self->cache();
6b4ac661 1234 push(@header,"Content-Disposition: attachment; filename=\"$attachment\"") if $attachment;
69c89ae7 1235 push(@header,map {ucfirst $_} @other);
71f3e297 1236 push(@header,"Content-Type: $type") if $type ne '';
54310121 1237
424ec8fa
GS		 1238 my $header = join($CRLF,@header)."${CRLF}${CRLF}";
1239 if ($MOD_PERL and not $nph) {
1240 my $r = Apache->request;
1241 $r->send_cgi_header($header);
1242 return '';
1243 }
1244 return $header;
54310121 1245}
1246END_OF_FUNC
1247
1248
1249#### Method: cache
1250# Control whether header() will produce the no-cache
1251# Pragma directive.
1252####
1253'cache' => <<'END_OF_FUNC',
1254sub cache {
1255 my($self,$new_value) = self_or_default(@_);
1256 $new_value = '' unless $new_value;
1257 if ($new_value ne '') {
1258 $self->{'cache'} = $new_value;
1259 }
1260 return $self->{'cache'};
1261}
1262END_OF_FUNC
1263
1264
1265#### Method: redirect
1266# Return a Location: style header
1267#
1268####
1269'redirect' => <<'END_OF_FUNC',
1270sub redirect {
1271 my($self,@p) = self_or_default(@_);
3d1a2ec4 1272 my($url,$target,$cookie,$nph,@other) = rearrange([[LOCATION,URI,URL],TARGET,COOKIE,NPH],@p);
6b4ac661 1273 $url ||= $self->self_url;
54310121 1274 my(@o);
424ec8fa
GS		 1275 foreach (@other) { tr/\"//d; push(@o,split("=",$_,2)); }
1276 unshift(@o,
1277 '-Status'=>'302 Moved',
54310121 1278 '-Location'=>$url,
424ec8fa
GS		 1279 '-nph'=>$nph);
1280 unshift(@o,'-Target'=>$target) if $target;
1281 unshift(@o,'-Cookie'=>$cookie) if $cookie;
71f3e297 1282 unshift(@o,'-Type'=>'');
54310121 1283 return $self->header(@o);
1284}
1285END_OF_FUNC
1286
1287
1288#### Method: start_html
1289# Canned HTML header
1290#
1291# Parameters:
1292# $title -> (optional) The title for this HTML document (-title)
1293# $author -> (optional) e-mail address of the author (-author)
1294# $base -> (optional) if set to true, will enter the BASE address of this document
1295# for resolving relative references (-base)
1296# $xbase -> (optional) alternative base at some remote location (-xbase)
1297# $target -> (optional) target window to load all links into (-target)
1298# $script -> (option) Javascript code (-script)
47e3cabd 1299# $no_script -> (option) Javascript <noscript> tag (-noscript)
54310121 1300# $meta -> (optional) Meta information tags
7d37aa8e
LS		 1301# $head -> (optional) any other elements you'd like to incorporate into the <HEAD> tag
1302# (a scalar or array ref)
1303# $style -> (optional) reference to an external style sheet
54310121 1304# @other -> (optional) any other named parameters you'd like to incorporate into
1305# the <BODY> tag.
1306####
1307'start_html' => <<'END_OF_FUNC',
1308sub start_html {
1309 my($self,@p) = &self_or_default(@_);
6b4ac661
JH		 1310 my($title,$author,$base,$xbase,$script,$noscript,$target,$meta,$head,$style,$dtd,$lang,@other) =
1311 rearrange([TITLE,AUTHOR,BASE,XBASE,SCRIPT,NOSCRIPT,TARGET,META,HEAD,STYLE,DTD,LANG],@p);
54310121 1312
1313 # strangely enough, the title needs to be escaped as HTML
1314 # while the author needs to be escaped as a URL
1315 $title = $self->escapeHTML($title || 'Untitled Document');
424ec8fa 1316 $author = $self->escape($author);
6b4ac661 1317 $lang ||= 'en-US';
ba056755 1318 my(@result,$xml_dtd);
3d1a2ec4 1319 if ($dtd) {
6b4ac661 1320 if (defined(ref($dtd)) and (ref($dtd) eq 'ARRAY')) {
3d1a2ec4
GS		 1321 $dtd = $DEFAULT_DTD unless $dtd->[0] =~ m|^-//|;
1322 } else {
1323 $dtd = $DEFAULT_DTD unless $dtd =~ m|^-//|;
1324 }
1325 } else {
6b4ac661 1326 $dtd = $XHTML ? XHTML_DTD : $DEFAULT_DTD;
3d1a2ec4 1327 }
ba056755
JH		 1328
1329 $xml_dtd++ if ref($dtd) eq 'ARRAY' && $dtd->[0] =~ /\bXHTML\b/i;
1330 $xml_dtd++ if ref($dtd) eq '' && $dtd =~ /\bXHTML\b/i;
1331 push @result,q(<?xml version="1.0" encoding="utf-8"?>) if $xml_dtd;
1332
3d1a2ec4 1333 if (ref($dtd) && ref($dtd) eq 'ARRAY') {
03b9648d 1334 push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd->[0]"\n\t"$dtd->[1]">));
3d1a2ec4 1335 } else {
03b9648d 1336 push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd">));
3d1a2ec4 1337 }
6b4ac661
JH		 1338 push(@result,$XHTML ? qq(<html xmlns="http://www.w3.org/1999/xhtml" lang="$lang"><head><title>$title</title>)
1339 : qq(<html lang="$lang"><head><title>$title</title>));
1340 if (defined $author) {
1341 push(@result,$XHTML ? "<link rev=\"made\" href=\"mailto:$author\" />"
03b9648d 1342 : "<link rev=\"made\" href=\"mailto:$author\">");
6b4ac661 1343 }
54310121 1344
1345 if ($base || $xbase || $target) {
424ec8fa 1346 my $href = $xbase || $self->url('-path'=>1);
6b4ac661
JH		 1347 my $t = $target ? qq/ target="$target"/ : '';
1348 push(@result,$XHTML ? qq(<base href="$href"$t />) : qq(<base href="$href"$t>));
54310121 1349 }
1350
1351 if ($meta && ref($meta) && (ref($meta) eq 'HASH')) {
6b4ac661
JH		 1352 foreach (keys %$meta) { push(@result,$XHTML ? qq(<meta name="$_" content="$meta->{$_}" />)
1353 : qq(<meta name="$_" content="$meta->{$_}">)); }
54310121 1354 }
7d37aa8e
LS		 1355
1356 push(@result,ref($head) ? @$head : $head) if $head;
1357
424ec8fa
GS		 1358 # handle the infrequently-used -style and -script parameters
1359 push(@result,$self->_style($style)) if defined $style;
1360 push(@result,$self->_script($script)) if defined $script;
1361
1362 # handle -noscript parameter
1363 push(@result,<<END) if $noscript;
6b4ac661 1364<noscript>
424ec8fa 1365$noscript
6b4ac661 1366</noscript>
424ec8fa
GS		 1367END
1368 ;
1369 my($other) = @other ? " @other" : '';
6b4ac661 1370 push(@result,"</head><body$other>");
424ec8fa
GS		 1371 return join("\n",@result);
1372}
1373END_OF_FUNC
1374
1375### Method: _style
1376# internal method for generating a CSS style section
1377####
1378'_style' => <<'END_OF_FUNC',
1379sub _style {
1380 my ($self,$style) = @_;
1381 my (@result);
1382 my $type = 'text/css';
a3b3a725
JH		 1383
1384 my $cdata_start = $XHTML ? "\n<!--/* <![CDATA[ */" : "\n<!-- ";
1385 my $cdata_end = $XHTML ? "\n/* ]]> */-->\n" : " -->\n";
1386
424ec8fa 1387 if (ref($style)) {
6b4ac661
JH		 1388 my($src,$code,$stype,@other) =
1389 rearrange([SRC,CODE,TYPE],
1390 '-foo'=>'bar', # a trick to allow the '-' to be omitted
1391 ref($style) eq 'ARRAY' ? @$style : %$style);
1392 $type = $stype if $stype;
6b4ac661
JH		 1393 if (ref($src) eq "ARRAY") # Check to see if the $src variable is an array reference
1394 { # If it is, push a LINK tag for each one.
1395 foreach $src (@$src)
1396 {
ba056755
JH		 1397 push(@result,$XHTML ? qq(<link rel="stylesheet" type="$type" href="$src" />)
1398 : qq(<link rel="stylesheet" type="$type" href="$src">/)) if $src;
6b4ac661
JH		 1399 }
1400 }
1401 else
1402 { # Otherwise, push the single -src, if it exists.
ba056755
JH		 1403 push(@result,$XHTML ? qq(<link rel="stylesheet" type="$type" href="$src" />)
1404 : qq(<link rel="stylesheet" type="$type" href="$src">)
1405 ) if $src;
6b4ac661 1406 }
a3b3a725 1407 push(@result,style({'type'=>$type},"$cdata_start\n$code\n$cdata_end")) if $code;
424ec8fa 1408 } else {
a3b3a725 1409 push(@result,style({'type'=>$type},"$cdata_start\n$style\n$cdata_end"));
7d37aa8e 1410 }
424ec8fa
GS		 1411 @result;
1412}
1413END_OF_FUNC
1414
424ec8fa
GS		 1415'_script' => <<'END_OF_FUNC',
1416sub _script {
1417 my ($self,$script) = @_;
1418 my (@result);
a3b3a725 1419
424ec8fa
GS		 1420 my (@scripts) = ref($script) eq 'ARRAY' ? @$script : ($script);
1421 foreach $script (@scripts) {
7d37aa8e
LS		 1422 my($src,$code,$language);
1423 if (ref($script)) { # script is a hash
3d1a2ec4
GS		 1424 ($src,$code,$language, $type) =
1425 rearrange([SRC,CODE,LANGUAGE,TYPE],
7d37aa8e 1426 '-foo'=>'bar', # a trick to allow the '-' to be omitted
3538e1d5 1427 ref($script) eq 'ARRAY' ? @$script : %$script);
3d1a2ec4
GS		 1428 # User may not have specified language
1429 $language ||= 'JavaScript';
1430 unless (defined $type) {
1431 $type = lc $language;
1432 # strip '1.2' from 'javascript1.2'
1433 $type =~ s/^(\D+).*$/text\/$1/;
1434 }
7d37aa8e 1435 } else {
3d1a2ec4 1436 ($src,$code,$language, $type) = ('',$script,'JavaScript', 'text/javascript');
7d37aa8e 1437 }
a3b3a725
JH		 1438
1439 my $comment = '//'; # javascript by default
1440 $comment = '#' if $type=~/perl|tcl/i;
1441 $comment = "'" if $type=~/vbscript/i;
1442
1443 my $cdata_start = "\n<!-- Hide script\n";
1444 $cdata_start .= "$comment<![CDATA[\n" if $XHTML;
1445 my $cdata_end = $XHTML ? "\n$comment]]>" : $comment;
1446 $cdata_end .= " End script hiding -->\n";
1447
7d37aa8e
LS		 1448 my(@satts);
1449 push(@satts,'src'=>$src) if $src;
3d1a2ec4
GS		 1450 push(@satts,'language'=>$language);
1451 push(@satts,'type'=>$type);
ba056755 1452 $code = "$cdata_start$code$cdata_end" if defined $code;
3538e1d5 1453 push(@result,script({@satts},$code || ''));
7d37aa8e 1454 }
424ec8fa 1455 @result;
54310121 1456}
1457END_OF_FUNC
1458
54310121 1459#### Method: end_html
1460# End an HTML document.
1461# Trivial method for completeness. Just returns "</BODY>"
1462####
1463'end_html' => <<'END_OF_FUNC',
1464sub end_html {
6b4ac661 1465 return "</body></html>";
54310121 1466}
1467END_OF_FUNC
1468
1469
1470################################
1471# METHODS USED IN BUILDING FORMS
1472################################
1473
1474#### Method: isindex
1475# Just prints out the isindex tag.
1476# Parameters:
1477# $action -> optional URL of script to run
1478# Returns:
1479# A string containing a <ISINDEX> tag
1480'isindex' => <<'END_OF_FUNC',
1481sub isindex {
1482 my($self,@p) = self_or_default(@_);
3d1a2ec4 1483 my($action,@other) = rearrange([ACTION],@p);
6b4ac661 1484 $action = qq/action="$action"/ if $action;
54310121 1485 my($other) = @other ? " @other" : '';
6b4ac661 1486 return $XHTML ? "<isindex $action$other />" : "<isindex $action$other>";
54310121 1487}
1488END_OF_FUNC
1489
1490
1491#### Method: startform
1492# Start a form
1493# Parameters:
1494# $method -> optional submission method to use (GET or POST)
1495# $action -> optional URL of script to run
1496# $enctype ->encoding to use (URL_ENCODED or MULTIPART)
1497'startform' => <<'END_OF_FUNC',
1498sub startform {
1499 my($self,@p) = self_or_default(@_);
1500
1501 my($method,$action,$enctype,@other) =
3d1a2ec4 1502 rearrange([METHOD,ACTION,ENCTYPE],@p);
54310121 1503
03b9648d 1504 $method = lc($method) || 'post';
54310121 1505 $enctype = $enctype || &URL_ENCODED;
03b9648d
JH		 1506 unless (defined $action) {
1507 $action = $self->url(-absolute=>1,-path=>1);
1508 $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
1509 }
1510 $action = qq(action="$action");
54310121 1511 my($other) = @other ? " @other" : '';
1512 $self->{'.parametersToAdd'}={};
6b4ac661 1513 return qq/<form method="$method" $action enctype="$enctype"$other>\n/;
54310121 1514}
1515END_OF_FUNC
1516
1517
1518#### Method: start_form
1519# synonym for startform
1520'start_form' => <<'END_OF_FUNC',
1521sub start_form {
1522 &startform;
1523}
1524END_OF_FUNC
1525
71f3e297
JH		 1526'end_multipart_form' => <<'END_OF_FUNC',
1527sub end_multipart_form {
1528 &endform;
1529}
1530END_OF_FUNC
54310121 1531
1532#### Method: start_multipart_form
1533# synonym for startform
1534'start_multipart_form' => <<'END_OF_FUNC',
1535sub start_multipart_form {
1536 my($self,@p) = self_or_default(@_);
3d1a2ec4 1537 if (defined($param[0]) && substr($param[0],0,1) eq '-') {
54310121 1538 my(%p) = @p;
1539 $p{'-enctype'}=&MULTIPART;
1540 return $self->startform(%p);
1541 } else {
1542 my($method,$action,@other) =
3d1a2ec4 1543 rearrange([METHOD,ACTION],@p);
54310121 1544 return $self->startform($method,$action,&MULTIPART,@other);
1545 }
1546}
1547END_OF_FUNC
1548
1549
1550#### Method: endform
1551# End a form
1552'endform' => <<'END_OF_FUNC',
1553sub endform {
1554 my($self,@p) = self_or_default(@_);
3d1a2ec4 1555 if ( $NOSTICKY ) {
6b4ac661 1556 return wantarray ? ("</form>") : "\n</form>";
3d1a2ec4 1557 } else {
6b4ac661
JH		 1558 return wantarray ? ($self->get_fields,"</form>") :
1559 $self->get_fields ."\n</form>";
3d1a2ec4 1560 }
54310121 1561}
1562END_OF_FUNC
1563
1564
1565#### Method: end_form
1566# synonym for endform
1567'end_form' => <<'END_OF_FUNC',
1568sub end_form {
1569 &endform;
1570}
1571END_OF_FUNC
1572
1573
424ec8fa
GS		 1574'_textfield' => <<'END_OF_FUNC',
1575sub _textfield {
1576 my($self,$tag,@p) = self_or_default(@_);
1577 my($name,$default,$size,$maxlength,$override,@other) =
3d1a2ec4 1578 rearrange([NAME,[DEFAULT,VALUE],SIZE,MAXLENGTH,[OVERRIDE,FORCE]],@p);
424ec8fa
GS		 1579
1580 my $current = $override ? $default :
1581 (defined($self->param($name)) ? $self->param($name) : $default);
1582
a3b3a725 1583 $current = defined($current) ? $self->escapeHTML($current,1) : '';
424ec8fa 1584 $name = defined($name) ? $self->escapeHTML($name) : '';
ba056755
JH		 1585 my($s) = defined($size) ? qq/ size="$size"/ : '';
1586 my($m) = defined($maxlength) ? qq/ maxlength="$maxlength"/ : '';
71f3e297
JH		 1587 my($other) = @other ? " @other" : '';
1588 # this entered at cristy's request to fix problems with file upload fields
1589 # and WebTV -- not sure it won't break stuff
6b4ac661
JH		 1590 my($value) = $current ne '' ? qq(value="$current") : '';
1591 return $XHTML ? qq(<input type="$tag" name="$name" $value$s$m$other />)
1592 : qq/<input type="$tag" name="$name" $value$s$m$other>/;
424ec8fa
GS		 1593}
1594END_OF_FUNC
1595
54310121 1596#### Method: textfield
1597# Parameters:
1598# $name -> Name of the text field
1599# $default -> Optional default value of the field if not
1600# already defined.
1601# $size -> Optional width of field in characaters.
1602# $maxlength -> Optional maximum number of characters.
1603# Returns:
1604# A string containing a <INPUT TYPE="text"> field
1605#
1606'textfield' => <<'END_OF_FUNC',
1607sub textfield {
1608 my($self,@p) = self_or_default(@_);
424ec8fa 1609 $self->_textfield('text',@p);
54310121 1610}
1611END_OF_FUNC
1612
1613
1614#### Method: filefield
1615# Parameters:
1616# $name -> Name of the file upload field
1617# $size -> Optional width of field in characaters.
1618# $maxlength -> Optional maximum number of characters.
1619# Returns:
1620# A string containing a <INPUT TYPE="text"> field
1621#
1622'filefield' => <<'END_OF_FUNC',
1623sub filefield {
1624 my($self,@p) = self_or_default(@_);
424ec8fa 1625 $self->_textfield('file',@p);
54310121 1626}
1627END_OF_FUNC
1628
1629
1630#### Method: password
1631# Create a "secret password" entry field
1632# Parameters:
1633# $name -> Name of the field
1634# $default -> Optional default value of the field if not
1635# already defined.
1636# $size -> Optional width of field in characters.
1637# $maxlength -> Optional maximum characters that can be entered.
1638# Returns:
1639# A string containing a <INPUT TYPE="password"> field
1640#
1641'password_field' => <<'END_OF_FUNC',
1642sub password_field {
1643 my ($self,@p) = self_or_default(@_);
424ec8fa 1644 $self->_textfield('password',@p);
54310121 1645}
1646END_OF_FUNC
1647
54310121 1648#### Method: textarea
1649# Parameters:
1650# $name -> Name of the text field
1651# $default -> Optional default value of the field if not
1652# already defined.
1653# $rows -> Optional number of rows in text area
1654# $columns -> Optional number of columns in text area
1655# Returns:
1656# A string containing a <TEXTAREA></TEXTAREA> tag
1657#
1658'textarea' => <<'END_OF_FUNC',
1659sub textarea {
1660 my($self,@p) = self_or_default(@_);
1661
1662 my($name,$default,$rows,$cols,$override,@other) =
3d1a2ec4 1663 rearrange([NAME,[DEFAULT,VALUE],ROWS,[COLS,COLUMNS],[OVERRIDE,FORCE]],@p);
54310121 1664
1665 my($current)= $override ? $default :
1666 (defined($self->param($name)) ? $self->param($name) : $default);
1667
1668 $name = defined($name) ? $self->escapeHTML($name) : '';
1669 $current = defined($current) ? $self->escapeHTML($current) : '';
6b4ac661
JH		 1670 my($r) = $rows ? " rows=$rows" : '';
1671 my($c) = $cols ? " cols=$cols" : '';
54310121 1672 my($other) = @other ? " @other" : '';
6b4ac661 1673 return qq{<textarea name="$name"$r$c$other>$current</textarea>};
54310121 1674}
1675END_OF_FUNC
1676
1677
1678#### Method: button
1679# Create a javascript button.
1680# Parameters:
1681# $name -> (optional) Name for the button. (-name)
1682# $value -> (optional) Value of the button when selected (and visible name) (-value)
1683# $onclick -> (optional) Text of the JavaScript to run when the button is
1684# clicked.
1685# Returns:
1686# A string containing a <INPUT TYPE="button"> tag
1687####
1688'button' => <<'END_OF_FUNC',
1689sub button {
1690 my($self,@p) = self_or_default(@_);
1691
3d1a2ec4 1692 my($label,$value,$script,@other) = rearrange([NAME,[VALUE,LABEL],
54310121 1693 [ONCLICK,SCRIPT]],@p);
1694
1695 $label=$self->escapeHTML($label);
a3b3a725 1696 $value=$self->escapeHTML($value,1);
54310121 1697 $script=$self->escapeHTML($script);
1698
1699 my($name) = '';
ba056755 1700 $name = qq/ name="$label"/ if $label;
54310121 1701 $value = $value || $label;
1702 my($val) = '';
6b4ac661
JH		 1703 $val = qq/ value="$value"/ if $value;
1704 $script = qq/ onclick="$script"/ if $script;
54310121 1705 my($other) = @other ? " @other" : '';
6b4ac661
JH		 1706 return $XHTML ? qq(<input type="button"$name$val$script$other />)
1707 : qq/<input type="button"$name$val$script$other>/;
54310121 1708}
1709END_OF_FUNC
1710
1711
1712#### Method: submit
1713# Create a "submit query" button.
1714# Parameters:
1715# $name -> (optional) Name for the button.
1716# $value -> (optional) Value of the button when selected (also doubles as label).
1717# $label -> (optional) Label printed on the button(also doubles as the value).
1718# Returns:
1719# A string containing a <INPUT TYPE="submit"> tag
1720####
1721'submit' => <<'END_OF_FUNC',
1722sub submit {
1723 my($self,@p) = self_or_default(@_);
1724
3d1a2ec4 1725 my($label,$value,@other) = rearrange([NAME,[VALUE,LABEL]],@p);
54310121 1726
1727 $label=$self->escapeHTML($label);
a3b3a725 1728 $value=$self->escapeHTML($value,1);
54310121 1729
6b4ac661
JH		 1730 my($name) = ' name=".submit"' unless $NOSTICKY;
1731 $name = qq/ name="$label"/ if defined($label);
424ec8fa 1732 $value = defined($value) ? $value : $label;
54310121 1733 my($val) = '';
6b4ac661 1734 $val = qq/ value="$value"/ if defined($value);
54310121 1735 my($other) = @other ? " @other" : '';
6b4ac661
JH		 1736 return $XHTML ? qq(<input type="submit"$name$val$other />)
1737 : qq/<input type="submit"$name$val$other>/;
54310121 1738}
1739END_OF_FUNC
1740
1741
1742#### Method: reset
1743# Create a "reset" button.
1744# Parameters:
1745# $name -> (optional) Name for the button.
1746# Returns:
1747# A string containing a <INPUT TYPE="reset"> tag
1748####
1749'reset' => <<'END_OF_FUNC',
1750sub reset {
1751 my($self,@p) = self_or_default(@_);
3d1a2ec4 1752 my($label,@other) = rearrange([NAME],@p);
54310121 1753 $label=$self->escapeHTML($label);
6b4ac661 1754 my($value) = defined($label) ? qq/ value="$label"/ : '';
54310121 1755 my($other) = @other ? " @other" : '';
6b4ac661
JH		 1756 return $XHTML ? qq(<input type="reset"$value$other />)
1757 : qq/<input type="reset"$value$other>/;
54310121 1758}
1759END_OF_FUNC
1760
1761
1762#### Method: defaults
1763# Create a "defaults" button.
1764# Parameters:
1765# $name -> (optional) Name for the button.
1766# Returns:
1767# A string containing a <INPUT TYPE="submit" NAME=".defaults"> tag
1768#
1769# Note: this button has a special meaning to the initialization script,
1770# and tells it to ERASE the current query string so that your defaults
1771# are used again!
1772####
1773'defaults' => <<'END_OF_FUNC',
1774sub defaults {
1775 my($self,@p) = self_or_default(@_);
1776
3d1a2ec4 1777 my($label,@other) = rearrange([[NAME,VALUE]],@p);
54310121 1778
a3b3a725 1779 $label=$self->escapeHTML($label,1);
54310121 1780 $label = $label || "Defaults";
6b4ac661 1781 my($value) = qq/ value="$label"/;
54310121 1782 my($other) = @other ? " @other" : '';
d45d855d 1783 return $XHTML ? qq(<input type="submit" name=".defaults"$value$other />)
6b4ac661 1784 : qq/<input type="submit" NAME=".defaults"$value$other>/;
54310121 1785}
1786END_OF_FUNC
1787
1788
424ec8fa
GS		 1789#### Method: comment
1790# Create an HTML <!-- comment -->
1791# Parameters: a string
1792'comment' => <<'END_OF_FUNC',
1793sub comment {
1794 my($self,@p) = self_or_CGI(@_);
1795 return "<!-- @p -->";
1796}
1797END_OF_FUNC
1798
54310121 1799#### Method: checkbox
1800# Create a checkbox that is not logically linked to any others.
1801# The field value is "on" when the button is checked.
1802# Parameters:
1803# $name -> Name of the checkbox
1804# $checked -> (optional) turned on by default if true
1805# $value -> (optional) value of the checkbox, 'on' by default
1806# $label -> (optional) a user-readable label printed next to the box.
1807# Otherwise the checkbox name is used.
1808# Returns:
1809# A string containing a <INPUT TYPE="checkbox"> field
1810####
1811'checkbox' => <<'END_OF_FUNC',
1812sub checkbox {
1813 my($self,@p) = self_or_default(@_);
1814
1815 my($name,$checked,$value,$label,$override,@other) =
3d1a2ec4 1816 rearrange([NAME,[CHECKED,SELECTED,ON],VALUE,LABEL,[OVERRIDE,FORCE]],@p);
54310121 1817
424ec8fa
GS		 1818 $value = defined $value ? $value : 'on';
1819
1820 if (!$override && ($self->{'.fieldnames'}->{$name} ||
1821 defined $self->param($name))) {
03b9648d 1822 $checked = grep($_ eq $value,$self->param($name)) ? ' checked' : '';
54310121 1823 } else {
03b9648d 1824 $checked = $checked ? qq/ checked/ : '';
54310121 1825 }
1826 my($the_label) = defined $label ? $label : $name;
1827 $name = $self->escapeHTML($name);
a3b3a725 1828 $value = $self->escapeHTML($value,1);
54310121 1829 $the_label = $self->escapeHTML($the_label);
1830 my($other) = @other ? " @other" : '';
1831 $self->register_parameter($name);
6b4ac661
JH		 1832 return $XHTML ? qq{<input type="checkbox" name="$name" value="$value"$checked$other />$the_label}
1833 : qq{<input type="checkbox" name="$name" value="$value"$checked$other>$the_label};
54310121 1834}
1835END_OF_FUNC
1836
1837
1838#### Method: checkbox_group
1839# Create a list of logically-linked checkboxes.
1840# Parameters:
1841# $name -> Common name for all the check boxes
1842# $values -> A pointer to a regular array containing the
1843# values for each checkbox in the group.
1844# $defaults -> (optional)
1845# 1. If a pointer to a regular array of checkbox values,
1846# then this will be used to decide which
1847# checkboxes to turn on by default.
1848# 2. If a scalar, will be assumed to hold the
1849# value of a single checkbox in the group to turn on.
1850# $linebreak -> (optional) Set to true to place linebreaks
1851# between the buttons.
1852# $labels -> (optional)
1853# A pointer to an associative array of labels to print next to each checkbox
1854# in the form $label{'value'}="Long explanatory label".
1855# Otherwise the provided values are used as the labels.
1856# Returns:
1857# An ARRAY containing a series of <INPUT TYPE="checkbox"> fields
1858####
1859'checkbox_group' => <<'END_OF_FUNC',
1860sub checkbox_group {
1861 my($self,@p) = self_or_default(@_);
1862
1863 my($name,$values,$defaults,$linebreak,$labels,$rows,$columns,
1864 $rowheaders,$colheaders,$override,$nolabels,@other) =
3d1a2ec4 1865 rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT],
54310121 1866 LINEBREAK,LABELS,ROWS,[COLUMNS,COLS],
1867 ROWHEADERS,COLHEADERS,
1868 [OVERRIDE,FORCE],NOLABELS],@p);
1869
1870 my($checked,$break,$result,$label);
1871
1872 my(%checked) = $self->previous_or_default($name,$defaults,$override);
1873
6b4ac661
JH		 1874 if ($linebreak) {
1875 $break = $XHTML ? "<br />" : "<br>";
1876 }
1877 else {
1878 $break = '';
1879 }
54310121 1880 $name=$self->escapeHTML($name);
1881
1882 # Create the elements
424ec8fa
GS		 1883 my(@elements,@values);
1884
1885 @values = $self->_set_values_and_labels($values,\$labels,$name);
1886
54310121 1887 my($other) = @other ? " @other" : '';
1888 foreach (@values) {
03b9648d 1889 $checked = $checked{$_} ? qq/ checked/ : '';
54310121 1890 $label = '';
1891 unless (defined($nolabels) && $nolabels) {
1892 $label = $_;
424ec8fa 1893 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
54310121 1894 $label = $self->escapeHTML($label);
1895 }
a3b3a725 1896 $_ = $self->escapeHTML($_,1);
6b4ac661
JH		 1897 push(@elements,$XHTML ? qq(<input type="checkbox" name="$name" value="$_"$checked$other />${label}${break})
1898 : qq/<input type="checkbox" name="$name" value="$_"$checked$other>${label}${break}/);
54310121 1899 }
1900 $self->register_parameter($name);
424ec8fa
GS		 1901 return wantarray ? @elements : join(' ',@elements)
1902 unless defined($columns) || defined($rows);
54310121 1903 return _tableize($rows,$columns,$rowheaders,$colheaders,@elements);
1904}
1905END_OF_FUNC
1906
54310121 1907# Escape HTML -- used internally
1908'escapeHTML' => <<'END_OF_FUNC',
1909sub escapeHTML {
a3b3a725 1910 my ($self,$toencode,$newlinestoo) = CGI::self_or_default(@_);
6b4ac661
JH		 1911 return undef unless defined($toencode);
1912 return $toencode if ref($self) && $self->{'dontescape'};
1913 $toencode =~ s{&}{&amp;}gso;
1914 $toencode =~ s{<}{&lt;}gso;
1915 $toencode =~ s{>}{&gt;}gso;
1916 $toencode =~ s{"}{&quot;}gso;
a3b3a725
JH		 1917 my $latin = uc $self->{'.charset'} eq 'ISO-8859-1' ||
1918 uc $self->{'.charset'} eq 'WINDOWS-1252';
1919 if ($latin) { # bug in some browsers
ba056755 1920 $toencode =~ s{'}{&#39;}gso;
6b4ac661
JH		 1921 $toencode =~ s{\x8b}{&#139;}gso;
1922 $toencode =~ s{\x9b}{&#155;}gso;
a3b3a725
JH		 1923 if (defined $newlinestoo && $newlinestoo) {
1924 $toencode =~ s{\012}{&#10;}gso;
1925 $toencode =~ s{\015}{&#13;}gso;
1926 }
1927 }
6b4ac661 1928 return $toencode;
54310121 1929}
1930END_OF_FUNC
1931
424ec8fa
GS		 1932# unescape HTML -- used internally
1933'unescapeHTML' => <<'END_OF_FUNC',
1934sub unescapeHTML {
6b4ac661 1935 my ($self,$string) = CGI::self_or_default(@_);
424ec8fa 1936 return undef unless defined($string);
a3b3a725
JH		 1937 my $latin = defined $self->{'.charset'} ? $self->{'.charset'} =~ /^(ISO-8859-1|WINDOWS-1252)$/i
1938 : 1;
71f3e297
JH		 1939 # thanks to Randal Schwartz for the correct solution to this one
1940 $string=~ s[&(.*?);]{
1941 local $_ = $1;
1942 /^amp$/i ? "&" :
1943 /^quot$/i ? '"' :
1944 /^gt$/i ? ">" :
1945 /^lt$/i ? "<" :
6b4ac661
JH		 1946 /^#(\d+)$/ && $latin ? chr($1) :
1947 /^#x([0-9a-f]+)$/i && $latin ? chr(hex($1)) :
71f3e297
JH		 1948 $_
1949 }gex;
424ec8fa
GS		 1950 return $string;
1951}
1952END_OF_FUNC
54310121 1953
1954# Internal procedure - don't use
1955'_tableize' => <<'END_OF_FUNC',
1956sub _tableize {
1957 my($rows,$columns,$rowheaders,$colheaders,@elements) = @_;
6b4ac661
JH		 1958 $rowheaders = [] unless defined $rowheaders;
1959 $colheaders = [] unless defined $colheaders;
54310121 1960 my($result);
1961
424ec8fa
GS		 1962 if (defined($columns)) {
1963 $rows = int(0.99 + @elements/$columns) unless defined($rows);
1964 }
1965 if (defined($rows)) {
1966 $columns = int(0.99 + @elements/$rows) unless defined($columns);
1967 }
1968
54310121 1969 # rearrange into a pretty table
6b4ac661 1970 $result = "<table>";
54310121 1971 my($row,$column);
475342a6 1972 unshift(@$colheaders,'') if @$colheaders && @$rowheaders;
6b4ac661 1973 $result .= "<tr>" if @{$colheaders};
54310121 1974 foreach (@{$colheaders}) {
6b4ac661 1975 $result .= "<th>$_</th>";
54310121 1976 }
1977 for ($row=0;$row<$rows;$row++) {
6b4ac661
JH		 1978 $result .= "<tr>";
1979 $result .= "<th>$rowheaders->[$row]</th>" if @$rowheaders;
54310121 1980 for ($column=0;$column<$columns;$column++) {
6b4ac661 1981 $result .= "<td>" . $elements[$column*$rows + $row] . "</td>"
424ec8fa 1982 if defined($elements[$column*$rows + $row]);
54310121 1983 }
6b4ac661 1984 $result .= "</tr>";
54310121 1985 }
6b4ac661 1986 $result .= "</table>";
54310121 1987 return $result;
1988}
1989END_OF_FUNC
1990
1991
1992#### Method: radio_group
1993# Create a list of logically-linked radio buttons.
1994# Parameters:
1995# $name -> Common name for all the buttons.
1996# $values -> A pointer to a regular array containing the
1997# values for each button in the group.
1998# $default -> (optional) Value of the button to turn on by default. Pass '-'
1999# to turn _nothing_ on.
2000# $linebreak -> (optional) Set to true to place linebreaks
2001# between the buttons.
2002# $labels -> (optional)
2003# A pointer to an associative array of labels to print next to each checkbox
2004# in the form $label{'value'}="Long explanatory label".
2005# Otherwise the provided values are used as the labels.
2006# Returns:
2007# An ARRAY containing a series of <INPUT TYPE="radio"> fields
2008####
2009'radio_group' => <<'END_OF_FUNC',
2010sub radio_group {
2011 my($self,@p) = self_or_default(@_);
2012
2013 my($name,$values,$default,$linebreak,$labels,
2014 $rows,$columns,$rowheaders,$colheaders,$override,$nolabels,@other) =
3d1a2ec4 2015 rearrange([NAME,[VALUES,VALUE],DEFAULT,LINEBREAK,LABELS,
54310121 2016 ROWS,[COLUMNS,COLS],
2017 ROWHEADERS,COLHEADERS,
2018 [OVERRIDE,FORCE],NOLABELS],@p);
2019 my($result,$checked);
2020
2021 if (!$override && defined($self->param($name))) {
2022 $checked = $self->param($name);
2023 } else {
2024 $checked = $default;
2025 }
424ec8fa 2026 my(@elements,@values);
424ec8fa
GS		 2027 @values = $self->_set_values_and_labels($values,\$labels,$name);
2028
71f3e297
JH		 2029 # If no check array is specified, check the first by default
2030 $checked = $values[0] unless defined($checked) && $checked ne '';
2031 $name=$self->escapeHTML($name);
2032
54310121 2033 my($other) = @other ? " @other" : '';
2034 foreach (@values) {
03b9648d 2035 my($checkit) = $checked eq $_ ? qq/ checked/ : '';
6b4ac661
JH		 2036 my($break);
2037 if ($linebreak) {
ba056755 2038 $break = $XHTML ? "<br />" : "<br>";
6b4ac661
JH		 2039 }
2040 else {
ba056755 2041 $break = '';
6b4ac661 2042 }
54310121 2043 my($label)='';
2044 unless (defined($nolabels) && $nolabels) {
2045 $label = $_;
424ec8fa 2046 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
a3b3a725 2047 $label = $self->escapeHTML($label,1);
54310121 2048 }
2049 $_=$self->escapeHTML($_);
6b4ac661
JH		 2050 push(@elements,$XHTML ? qq(<input type="radio" name="$name" value="$_"$checkit$other />${label}${break})
2051 : qq/<input type="radio" name="$name" value="$_"$checkit$other>${label}${break}/);
54310121 2052 }
2053 $self->register_parameter($name);
424ec8fa
GS		 2054 return wantarray ? @elements : join(' ',@elements)
2055 unless defined($columns) || defined($rows);
54310121 2056 return _tableize($rows,$columns,$rowheaders,$colheaders,@elements);
2057}
2058END_OF_FUNC
2059
2060
2061#### Method: popup_menu
2062# Create a popup menu.
2063# Parameters:
2064# $name -> Name for all the menu
2065# $values -> A pointer to a regular array containing the
2066# text of each menu item.
2067# $default -> (optional) Default item to display
2068# $labels -> (optional)
2069# A pointer to an associative array of labels to print next to each checkbox
2070# in the form $label{'value'}="Long explanatory label".
2071# Otherwise the provided values are used as the labels.
2072# Returns:
2073# A string containing the definition of a popup menu.
2074####
2075'popup_menu' => <<'END_OF_FUNC',
2076sub popup_menu {
2077 my($self,@p) = self_or_default(@_);
2078
2079 my($name,$values,$default,$labels,$override,@other) =
3d1a2ec4 2080 rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LABELS,[OVERRIDE,FORCE]],@p);
54310121 2081 my($result,$selected);
2082
2083 if (!$override && defined($self->param($name))) {
2084 $selected = $self->param($name);
2085 } else {
2086 $selected = $default;
2087 }
2088 $name=$self->escapeHTML($name);
2089 my($other) = @other ? " @other" : '';
2090
424ec8fa
GS		 2091 my(@values);
2092 @values = $self->_set_values_and_labels($values,\$labels,$name);
2093
6b4ac661 2094 $result = qq/<select name="$name"$other>\n/;
54310121 2095 foreach (@values) {
03b9648d 2096 my($selectit) = defined($selected) ? ($selected eq $_ ? qq/selected/ : '' ) : '';
54310121 2097 my($label) = $_;
424ec8fa 2098 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
54310121 2099 my($value) = $self->escapeHTML($_);
a3b3a725 2100 $label=$self->escapeHTML($label,1);
6b4ac661 2101 $result .= "<option $selectit value=\"$value\">$label</option>\n";
54310121 2102 }
2103
69c89ae7 2104 $result .= "</select>";
54310121 2105 return $result;
2106}
2107END_OF_FUNC
2108
2109
2110#### Method: scrolling_list
2111# Create a scrolling list.
2112# Parameters:
2113# $name -> name for the list
2114# $values -> A pointer to a regular array containing the
2115# values for each option line in the list.
2116# $defaults -> (optional)
2117# 1. If a pointer to a regular array of options,
2118# then this will be used to decide which
2119# lines to turn on by default.
2120# 2. Otherwise holds the value of the single line to turn on.
2121# $size -> (optional) Size of the list.
2122# $multiple -> (optional) If set, allow multiple selections.
2123# $labels -> (optional)
2124# A pointer to an associative array of labels to print next to each checkbox
2125# in the form $label{'value'}="Long explanatory label".
2126# Otherwise the provided values are used as the labels.
2127# Returns:
2128# A string containing the definition of a scrolling list.
2129####
2130'scrolling_list' => <<'END_OF_FUNC',
2131sub scrolling_list {
2132 my($self,@p) = self_or_default(@_);
2133 my($name,$values,$defaults,$size,$multiple,$labels,$override,@other)
3d1a2ec4 2134 = rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT],
54310121 2135 SIZE,MULTIPLE,LABELS,[OVERRIDE,FORCE]],@p);
2136
424ec8fa
GS		 2137 my($result,@values);
2138 @values = $self->_set_values_and_labels($values,\$labels,$name);
2139
54310121 2140 $size = $size || scalar(@values);
2141
2142 my(%selected) = $self->previous_or_default($name,$defaults,$override);
03b9648d 2143 my($is_multiple) = $multiple ? qq/ multiple/ : '';
6b4ac661 2144 my($has_size) = $size ? qq/ size="$size"/: '';
54310121 2145 my($other) = @other ? " @other" : '';
2146
2147 $name=$self->escapeHTML($name);
6b4ac661 2148 $result = qq/<select name="$name"$has_size$is_multiple$other>\n/;
54310121 2149 foreach (@values) {
03b9648d 2150 my($selectit) = $selected{$_} ? qq/selected/ : '';
54310121 2151 my($label) = $_;
424ec8fa 2152 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
54310121 2153 $label=$self->escapeHTML($label);
a3b3a725 2154 my($value)=$self->escapeHTML($_,1);
6b4ac661 2155 $result .= "<option $selectit value=\"$value\">$label</option>\n";
54310121 2156 }
69c89ae7 2157 $result .= "</select>";
54310121 2158 $self->register_parameter($name);
2159 return $result;
2160}
2161END_OF_FUNC
2162
2163
2164#### Method: hidden
2165# Parameters:
2166# $name -> Name of the hidden field
2167# @default -> (optional) Initial values of field (may be an array)
2168# or
2169# $default->[initial values of field]
2170# Returns:
2171# A string containing a <INPUT TYPE="hidden" NAME="name" VALUE="value">
2172####
2173'hidden' => <<'END_OF_FUNC',
2174sub hidden {
2175 my($self,@p) = self_or_default(@_);
2176
2177 # this is the one place where we departed from our standard
2178 # calling scheme, so we have to special-case (darn)
2179 my(@result,@value);
2180 my($name,$default,$override,@other) =
3d1a2ec4 2181 rearrange([NAME,[DEFAULT,VALUE,VALUES],[OVERRIDE,FORCE]],@p);
54310121 2182
2183 my $do_override = 0;
3d1a2ec4 2184 if ( ref($p[0]) || substr($p[0],0,1) eq '-') {
54310121 2185 @value = ref($default) ? @{$default} : $default;
2186 $do_override = $override;
2187 } else {
2188 foreach ($default,$override,@other) {
2189 push(@value,$_) if defined($_);
2190 }
2191 }
2192
2193 # use previous values if override is not set
2194 my @prev = $self->param($name);
2195 @value = @prev if !$do_override && @prev;
2196
2197 $name=$self->escapeHTML($name);
2198 foreach (@value) {
a3b3a725 2199 $_ = defined($_) ? $self->escapeHTML($_,1) : '';
ba056755 2200 push @result,$XHTML ? qq(<input type="hidden" name="$name" value="$_" />)
03b9648d 2201 : qq(<input type="hidden" name="$name" value="$_">);
54310121 2202 }
2203 return wantarray ? @result : join('',@result);
2204}
2205END_OF_FUNC
2206
2207
2208#### Method: image_button
2209# Parameters:
2210# $name -> Name of the button
2211# $src -> URL of the image source
2212# $align -> Alignment style (TOP, BOTTOM or MIDDLE)
2213# Returns:
2214# A string containing a <INPUT TYPE="image" NAME="name" SRC="url" ALIGN="alignment">
2215####
2216'image_button' => <<'END_OF_FUNC',
2217sub image_button {
2218 my($self,@p) = self_or_default(@_);
2219
2220 my($name,$src,$alignment,@other) =
3d1a2ec4 2221 rearrange([NAME,SRC,ALIGN],@p);
54310121 2222
6b4ac661 2223 my($align) = $alignment ? " align=\U$alignment" : '';
54310121 2224 my($other) = @other ? " @other" : '';
2225 $name=$self->escapeHTML($name);
6b4ac661
JH		 2226 return $XHTML ? qq(<input type="image" name="$name" src="$src"$align$other />)
2227 : qq/<input type="image" name="$name" src="$src"$align$other>/;
54310121 2228}
2229END_OF_FUNC
2230
2231
2232#### Method: self_url
2233# Returns a URL containing the current script and all its
2234# param/value pairs arranged as a query. You can use this
2235# to create a link that, when selected, will reinvoke the
2236# script with all its state information preserved.
2237####
2238'self_url' => <<'END_OF_FUNC',
2239sub self_url {
424ec8fa
GS		 2240 my($self,@p) = self_or_default(@_);
2241 return $self->url('-path_info'=>1,'-query'=>1,'-full'=>1,@p);
54310121 2242}
2243END_OF_FUNC
2244
2245
2246# This is provided as a synonym to self_url() for people unfortunate
2247# enough to have incorporated it into their programs already!
2248'state' => <<'END_OF_FUNC',
2249sub state {
2250 &self_url;
2251}
2252END_OF_FUNC
2253
2254
2255#### Method: url
2256# Like self_url, but doesn't return the query string part of
2257# the URL.
2258####
2259'url' => <<'END_OF_FUNC',
2260sub url {
424ec8fa 2261 my($self,@p) = self_or_default(@_);
03b9648d
JH		 2262 my ($relative,$absolute,$full,$path_info,$query,$base) =
2263 rearrange(['RELATIVE','ABSOLUTE','FULL',['PATH','PATH_INFO'],['QUERY','QUERY_STRING'],'BASE'],@p);
424ec8fa 2264 my $url;
03b9648d 2265 $full++ if $base || !($relative || $absolute);
424ec8fa 2266
3538e1d5 2267 my $path = $self->path_info;
d45d855d
JH		 2268 my $script_name = $self->script_name;
2269
2270# If anybody knows why I ever wrote this please tell me!
2271# if (exists($ENV{REQUEST_URI})) {
2272# my $index;
2273# $script_name = $ENV{REQUEST_URI};
2274# # strip query string
2275# substr($script_name,$index) = '' if ($index = index($script_name,'?')) >= 0;
2276# # and path
2277# if (exists($ENV{PATH_INFO})) {
2278# (my $encoded_path = $ENV{PATH_INFO}) =~ s!([^a-zA-Z0-9_./-])!uc sprintf("%%%02x",ord($1))!eg;;
2279# substr($script_name,$index) = '' if ($index = rindex($script_name,$encoded_path)) >= 0;
2280# }
2281# } else {
2282# $script_name = $self->script_name;
2283# }
3538e1d5 2284
424ec8fa
GS		 2285 if ($full) {
2286 my $protocol = $self->protocol();
2287 $url = "$protocol://";
2288 my $vh = http('host');
2289 if ($vh) {
2290 $url .= $vh;
2291 } else {
2292 $url .= server_name();
2293 my $port = $self->server_port;
2294 $url .= ":" . $port
2295 unless (lc($protocol) eq 'http' && $port == 80)
2296 || (lc($protocol) eq 'https' && $port == 443);
2297 }
03b9648d 2298 return $url if $base;
3538e1d5 2299 $url .= $script_name;
424ec8fa 2300 } elsif ($relative) {
3538e1d5 2301 ($url) = $script_name =~ m!([^/]+)$!;
424ec8fa 2302 } elsif ($absolute) {
3538e1d5 2303 $url = $script_name;
424ec8fa 2304 }
03b9648d 2305
3538e1d5 2306 $url .= $path if $path_info and defined $path;
424ec8fa 2307 $url .= "?" . $self->query_string if $query and $self->query_string;
3d1a2ec4
GS		 2308 $url = '' unless defined $url;
2309 $url =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/uc sprintf("%%%02x",ord($1))/eg;
424ec8fa 2310 return $url;
54310121 2311}
2312
2313END_OF_FUNC
2314
2315#### Method: cookie
2316# Set or read a cookie from the specified name.
2317# Cookie can then be passed to header().
2318# Usual rules apply to the stickiness of -value.
2319# Parameters:
2320# -name -> name for this cookie (optional)
2321# -value -> value of this cookie (scalar, array or hash)
2322# -path -> paths for which this cookie is valid (optional)
2323# -domain -> internet domain in which this cookie is valid (optional)
2324# -secure -> if true, cookie only passed through secure channel (optional)
7d37aa8e 2325# -expires -> expiry date in format Wdy, DD-Mon-YYYY HH:MM:SS GMT (optional)
54310121 2326####
2327'cookie' => <<'END_OF_FUNC',
54310121 2328sub cookie {
2329 my($self,@p) = self_or_default(@_);
2330 my($name,$value,$path,$domain,$secure,$expires) =
3d1a2ec4 2331 rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES],@p);
54310121 2332
424ec8fa 2333 require CGI::Cookie;
54310121 2334
2335 # if no value is supplied, then we retrieve the
2336 # value of the cookie, if any. For efficiency, we cache the parsed
424ec8fa
GS		 2337 # cookies in our state variables.
2338 unless ( defined($value) ) {
2339 $self->{'.cookies'} = CGI::Cookie->fetch
2340 unless $self->{'.cookies'};
54310121 2341
2342 # If no name is supplied, then retrieve the names of all our cookies.
2343 return () unless $self->{'.cookies'};
424ec8fa
GS		 2344 return keys %{$self->{'.cookies'}} unless $name;
2345 return () unless $self->{'.cookies'}->{$name};
2346 return $self->{'.cookies'}->{$name}->value if defined($name) && $name ne '';
54310121 2347 }
54310121 2348
424ec8fa 2349 # If we get here, we're creating a new cookie
ba056755 2350 return undef unless defined($name) && $name ne ''; # this is an error
54310121 2351
424ec8fa
GS		 2352 my @param;
2353 push(@param,'-name'=>$name);
2354 push(@param,'-value'=>$value);
2355 push(@param,'-domain'=>$domain) if $domain;
2356 push(@param,'-path'=>$path) if $path;
2357 push(@param,'-expires'=>$expires) if $expires;
2358 push(@param,'-secure'=>$secure) if $secure;
54310121 2359
6b4ac661 2360 return new CGI::Cookie(@param);
54310121 2361}
2362END_OF_FUNC
2363
424ec8fa
GS		 2364'parse_keywordlist' => <<'END_OF_FUNC',
2365sub parse_keywordlist {
2366 my($self,$tosplit) = @_;
2367 $tosplit = unescape($tosplit); # unescape the keywords
2368 $tosplit=~tr/+/ /; # pluses to spaces
2369 my(@keywords) = split(/\s+/,$tosplit);
2370 return @keywords;
2371}
2372END_OF_FUNC
2373
2374'param_fetch' => <<'END_OF_FUNC',
2375sub param_fetch {
2376 my($self,@p) = self_or_default(@_);
3d1a2ec4 2377 my($name) = rearrange([NAME],@p);
424ec8fa
GS		 2378 unless (exists($self->{$name})) {
2379 $self->add_parameter($name);
2380 $self->{$name} = [];
2381 }
2382
2383 return $self->{$name};
2384}
2385END_OF_FUNC
2386
54310121 2387###############################################
2388# OTHER INFORMATION PROVIDED BY THE ENVIRONMENT
2389###############################################
2390
2391#### Method: path_info
2392# Return the extra virtual path information provided
2393# after the URL (if any)
2394####
2395'path_info' => <<'END_OF_FUNC',
2396sub path_info {
424ec8fa
GS		 2397 my ($self,$info) = self_or_default(@_);
2398 if (defined($info)) {
2399 $info = "/$info" if $info ne '' && substr($info,0,1) ne '/';
2400 $self->{'.path_info'} = $info;
2401 } elsif (! defined($self->{'.path_info'}) ) {
2402 $self->{'.path_info'} = defined($ENV{'PATH_INFO'}) ?
2403 $ENV{'PATH_INFO'} : '';
2404
2405 # hack to fix broken path info in IIS
2406 $self->{'.path_info'} =~ s/^\Q$ENV{'SCRIPT_NAME'}\E// if $IIS;
2407
2408 }
2409 return $self->{'.path_info'};
54310121 2410}
2411END_OF_FUNC
2412
2413
2414#### Method: request_method
2415# Returns 'POST', 'GET', 'PUT' or 'HEAD'
2416####
2417'request_method' => <<'END_OF_FUNC',
2418sub request_method {
2419 return $ENV{'REQUEST_METHOD'};
2420}
2421END_OF_FUNC
2422
3538e1d5
GS		 2423#### Method: content_type
2424# Returns the content_type string
2425####
2426'content_type' => <<'END_OF_FUNC',
2427sub content_type {
2428 return $ENV{'CONTENT_TYPE'};
2429}
2430END_OF_FUNC
2431
54310121 2432#### Method: path_translated
2433# Return the physical path information provided
2434# by the URL (if any)
2435####
2436'path_translated' => <<'END_OF_FUNC',
2437sub path_translated {
2438 return $ENV{'PATH_TRANSLATED'};
2439}
2440END_OF_FUNC
2441
2442
2443#### Method: query_string
2444# Synthesize a query string from our current
2445# parameters
2446####
2447'query_string' => <<'END_OF_FUNC',
2448sub query_string {
2449 my($self) = self_or_default(@_);
2450 my($param,$value,@pairs);
2451 foreach $param ($self->param) {
424ec8fa 2452 my($eparam) = escape($param);
54310121 2453 foreach $value ($self->param($param)) {
424ec8fa 2454 $value = escape($value);
3538e1d5 2455 next unless defined $value;
54310121 2456 push(@pairs,"$eparam=$value");
2457 }
2458 }
d45d855d
JH		 2459 foreach (keys %{$self->{'.fieldnames'}}) {
2460 push(@pairs,".cgifields=".escape("$_"));
2461 }
71f3e297 2462 return join($USE_PARAM_SEMICOLONS ? ';' : '&',@pairs);
54310121 2463}
2464END_OF_FUNC
2465
2466
2467#### Method: accept
2468# Without parameters, returns an array of the
2469# MIME types the browser accepts.
2470# With a single parameter equal to a MIME
2471# type, will return undef if the browser won't
2472# accept it, 1 if the browser accepts it but
2473# doesn't give a preference, or a floating point
2474# value between 0.0 and 1.0 if the browser
2475# declares a quantitative score for it.
2476# This handles MIME type globs correctly.
2477####
71f3e297
JH		 2478'Accept' => <<'END_OF_FUNC',
2479sub Accept {
54310121 2480 my($self,$search) = self_or_CGI(@_);
2481 my(%prefs,$type,$pref,$pat);
2482
2483 my(@accept) = split(',',$self->http('accept'));
2484
2485 foreach (@accept) {
2486 ($pref) = /q=(\d\.\d+|\d+)/;
2487 ($type) = m#(\S+/[^;]+)#;
2488 next unless $type;
2489 $prefs{$type}=$pref || 1;
2490 }
2491
2492 return keys %prefs unless $search;
2493
2494 # if a search type is provided, we may need to
2495 # perform a pattern matching operation.
2496 # The MIME types use a glob mechanism, which
2497 # is easily translated into a perl pattern match
2498
2499 # First return the preference for directly supported
2500 # types:
2501 return $prefs{$search} if $prefs{$search};
2502
2503 # Didn't get it, so try pattern matching.
2504 foreach (keys %prefs) {
2505 next unless /\*/; # not a pattern match
2506 ($pat = $_) =~ s/([^\w*])/\\$1/g; # escape meta characters
2507 $pat =~ s/\*/.*/g; # turn it into a pattern
2508 return $prefs{$_} if $search=~/$pat/;
2509 }
2510}
2511END_OF_FUNC
2512
2513
2514#### Method: user_agent
2515# If called with no parameters, returns the user agent.
2516# If called with one parameter, does a pattern match (case
2517# insensitive) on the user agent.
2518####
2519'user_agent' => <<'END_OF_FUNC',
2520sub user_agent {
2521 my($self,$match)=self_or_CGI(@_);
2522 return $self->http('user_agent') unless $match;
2523 return $self->http('user_agent') =~ /$match/i;
2524}
2525END_OF_FUNC
2526
2527
424ec8fa
GS		 2528#### Method: raw_cookie
2529# Returns the magic cookies for the session.
2530# The cookies are not parsed or altered in any way, i.e.
2531# cookies are returned exactly as given in the HTTP
2532# headers. If a cookie name is given, only that cookie's
2533# value is returned, otherwise the entire raw cookie
2534# is returned.
54310121 2535####
2536'raw_cookie' => <<'END_OF_FUNC',
2537sub raw_cookie {
424ec8fa
GS		 2538 my($self,$key) = self_or_CGI(@_);
2539
2540 require CGI::Cookie;
2541
2542 if (defined($key)) {
2543 $self->{'.raw_cookies'} = CGI::Cookie->raw_fetch
2544 unless $self->{'.raw_cookies'};
2545
2546 return () unless $self->{'.raw_cookies'};
2547 return () unless $self->{'.raw_cookies'}->{$key};
2548 return $self->{'.raw_cookies'}->{$key};
2549 }
54310121 2550 return $self->http('cookie') || $ENV{'COOKIE'} || '';
2551}
2552END_OF_FUNC
2553
2554#### Method: virtual_host
2555# Return the name of the virtual_host, which
2556# is not always the same as the server
2557######
2558'virtual_host' => <<'END_OF_FUNC',
2559sub virtual_host {
424ec8fa
GS		 2560 my $vh = http('host') || server_name();
2561 $vh =~ s/:\d+$//; # get rid of port number
2562 return $vh;
54310121 2563}
2564END_OF_FUNC
2565
2566#### Method: remote_host
2567# Return the name of the remote host, or its IP
2568# address if unavailable. If this variable isn't
2569# defined, it returns "localhost" for debugging
2570# purposes.
2571####
2572'remote_host' => <<'END_OF_FUNC',
2573sub remote_host {
2574 return $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'}
2575 || 'localhost';
2576}
2577END_OF_FUNC
2578
2579
2580#### Method: remote_addr
2581# Return the IP addr of the remote host.
2582####
2583'remote_addr' => <<'END_OF_FUNC',
2584sub remote_addr {
2585 return $ENV{'REMOTE_ADDR'} || '127.0.0.1';
2586}
2587END_OF_FUNC
2588
2589
2590#### Method: script_name
2591# Return the partial URL to this script for
2592# self-referencing scripts. Also see
2593# self_url(), which returns a URL with all state information
2594# preserved.
2595####
2596'script_name' => <<'END_OF_FUNC',
2597sub script_name {
424ec8fa 2598 return $ENV{'SCRIPT_NAME'} if defined($ENV{'SCRIPT_NAME'});
54310121 2599 # These are for debugging
2600 return "/$0" unless $0=~/^\//;
2601 return $0;
2602}
2603END_OF_FUNC
2604
2605
2606#### Method: referer
2607# Return the HTTP_REFERER: useful for generating
2608# a GO BACK button.
2609####
2610'referer' => <<'END_OF_FUNC',
2611sub referer {
2612 my($self) = self_or_CGI(@_);
2613 return $self->http('referer');
2614}
2615END_OF_FUNC
2616
2617
2618#### Method: server_name
2619# Return the name of the server
2620####
2621'server_name' => <<'END_OF_FUNC',
2622sub server_name {
2623 return $ENV{'SERVER_NAME'} || 'localhost';
2624}
2625END_OF_FUNC
2626
2627#### Method: server_software
2628# Return the name of the server software
2629####
2630'server_software' => <<'END_OF_FUNC',
2631sub server_software {
2632 return $ENV{'SERVER_SOFTWARE'} || 'cmdline';
2633}
2634END_OF_FUNC
2635
2636#### Method: server_port
2637# Return the tcp/ip port the server is running on
2638####
2639'server_port' => <<'END_OF_FUNC',
2640sub server_port {
2641 return $ENV{'SERVER_PORT'} || 80; # for debugging
2642}
2643END_OF_FUNC
2644
2645#### Method: server_protocol
2646# Return the protocol (usually HTTP/1.0)
2647####
2648'server_protocol' => <<'END_OF_FUNC',
2649sub server_protocol {
2650 return $ENV{'SERVER_PROTOCOL'} || 'HTTP/1.0'; # for debugging
2651}
2652END_OF_FUNC
2653
2654#### Method: http
2655# Return the value of an HTTP variable, or
2656# the list of variables if none provided
2657####
2658'http' => <<'END_OF_FUNC',
2659sub http {
2660 my ($self,$parameter) = self_or_CGI(@_);
2661 return $ENV{$parameter} if $parameter=~/^HTTP/;
3538e1d5 2662 $parameter =~ tr/-/_/;
54310121 2663 return $ENV{"HTTP_\U$parameter\E"} if $parameter;
2664 my(@p);
2665 foreach (keys %ENV) {
2666 push(@p,$_) if /^HTTP/;
2667 }
2668 return @p;
2669}
2670END_OF_FUNC
2671
2672#### Method: https
2673# Return the value of HTTPS
2674####
2675'https' => <<'END_OF_FUNC',
2676sub https {
2677 local($^W)=0;
2678 my ($self,$parameter) = self_or_CGI(@_);
2679 return $ENV{HTTPS} unless $parameter;
2680 return $ENV{$parameter} if $parameter=~/^HTTPS/;
3538e1d5 2681 $parameter =~ tr/-/_/;
54310121 2682 return $ENV{"HTTPS_\U$parameter\E"} if $parameter;
2683 my(@p);
2684 foreach (keys %ENV) {
2685 push(@p,$_) if /^HTTPS/;
2686 }
2687 return @p;
2688}
2689END_OF_FUNC
2690
2691#### Method: protocol
2692# Return the protocol (http or https currently)
2693####
2694'protocol' => <<'END_OF_FUNC',
2695sub protocol {
2696 local($^W)=0;
2697 my $self = shift;
424ec8fa 2698 return 'https' if uc($self->https()) eq 'ON';
54310121 2699 return 'https' if $self->server_port == 443;
2700 my $prot = $self->server_protocol;
2701 my($protocol,$version) = split('/',$prot);
2702 return "\L$protocol\E";
2703}
2704END_OF_FUNC
2705
2706#### Method: remote_ident
2707# Return the identity of the remote user
2708# (but only if his host is running identd)
2709####
2710'remote_ident' => <<'END_OF_FUNC',
2711sub remote_ident {
2712 return $ENV{'REMOTE_IDENT'};
2713}
2714END_OF_FUNC
2715
2716
2717#### Method: auth_type
2718# Return the type of use verification/authorization in use, if any.
2719####
2720'auth_type' => <<'END_OF_FUNC',
2721sub auth_type {
2722 return $ENV{'AUTH_TYPE'};
2723}
2724END_OF_FUNC
2725
2726
2727#### Method: remote_user
2728# Return the authorization name used for user
2729# verification.
2730####
2731'remote_user' => <<'END_OF_FUNC',
2732sub remote_user {
2733 return $ENV{'REMOTE_USER'};
2734}
2735END_OF_FUNC
2736
2737
2738#### Method: user_name
2739# Try to return the remote user's name by hook or by
2740# crook
2741####
2742'user_name' => <<'END_OF_FUNC',
2743sub user_name {
2744 my ($self) = self_or_CGI(@_);
2745 return $self->http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'};
2746}
2747END_OF_FUNC
2748
3d1a2ec4
GS		 2749#### Method: nosticky
2750# Set or return the NOSTICKY global flag
2751####
2752'nosticky' => <<'END_OF_FUNC',
2753sub nosticky {
2754 my ($self,$param) = self_or_CGI(@_);
2755 $CGI::NOSTICKY = $param if defined($param);
2756 return $CGI::NOSTICKY;
2757}
2758END_OF_FUNC
2759
54310121 2760#### Method: nph
2761# Set or return the NPH global flag
2762####
2763'nph' => <<'END_OF_FUNC',
2764sub nph {
2765 my ($self,$param) = self_or_CGI(@_);
7d37aa8e
LS		 2766 $CGI::NPH = $param if defined($param);
2767 return $CGI::NPH;
2768}
2769END_OF_FUNC
2770
2771#### Method: private_tempfiles
2772# Set or return the private_tempfiles global flag
2773####
2774'private_tempfiles' => <<'END_OF_FUNC',
2775sub private_tempfiles {
2776 my ($self,$param) = self_or_CGI(@_);
424ec8fa 2777 $CGI::PRIVATE_TEMPFILES = $param if defined($param);
7d37aa8e 2778 return $CGI::PRIVATE_TEMPFILES;
54310121 2779}
2780END_OF_FUNC
2781
424ec8fa
GS		 2782#### Method: default_dtd
2783# Set or return the default_dtd global
2784####
2785'default_dtd' => <<'END_OF_FUNC',
2786sub default_dtd {
3d1a2ec4
GS		 2787 my ($self,$param,$param2) = self_or_CGI(@_);
2788 if (defined $param2 && defined $param) {
2789 $CGI::DEFAULT_DTD = [ $param, $param2 ];
2790 } elsif (defined $param) {
2791 $CGI::DEFAULT_DTD = $param;
2792 }
424ec8fa
GS		 2793 return $CGI::DEFAULT_DTD;
2794}
2795END_OF_FUNC
2796
54310121 2797# -------------- really private subroutines -----------------
2798'previous_or_default' => <<'END_OF_FUNC',
2799sub previous_or_default {
2800 my($self,$name,$defaults,$override) = @_;
2801 my(%selected);
2802
2803 if (!$override && ($self->{'.fieldnames'}->{$name} ||
2804 defined($self->param($name)) ) ) {
2805 grep($selected{$_}++,$self->param($name));
2806 } elsif (defined($defaults) && ref($defaults) &&
2807 (ref($defaults) eq 'ARRAY')) {
2808 grep($selected{$_}++,@{$defaults});
2809 } else {
2810 $selected{$defaults}++ if defined($defaults);
2811 }
2812
2813 return %selected;
2814}
2815END_OF_FUNC
2816
2817'register_parameter' => <<'END_OF_FUNC',
2818sub register_parameter {
2819 my($self,$param) = @_;
2820 $self->{'.parametersToAdd'}->{$param}++;
2821}
2822END_OF_FUNC
2823
2824'get_fields' => <<'END_OF_FUNC',
2825sub get_fields {
2826 my($self) = @_;
424ec8fa
GS		 2827 return $self->CGI::hidden('-name'=>'.cgifields',
2828 '-values'=>[keys %{$self->{'.parametersToAdd'}}],
2829 '-override'=>1);
54310121 2830}
2831END_OF_FUNC
2832
2833'read_from_cmdline' => <<'END_OF_FUNC',
2834sub read_from_cmdline {
54310121 2835 my($input,@words);
2836 my($query_string);
3d1a2ec4 2837 if ($DEBUG && @ARGV) {
424ec8fa 2838 @words = @ARGV;
3d1a2ec4 2839 } elsif ($DEBUG > 1) {
424ec8fa 2840 require "shellwords.pl";
54310121 2841 print STDERR "(offline mode: enter name=value pairs on standard input)\n";
424ec8fa 2842 chomp(@lines = <STDIN>); # remove newlines
54310121 2843 $input = join(" ",@lines);
424ec8fa
GS		 2844 @words = &shellwords($input);
2845 }
2846 foreach (@words) {
2847 s/\\=/%3D/g;
2848 s/\\&/%26/g;
54310121 2849 }
2850
54310121 2851 if ("@words"=~/=/) {
2852 $query_string = join('&',@words);
2853 } else {
2854 $query_string = join('+',@words);
2855 }
2856 return $query_string;
2857}
2858END_OF_FUNC
2859
2860#####
2861# subroutine: read_multipart
2862#
2863# Read multipart data and store it into our parameters.
2864# An interesting feature is that if any of the parts is a file, we
2865# create a temporary file and open up a filehandle on it so that the
2866# caller can read from it if necessary.
2867#####
2868'read_multipart' => <<'END_OF_FUNC',
2869sub read_multipart {
424ec8fa
GS		 2870 my($self,$boundary,$length,$filehandle) = @_;
2871 my($buffer) = $self->new_MultipartBuffer($boundary,$length,$filehandle);
54310121 2872 return unless $buffer;
2873 my(%header,$body);
424ec8fa 2874 my $filenumber = 0;
54310121 2875 while (!$buffer->eof) {
2876 %header = $buffer->readHeader;
3538e1d5
GS		 2877
2878 unless (%header) {
2879 $self->cgi_error("400 Bad request (malformed multipart POST)");
2880 return;
2881 }
54310121 2882
424ec8fa 2883 my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]*)"?/;
54310121 2884
424ec8fa 2885 # Bug: Netscape doesn't escape quotation marks in file names!!!
6b4ac661 2886 my($filename) = $header{'Content-Disposition'}=~/ filename="?([^\"]*)"?/;
54310121 2887
2888 # add this parameter to our list
2889 $self->add_parameter($param);
2890
2891 # If no filename specified, then just read the data and assign it
2892 # to our parameter list.
ffd2dff2 2893 if ( !defined($filename) || $filename eq '' ) {
54310121 2894 my($value) = $buffer->readBody;
2895 push(@{$self->{$param}},$value);
2896 next;
2897 }
2898
424ec8fa
GS		 2899 my ($tmpfile,$tmp,$filehandle);
2900 UPLOADS: {
2901 # If we get here, then we are dealing with a potentially large
2902 # uploaded form. Save the data to a temporary file, then open
2903 # the file for reading.
54310121 2904
424ec8fa
GS		 2905 # skip the file if uploads disabled
2906 if ($DISABLE_UPLOADS) {
2907 while (defined($data = $buffer->read)) { }
2908 last UPLOADS;
2909 }
7d37aa8e 2910
3538e1d5
GS		 2911 # choose a relatively unpredictable tmpfile sequence number
2912 my $seqno = unpack("%16C*",join('',localtime,values %ENV));
2913 for (my $cnt=10;$cnt>0;$cnt--) {
2914 next unless $tmpfile = new TempFile($seqno);
2915 $tmp = $tmpfile->as_string;
ffd2dff2 2916 last if defined($filehandle = Fh->new($filename,$tmp,$PRIVATE_TEMPFILES));
3538e1d5
GS		 2917 $seqno += int rand(100);
2918 }
69c89ae7 2919 die "CGI open of tmpfile: $!\n" unless defined $filehandle;
424ec8fa 2920 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;
424ec8fa
GS		 2921
2922 my ($data);
71f3e297 2923 local($\) = '';
424ec8fa
GS		 2924 while (defined($data = $buffer->read)) {
2925 print $filehandle $data;
2926 }
2927
2928 # back up to beginning of file
2929 seek($filehandle,0,0);
2930 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;
2931
2932 # Save some information about the uploaded file where we can get
2933 # at it later.
ffd2dff2 2934 $self->{'.tmpfiles'}->{fileno($filehandle)}= {
424ec8fa
GS		 2935 name => $tmpfile,
2936 info => {%header},
2937 };
2938 push(@{$self->{$param}},$filehandle);
2939 }
54310121 2940 }
2941}
2942END_OF_FUNC
2943
3538e1d5
GS		 2944'upload' =><<'END_OF_FUNC',
2945sub upload {
2946 my($self,$param_name) = self_or_default(@_);
199d4a26
JH		 2947 my @param = grep(ref && fileno($_), $self->param($param_name));
2948 return unless @param;
2949 return wantarray ? @param : $param[0];
3538e1d5
GS		 2950}
2951END_OF_FUNC
2952
54310121 2953'tmpFileName' => <<'END_OF_FUNC',
2954sub tmpFileName {
2955 my($self,$filename) = self_or_default(@_);
ffd2dff2
GS		 2956 return $self->{'.tmpfiles'}->{fileno($filename)}->{name} ?
2957 $self->{'.tmpfiles'}->{fileno($filename)}->{name}->as_string
7d37aa8e 2958 : '';
54310121 2959}
2960END_OF_FUNC
2961
424ec8fa 2962'uploadInfo' => <<'END_OF_FUNC',
54310121 2963sub uploadInfo {
2964 my($self,$filename) = self_or_default(@_);
ffd2dff2 2965 return $self->{'.tmpfiles'}->{fileno($filename)}->{info};
54310121 2966}
2967END_OF_FUNC
2968
424ec8fa
GS		 2969# internal routine, don't use
2970'_set_values_and_labels' => <<'END_OF_FUNC',
2971sub _set_values_and_labels {
2972 my $self = shift;
2973 my ($v,$l,$n) = @_;
2974 $$l = $v if ref($v) eq 'HASH' && !ref($$l);
2975 return $self->param($n) if !defined($v);
2976 return $v if !ref($v);
2977 return ref($v) eq 'HASH' ? keys %$v : @$v;
2978}
2979END_OF_FUNC
2980
2981'_compile_all' => <<'END_OF_FUNC',
2982sub _compile_all {
2983 foreach (@_) {
2984 next if defined(&$_);
2985 $AUTOLOAD = "CGI::$_";
2986 _compile();
2987 }
2988}
2989END_OF_FUNC
2990
54310121 2991);
2992END_OF_AUTOLOAD
2993;
2994
424ec8fa
GS		 2995#########################################################
2996# Globals and stubs for other packages that we use.
2997#########################################################
2998
2999################### Fh -- lightweight filehandle ###############
3000package Fh;
3001use overload
3002 '""' => \&asString,
3003 'cmp' => \&compare,
3004 'fallback'=>1;
3005
3006$FH='fh00000';
3007
3008*Fh::AUTOLOAD = \&CGI::AUTOLOAD;
3009
3010$AUTOLOADED_ROUTINES = ''; # prevent -w error
3011$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3012%SUBS = (
3013'asString' => <<'END_OF_FUNC',
3014sub asString {
3015 my $self = shift;
71f3e297 3016 # get rid of package name
ffd2dff2 3017 (my $i = $$self) =~ s/^\*(\w+::fh\d{5})+//;
ba056755 3018 $i =~ s/%(..)/ chr(hex($1)) /eg;
424ec8fa 3019 return $i;
71f3e297
JH		 3020# BEGIN DEAD CODE
3021# This was an extremely clever patch that allowed "use strict refs".
3022# Unfortunately it relied on another bug that caused leaky file descriptors.
3023# The underlying bug has been fixed, so this no longer works. However
3024# "strict refs" still works for some reason.
3025# my $self = shift;
3026# return ${*{$self}{SCALAR}};
3027# END DEAD CODE
424ec8fa
GS		 3028}
3029END_OF_FUNC
3030
3031'compare' => <<'END_OF_FUNC',
3032sub compare {
3033 my $self = shift;
3034 my $value = shift;
3035 return "$self" cmp $value;
3036}
3037END_OF_FUNC
3038
3039'new' => <<'END_OF_FUNC',
3040sub new {
3041 my($pack,$name,$file,$delete) = @_;
3042 require Fcntl unless defined &Fcntl::O_RDWR;
ba056755
JH		 3043 (my $safename = $name) =~ s/([':%])/ sprintf '%%%02X', ord $1 /eg;
3044 my $fv = ++$FH . $safename;
6b4ac661 3045 my $ref = \*{"Fh::$fv"};
3538e1d5 3046 sysopen($ref,$file,Fcntl::O_RDWR()|Fcntl::O_CREAT()|Fcntl::O_EXCL(),0600) || return;
424ec8fa 3047 unlink($file) if $delete;
6b4ac661 3048 CORE::delete $Fh::{$fv};
71f3e297 3049 return bless $ref,$pack;
424ec8fa
GS		 3050}
3051END_OF_FUNC
3052
3053'DESTROY' => <<'END_OF_FUNC',
3054sub DESTROY {
3055 my $self = shift;
3056 close $self;
3057}
3058END_OF_FUNC
3059
3060);
3061END_OF_AUTOLOAD
3062
3063######################## MultipartBuffer ####################
54310121 3064package MultipartBuffer;
3065
3066# how many bytes to read at a time. We use
71f3e297
JH		 3067# a 4K buffer by default.
3068$INITIAL_FILLUNIT = 1024 * 4;
3069$TIMEOUT = 240*60; # 4 hour timeout for big files
3070$SPIN_LOOP_MAX = 2000; # bug fix for some Netscape servers
54310121 3071$CRLF=$CGI::CRLF;
3072
3073#reuse the autoload function
3074*MultipartBuffer::AUTOLOAD = \&CGI::AUTOLOAD;
3075
424ec8fa
GS		 3076# avoid autoloader warnings
3077sub DESTROY {}
3078
54310121 3079###############################################################################
3080################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
3081###############################################################################
3082$AUTOLOADED_ROUTINES = ''; # prevent -w error
3083$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3084%SUBS = (
3085
3086'new' => <<'END_OF_FUNC',
3087sub new {
3088 my($package,$interface,$boundary,$length,$filehandle) = @_;
424ec8fa 3089 $FILLUNIT = $INITIAL_FILLUNIT;
54310121 3090 my $IN;
3091 if ($filehandle) {
3092 my($package) = caller;
3093 # force into caller's package if necessary
3094 $IN = $filehandle=~/[':]/ ? $filehandle : "$package\:\:$filehandle";
3095 }
3096 $IN = "main::STDIN" unless $IN;
3097
3098 $CGI::DefaultClass->binmode($IN) if $CGI::needs_binmode;
3099
3100 # If the user types garbage into the file upload field,
3101 # then Netscape passes NOTHING to the server (not good).
3102 # We may hang on this read in that case. So we implement
3103 # a read timeout. If nothing is ready to read
3104 # by then, we return.
3105
3106 # Netscape seems to be a little bit unreliable
3107 # about providing boundary strings.
3d1a2ec4 3108 my $boundary_read = 0;
54310121 3109 if ($boundary) {
3110
3111 # Under the MIME spec, the boundary consists of the
3112 # characters "--" PLUS the Boundary string
424ec8fa
GS		 3113
3114 # BUG: IE 3.01 on the Macintosh uses just the boundary -- not
71f3e297 3115 # the two extra hyphens. We do a special case here on the user-agent!!!!
69c89ae7 3116 $boundary = "--$boundary" unless CGI::user_agent('MSIE\s+3\.0[12];\s*Mac|DreamPassport');
424ec8fa 3117
54310121 3118 } else { # otherwise we find it ourselves
3119 my($old);
3120 ($old,$/) = ($/,$CRLF); # read a CRLF-delimited line
3121 $boundary = <$IN>; # BUG: This won't work correctly under mod_perl
3122 $length -= length($boundary);
3123 chomp($boundary); # remove the CRLF
3124 $/ = $old; # restore old line separator
3d1a2ec4 3125 $boundary_read++;
54310121 3126 }
3127
3128 my $self = {LENGTH=>$length,
3129 BOUNDARY=>$boundary,
3130 IN=>$IN,
3131 INTERFACE=>$interface,
3132 BUFFER=>'',
3133 };
3134
3135 $FILLUNIT = length($boundary)
3136 if length($boundary) > $FILLUNIT;
3137
424ec8fa
GS		 3138 my $retval = bless $self,ref $package || $package;
3139
3140 # Read the preamble and the topmost (boundary) line plus the CRLF.
3d1a2ec4
GS		 3141 unless ($boundary_read) {
3142 while ($self->read(0)) { }
3143 }
424ec8fa
GS		 3144 die "Malformed multipart POST\n" if $self->eof;
3145
3146 return $retval;
54310121 3147}
3148END_OF_FUNC
3149
3150'readHeader' => <<'END_OF_FUNC',
3151sub readHeader {
3152 my($self) = @_;
3153 my($end);
3154 my($ok) = 0;
47e3cabd 3155 my($bad) = 0;
424ec8fa 3156
3d1a2ec4 3157 local($CRLF) = "\015\012" if $CGI::OS eq 'VMS';
424ec8fa 3158
54310121 3159 do {
3160 $self->fillBuffer($FILLUNIT);
3161 $ok++ if ($end = index($self->{BUFFER},"${CRLF}${CRLF}")) >= 0;
3162 $ok++ if $self->{BUFFER} eq '';
47e3cabd 3163 $bad++ if !$ok && $self->{LENGTH} <= 0;
424ec8fa
GS		 3164 # this was a bad idea
3165 # $FILLUNIT *= 2 if length($self->{BUFFER}) >= $FILLUNIT;
47e3cabd
LS		 3166 } until $ok || $bad;
3167 return () if $bad;
54310121 3168
3169 my($header) = substr($self->{BUFFER},0,$end+2);
3170 substr($self->{BUFFER},0,$end+4) = '';
3171 my %return;
424ec8fa
GS		 3172
3173
3174 # See RFC 2045 Appendix A and RFC 822 sections 3.4.8
3175 # (Folding Long Header Fields), 3.4.3 (Comments)
3176 # and 3.4.5 (Quoted-Strings).
3177
3178 my $token = '[-\w!\#$%&\'*+.^_\`|{}~]';
3179 $header=~s/$CRLF\s+/ /og; # merge continuation lines
3180 while ($header=~/($token+):\s+([^$CRLF]*)/mgox) {
3181 my ($field_name,$field_value) = ($1,$2); # avoid taintedness
3182 $field_name =~ s/\b(\w)/uc($1)/eg; #canonicalize
3183 $return{$field_name}=$field_value;
54310121 3184 }
3185 return %return;
3186}
3187END_OF_FUNC
3188
3189# This reads and returns the body as a single scalar value.
3190'readBody' => <<'END_OF_FUNC',
3191sub readBody {
3192 my($self) = @_;
3193 my($data);
3194 my($returnval)='';
3195 while (defined($data = $self->read)) {
3196 $returnval .= $data;
3197 }
3198 return $returnval;
3199}
3200END_OF_FUNC
3201
3202# This will read $bytes or until the boundary is hit, whichever happens
3203# first. After the boundary is hit, we return undef. The next read will
3204# skip over the boundary and begin reading again;
3205'read' => <<'END_OF_FUNC',
3206sub read {
3207 my($self,$bytes) = @_;
3208
3209 # default number of bytes to read
3210 $bytes = $bytes || $FILLUNIT;
3211
3212 # Fill up our internal buffer in such a way that the boundary
3213 # is never split between reads.
3214 $self->fillBuffer($bytes);
3215
3216 # Find the boundary in the buffer (it may not be there).
3217 my $start = index($self->{BUFFER},$self->{BOUNDARY});
47e3cabd
LS		 3218 # protect against malformed multipart POST operations
3219 die "Malformed multipart POST\n" unless ($start >= 0) || ($self->{LENGTH} > 0);
54310121 3220
3221 # If the boundary begins the data, then skip past it
03b9648d 3222 # and return undef.
54310121 3223 if ($start == 0) {
3224
3225 # clear us out completely if we've hit the last boundary.
3226 if (index($self->{BUFFER},"$self->{BOUNDARY}--")==0) {
3227 $self->{BUFFER}='';
3228 $self->{LENGTH}=0;
3229 return undef;
3230 }
3231
3232 # just remove the boundary.
03b9648d
JH		 3233 substr($self->{BUFFER},0,length($self->{BOUNDARY}))='';
3234 $self->{BUFFER} =~ s/^\012\015?//;
54310121 3235 return undef;
3236 }
3237
3238 my $bytesToReturn;
3239 if ($start > 0) { # read up to the boundary
3240 $bytesToReturn = $start > $bytes ? $bytes : $start;
3241 } else { # read the requested number of bytes
3242 # leave enough bytes in the buffer to allow us to read
3243 # the boundary. Thanks to Kevin Hendrick for finding
3244 # this one.
3245 $bytesToReturn = $bytes - (length($self->{BOUNDARY})+1);
3246 }
3247
3248 my $returnval=substr($self->{BUFFER},0,$bytesToReturn);
3249 substr($self->{BUFFER},0,$bytesToReturn)='';
3250
3251 # If we hit the boundary, remove the CRLF from the end.
3252 return ($start > 0) ? substr($returnval,0,-2) : $returnval;
3253}
3254END_OF_FUNC
3255
3256
3257# This fills up our internal buffer in such a way that the
3258# boundary is never split between reads
3259'fillBuffer' => <<'END_OF_FUNC',
3260sub fillBuffer {
3261 my($self,$bytes) = @_;
3262 return unless $self->{LENGTH};
3263
3264 my($boundaryLength) = length($self->{BOUNDARY});
3265 my($bufferLength) = length($self->{BUFFER});
3266 my($bytesToRead) = $bytes - $bufferLength + $boundaryLength + 2;
3267 $bytesToRead = $self->{LENGTH} if $self->{LENGTH} < $bytesToRead;
3268
3269 # Try to read some data. We may hang here if the browser is screwed up.
3270 my $bytesRead = $self->{INTERFACE}->read_from_client($self->{IN},
3271 \$self->{BUFFER},
3272 $bytesToRead,
3273 $bufferLength);
71f3e297 3274 $self->{BUFFER} = '' unless defined $self->{BUFFER};
54310121 3275
47e3cabd 3276 # An apparent bug in the Apache server causes the read()
54310121 3277 # to return zero bytes repeatedly without blocking if the
3278 # remote user aborts during a file transfer. I don't know how
3279 # they manage this, but the workaround is to abort if we get
3280 # more than SPIN_LOOP_MAX consecutive zero reads.
3281 if ($bytesRead == 0) {
3282 die "CGI.pm: Server closed socket during multipart read (client aborted?).\n"
3283 if ($self->{ZERO_LOOP_COUNTER}++ >= $SPIN_LOOP_MAX);
3284 } else {
3285 $self->{ZERO_LOOP_COUNTER}=0;
3286 }
3287
3288 $self->{LENGTH} -= $bytesRead;
3289}
3290END_OF_FUNC
3291
3292
3293# Return true when we've finished reading
3294'eof' => <<'END_OF_FUNC'
3295sub eof {
3296 my($self) = @_;
3297 return 1 if (length($self->{BUFFER}) == 0)
3298 && ($self->{LENGTH} <= 0);
3299 undef;
3300}
3301END_OF_FUNC
3302
3303);
3304END_OF_AUTOLOAD
3305
3306####################################################################################
3307################################## TEMPORARY FILES #################################
3308####################################################################################
3309package TempFile;
3310
3311$SL = $CGI::SL;
424ec8fa
GS		 3312$MAC = $CGI::OS eq 'MACINTOSH';
3313my ($vol) = $MAC ? MacPerl::Volumes() =~ /:(.*)/ : "";
54310121 3314unless ($TMPDIRECTORY) {
424ec8fa 3315 @TEMP=("${SL}usr${SL}tmp","${SL}var${SL}tmp",
3538e1d5 3316 "C:${SL}temp","${SL}tmp","${SL}temp",
3d1a2ec4 3317 "${vol}${SL}Temporary Items",
ba056755
JH		 3318 "${SL}WWW_ROOT", "${SL}SYS\$SCRATCH",
3319 "C:${SL}system${SL}temp");
3538e1d5
GS		 3320 unshift(@TEMP,$ENV{'TMPDIR'}) if exists $ENV{'TMPDIR'};
3321
3d1a2ec4
GS		 3322 # this feature was supposed to provide per-user tmpfiles, but
3323 # it is problematic.
3538e1d5
GS		 3324 # unshift(@TEMP,(getpwuid($<))[7].'/tmp') if $CGI::OS eq 'UNIX';
3325 # Rob: getpwuid() is unfortunately UNIX specific. On brain dead OS'es this
3326 # : can generate a 'getpwuid() not implemented' exception, even though
3327 # : it's never called. Found under DOS/Win with the DJGPP perl port.
3328 # : Refer to getpwuid() only at run-time if we're fortunate and have UNIX.
3d1a2ec4 3329 # unshift(@TEMP,(eval {(getpwuid($>))[7]}).'/tmp') if $CGI::OS eq 'UNIX' and $> != 0;
3538e1d5 3330
54310121 3331 foreach (@TEMP) {
3332 do {$TMPDIRECTORY = $_; last} if -d $_ && -w _;
3333 }
3334}
3335
424ec8fa 3336$TMPDIRECTORY = $MAC ? "" : "." unless $TMPDIRECTORY;
424ec8fa 3337$MAXTRIES = 5000;
54310121 3338
3339# cute feature, but overload implementation broke it
3340# %OVERLOAD = ('""'=>'as_string');
3341*TempFile::AUTOLOAD = \&CGI::AUTOLOAD;
3342
3343###############################################################################
3344################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
3345###############################################################################
3346$AUTOLOADED_ROUTINES = ''; # prevent -w error
3347$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3348%SUBS = (
3349
3350'new' => <<'END_OF_FUNC',
3351sub new {
3538e1d5
GS		 3352 my($package,$sequence) = @_;
3353 my $filename;
3354 for (my $i = 0; $i < $MAXTRIES; $i++) {
3355 last if ! -f ($filename = sprintf("${TMPDIRECTORY}${SL}CGItemp%d",$sequence++));
424ec8fa 3356 }
3538e1d5 3357 # untaint the darn thing
ba056755 3358 return unless $filename =~ m!^([a-zA-Z0-9_ '":/.\$\\-]+)$!;
3538e1d5
GS		 3359 $filename = $1;
3360 return bless \$filename;
54310121 3361}
3362END_OF_FUNC
3363
3364'DESTROY' => <<'END_OF_FUNC',
3365sub DESTROY {
3366 my($self) = @_;
3367 unlink $$self; # get rid of the file
3368}
3369END_OF_FUNC
3370
3371'as_string' => <<'END_OF_FUNC'
3372sub as_string {
3373 my($self) = @_;
3374 return $$self;
3375}
3376END_OF_FUNC
3377
3378);
3379END_OF_AUTOLOAD
3380
3381package CGI;
3382
3383# We get a whole bunch of warnings about "possibly uninitialized variables"
3384# when running with the -w switch. Touch them all once to get rid of the
3385# warnings. This is ugly and I hate it.
3386if ($^W) {
3387 $CGI::CGI = '';
3388 $CGI::CGI=<<EOF;
3389 $CGI::VERSION;
3390 $MultipartBuffer::SPIN_LOOP_MAX;
3391 $MultipartBuffer::CRLF;
3392 $MultipartBuffer::TIMEOUT;
424ec8fa 3393 $MultipartBuffer::INITIAL_FILLUNIT;
54310121 3394EOF
3395 ;
3396}
3397
424ec8fa 33981;
54310121 3399
3400__END__
3401
3402=head1 NAME
3403
3404CGI - Simple Common Gateway Interface Class
3405
dc848c6f 3406=head1 SYNOPSIS
3407
424ec8fa
GS		 3408 # CGI script that creates a fill-out form
3409 # and echoes back its values.
3410
3411 use CGI qw/:standard/;
3412 print header,
3413 start_html('A Simple Example'),
3414 h1('A Simple Example'),
3415 start_form,
3416 "What's your name? ",textfield('name'),p,
3417 "What's the combination?", p,
3418 checkbox_group(-name=>'words',
3419 -values=>['eenie','meenie','minie','moe'],
3420 -defaults=>['eenie','minie']), p,
3421 "What's your favorite color? ",
3422 popup_menu(-name=>'color',
3423 -values=>['red','green','blue','chartreuse']),p,
3424 submit,
3425 end_form,
3426 hr;
3427
3428 if (param()) {
3429 print "Your name is",em(param('name')),p,
3430 "The keywords are: ",em(join(", ",param('words'))),p,
3431 "Your favorite color is ",em(param('color')),
3432 hr;
3433 }
dc848c6f 3434
54310121 3435=head1 ABSTRACT
3436
424ec8fa
GS		 3437This perl library uses perl5 objects to make it easy to create Web
3438fill-out forms and parse their contents. This package defines CGI
3439objects, entities that contain the values of the current query string
3440and other state variables. Using a CGI object's methods, you can
3441examine keywords and parameters passed to your script, and create
3442forms whose initial values are taken from the current query (thereby
3443preserving state information). The module provides shortcut functions
3444that produce boilerplate HTML, reducing typing and coding errors. It
3445also provides functionality for some of the more advanced features of
3446CGI scripting, including support for file uploads, cookies, cascading
3447style sheets, server push, and frames.
3448
3449CGI.pm also provides a simple function-oriented programming style for
3450those who don't need its object-oriented features.
54310121 3451
3452The current version of CGI.pm is available at
3453
3454 http://www.genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html
3455 ftp://ftp-genome.wi.mit.edu/pub/software/WWW/
3456
424ec8fa 3457=head1 DESCRIPTION
47e3cabd 3458
424ec8fa
GS		 3459=head2 PROGRAMMING STYLE
3460
3461There are two styles of programming with CGI.pm, an object-oriented
3462style and a function-oriented style. In the object-oriented style you
3463create one or more CGI objects and then use object methods to create
3464the various elements of the page. Each CGI object starts out with the
3465list of named parameters that were passed to your CGI script by the
3466server. You can modify the objects, save them to a file or database
3467and recreate them. Because each object corresponds to the "state" of
3468the CGI script, and because each object's parameter list is
3469independent of the others, this allows you to save the state of the
3470script and restore it later.
3471
f610777f 3472For example, using the object oriented style, here is how you create
424ec8fa
GS		 3473a simple "Hello World" HTML page:
3474
3538e1d5 3475 #!/usr/local/bin/perl -w
424ec8fa
GS		 3476 use CGI; # load CGI routines
3477 $q = new CGI; # create new CGI object
3478 print $q->header, # create the HTTP header
3479 $q->start_html('hello world'), # start the HTML
3480 $q->h1('hello world'), # level 1 header
3481 $q->end_html; # end the HTML
3482
3483In the function-oriented style, there is one default CGI object that
3484you rarely deal with directly. Instead you just call functions to
3485retrieve CGI parameters, create HTML tags, manage cookies, and so
3486on. This provides you with a cleaner programming interface, but
3487limits you to using one CGI object at a time. The following example
3488prints the same page, but uses the function-oriented interface.
3489The main differences are that we now need to import a set of functions
3490into our name space (usually the "standard" functions), and we don't
3491need to create the CGI object.
3492
71f3e297 3493 #!/usr/local/bin/perl
424ec8fa
GS		 3494 use CGI qw/:standard/; # load standard CGI routines
3495 print header, # create the HTTP header
3496 start_html('hello world'), # start the HTML
3497 h1('hello world'), # level 1 header
3498 end_html; # end the HTML
3499
3500The examples in this document mainly use the object-oriented style.
3501See HOW TO IMPORT FUNCTIONS for important information on
3502function-oriented programming in CGI.pm
3503
3504=head2 CALLING CGI.PM ROUTINES
3505
3506Most CGI.pm routines accept several arguments, sometimes as many as 20
3507optional ones! To simplify this interface, all routines use a named
3508argument calling style that looks like this:
3509
3510 print $q->header(-type=>'image/gif',-expires=>'+3d');
3511
3512Each argument name is preceded by a dash. Neither case nor order
3513matters in the argument list. -type, -Type, and -TYPE are all
3514acceptable. In fact, only the first argument needs to begin with a
3515dash. If a dash is present in the first argument, CGI.pm assumes
3516dashes for the subsequent ones.
3517
424ec8fa
GS		 3518Several routines are commonly called with just one argument. In the
3519case of these routines you can provide the single argument without an
3520argument name. header() happens to be one of these routines. In this
3521case, the single argument is the document type.
3522
3523 print $q->header('text/html');
3524
3525Other such routines are documented below.
3526
3527Sometimes named arguments expect a scalar, sometimes a reference to an
3528array, and sometimes a reference to a hash. Often, you can pass any
3529type of argument and the routine will do whatever is most appropriate.
3530For example, the param() routine is used to set a CGI parameter to a
3531single or a multi-valued value. The two cases are shown below:
3532
3533 $q->param(-name=>'veggie',-value=>'tomato');
3d1a2ec4 3534 $q->param(-name=>'veggie',-value=>['tomato','tomahto','potato','potahto']);
424ec8fa
GS		 3535
3536A large number of routines in CGI.pm actually aren't specifically
3537defined in the module, but are generated automatically as needed.
3538These are the "HTML shortcuts," routines that generate HTML tags for
3539use in dynamically-generated pages. HTML tags have both attributes
3540(the attribute="value" pairs within the tag itself) and contents (the
3541part between the opening and closing pairs.) To distinguish between
3542attributes and contents, CGI.pm uses the convention of passing HTML
3543attributes as a hash reference as the first argument, and the
3544contents, if any, as any subsequent arguments. It works out like
3545this:
3546
3547 Code Generated HTML
3548 ---- --------------
3549 h1() <H1>
3550 h1('some','contents'); <H1>some contents</H1>
3551 h1({-align=>left}); <H1 ALIGN="LEFT">
3552 h1({-align=>left},'contents'); <H1 ALIGN="LEFT">contents</H1>
3553
3554HTML tags are described in more detail later.
3555
3556Many newcomers to CGI.pm are puzzled by the difference between the
3557calling conventions for the HTML shortcuts, which require curly braces
3558around the HTML tag attributes, and the calling conventions for other
3559routines, which manage to generate attributes without the curly
3560brackets. Don't be confused. As a convenience the curly braces are
3561optional in all but the HTML shortcuts. If you like, you can use
3562curly braces when calling any routine that takes named arguments. For
3563example:
3564
3565 print $q->header( {-type=>'image/gif',-expires=>'+3d'} );
3566
3567If you use the B<-w> switch, you will be warned that some CGI.pm argument
3568names conflict with built-in Perl functions. The most frequent of
3569these is the -values argument, used to create multi-valued menus,
3570radio button clusters and the like. To get around this warning, you
3571have several choices:
54310121 3572
424ec8fa 3573=over 4
54310121 3574
551e1d92
RB		 3575=item 1.
3576
3577Use another name for the argument, if one is available.
3578For example, -value is an alias for -values.
54310121 3579
551e1d92 3580=item 2.
54310121 3581
551e1d92
RB		 3582Change the capitalization, e.g. -Values
3583
3584=item 3.
3585
3586Put quotes around the argument name, e.g. '-values'
54310121 3587
424ec8fa 3588=back
54310121 3589
424ec8fa
GS		 3590Many routines will do something useful with a named argument that it
3591doesn't recognize. For example, you can produce non-standard HTTP
3592header fields by providing them as named arguments:
54310121 3593
424ec8fa
GS		 3594 print $q->header(-type => 'text/html',
3595 -cost => 'Three smackers',
3596 -annoyance_level => 'high',
3597 -complaints_to => 'bit bucket');
54310121 3598
424ec8fa
GS		 3599This will produce the following nonstandard HTTP header:
3600
3601 HTTP/1.0 200 OK
3602 Cost: Three smackers
3603 Annoyance-level: high
3604 Complaints-to: bit bucket
3605 Content-type: text/html
3606
3607Notice the way that underscores are translated automatically into
3608hyphens. HTML-generating routines perform a different type of
3609translation.
3610
3611This feature allows you to keep up with the rapidly changing HTTP and
3612HTML "standards".
54310121 3613
424ec8fa 3614=head2 CREATING A NEW QUERY OBJECT (OBJECT-ORIENTED STYLE):
54310121 3615
3616 $query = new CGI;
3617
3618This will parse the input (from both POST and GET methods) and store
3619it into a perl5 object called $query.
3620
3621=head2 CREATING A NEW QUERY OBJECT FROM AN INPUT FILE
3622
3623 $query = new CGI(INPUTFILE);
3624
424ec8fa
GS		 3625If you provide a file handle to the new() method, it will read
3626parameters from the file (or STDIN, or whatever). The file can be in
3627any of the forms describing below under debugging (i.e. a series of
3628newline delimited TAG=VALUE pairs will work). Conveniently, this type
3629of file is created by the save() method (see below). Multiple records
3630can be saved and restored.
54310121 3631
3632Perl purists will be pleased to know that this syntax accepts
3633references to file handles, or even references to filehandle globs,
3634which is the "official" way to pass a filehandle:
3635
3636 $query = new CGI(\*STDIN);
3637
424ec8fa
GS		 3638You can also initialize the CGI object with a FileHandle or IO::File
3639object.
3640
3641If you are using the function-oriented interface and want to
3642initialize CGI state from a file handle, the way to do this is with
3643B<restore_parameters()>. This will (re)initialize the
3644default CGI object from the indicated file handle.
3645
3646 open (IN,"test.in") || die;
3647 restore_parameters(IN);
3648 close IN;
3649
54310121 3650You can also initialize the query object from an associative array
3651reference:
3652
3653 $query = new CGI( {'dinosaur'=>'barney',
3654 'song'=>'I love you',
3655 'friends'=>[qw/Jessica George Nancy/]}
3656 );
3657
3658or from a properly formatted, URL-escaped query string:
3659
3660 $query = new CGI('dinosaur=barney&color=purple');
3661
424ec8fa
GS		 3662or from a previously existing CGI object (currently this clones the
3663parameter list, but none of the other object-specific fields, such as
3664autoescaping):
3665
3666 $old_query = new CGI;
3667 $new_query = new CGI($old_query);
3668
54310121 3669To create an empty query, initialize it from an empty string or hash:
3670
424ec8fa
GS		 3671 $empty_query = new CGI("");
3672
3673 -or-
3674
3675 $empty_query = new CGI({});
54310121 3676
3677=head2 FETCHING A LIST OF KEYWORDS FROM THE QUERY:
3678
3679 @keywords = $query->keywords
3680
3681If the script was invoked as the result of an <ISINDEX> search, the
3682parsed keywords can be obtained as an array using the keywords() method.
3683
3684=head2 FETCHING THE NAMES OF ALL THE PARAMETERS PASSED TO YOUR SCRIPT:
3685
3686 @names = $query->param
3687
3688If the script was invoked with a parameter list
3d1a2ec4
GS		 3689(e.g. "name1=value1&name2=value2&name3=value3"), the param() method
3690will return the parameter names as a list. If the script was invoked
3691as an <ISINDEX> script and contains a string without ampersands
3692(e.g. "value1+value2+value3") , there will be a single parameter named
3693"keywords" containing the "+"-delimited keywords.
54310121 3694
3695NOTE: As of version 1.5, the array of parameter names returned will
3696be in the same order as they were submitted by the browser.
3697Usually this order is the same as the order in which the
3698parameters are defined in the form (however, this isn't part
3699of the spec, and so isn't guaranteed).
3700
3701=head2 FETCHING THE VALUE OR VALUES OF A SINGLE NAMED PARAMETER:
3702
3703 @values = $query->param('foo');
3704
3705 -or-
3706
3707 $value = $query->param('foo');
3708
3709Pass the param() method a single argument to fetch the value of the
3710named parameter. If the parameter is multivalued (e.g. from multiple
3711selections in a scrolling list), you can ask to receive an array. Otherwise
3712the method will return a single value.
3713
3d1a2ec4
GS		 3714If a value is not given in the query string, as in the queries
3715"name1=&name2=" or "name1&name2", it will be returned as an empty
3716string. This feature is new in 2.63.
3717
54310121 3718=head2 SETTING THE VALUE(S) OF A NAMED PARAMETER:
3719
3720 $query->param('foo','an','array','of','values');
3721
3722This sets the value for the named parameter 'foo' to an array of
3723values. This is one way to change the value of a field AFTER
3724the script has been invoked once before. (Another way is with
3725the -override parameter accepted by all methods that generate
3726form elements.)
3727
3728param() also recognizes a named parameter style of calling described
3729in more detail later:
3730
3731 $query->param(-name=>'foo',-values=>['an','array','of','values']);
3732
3733 -or-
3734
3735 $query->param(-name=>'foo',-value=>'the value');
3736
3737=head2 APPENDING ADDITIONAL VALUES TO A NAMED PARAMETER:
3738
424ec8fa 3739 $query->append(-name=>'foo',-values=>['yet','more','values']);
54310121 3740
3741This adds a value or list of values to the named parameter. The
3742values are appended to the end of the parameter if it already exists.
3743Otherwise the parameter is created. Note that this method only
3744recognizes the named argument calling syntax.
3745
3746=head2 IMPORTING ALL PARAMETERS INTO A NAMESPACE:
3747
3748 $query->import_names('R');
3749
3750This creates a series of variables in the 'R' namespace. For example,
3751$R::foo, @R:foo. For keyword lists, a variable @R::keywords will appear.
3752If no namespace is given, this method will assume 'Q'.
3753WARNING: don't import anything into 'main'; this is a major security
3754risk!!!!
3755
3756In older versions, this method was called B<import()>. As of version 2.20,
3757this name has been removed completely to avoid conflict with the built-in
3758Perl module B<import> operator.
3759
3760=head2 DELETING A PARAMETER COMPLETELY:
3761
3762 $query->delete('foo');
3763
3764This completely clears a parameter. It sometimes useful for
3765resetting parameters that you don't want passed down between
3766script invocations.
3767
424ec8fa
GS		 3768If you are using the function call interface, use "Delete()" instead
3769to avoid conflicts with Perl's built-in delete operator.
3770
54310121 3771=head2 DELETING ALL PARAMETERS:
3772
424ec8fa 3773 $query->delete_all();
54310121 3774
3775This clears the CGI object completely. It might be useful to ensure
3776that all the defaults are taken when you create a fill-out form.
3777
424ec8fa
GS		 3778Use Delete_all() instead if you are using the function call interface.
3779
3780=head2 DIRECT ACCESS TO THE PARAMETER LIST:
3781
3782 $q->param_fetch('address')->[1] = '1313 Mockingbird Lane';
3783 unshift @{$q->param_fetch(-name=>'address')},'George Munster';
3784
3785If you need access to the parameter list in a way that isn't covered
3786by the methods above, you can obtain a direct reference to it by
3787calling the B<param_fetch()> method with the name of the . This
3788will return an array reference to the named parameters, which you then
3789can manipulate in any way you like.
3790
3791You can also use a named argument style using the B<-name> argument.
3792
3538e1d5
GS		 3793=head2 FETCHING THE PARAMETER LIST AS A HASH:
3794
3795 $params = $q->Vars;
3796 print $params->{'address'};
3797 @foo = split("\0",$params->{'foo'});
3798 %params = $q->Vars;
3799
3800 use CGI ':cgi-lib';
3801 $params = Vars;
3802
3803Many people want to fetch the entire parameter list as a hash in which
3804the keys are the names of the CGI parameters, and the values are the
3805parameters' values. The Vars() method does this. Called in a scalar
3806context, it returns the parameter list as a tied hash reference.
3807Changing a key changes the value of the parameter in the underlying
a3b3a725 3808CGI parameter list. Called in a list context, it returns the
3538e1d5
GS		 3809parameter list as an ordinary hash. This allows you to read the
3810contents of the parameter list, but not to change it.
3811
3812When using this, the thing you must watch out for are multivalued CGI
3813parameters. Because a hash cannot distinguish between scalar and
a3b3a725 3814list context, multivalued parameters will be returned as a packed
3538e1d5
GS		 3815string, separated by the "\0" (null) character. You must split this
3816packed string in order to get at the individual values. This is the
3817convention introduced long ago by Steve Brenner in his cgi-lib.pl
3818module for Perl version 4.
3819
3820If you wish to use Vars() as a function, import the I<:cgi-lib> set of
3821function calls (also see the section on CGI-LIB compatibility).
3822
424ec8fa 3823=head2 SAVING THE STATE OF THE SCRIPT TO A FILE:
54310121 3824
3825 $query->save(FILEHANDLE)
3826
3827This will write the current state of the form to the provided
3828filehandle. You can read it back in by providing a filehandle
3829to the new() method. Note that the filehandle can be a file, a pipe,
3830or whatever!
3831
3832The format of the saved file is:
3833
3834 NAME1=VALUE1
3835 NAME1=VALUE1'
3836 NAME2=VALUE2
3837 NAME3=VALUE3
3838 =
3839
3840Both name and value are URL escaped. Multi-valued CGI parameters are
3841represented as repeated names. A session record is delimited by a
3842single = symbol. You can write out multiple records and read them
3843back in with several calls to B<new>. You can do this across several
3844sessions by opening the file in append mode, allowing you to create
3845primitive guest books, or to keep a history of users' queries. Here's
3846a short example of creating multiple session records:
3847
3848 use CGI;
3849
3850 open (OUT,">>test.out") || die;
3851 $records = 5;
3852 foreach (0..$records) {
3853 my $q = new CGI;
3854 $q->param(-name=>'counter',-value=>$_);
3855 $q->save(OUT);
3856 }
3857 close OUT;
3858
3859 # reopen for reading
3860 open (IN,"test.out") || die;
3861 while (!eof(IN)) {
3862 my $q = new CGI(IN);
3863 print $q->param('counter'),"\n";
3864 }
3865
3866The file format used for save/restore is identical to that used by the
3867Whitehead Genome Center's data exchange format "Boulderio", and can be
3868manipulated and even databased using Boulderio utilities. See
3cb6de81 3869
3538e1d5 3870 http://stein.cshl.org/boulder/
54310121 3871
3872for further details.
3873
424ec8fa
GS		 3874If you wish to use this method from the function-oriented (non-OO)
3875interface, the exported name for this method is B<save_parameters()>.
54310121 3876
3538e1d5
GS		 3877=head2 RETRIEVING CGI ERRORS
3878
3879Errors can occur while processing user input, particularly when
3880processing uploaded files. When these errors occur, CGI will stop
3881processing and return an empty parameter list. You can test for
3882the existence and nature of errors using the I<cgi_error()> function.
3883The error messages are formatted as HTTP status codes. You can either
3884incorporate the error text into an HTML page, or use it as the value
3885of the HTTP status:
3886
3887 my $error = $q->cgi_error;
3888 if ($error) {
3889 print $q->header(-status=>$error),
3890 $q->start_html('Problems'),
3891 $q->h2('Request not processed'),
3892 $q->strong($error);
3893 exit 0;
3894 }
3895
3896When using the function-oriented interface (see the next section),
3897errors may only occur the first time you call I<param()>. Be ready
3898for this!
3899
424ec8fa 3900=head2 USING THE FUNCTION-ORIENTED INTERFACE
54310121 3901
424ec8fa
GS		 3902To use the function-oriented interface, you must specify which CGI.pm
3903routines or sets of routines to import into your script's namespace.
3904There is a small overhead associated with this importation, but it
3905isn't much.
54310121 3906
424ec8fa 3907 use CGI <list of methods>;
54310121 3908
424ec8fa
GS		 3909The listed methods will be imported into the current package; you can
3910call them directly without creating a CGI object first. This example
3911shows how to import the B<param()> and B<header()>
3912methods, and then use them directly:
54310121 3913
424ec8fa
GS		 3914 use CGI 'param','header';
3915 print header('text/plain');
3916 $zipcode = param('zipcode');
54310121 3917
424ec8fa 3918More frequently, you'll import common sets of functions by referring
f610777f 3919to the groups by name. All function sets are preceded with a ":"
424ec8fa 3920character as in ":html3" (for tags defined in the HTML 3 standard).
54310121 3921
424ec8fa 3922Here is a list of the function sets you can import:
54310121 3923
424ec8fa 3924=over 4
54310121 3925
424ec8fa 3926=item B<:cgi>
54310121 3927
424ec8fa
GS		 3928Import all CGI-handling methods, such as B<param()>, B<path_info()>
3929and the like.
54310121 3930
424ec8fa 3931=item B<:form>
54310121 3932
424ec8fa 3933Import all fill-out form generating methods, such as B<textfield()>.
54310121 3934
424ec8fa 3935=item B<:html2>
54310121 3936
424ec8fa 3937Import all methods that generate HTML 2.0 standard elements.
54310121 3938
424ec8fa 3939=item B<:html3>
54310121 3940
424ec8fa
GS		 3941Import all methods that generate HTML 3.0 proposed elements (such as
3942<table>, <super> and <sub>).
54310121 3943
424ec8fa 3944=item B<:netscape>
54310121 3945
424ec8fa 3946Import all methods that generate Netscape-specific HTML extensions.
54310121 3947
424ec8fa 3948=item B<:html>
54310121 3949
424ec8fa
GS		 3950Import all HTML-generating shortcuts (i.e. 'html2' + 'html3' +
3951'netscape')...
54310121 3952
424ec8fa 3953=item B<:standard>
54310121 3954
424ec8fa 3955Import "standard" features, 'html2', 'html3', 'form' and 'cgi'.
54310121 3956
424ec8fa 3957=item B<:all>
54310121 3958
424ec8fa 3959Import all the available methods. For the full list, see the CGI.pm
3538e1d5 3960code, where the variable %EXPORT_TAGS is defined.
424ec8fa
GS		 3961
3962=back
3963
3964If you import a function name that is not part of CGI.pm, the module
3965will treat it as a new HTML tag and generate the appropriate
3966subroutine. You can then use it like any other HTML tag. This is to
3967provide for the rapidly-evolving HTML "standard." For example, say
3968Microsoft comes out with a new tag called <GRADIENT> (which causes the
3969user's desktop to be flooded with a rotating gradient fill until his
3970machine reboots). You don't need to wait for a new version of CGI.pm
d23a249d 3971to start using it immediately:
424ec8fa
GS		 3972
3973 use CGI qw/:standard :html3 gradient/;
3974 print gradient({-start=>'red',-end=>'blue'});
3975
3976Note that in the interests of execution speed CGI.pm does B<not> use
3977the standard L<Exporter> syntax for specifying load symbols. This may
3978change in the future.
3979
3980If you import any of the state-maintaining CGI or form-generating
3981methods, a default CGI object will be created and initialized
3982automatically the first time you use any of the methods that require
3983one to be present. This includes B<param()>, B<textfield()>,
3984B<submit()> and the like. (If you need direct access to the CGI
3985object, you can find it in the global variable B<$CGI::Q>). By
3986importing CGI.pm methods, you can create visually elegant scripts:
3987
3988 use CGI qw/:standard/;
3989 print
3990 header,
3991 start_html('Simple Script'),
3992 h1('Simple Script'),
3993 start_form,
3994 "What's your name? ",textfield('name'),p,
3995 "What's the combination?",
3996 checkbox_group(-name=>'words',
3997 -values=>['eenie','meenie','minie','moe'],
3998 -defaults=>['eenie','moe']),p,
3999 "What's your favorite color?",
4000 popup_menu(-name=>'color',
4001 -values=>['red','green','blue','chartreuse']),p,
4002 submit,
4003 end_form,
4004 hr,"\n";
4005
4006 if (param) {
4007 print
4008 "Your name is ",em(param('name')),p,
4009 "The keywords are: ",em(join(", ",param('words'))),p,
4010 "Your favorite color is ",em(param('color')),".\n";
4011 }
4012 print end_html;
4013
4014=head2 PRAGMAS
4015
4016In addition to the function sets, there are a number of pragmas that
4017you can import. Pragmas, which are always preceded by a hyphen,
4018change the way that CGI.pm functions in various ways. Pragmas,
4019function sets, and individual functions can all be imported in the
4020same use() line. For example, the following use statement imports the
3d1a2ec4
GS		 4021standard set of functions and enables debugging mode (pragma
4022-debug):
424ec8fa 4023
3d1a2ec4 4024 use CGI qw/:standard -debug/;
424ec8fa
GS		 4025
4026The current list of pragmas is as follows:
4027
4028=over 4
4029
4030=item -any
4031
4032When you I<use CGI -any>, then any method that the query object
4033doesn't recognize will be interpreted as a new HTML tag. This allows
4034you to support the next I<ad hoc> Netscape or Microsoft HTML
4035extension. This lets you go wild with new and unsupported tags:
4036
4037 use CGI qw(-any);
4038 $q=new CGI;
4039 print $q->gradient({speed=>'fast',start=>'red',end=>'blue'});
4040
4041Since using <cite>any</cite> causes any mistyped method name
4042to be interpreted as an HTML tag, use it with care or not at
4043all.
54310121 4044
424ec8fa 4045=item -compile
54310121 4046
424ec8fa
GS		 4047This causes the indicated autoloaded methods to be compiled up front,
4048rather than deferred to later. This is useful for scripts that run
4049for an extended period of time under FastCGI or mod_perl, and for
4050those destined to be crunched by Malcom Beattie's Perl compiler. Use
f610777f 4051it in conjunction with the methods or method families you plan to use.
424ec8fa
GS		 4052
4053 use CGI qw(-compile :standard :html3);
4054
4055or even
4056
4057 use CGI qw(-compile :all);
4058
4059Note that using the -compile pragma in this way will always have
4060the effect of importing the compiled functions into the current
4061namespace. If you want to compile without importing use the
4062compile() method instead (see below).
4063
3d1a2ec4
GS		 4064=item -nosticky
4065
4066This makes CGI.pm not generating the hidden fields .submit
4067and .cgifields. It is very useful if you don't want to
4068have the hidden fields appear in the querystring in a GET method.
4069For example, a search script generated this way will have
4070a very nice url with search parameters for bookmarking.
4071
199d4a26
JH		 4072=item -no_undef_params
4073
4074This keeps CGI.pm from including undef params in the parameter list.
4075
6b4ac661
JH		 4076=item -no_xhtml
4077
4078By default, CGI.pm versions 2.69 and higher emit XHTML
4079(http://www.w3.org/TR/xhtml1/). The -no_xhtml pragma disables this
4080feature. Thanks to Michalis Kabrianis <kabrianis@hellug.gr> for this
4081feature.
4082
424ec8fa
GS		 4083=item -nph
4084
4085This makes CGI.pm produce a header appropriate for an NPH (no
4086parsed header) script. You may need to do other things as well
4087to tell the server that the script is NPH. See the discussion
4088of NPH scripts below.
4089
71f3e297
JH		 4090=item -newstyle_urls
4091
4092Separate the name=value pairs in CGI parameter query strings with
4093semicolons rather than ampersands. For example:
4094
4095 ?name=fred;age=24;favorite_color=3
4096
4097Semicolon-delimited query strings are always accepted, but will not be
4098emitted by self_url() and query_string() unless the -newstyle_urls
4099pragma is specified.
4100
3d1a2ec4
GS		 4101This became the default in version 2.64.
4102
4103=item -oldstyle_urls
4104
4105Separate the name=value pairs in CGI parameter query strings with
4106ampersands rather than semicolons. This is no longer the default.
4107
424ec8fa
GS		 4108=item -autoload
4109
4110This overrides the autoloader so that any function in your program
4111that is not recognized is referred to CGI.pm for possible evaluation.
4112This allows you to use all the CGI.pm functions without adding them to
4113your symbol table, which is of concern for mod_perl users who are
4114worried about memory consumption. I<Warning:> when
4115I<-autoload> is in effect, you cannot use "poetry mode"
4116(functions without the parenthesis). Use I<hr()> rather
4117than I<hr>, or add something like I<use subs qw/hr p header/>
4118to the top of your script.
4119
4120=item -no_debug
4121
4122This turns off the command-line processing features. If you want to
4123run a CGI.pm script from the command line to produce HTML, and you
3d1a2ec4
GS		 4124don't want it to read CGI parameters from the command line or STDIN,
4125then use this pragma:
424ec8fa
GS		 4126
4127 use CGI qw(-no_debug :standard);
4128
3d1a2ec4 4129=item -debug
424ec8fa 4130
3d1a2ec4
GS		 4131This turns on full debugging. In addition to reading CGI arguments
4132from the command-line processing, CGI.pm will pause and try to read
4133arguments from STDIN, producing the message "(offline mode: enter
4134name=value pairs on standard input)" features.
3cb6de81 4135
424ec8fa
GS		 4136See the section on debugging for more details.
4137
4138=item -private_tempfiles
4139
3538e1d5
GS		 4140CGI.pm can process uploaded file. Ordinarily it spools the uploaded
4141file to a temporary directory, then deletes the file when done.
4142However, this opens the risk of eavesdropping as described in the file
4143upload section. Another CGI script author could peek at this data
4144during the upload, even if it is confidential information. On Unix
4145systems, the -private_tempfiles pragma will cause the temporary file
4146to be unlinked as soon as it is opened and before any data is written
4147into it, reducing, but not eliminating the risk of eavesdropping
4148(there is still a potential race condition). To make life harder for
4149the attacker, the program chooses tempfile names by calculating a 32
4150bit checksum of the incoming HTTP headers.
4151
4152To ensure that the temporary file cannot be read by other CGI scripts,
4153use suEXEC or a CGI wrapper program to run your script. The temporary
4154file is created with mode 0600 (neither world nor group readable).
4155
4156The temporary directory is selected using the following algorithm:
4157
4158 1. if the current user (e.g. "nobody") has a directory named
4159 "tmp" in its home directory, use that (Unix systems only).
4160
4161 2. if the environment variable TMPDIR exists, use the location
4162 indicated.
4163
4164 3. Otherwise try the locations /usr/tmp, /var/tmp, C:\temp,
4165 /tmp, /temp, ::Temporary Items, and \WWW_ROOT.
4166
4167Each of these locations is checked that it is a directory and is
4168writable. If not, the algorithm tries the next choice.
71f3e297
JH		 4169
4170=back
4171
4172=head2 SPECIAL FORMS FOR IMPORTING HTML-TAG FUNCTIONS
4173
4174Many of the methods generate HTML tags. As described below, tag
4175functions automatically generate both the opening and closing tags.
4176For example:
4177
4178 print h1('Level 1 Header');
4179
4180produces
4181
4182 <H1>Level 1 Header</H1>
4183
4184There will be some times when you want to produce the start and end
4185tags yourself. In this case, you can use the form start_I<tag_name>
4186and end_I<tag_name>, as in:
4187
4188 print start_h1,'Level 1 Header',end_h1;
4189
4190With a few exceptions (described below), start_I<tag_name> and
4191end_I<tag_name> functions are not generated automatically when you
4192I<use CGI>. However, you can specify the tags you want to generate
4193I<start/end> functions for by putting an asterisk in front of their
4194name, or, alternatively, requesting either "start_I<tag_name>" or
4195"end_I<tag_name>" in the import list.
4196
4197Example:
4198
4199 use CGI qw/:standard *table start_ul/;
4200
4201In this example, the following functions are generated in addition to
4202the standard ones:
4203
4204=over 4
4205
4206=item 1. start_table() (generates a <TABLE> tag)
4207
4208=item 2. end_table() (generates a </TABLE> tag)
4209
4210=item 3. start_ul() (generates a <UL> tag)
4211
4212=item 4. end_ul() (generates a </UL> tag)
4213
424ec8fa
GS		 4214=back
4215
4216=head1 GENERATING DYNAMIC DOCUMENTS
4217
4218Most of CGI.pm's functions deal with creating documents on the fly.
4219Generally you will produce the HTTP header first, followed by the
4220document itself. CGI.pm provides functions for generating HTTP
4221headers of various types as well as for generating HTML. For creating
4222GIF images, see the GD.pm module.
4223
4224Each of these functions produces a fragment of HTML or HTTP which you
4225can print out directly so that it displays in the browser window,
4226append to a string, or save to a file for later use.
4227
4228=head2 CREATING A STANDARD HTTP HEADER:
4229
4230Normally the first thing you will do in any CGI script is print out an
4231HTTP header. This tells the browser what type of document to expect,
4232and gives other optional information, such as the language, expiration
4233date, and whether to cache the document. The header can also be
4234manipulated for special purposes, such as server push and pay per view
4235pages.
54310121 4236
4237 print $query->header;
4238
4239 -or-
4240
4241 print $query->header('image/gif');
4242
4243 -or-
4244
4245 print $query->header('text/html','204 No response');
4246
4247 -or-
4248
4249 print $query->header(-type=>'image/gif',
4250 -nph=>1,
4251 -status=>'402 Payment required',
4252 -expires=>'+3d',
4253 -cookie=>$cookie,
3d1a2ec4 4254 -charset=>'utf-7',
6b4ac661 4255 -attachment=>'foo.gif',
54310121 4256 -Cost=>'$2.00');
4257
4258header() returns the Content-type: header. You can provide your own
4259MIME type if you choose, otherwise it defaults to text/html. An
4260optional second parameter specifies the status code and a human-readable
4261message. For example, you can specify 204, "No response" to create a
424ec8fa 4262script that tells the browser to do nothing at all.
54310121 4263
4264The last example shows the named argument style for passing arguments
4265to the CGI methods using named parameters. Recognized parameters are
424ec8fa 4266B<-type>, B<-status>, B<-expires>, and B<-cookie>. Any other named
54310121 4267parameters will be stripped of their initial hyphens and turned into
4268header fields, allowing you to specify any HTTP header you desire.
424ec8fa
GS		 4269Internal underscores will be turned into hyphens:
4270
4271 print $query->header(-Content_length=>3002);
54310121 4272
4273Most browsers will not cache the output from CGI scripts. Every time
4274the browser reloads the page, the script is invoked anew. You can
4275change this behavior with the B<-expires> parameter. When you specify
4276an absolute or relative expiration interval with this parameter, some
4277browsers and proxy servers will cache the script's output until the
4278indicated expiration date. The following forms are all valid for the
4279-expires field:
4280
4281 +30s 30 seconds from now
4282 +10m ten minutes from now
4283 +1h one hour from now
4284 -1d yesterday (i.e. "ASAP!")
4285 now immediately
4286 +3M in three months
4287 +10y in ten years time
424ec8fa 4288 Thursday, 25-Apr-1999 00:40:33 GMT at the indicated time & date
54310121 4289
4290The B<-cookie> parameter generates a header that tells the browser to provide
4291a "magic cookie" during all subsequent transactions with your script.
4292Netscape cookies have a special format that includes interesting attributes
4293such as expiration time. Use the cookie() method to create and retrieve
4294session cookies.
4295
4296The B<-nph> parameter, if set to a true value, will issue the correct
4297headers to work with a NPH (no-parse-header) script. This is important
3d1a2ec4
GS		 4298to use with certain servers that expect all their scripts to be NPH.
4299
4300The B<-charset> parameter can be used to control the character set
4301sent to the browser. If not provided, defaults to ISO-8859-1. As a
4302side effect, this sets the charset() method as well.
54310121 4303
6b4ac661
JH		 4304The B<-attachment> parameter can be used to turn the page into an
4305attachment. Instead of displaying the page, some browsers will prompt
4306the user to save it to disk. The value of the argument is the
4307suggested name for the saved file. In order for this to work, you may
4308have to set the B<-type> to "application/octet-stream".
4309
424ec8fa 4310=head2 GENERATING A REDIRECTION HEADER
54310121 4311
4312 print $query->redirect('http://somewhere.else/in/movie/land');
4313
424ec8fa
GS		 4314Sometimes you don't want to produce a document yourself, but simply
4315redirect the browser elsewhere, perhaps choosing a URL based on the
4316time of day or the identity of the user.
4317
4318The redirect() function redirects the browser to a different URL. If
4319you use redirection like this, you should B<not> print out a header as
6b4ac661 4320well.
54310121 4321
4322One hint I can offer is that relative links may not work correctly
7a2e2cd6 4323when you generate a redirection to another document on your site.
54310121 4324This is due to a well-intentioned optimization that some servers use.
4325The solution to this is to use the full URL (including the http: part)
4326of the document you are redirecting to.
4327
424ec8fa 4328You can also use named arguments:
54310121 4329
4330 print $query->redirect(-uri=>'http://somewhere.else/in/movie/land',
4331 -nph=>1);
4332
4333The B<-nph> parameter, if set to a true value, will issue the correct
4334headers to work with a NPH (no-parse-header) script. This is important
4335to use with certain servers, such as Microsoft Internet Explorer, which
4336expect all their scripts to be NPH.
4337
424ec8fa 4338=head2 CREATING THE HTML DOCUMENT HEADER
54310121 4339
4340 print $query->start_html(-title=>'Secrets of the Pyramids',
4341 -author=>'fred@capricorn.org',
4342 -base=>'true',
4343 -target=>'_blank',
4344 -meta=>{'keywords'=>'pharaoh secret mummy',
4345 'copyright'=>'copyright 1996 King Tut'},
7d37aa8e 4346 -style=>{'src'=>'/styles/style1.css'},
54310121 4347 -BGCOLOR=>'blue');
4348
424ec8fa
GS		 4349After creating the HTTP header, most CGI scripts will start writing
4350out an HTML document. The start_html() routine creates the top of the
4351page, along with a lot of optional information that controls the
4352page's appearance and behavior.
54310121 4353
424ec8fa
GS		 4354This method returns a canned HTML header and the opening <BODY> tag.
4355All parameters are optional. In the named parameter form, recognized
6b4ac661
JH		 4356parameters are -title, -author, -base, -xbase, -dtd, -lang and -target
4357(see below for the explanation). Any additional parameters you
4358provide, such as the Netscape unofficial BGCOLOR attribute, are added
4359to the <BODY> tag. Additional parameters must be proceeded by a
4360hyphen.
54310121 4361
4362The argument B<-xbase> allows you to provide an HREF for the <BASE> tag
4363different from the current location, as in
4364
4365 -xbase=>"http://home.mcom.com/"
4366
4367All relative links will be interpreted relative to this tag.
4368
4369The argument B<-target> allows you to provide a default target frame
3d1a2ec4
GS		 4370for all the links and fill-out forms on the page. B<This is a
4371non-standard HTTP feature which only works with Netscape browsers!>
4372See the Netscape documentation on frames for details of how to
4373manipulate this.
54310121 4374
4375 -target=>"answer_window"
4376
4377All relative links will be interpreted relative to this tag.
4378You add arbitrary meta information to the header with the B<-meta>
4379argument. This argument expects a reference to an associative array
4380containing name/value pairs of meta information. These will be turned
4381into a series of header <META> tags that look something like this:
4382
424ec8fa
GS		 4383 <META NAME="keywords" CONTENT="pharaoh secret mummy">
4384 <META NAME="description" CONTENT="copyright 1996 King Tut">
4385
6b4ac661
JH		 4386To create an HTTP-EQUIV type of <META> tag, use B<-head>, described
4387below.
424ec8fa 4388
6b4ac661
JH		 4389The B<-style> argument is used to incorporate cascading stylesheets
4390into your code. See the section on CASCADING STYLESHEETS for more
4391information.
424ec8fa 4392
6b4ac661
JH		 4393The B<-lang> argument is used to incorporate a language attribute into
4394the <HTML> tag. The default if not specified is "en-US" for US
4395English. For example:
4396
ba056755 4397 print $q->start_html(-lang=>'fr-CA');
424ec8fa
GS		 4398
4399You can place other arbitrary HTML elements to the <HEAD> section with the
4400B<-head> tag. For example, to place the rarely-used <LINK> element in the
4401head section, use this:
4402
3538e1d5 4403 print start_html(-head=>Link({-rel=>'next',
6b4ac661 4404 -href=>'http://www.capricorn.com/s2.html'}));
424ec8fa
GS		 4405
4406To incorporate multiple HTML elements into the <HEAD> section, just pass an
4407array reference:
4408
3538e1d5
GS		 4409 print start_html(-head=>[
4410 Link({-rel=>'next',
4411 -href=>'http://www.capricorn.com/s2.html'}),
4412 Link({-rel=>'previous',
4413 -href=>'http://www.capricorn.com/s1.html'})
424ec8fa
GS		 4414 ]
4415 );
4416
6b4ac661
JH		 4417And here's how to create an HTTP-EQUIV <META> tag:
4418
ba056755
JH		 4419 print start_html(-head=>meta({-http_equiv => 'Content-Type',
4420 -content => 'text/html'}))
6b4ac661
JH		 4421
4422
424ec8fa
GS		 4423JAVASCRIPTING: The B<-script>, B<-noScript>, B<-onLoad>,
4424B<-onMouseOver>, B<-onMouseOut> and B<-onUnload> parameters are used
4425to add Netscape JavaScript calls to your pages. B<-script> should
4426point to a block of text containing JavaScript function definitions.
4427This block will be placed within a <SCRIPT> block inside the HTML (not
4428HTTP) header. The block is placed in the header in order to give your
4429page a fighting chance of having all its JavaScript functions in place
4430even if the user presses the stop button before the page has loaded
4431completely. CGI.pm attempts to format the script in such a way that
4432JavaScript-naive browsers will not choke on the code: unfortunately
4433there are some browsers, such as Chimera for Unix, that get confused
4434by it nevertheless.
4435
4436The B<-onLoad> and B<-onUnload> parameters point to fragments of JavaScript
4437code to execute when the page is respectively opened and closed by the
4438browser. Usually these parameters are calls to functions defined in the
4439B<-script> field:
4440
4441 $query = new CGI;
4442 print $query->header;
4443 $JSCRIPT=<<END;
4444 // Ask a silly question
4445 function riddle_me_this() {
4446 var r = prompt("What walks on four legs in the morning, " +
4447 "two legs in the afternoon, " +
4448 "and three legs in the evening?");
4449 response(r);
4450 }
4451 // Get a silly answer
4452 function response(answer) {
4453 if (answer == "man")
4454 alert("Right you are!");
4455 else
4456 alert("Wrong! Guess again.");
4457 }
4458 END
4459 print $query->start_html(-title=>'The Riddle of the Sphinx',
4460 -script=>$JSCRIPT);
4461
4462Use the B<-noScript> parameter to pass some HTML text that will be displayed on
4463browsers that do not have JavaScript (or browsers where JavaScript is turned
4464off).
4465
4466Netscape 3.0 recognizes several attributes of the <SCRIPT> tag,
4467including LANGUAGE and SRC. The latter is particularly interesting,
4468as it allows you to keep the JavaScript code in a file or CGI script
4469rather than cluttering up each page with the source. To use these
4470attributes pass a HASH reference in the B<-script> parameter containing
4471one or more of -language, -src, or -code:
4472
4473 print $q->start_html(-title=>'The Riddle of the Sphinx',
4474 -script=>{-language=>'JAVASCRIPT',
4475 -src=>'/javascript/sphinx.js'}
4476 );
4477
4478 print $q->(-title=>'The Riddle of the Sphinx',
3538e1d5
GS		 4479 -script=>{-language=>'PERLSCRIPT',
4480 -code=>'print "hello world!\n;"'}
424ec8fa
GS		 4481 );
4482
4483
4484A final feature allows you to incorporate multiple <SCRIPT> sections into the
4485header. Just pass the list of script sections as an array reference.
4486this allows you to specify different source files for different dialects
4487of JavaScript. Example:
4488
3538e1d5
GS		 4489 print $q->start_html(-title=>'The Riddle of the Sphinx',
4490 -script=>[
4491 { -language => 'JavaScript1.0',
4492 -src => '/javascript/utilities10.js'
424ec8fa 4493 },
3538e1d5
GS		 4494 { -language => 'JavaScript1.1',
4495 -src => '/javascript/utilities11.js'
424ec8fa 4496 },
3538e1d5
GS		 4497 { -language => 'JavaScript1.2',
4498 -src => '/javascript/utilities12.js'
424ec8fa 4499 },
3538e1d5
GS		 4500 { -language => 'JavaScript28.2',
4501 -src => '/javascript/utilities219.js'
424ec8fa
GS		 4502 }
4503 ]
4504 );
4505 </pre>
4506
4507If this looks a bit extreme, take my advice and stick with straight CGI scripting.
4508
4509See
4510
4511 http://home.netscape.com/eng/mozilla/2.0/handbook/javascript/
4512
4513for more information about JavaScript.
4514
4515The old-style positional parameters are as follows:
4516
4517=over 4
4518
4519=item B<Parameters:>
4520
4521=item 1.
4522
4523The title
4524
4525=item 2.
4526
4527The author's e-mail address (will create a <LINK REV="MADE"> tag if present
4528
4529=item 3.
4530
4531A 'true' flag if you want to include a <BASE> tag in the header. This
4532helps resolve relative addresses to absolute ones when the document is moved,
4533but makes the document hierarchy non-portable. Use with care!
4534
4535=item 4, 5, 6...
4536
4537Any other parameters you want to include in the <BODY> tag. This is a good
4538place to put Netscape extensions, such as colors and wallpaper patterns.
4539
4540=back
4541
4542=head2 ENDING THE HTML DOCUMENT:
4543
4544 print $query->end_html
4545
4546This ends an HTML document by printing the </BODY></HTML> tags.
4547
4548=head2 CREATING A SELF-REFERENCING URL THAT PRESERVES STATE INFORMATION:
4549
4550 $myself = $query->self_url;
3d1a2ec4 4551 print q(<A HREF="$myself">I'm talking to myself.</A>);
424ec8fa
GS		 4552
4553self_url() will return a URL, that, when selected, will reinvoke
4554this script with all its state information intact. This is most
4555useful when you want to jump around within the document using
4556internal anchors but you don't want to disrupt the current contents
4557of the form(s). Something like this will do the trick.
4558
4559 $myself = $query->self_url;
4560 print "<A HREF=$myself#table1>See table 1</A>";
4561 print "<A HREF=$myself#table2>See table 2</A>";
4562 print "<A HREF=$myself#yourself>See for yourself</A>";
4563
4564If you want more control over what's returned, using the B<url()>
4565method instead.
4566
4567You can also retrieve the unprocessed query string with query_string():
4568
4569 $the_string = $query->query_string;
4570
4571=head2 OBTAINING THE SCRIPT'S URL
4572
4573 $full_url = $query->url();
4574 $full_url = $query->url(-full=>1); #alternative syntax
4575 $relative_url = $query->url(-relative=>1);
4576 $absolute_url = $query->url(-absolute=>1);
4577 $url_with_path = $query->url(-path_info=>1);
4578 $url_with_path_and_query = $query->url(-path_info=>1,-query=>1);
03b9648d 4579 $netloc = $query->url(-base => 1);
424ec8fa
GS		 4580
4581B<url()> returns the script's URL in a variety of formats. Called
4582without any arguments, it returns the full form of the URL, including
4583host name and port number
4584
4585 http://your.host.com/path/to/script.cgi
4586
4587You can modify this format with the following named arguments:
4588
4589=over 4
4590
4591=item B<-absolute>
4592
4593If true, produce an absolute URL, e.g.
4594
4595 /path/to/script.cgi
4596
4597=item B<-relative>
4598
4599Produce a relative URL. This is useful if you want to reinvoke your
4600script with different parameters. For example:
4601
4602 script.cgi
4603
4604=item B<-full>
4605
4606Produce the full URL, exactly as if called without any arguments.
4607This overrides the -relative and -absolute arguments.
4608
4609=item B<-path> (B<-path_info>)
4610
4611Append the additional path information to the URL. This can be
4612combined with B<-full>, B<-absolute> or B<-relative>. B<-path_info>
4613is provided as a synonym.
4614
4615=item B<-query> (B<-query_string>)
4616
4617Append the query string to the URL. This can be combined with
4618B<-full>, B<-absolute> or B<-relative>. B<-query_string> is provided
4619as a synonym.
4620
03b9648d
JH		 4621=item B<-base>
4622
4623Generate just the protocol and net location, as in http://www.foo.com:8000
4624
424ec8fa
GS		 4625=back
4626
71f3e297
JH		 4627=head2 MIXING POST AND URL PARAMETERS
4628
4629 $color = $query-&gt;url_param('color');
4630
4631It is possible for a script to receive CGI parameters in the URL as
4632well as in the fill-out form by creating a form that POSTs to a URL
4633containing a query string (a "?" mark followed by arguments). The
4634B<param()> method will always return the contents of the POSTed
4635fill-out form, ignoring the URL's query string. To retrieve URL
4636parameters, call the B<url_param()> method. Use it in the same way as
4637B<param()>. The main difference is that it allows you to read the
4638parameters, but not set them.
4639
4640
4641Under no circumstances will the contents of the URL query string
4642interfere with similarly-named CGI parameters in POSTed forms. If you
4643try to mix a URL query string with a form submitted with the GET
4644method, the results will not be what you expect.
4645
424ec8fa
GS		 4646=head1 CREATING STANDARD HTML ELEMENTS:
4647
4648CGI.pm defines general HTML shortcut methods for most, if not all of
4649the HTML 3 and HTML 4 tags. HTML shortcuts are named after a single
4650HTML element and return a fragment of HTML text that you can then
4651print or manipulate as you like. Each shortcut returns a fragment of
4652HTML code that you can append to a string, save to a file, or, most
4653commonly, print out so that it displays in the browser window.
4654
4655This example shows how to use the HTML methods:
4656
4657 $q = new CGI;
4658 print $q->blockquote(
4659 "Many years ago on the island of",
4660 $q->a({href=>"http://crete.org/"},"Crete"),
3538e1d5 4661 "there lived a Minotaur named",
424ec8fa
GS		 4662 $q->strong("Fred."),
4663 ),
4664 $q->hr;
4665
4666This results in the following HTML code (extra newlines have been
4667added for readability):
4668
4669 <blockquote>
4670 Many years ago on the island of
4671 <a HREF="http://crete.org/">Crete</a> there lived
4672 a minotaur named <strong>Fred.</strong>
4673 </blockquote>
4674 <hr>
4675
4676If you find the syntax for calling the HTML shortcuts awkward, you can
4677import them into your namespace and dispense with the object syntax
4678completely (see the next section for more details):
4679
4680 use CGI ':standard';
4681 print blockquote(
4682 "Many years ago on the island of",
4683 a({href=>"http://crete.org/"},"Crete"),
4684 "there lived a minotaur named",
4685 strong("Fred."),
4686 ),
4687 hr;
54310121 4688
424ec8fa 4689=head2 PROVIDING ARGUMENTS TO HTML SHORTCUTS
7d37aa8e 4690
424ec8fa
GS		 4691The HTML methods will accept zero, one or multiple arguments. If you
4692provide no arguments, you get a single tag:
7d37aa8e 4693
424ec8fa 4694 print hr; # <HR>
7d37aa8e 4695
424ec8fa
GS		 4696If you provide one or more string arguments, they are concatenated
4697together with spaces and placed between opening and closing tags:
7d37aa8e 4698
424ec8fa 4699 print h1("Chapter","1"); # <H1>Chapter 1</H1>"
7d37aa8e 4700
424ec8fa
GS		 4701If the first argument is an associative array reference, then the keys
4702and values of the associative array become the HTML tag's attributes:
7d37aa8e 4703
424ec8fa
GS		 4704 print a({-href=>'fred.html',-target=>'_new'},
4705 "Open a new frame");
7d37aa8e 4706
424ec8fa 4707 <A HREF="fred.html",TARGET="_new">Open a new frame</A>
3cb6de81 4708
424ec8fa
GS		 4709You may dispense with the dashes in front of the attribute names if
4710you prefer:
54310121 4711
424ec8fa 4712 print img {src=>'fred.gif',align=>'LEFT'};
54310121 4713
424ec8fa 4714 <IMG ALIGN="LEFT" SRC="fred.gif">
54310121 4715
424ec8fa
GS		 4716Sometimes an HTML tag attribute has no argument. For example, ordered
4717lists can be marked as COMPACT. The syntax for this is an argument that
4718that points to an undef string:
54310121 4719
424ec8fa 4720 print ol({compact=>undef},li('one'),li('two'),li('three'));
47e3cabd 4721
424ec8fa
GS		 4722Prior to CGI.pm version 2.41, providing an empty ('') string as an
4723attribute argument was the same as providing undef. However, this has
f610777f 4724changed in order to accommodate those who want to create tags of the form
424ec8fa 4725<IMG ALT="">. The difference is shown in these two pieces of code:
3cb6de81 4726
424ec8fa
GS		 4727 CODE RESULT
4728 img({alt=>undef}) <IMG ALT>
4729 img({alt=>''}) <IMT ALT="">
7d37aa8e 4730
424ec8fa 4731=head2 THE DISTRIBUTIVE PROPERTY OF HTML SHORTCUTS
7d37aa8e 4732
424ec8fa
GS		 4733One of the cool features of the HTML shortcuts is that they are
4734distributive. If you give them an argument consisting of a
4735B<reference> to a list, the tag will be distributed across each
4736element of the list. For example, here's one way to make an ordered
4737list:
7d37aa8e 4738
424ec8fa 4739 print ul(
6b4ac661 4740 li({-type=>'disc'},['Sneezy','Doc','Sleepy','Happy'])
424ec8fa 4741 );
7d37aa8e 4742
424ec8fa 4743This example will result in HTML output that looks like this:
54310121 4744
424ec8fa
GS		 4745 <UL>
4746 <LI TYPE="disc">Sneezy</LI>
4747 <LI TYPE="disc">Doc</LI>
4748 <LI TYPE="disc">Sleepy</LI>
4749 <LI TYPE="disc">Happy</LI>
4750 </UL>
54310121 4751
424ec8fa 4752This is extremely useful for creating tables. For example:
54310121 4753
424ec8fa
GS		 4754 print table({-border=>undef},
4755 caption('When Should You Eat Your Vegetables?'),
4756 Tr({-align=>CENTER,-valign=>TOP},
4757 [
4758 th(['Vegetable', 'Breakfast','Lunch','Dinner']),
4759 td(['Tomatoes' , 'no', 'yes', 'yes']),
4760 td(['Broccoli' , 'no', 'no', 'yes']),
4761 td(['Onions' , 'yes','yes', 'yes'])
4762 ]
4763 )
4764 );
54310121 4765
424ec8fa 4766=head2 HTML SHORTCUTS AND LIST INTERPOLATION
54310121 4767
424ec8fa 4768Consider this bit of code:
54310121 4769
424ec8fa 4770 print blockquote(em('Hi'),'mom!'));
54310121 4771
424ec8fa 4772It will ordinarily return the string that you probably expect, namely:
54310121 4773
424ec8fa 4774 <BLOCKQUOTE><EM>Hi</EM> mom!</BLOCKQUOTE>
54310121 4775
424ec8fa
GS		 4776Note the space between the element "Hi" and the element "mom!".
4777CGI.pm puts the extra space there using array interpolation, which is
4778controlled by the magic $" variable. Sometimes this extra space is
4779not what you want, for example, when you are trying to align a series
4780of images. In this case, you can simply change the value of $" to an
4781empty string.
54310121 4782
424ec8fa
GS		 4783 {
4784 local($") = '';
4785 print blockquote(em('Hi'),'mom!'));
4786 }
54310121 4787
424ec8fa
GS		 4788I suggest you put the code in a block as shown here. Otherwise the
4789change to $" will affect all subsequent code until you explicitly
4790reset it.
54310121 4791
424ec8fa 4792=head2 NON-STANDARD HTML SHORTCUTS
54310121 4793
424ec8fa
GS		 4794A few HTML tags don't follow the standard pattern for various
4795reasons.
54310121 4796
424ec8fa
GS		 4797B<comment()> generates an HTML comment (<!-- comment -->). Call it
4798like
54310121 4799
424ec8fa 4800 print comment('here is my comment');
54310121 4801
424ec8fa
GS		 4802Because of conflicts with built-in Perl functions, the following functions
4803begin with initial caps:
54310121 4804
424ec8fa
GS		 4805 Select
4806 Tr
4807 Link
4808 Delete
71f3e297
JH		 4809 Accept
4810 Sub
54310121 4811
424ec8fa
GS		 4812In addition, start_html(), end_html(), start_form(), end_form(),
4813start_multipart_form() and all the fill-out form tags are special.
4814See their respective sections.
4815
3d1a2ec4
GS		 4816=head2 AUTOESCAPING HTML
4817
4818By default, all HTML that is emitted by the form-generating functions
4819is passed through a function called escapeHTML():
4820
4821=over 4
4822
4823=item $escaped_string = escapeHTML("unescaped string");
4824
4825Escape HTML formatting characters in a string.
4826
4827=back
4828
4829Provided that you have specified a character set of ISO-8859-1 (the
4830default), the standard HTML escaping rules will be used. The "<"
4831character becomes "&lt;", ">" becomes "&gt;", "&" becomes "&amp;", and
4832the quote character becomes "&quot;". In addition, the hexadecimal
48330x8b and 0x9b characters, which many windows-based browsers interpret
4834as the left and right angle-bracket characters, are replaced by their
4835numeric HTML entities ("&#139" and "&#155;"). If you manually change
4836the charset, either by calling the charset() method explicitly or by
4837passing a -charset argument to header(), then B<all> characters will
4838be replaced by their numeric entities, since CGI.pm has no lookup
4839table for all the possible encodings.
4840
4841The automatic escaping does not apply to other shortcuts, such as
4842h1(). You should call escapeHTML() yourself on untrusted data in
4843order to protect your pages against nasty tricks that people may enter
4844into guestbooks, etc.. To change the character set, use charset().
4845To turn autoescaping off completely, use autoescape():
4846
4847=over 4
4848
4849=item $charset = charset([$charset]);
4850
4851Get or set the current character set.
4852
4853=item $flag = autoEscape([$flag]);
4854
4855Get or set the value of the autoescape flag.
4856
4857=back
4858
71f3e297
JH		 4859=head2 PRETTY-PRINTING HTML
4860
4861By default, all the HTML produced by these functions comes out as one
4862long line without carriage returns or indentation. This is yuck, but
4863it does reduce the size of the documents by 10-20%. To get
4864pretty-printed output, please use L<CGI::Pretty>, a subclass
4865contributed by Brian Paulsen.
4866
424ec8fa 4867=head1 CREATING FILL-OUT FORMS:
54310121 4868
4869I<General note> The various form-creating methods all return strings
4870to the caller, containing the tag or tags that will create the requested
4871form element. You are responsible for actually printing out these strings.
4872It's set up this way so that you can place formatting tags
4873around the form elements.
4874
4875I<Another note> The default values that you specify for the forms are only
4876used the B<first> time the script is invoked (when there is no query
4877string). On subsequent invocations of the script (when there is a query
4878string), the former values are used even if they are blank.
4879
4880If you want to change the value of a field from its previous value, you have two
4881choices:
4882
4883(1) call the param() method to set it.
4884
4885(2) use the -override (alias -force) parameter (a new feature in version 2.15).
4886This forces the default value to be used, regardless of the previous value:
4887
4888 print $query->textfield(-name=>'field_name',
4889 -default=>'starting value',
4890 -override=>1,
4891 -size=>50,
4892 -maxlength=>80);
4893
4894I<Yet another note> By default, the text and labels of form elements are
4895escaped according to HTML rules. This means that you can safely use
4896"<CLICK ME>" as the label for a button. However, it also interferes with
4897your ability to incorporate special HTML character sequences, such as &Aacute;,
4898into your fields. If you wish to turn off automatic escaping, call the
4899autoEscape() method with a false value immediately after creating the CGI object:
4900
4901 $query = new CGI;
4902 $query->autoEscape(undef);
3cb6de81 4903
54310121 4904=head2 CREATING AN ISINDEX TAG
4905
4906 print $query->isindex(-action=>$action);
4907
4908 -or-
4909
4910 print $query->isindex($action);
4911
4912Prints out an <ISINDEX> tag. Not very exciting. The parameter
4913-action specifies the URL of the script to process the query. The
4914default is to process the query with the current script.
4915
4916=head2 STARTING AND ENDING A FORM
4917
3d1a2ec4 4918 print $query->start_form(-method=>$method,
54310121 4919 -action=>$action,
71f3e297 4920 -enctype=>$encoding);
54310121 4921 <... various form stuff ...>
4922 print $query->endform;
4923
4924 -or-
4925
3d1a2ec4 4926 print $query->start_form($method,$action,$encoding);
54310121 4927 <... various form stuff ...>
4928 print $query->endform;
4929
3d1a2ec4 4930start_form() will return a <FORM> tag with the optional method,
54310121 4931action and form encoding that you specify. The defaults are:
3cb6de81 4932
54310121 4933 method: POST
4934 action: this script
71f3e297 4935 enctype: application/x-www-form-urlencoded
54310121 4936
4937endform() returns the closing </FORM> tag.
4938
3d1a2ec4 4939Start_form()'s enctype argument tells the browser how to package the various
54310121 4940fields of the form before sending the form to the server. Two
4941values are possible:
4942
3d1a2ec4
GS		 4943B<Note:> This method was previously named startform(), and startform()
4944is still recognized as an alias.
4945
54310121 4946=over 4
4947
4948=item B<application/x-www-form-urlencoded>
4949
4950This is the older type of encoding used by all browsers prior to
4951Netscape 2.0. It is compatible with many CGI scripts and is
4952suitable for short fields containing text data. For your
4953convenience, CGI.pm stores the name of this encoding
6b4ac661 4954type in B<&CGI::URL_ENCODED>.
54310121 4955
4956=item B<multipart/form-data>
4957
4958This is the newer type of encoding introduced by Netscape 2.0.
4959It is suitable for forms that contain very large fields or that
4960are intended for transferring binary data. Most importantly,
4961it enables the "file upload" feature of Netscape 2.0 forms. For
4962your convenience, CGI.pm stores the name of this encoding type
424ec8fa 4963in B<&CGI::MULTIPART>
54310121 4964
4965Forms that use this type of encoding are not easily interpreted
4966by CGI scripts unless they use CGI.pm or another library designed
4967to handle them.
4968
4969=back
4970
3d1a2ec4 4971For compatibility, the start_form() method uses the older form of
54310121 4972encoding by default. If you want to use the newer form of encoding
4973by default, you can call B<start_multipart_form()> instead of
3d1a2ec4 4974B<start_form()>.
54310121 4975
4976JAVASCRIPTING: The B<-name> and B<-onSubmit> parameters are provided
4977for use with JavaScript. The -name parameter gives the
4978form a name so that it can be identified and manipulated by
4979JavaScript functions. -onSubmit should point to a JavaScript
4980function that will be executed just before the form is submitted to your
4981server. You can use this opportunity to check the contents of the form
4982for consistency and completeness. If you find something wrong, you
4983can put up an alert box or maybe fix things up yourself. You can
4984abort the submission by returning false from this function.
4985
4986Usually the bulk of JavaScript functions are defined in a <SCRIPT>
4987block in the HTML header and -onSubmit points to one of these function
4988call. See start_html() for details.
4989
4990=head2 CREATING A TEXT FIELD
4991
4992 print $query->textfield(-name=>'field_name',
4993 -default=>'starting value',
4994 -size=>50,
4995 -maxlength=>80);
4996 -or-
4997
4998 print $query->textfield('field_name','starting value',50,80);
4999
5000textfield() will return a text input field.
5001
5002=over 4
5003
5004=item B<Parameters>
5005
5006=item 1.
5007
5008The first parameter is the required name for the field (-name).
5009
5010=item 2.
5011
5012The optional second parameter is the default starting value for the field
5013contents (-default).
5014
5015=item 3.
5016
5017The optional third parameter is the size of the field in
5018 characters (-size).
5019
5020=item 4.
5021
5022The optional fourth parameter is the maximum number of characters the
5023 field will accept (-maxlength).
5024
5025=back
5026
5027As with all these methods, the field will be initialized with its
5028previous contents from earlier invocations of the script.
5029When the form is processed, the value of the text field can be
5030retrieved with:
5031
5032 $value = $query->param('foo');
5033
5034If you want to reset it from its initial value after the script has been
5035called once, you can do so like this:
5036
5037 $query->param('foo',"I'm taking over this value!");
5038
5039NEW AS OF VERSION 2.15: If you don't want the field to take on its previous
5040value, you can force its current value by using the -override (alias -force)
5041parameter:
5042
5043 print $query->textfield(-name=>'field_name',
5044 -default=>'starting value',
5045 -override=>1,
5046 -size=>50,
5047 -maxlength=>80);
5048
424ec8fa
GS		 5049JAVASCRIPTING: You can also provide B<-onChange>, B<-onFocus>,
5050B<-onBlur>, B<-onMouseOver>, B<-onMouseOut> and B<-onSelect>
5051parameters to register JavaScript event handlers. The onChange
5052handler will be called whenever the user changes the contents of the
5053text field. You can do text validation if you like. onFocus and
5054onBlur are called respectively when the insertion point moves into and
5055out of the text field. onSelect is called when the user changes the
5056portion of the text that is selected.
54310121 5057
5058=head2 CREATING A BIG TEXT FIELD
5059
5060 print $query->textarea(-name=>'foo',
5061 -default=>'starting value',
5062 -rows=>10,
5063 -columns=>50);
5064
5065 -or
5066
5067 print $query->textarea('foo','starting value',10,50);
5068
5069textarea() is just like textfield, but it allows you to specify
5070rows and columns for a multiline text entry box. You can provide
5071a starting value for the field, which can be long and contain
5072multiple lines.
5073
424ec8fa
GS		 5074JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur> ,
5075B<-onMouseOver>, B<-onMouseOut>, and B<-onSelect> parameters are
5076recognized. See textfield().
54310121 5077
5078=head2 CREATING A PASSWORD FIELD
5079
5080 print $query->password_field(-name=>'secret',
5081 -value=>'starting value',
5082 -size=>50,
5083 -maxlength=>80);
5084 -or-
5085
5086 print $query->password_field('secret','starting value',50,80);
5087
5088password_field() is identical to textfield(), except that its contents
5089will be starred out on the web page.
5090
424ec8fa
GS		 5091JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur>,
5092B<-onMouseOver>, B<-onMouseOut> and B<-onSelect> parameters are
5093recognized. See textfield().
54310121 5094
5095=head2 CREATING A FILE UPLOAD FIELD
5096
5097 print $query->filefield(-name=>'uploaded_file',
5098 -default=>'starting value',
5099 -size=>50,
5100 -maxlength=>80);
5101 -or-
5102
5103 print $query->filefield('uploaded_file','starting value',50,80);
5104
5105filefield() will return a file upload field for Netscape 2.0 browsers.
5106In order to take full advantage of this I<you must use the new
5107multipart encoding scheme> for the form. You can do this either
6b4ac661 5108by calling B<start_form()> with an encoding type of B<&CGI::MULTIPART>,
54310121 5109or by calling the new method B<start_multipart_form()> instead of
3d1a2ec4 5110vanilla B<start_form()>.
54310121 5111
5112=over 4
5113
5114=item B<Parameters>
5115
5116=item 1.
5117
5118The first parameter is the required name for the field (-name).
5119
5120=item 2.
5121
5122The optional second parameter is the starting value for the field contents
5123to be used as the default file name (-default).
5124
71f3e297
JH		 5125For security reasons, browsers don't pay any attention to this field,
5126and so the starting value will always be blank. Worse, the field
5127loses its "sticky" behavior and forgets its previous contents. The
5128starting value field is called for in the HTML specification, however,
5129and possibly some browser will eventually provide support for it.
54310121 5130
5131=item 3.
5132
5133The optional third parameter is the size of the field in
5134characters (-size).
5135
5136=item 4.
5137
5138The optional fourth parameter is the maximum number of characters the
5139field will accept (-maxlength).
5140
5141=back
5142
5143When the form is processed, you can retrieve the entered filename
3538e1d5 5144by calling param():
54310121 5145
5146 $filename = $query->param('uploaded_file');
5147
3538e1d5
GS		 5148Different browsers will return slightly different things for the
5149name. Some browsers return the filename only. Others return the full
5150path to the file, using the path conventions of the user's machine.
5151Regardless, the name returned is always the name of the file on the
5152I<user's> machine, and is unrelated to the name of the temporary file
5153that CGI.pm creates during upload spooling (see below).
54310121 5154
5155The filename returned is also a file handle. You can read the contents
5156of the file using standard Perl file reading calls:
5157
5158 # Read a text file and print it out
5159 while (<$filename>) {
5160 print;
5161 }
5162
5163 # Copy a binary file to somewhere safe
5164 open (OUTFILE,">>/usr/local/web/users/feedback");
5165 while ($bytesread=read($filename,$buffer,1024)) {
5166 print OUTFILE $buffer;
5167 }
5168
3538e1d5
GS		 5169However, there are problems with the dual nature of the upload fields.
5170If you C<use strict>, then Perl will complain when you try to use a
5171string as a filehandle. You can get around this by placing the file
5172reading code in a block containing the C<no strict> pragma. More
5173seriously, it is possible for the remote user to type garbage into the
5174upload field, in which case what you get from param() is not a
5175filehandle at all, but a string.
5176
5177To be safe, use the I<upload()> function (new in version 2.47). When
5178called with the name of an upload field, I<upload()> returns a
5179filehandle, or undef if the parameter is not a valid filehandle.
5180
5181 $fh = $query->upload('uploaded_file');
5182 while (<$fh>) {
5183 print;
5184 }
5185
199d4a26
JH		 5186In an array context, upload() will return an array of filehandles.
5187This makes it possible to create forms that use the same name for
5188multiple upload fields.
5189
3538e1d5
GS		 5190This is the recommended idiom.
5191
54310121 5192When a file is uploaded the browser usually sends along some
5193information along with it in the format of headers. The information
5194usually includes the MIME content type. Future browsers may send
5195other information as well (such as modification date and size). To
5196retrieve this information, call uploadInfo(). It returns a reference to
5197an associative array containing all the document headers.
5198
5199 $filename = $query->param('uploaded_file');
5200 $type = $query->uploadInfo($filename)->{'Content-Type'};
5201 unless ($type eq 'text/html') {
5202 die "HTML FILES ONLY!";
5203 }
5204
5205If you are using a machine that recognizes "text" and "binary" data
5206modes, be sure to understand when and how to use them (see the Camel book).
3538e1d5
GS		 5207Otherwise you may find that binary files are corrupted during file
5208uploads.
5209
5210There are occasionally problems involving parsing the uploaded file.
5211This usually happens when the user presses "Stop" before the upload is
5212finished. In this case, CGI.pm will return undef for the name of the
5213uploaded file and set I<cgi_error()> to the string "400 Bad request
5214(malformed multipart POST)". This error message is designed so that
5215you can incorporate it into a status code to be sent to the browser.
5216Example:
5217
5218 $file = $query->upload('uploaded_file');
5219 if (!$file && $query->cgi_error) {
ffd2dff2 5220 print $query->header(-status=>$query->cgi_error);
3538e1d5
GS		 5221 exit 0;
5222 }
5223
5224You are free to create a custom HTML page to complain about the error,
5225if you wish.
54310121 5226
199d4a26
JH		 5227If you are using CGI.pm on a Windows platform and find that binary
5228files get slightly larger when uploaded but that text files remain the
5229same, then you have forgotten to activate binary mode on the output
5230filehandle. Be sure to call binmode() on any handle that you create
5231to write the uploaded file to disk.
5232
424ec8fa
GS		 5233JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur>,
5234B<-onMouseOver>, B<-onMouseOut> and B<-onSelect> parameters are
5235recognized. See textfield() for details.
54310121 5236
5237=head2 CREATING A POPUP MENU
5238
5239 print $query->popup_menu('menu_name',
5240 ['eenie','meenie','minie'],
5241 'meenie');
5242
5243 -or-
5244
5245 %labels = ('eenie'=>'your first choice',
5246 'meenie'=>'your second choice',
5247 'minie'=>'your third choice');
5248 print $query->popup_menu('menu_name',
5249 ['eenie','meenie','minie'],
5250 'meenie',\%labels);
5251
5252 -or (named parameter style)-
5253
5254 print $query->popup_menu(-name=>'menu_name',
5255 -values=>['eenie','meenie','minie'],
5256 -default=>'meenie',
5257 -labels=>\%labels);
5258
5259popup_menu() creates a menu.
5260
5261=over 4
5262
5263=item 1.
5264
5265The required first argument is the menu's name (-name).
5266
5267=item 2.
5268
5269The required second argument (-values) is an array B<reference>
5270containing the list of menu items in the menu. You can pass the
5271method an anonymous array, as shown in the example, or a reference to
5272a named array, such as "\@foo".
5273
5274=item 3.
5275
5276The optional third parameter (-default) is the name of the default
5277menu choice. If not specified, the first item will be the default.
5278The values of the previous choice will be maintained across queries.
5279
5280=item 4.
5281
5282The optional fourth parameter (-labels) is provided for people who
5283want to use different values for the user-visible label inside the
5284popup menu nd the value returned to your script. It's a pointer to an
5285associative array relating menu values to user-visible labels. If you
5286leave this parameter blank, the menu values will be displayed by
5287default. (You can also leave a label undefined if you want to).
5288
5289=back
5290
5291When the form is processed, the selected value of the popup menu can
5292be retrieved using:
5293
5294 $popup_menu_value = $query->param('menu_name');
5295
5296JAVASCRIPTING: popup_menu() recognizes the following event handlers:
424ec8fa
GS		 5297B<-onChange>, B<-onFocus>, B<-onMouseOver>, B<-onMouseOut>, and
5298B<-onBlur>. See the textfield() section for details on when these
5299handlers are called.
54310121 5300
5301=head2 CREATING A SCROLLING LIST
5302
5303 print $query->scrolling_list('list_name',
5304 ['eenie','meenie','minie','moe'],
5305 ['eenie','moe'],5,'true');
5306 -or-
5307
5308 print $query->scrolling_list('list_name',
5309 ['eenie','meenie','minie','moe'],
5310 ['eenie','moe'],5,'true',
5311 \%labels);
5312
5313 -or-
5314
5315 print $query->scrolling_list(-name=>'list_name',
5316 -values=>['eenie','meenie','minie','moe'],
5317 -default=>['eenie','moe'],
5318 -size=>5,
5319 -multiple=>'true',
5320 -labels=>\%labels);
5321
5322scrolling_list() creates a scrolling list.
5323
5324=over 4
5325
5326=item B<Parameters:>
5327
5328=item 1.
5329
5330The first and second arguments are the list name (-name) and values
5331(-values). As in the popup menu, the second argument should be an
5332array reference.
5333
5334=item 2.
5335
5336The optional third argument (-default) can be either a reference to a
5337list containing the values to be selected by default, or can be a
5338single value to select. If this argument is missing or undefined,
5339then nothing is selected when the list first appears. In the named
5340parameter version, you can use the synonym "-defaults" for this
5341parameter.
5342
5343=item 3.
5344
5345The optional fourth argument is the size of the list (-size).
5346
5347=item 4.
5348
5349The optional fifth argument can be set to true to allow multiple
5350simultaneous selections (-multiple). Otherwise only one selection
5351will be allowed at a time.
5352
5353=item 5.
5354
5355The optional sixth argument is a pointer to an associative array
5356containing long user-visible labels for the list items (-labels).
5357If not provided, the values will be displayed.
5358
5359When this form is processed, all selected list items will be returned as
5360a list under the parameter name 'list_name'. The values of the
5361selected items can be retrieved with:
5362
5363 @selected = $query->param('list_name');
5364
5365=back
5366
424ec8fa
GS		 5367JAVASCRIPTING: scrolling_list() recognizes the following event
5368handlers: B<-onChange>, B<-onFocus>, B<-onMouseOver>, B<-onMouseOut>
5369and B<-onBlur>. See textfield() for the description of when these
5370handlers are called.
54310121 5371
5372=head2 CREATING A GROUP OF RELATED CHECKBOXES
5373
5374 print $query->checkbox_group(-name=>'group_name',
5375 -values=>['eenie','meenie','minie','moe'],
5376 -default=>['eenie','moe'],
5377 -linebreak=>'true',
5378 -labels=>\%labels);
5379
5380 print $query->checkbox_group('group_name',
5381 ['eenie','meenie','minie','moe'],
5382 ['eenie','moe'],'true',\%labels);
5383
5384 HTML3-COMPATIBLE BROWSERS ONLY:
5385
5386 print $query->checkbox_group(-name=>'group_name',
5387 -values=>['eenie','meenie','minie','moe'],
5388 -rows=2,-columns=>2);
3cb6de81 5389
54310121 5390
5391checkbox_group() creates a list of checkboxes that are related
5392by the same name.
5393
5394=over 4
5395
5396=item B<Parameters:>
5397
5398=item 1.
5399
5400The first and second arguments are the checkbox name and values,
5401respectively (-name and -values). As in the popup menu, the second
5402argument should be an array reference. These values are used for the
5403user-readable labels printed next to the checkboxes as well as for the
5404values passed to your script in the query string.
5405
5406=item 2.
5407
5408The optional third argument (-default) can be either a reference to a
5409list containing the values to be checked by default, or can be a
5410single value to checked. If this argument is missing or undefined,
5411then nothing is selected when the list first appears.
5412
5413=item 3.
5414
5415The optional fourth argument (-linebreak) can be set to true to place
5416line breaks between the checkboxes so that they appear as a vertical
5417list. Otherwise, they will be strung together on a horizontal line.
5418
5419=item 4.
5420
5421The optional fifth argument is a pointer to an associative array
7a2e2cd6 5422relating the checkbox values to the user-visible labels that will
54310121 5423be printed next to them (-labels). If not provided, the values will
5424be used as the default.
5425
5426=item 5.
5427
424ec8fa
GS		 5428B<HTML3-compatible browsers> (such as Netscape) can take advantage of
5429the optional parameters B<-rows>, and B<-columns>. These parameters
5430cause checkbox_group() to return an HTML3 compatible table containing
5431the checkbox group formatted with the specified number of rows and
5432columns. You can provide just the -columns parameter if you wish;
5433checkbox_group will calculate the correct number of rows for you.
54310121 5434
5435To include row and column headings in the returned table, you
424ec8fa 5436can use the B<-rowheaders> and B<-colheaders> parameters. Both
54310121 5437of these accept a pointer to an array of headings to use.
5438The headings are just decorative. They don't reorganize the
5439interpretation of the checkboxes -- they're still a single named
5440unit.
5441
5442=back
5443
5444When the form is processed, all checked boxes will be returned as
5445a list under the parameter name 'group_name'. The values of the
5446"on" checkboxes can be retrieved with:
5447
5448 @turned_on = $query->param('group_name');
5449
5450The value returned by checkbox_group() is actually an array of button
5451elements. You can capture them and use them within tables, lists,
5452or in other creative ways:
5453
5454 @h = $query->checkbox_group(-name=>'group_name',-values=>\@values);
5455 &use_in_creative_way(@h);
5456
5457JAVASCRIPTING: checkbox_group() recognizes the B<-onClick>
5458parameter. This specifies a JavaScript code fragment or
5459function call to be executed every time the user clicks on
5460any of the buttons in the group. You can retrieve the identity
5461of the particular button clicked on using the "this" variable.
5462
5463=head2 CREATING A STANDALONE CHECKBOX
5464
5465 print $query->checkbox(-name=>'checkbox_name',
5466 -checked=>'checked',
5467 -value=>'ON',
5468 -label=>'CLICK ME');
5469
5470 -or-
5471
5472 print $query->checkbox('checkbox_name','checked','ON','CLICK ME');
5473
5474checkbox() is used to create an isolated checkbox that isn't logically
5475related to any others.
5476
5477=over 4
5478
5479=item B<Parameters:>
5480
5481=item 1.
5482
5483The first parameter is the required name for the checkbox (-name). It
5484will also be used for the user-readable label printed next to the
5485checkbox.
5486
5487=item 2.
5488
5489The optional second parameter (-checked) specifies that the checkbox
5490is turned on by default. Synonyms are -selected and -on.
5491
5492=item 3.
5493
5494The optional third parameter (-value) specifies the value of the
5495checkbox when it is checked. If not provided, the word "on" is
5496assumed.
5497
5498=item 4.
5499
5500The optional fourth parameter (-label) is the user-readable label to
5501be attached to the checkbox. If not provided, the checkbox name is
5502used.
5503
5504=back
5505
5506The value of the checkbox can be retrieved using:
5507
5508 $turned_on = $query->param('checkbox_name');
5509
5510JAVASCRIPTING: checkbox() recognizes the B<-onClick>
5511parameter. See checkbox_group() for further details.
5512
5513=head2 CREATING A RADIO BUTTON GROUP
5514
5515 print $query->radio_group(-name=>'group_name',
5516 -values=>['eenie','meenie','minie'],
5517 -default=>'meenie',
5518 -linebreak=>'true',
5519 -labels=>\%labels);
5520
5521 -or-
5522
5523 print $query->radio_group('group_name',['eenie','meenie','minie'],
5524 'meenie','true',\%labels);
5525
5526
5527 HTML3-COMPATIBLE BROWSERS ONLY:
5528
5529 print $query->radio_group(-name=>'group_name',
5530 -values=>['eenie','meenie','minie','moe'],
5531 -rows=2,-columns=>2);
5532
5533radio_group() creates a set of logically-related radio buttons
5534(turning one member of the group on turns the others off)
5535
5536=over 4
5537
5538=item B<Parameters:>
5539
5540=item 1.
5541
5542The first argument is the name of the group and is required (-name).
5543
5544=item 2.
5545
5546The second argument (-values) is the list of values for the radio
5547buttons. The values and the labels that appear on the page are
5548identical. Pass an array I<reference> in the second argument, either
5549using an anonymous array, as shown, or by referencing a named array as
5550in "\@foo".
5551
5552=item 3.
5553
5554The optional third parameter (-default) is the name of the default
5555button to turn on. If not specified, the first item will be the
5556default. You can provide a nonexistent button name, such as "-" to
5557start up with no buttons selected.
5558
5559=item 4.
5560
5561The optional fourth parameter (-linebreak) can be set to 'true' to put
5562line breaks between the buttons, creating a vertical list.
5563
5564=item 5.
5565
5566The optional fifth parameter (-labels) is a pointer to an associative
5567array relating the radio button values to user-visible labels to be
5568used in the display. If not provided, the values themselves are
5569displayed.
5570
5571=item 6.
5572
5573B<HTML3-compatible browsers> (such as Netscape) can take advantage
5574of the optional
5575parameters B<-rows>, and B<-columns>. These parameters cause
5576radio_group() to return an HTML3 compatible table containing
5577the radio group formatted with the specified number of rows
5578and columns. You can provide just the -columns parameter if you
5579wish; radio_group will calculate the correct number of rows
5580for you.
5581
5582To include row and column headings in the returned table, you
5583can use the B<-rowheader> and B<-colheader> parameters. Both
5584of these accept a pointer to an array of headings to use.
5585The headings are just decorative. They don't reorganize the
f610777f 5586interpretation of the radio buttons -- they're still a single named
54310121 5587unit.
5588
5589=back
5590
5591When the form is processed, the selected radio button can
5592be retrieved using:
5593
5594 $which_radio_button = $query->param('group_name');
5595
5596The value returned by radio_group() is actually an array of button
5597elements. You can capture them and use them within tables, lists,
5598or in other creative ways:
5599
5600 @h = $query->radio_group(-name=>'group_name',-values=>\@values);
5601 &use_in_creative_way(@h);
5602
5603=head2 CREATING A SUBMIT BUTTON
5604
5605 print $query->submit(-name=>'button_name',
5606 -value=>'value');
5607
5608 -or-
5609
5610 print $query->submit('button_name','value');
5611
5612submit() will create the query submission button. Every form
5613should have one of these.
5614
5615=over 4
5616
5617=item B<Parameters:>
5618
5619=item 1.
5620
5621The first argument (-name) is optional. You can give the button a
5622name if you have several submission buttons in your form and you want
5623to distinguish between them. The name will also be used as the
5624user-visible label. Be aware that a few older browsers don't deal with this correctly and
5625B<never> send back a value from a button.
5626
5627=item 2.
5628
5629The second argument (-value) is also optional. This gives the button
5630a value that will be passed to your script in the query string.
5631
5632=back
5633
5634You can figure out which button was pressed by using different
5635values for each one:
5636
5637 $which_one = $query->param('button_name');
5638
5639JAVASCRIPTING: radio_group() recognizes the B<-onClick>
5640parameter. See checkbox_group() for further details.
5641
5642=head2 CREATING A RESET BUTTON
5643
5644 print $query->reset
5645
5646reset() creates the "reset" button. Note that it restores the
5647form to its value from the last time the script was called,
5648NOT necessarily to the defaults.
5649
71f3e297
JH		 5650Note that this conflicts with the Perl reset() built-in. Use
5651CORE::reset() to get the original reset function.
5652
54310121 5653=head2 CREATING A DEFAULT BUTTON
5654
5655 print $query->defaults('button_label')
5656
5657defaults() creates a button that, when invoked, will cause the
5658form to be completely reset to its defaults, wiping out all the
5659changes the user ever made.
5660
5661=head2 CREATING A HIDDEN FIELD
5662
5663 print $query->hidden(-name=>'hidden_name',
5664 -default=>['value1','value2'...]);
5665
5666 -or-
5667
5668 print $query->hidden('hidden_name','value1','value2'...);
5669
5670hidden() produces a text field that can't be seen by the user. It
5671is useful for passing state variable information from one invocation
5672of the script to the next.
5673
5674=over 4
5675
5676=item B<Parameters:>
5677
5678=item 1.
5679
5680The first argument is required and specifies the name of this
5681field (-name).
5682
5683=item 2.
5684
5685The second argument is also required and specifies its value
5686(-default). In the named parameter style of calling, you can provide
5687a single value here or a reference to a whole list
5688
5689=back
5690
5691Fetch the value of a hidden field this way:
5692
5693 $hidden_value = $query->param('hidden_name');
5694
5695Note, that just like all the other form elements, the value of a
5696hidden field is "sticky". If you want to replace a hidden field with
5697some other values after the script has been called once you'll have to
5698do it manually:
5699
5700 $query->param('hidden_name','new','values','here');
5701
5702=head2 CREATING A CLICKABLE IMAGE BUTTON
5703
5704 print $query->image_button(-name=>'button_name',
5705 -src=>'/source/URL',
5706 -align=>'MIDDLE');
5707
5708 -or-
5709
5710 print $query->image_button('button_name','/source/URL','MIDDLE');
5711
5712image_button() produces a clickable image. When it's clicked on the
5713position of the click is returned to your script as "button_name.x"
5714and "button_name.y", where "button_name" is the name you've assigned
5715to it.
5716
5717JAVASCRIPTING: image_button() recognizes the B<-onClick>
5718parameter. See checkbox_group() for further details.
5719
5720=over 4
5721
5722=item B<Parameters:>
5723
5724=item 1.
5725
5726The first argument (-name) is required and specifies the name of this
5727field.
5728
5729=item 2.
5730
5731The second argument (-src) is also required and specifies the URL
5732
5733=item 3.
551e1d92 5734
54310121 5735The third option (-align, optional) is an alignment type, and may be
5736TOP, BOTTOM or MIDDLE
5737
5738=back
5739
5740Fetch the value of the button this way:
5741 $x = $query->param('button_name.x');
5742 $y = $query->param('button_name.y');
5743
5744=head2 CREATING A JAVASCRIPT ACTION BUTTON
5745
5746 print $query->button(-name=>'button_name',
5747 -value=>'user visible label',
5748 -onClick=>"do_something()");
5749
5750 -or-
5751
5752 print $query->button('button_name',"do_something()");
5753
5754button() produces a button that is compatible with Netscape 2.0's
5755JavaScript. When it's pressed the fragment of JavaScript code
5756pointed to by the B<-onClick> parameter will be executed. On
5757non-Netscape browsers this form element will probably not even
5758display.
5759
71f3e297 5760=head1 HTTP COOKIES
54310121 5761
71f3e297
JH		 5762Netscape browsers versions 1.1 and higher, and all versions of
5763Internet Explorer, support a so-called "cookie" designed to help
5764maintain state within a browser session. CGI.pm has several methods
5765that support cookies.
54310121 5766
5767A cookie is a name=value pair much like the named parameters in a CGI
5768query string. CGI scripts create one or more cookies and send
5769them to the browser in the HTTP header. The browser maintains a list
5770of cookies that belong to a particular Web server, and returns them
5771to the CGI script during subsequent interactions.
5772
5773In addition to the required name=value pair, each cookie has several
5774optional attributes:
5775
5776=over 4
5777
5778=item 1. an expiration time
5779
5780This is a time/date string (in a special GMT format) that indicates
5781when a cookie expires. The cookie will be saved and returned to your
5782script until this expiration date is reached if the user exits
71f3e297
JH		 5783the browser and restarts it. If an expiration date isn't specified, the cookie
5784will remain active until the user quits the browser.
54310121 5785
5786=item 2. a domain
5787
5788This is a partial or complete domain name for which the cookie is
5789valid. The browser will return the cookie to any host that matches
5790the partial domain name. For example, if you specify a domain name
71f3e297 5791of ".capricorn.com", then the browser will return the cookie to
54310121 5792Web servers running on any of the machines "www.capricorn.com",
5793"www2.capricorn.com", "feckless.capricorn.com", etc. Domain names
5794must contain at least two periods to prevent attempts to match
5795on top level domains like ".edu". If no domain is specified, then
5796the browser will only return the cookie to servers on the host the
5797cookie originated from.
5798
5799=item 3. a path
5800
5801If you provide a cookie path attribute, the browser will check it
5802against your script's URL before returning the cookie. For example,
5803if you specify the path "/cgi-bin", then the cookie will be returned
5804to each of the scripts "/cgi-bin/tally.pl", "/cgi-bin/order.pl",
5805and "/cgi-bin/customer_service/complain.pl", but not to the script
5806"/cgi-private/site_admin.pl". By default, path is set to "/", which
5807causes the cookie to be sent to any CGI script on your site.
5808
5809=item 4. a "secure" flag
5810
5811If the "secure" attribute is set, the cookie will only be sent to your
5812script if the CGI request is occurring on a secure channel, such as SSL.
5813
5814=back
5815
71f3e297 5816The interface to HTTP cookies is the B<cookie()> method:
54310121 5817
5818 $cookie = $query->cookie(-name=>'sessionID',
5819 -value=>'xyzzy',
5820 -expires=>'+1h',
5821 -path=>'/cgi-bin/database',
5822 -domain=>'.capricorn.org',
5823 -secure=>1);
5824 print $query->header(-cookie=>$cookie);
5825
5826B<cookie()> creates a new cookie. Its parameters include:
5827
5828=over 4
5829
5830=item B<-name>
5831
5832The name of the cookie (required). This can be any string at all.
71f3e297 5833Although browsers limit their cookie names to non-whitespace
54310121 5834alphanumeric characters, CGI.pm removes this restriction by escaping
5835and unescaping cookies behind the scenes.
5836
5837=item B<-value>
5838
5839The value of the cookie. This can be any scalar value,
5840array reference, or even associative array reference. For example,
5841you can store an entire associative array into a cookie this way:
5842
5843 $cookie=$query->cookie(-name=>'family information',
5844 -value=>\%childrens_ages);
5845
5846=item B<-path>
5847
5848The optional partial path for which this cookie will be valid, as described
5849above.
5850
5851=item B<-domain>
5852
5853The optional partial domain for which this cookie will be valid, as described
5854above.
5855
5856=item B<-expires>
5857
5858The optional expiration date for this cookie. The format is as described
5859in the section on the B<header()> method:
5860
5861 "+1h" one hour from now
5862
5863=item B<-secure>
5864
5865If set to true, this cookie will only be used within a secure
5866SSL session.
5867
5868=back
5869
5870The cookie created by cookie() must be incorporated into the HTTP
5871header within the string returned by the header() method:
5872
5873 print $query->header(-cookie=>$my_cookie);
5874
5875To create multiple cookies, give header() an array reference:
5876
5877 $cookie1 = $query->cookie(-name=>'riddle_name',
5878 -value=>"The Sphynx's Question");
5879 $cookie2 = $query->cookie(-name=>'answers',
5880 -value=>\%answers);
5881 print $query->header(-cookie=>[$cookie1,$cookie2]);
5882
03b9648d
JH		 5883To retrieve a cookie, request it by name by calling cookie() method
5884without the B<-value> parameter:
54310121 5885
5886 use CGI;
5887 $query = new CGI;
03b9648d
JH		 5888 $riddle = $query->cookie('riddle_name');
5889 %answers = $query->cookie('answers');
5890
5891Cookies created with a single scalar value, such as the "riddle_name"
5892cookie, will be returned in that form. Cookies with array and hash
5893values can also be retrieved.
54310121 5894
5895The cookie and CGI namespaces are separate. If you have a parameter
5896named 'answers' and a cookie named 'answers', the values retrieved by
5897param() and cookie() are independent of each other. However, it's
5898simple to turn a CGI parameter into a cookie, and vice-versa:
5899
5900 # turn a CGI parameter into a cookie
5901 $c=$q->cookie(-name=>'answers',-value=>[$q->param('answers')]);
5902 # vice-versa
5903 $q->param(-name=>'answers',-value=>[$q->cookie('answers')]);
5904
5905See the B<cookie.cgi> example script for some ideas on how to use
5906cookies effectively.
5907
71f3e297 5908=head1 WORKING WITH FRAMES
54310121 5909
71f3e297
JH		 5910It's possible for CGI.pm scripts to write into several browser panels
5911and windows using the HTML 4 frame mechanism. There are three
5912techniques for defining new frames programmatically:
54310121 5913
5914=over 4
5915
5916=item 1. Create a <Frameset> document
5917
5918After writing out the HTTP header, instead of creating a standard
5919HTML document using the start_html() call, create a <FRAMESET>
5920document that defines the frames on the page. Specify your script(s)
5921(with appropriate parameters) as the SRC for each of the frames.
5922
5923There is no specific support for creating <FRAMESET> sections
5924in CGI.pm, but the HTML is very simple to write. See the frame
5925documentation in Netscape's home pages for details
5926
5927 http://home.netscape.com/assist/net_sites/frames.html
5928
5929=item 2. Specify the destination for the document in the HTTP header
5930
5931You may provide a B<-target> parameter to the header() method:
3cb6de81 5932
54310121 5933 print $q->header(-target=>'ResultsWindow');
5934
71f3e297
JH		 5935This will tell the browser to load the output of your script into the
5936frame named "ResultsWindow". If a frame of that name doesn't already
5937exist, the browser will pop up a new window and load your script's
5938document into that. There are a number of magic names that you can
5939use for targets. See the frame documents on Netscape's home pages for
5940details.
54310121 5941
5942=item 3. Specify the destination for the document in the <FORM> tag
5943
5944You can specify the frame to load in the FORM tag itself. With
5945CGI.pm it looks like this:
5946
3d1a2ec4 5947 print $q->start_form(-target=>'ResultsWindow');
54310121 5948
5949When your script is reinvoked by the form, its output will be loaded
5950into the frame named "ResultsWindow". If one doesn't already exist
5951a new window will be created.
5952
5953=back
5954
5955The script "frameset.cgi" in the examples directory shows one way to
5956create pages in which the fill-out form and the response live in
5957side-by-side frames.
5958
7d37aa8e
LS		 5959=head1 LIMITED SUPPORT FOR CASCADING STYLE SHEETS
5960
5961CGI.pm has limited support for HTML3's cascading style sheets (css).
5962To incorporate a stylesheet into your document, pass the
5963start_html() method a B<-style> parameter. The value of this
5964parameter may be a scalar, in which case it is incorporated directly
5965into a <STYLE> section, or it may be a hash reference. In the latter
5966case you should provide the hash with one or more of B<-src> or
5967B<-code>. B<-src> points to a URL where an externally-defined
5968stylesheet can be found. B<-code> points to a scalar value to be
5969incorporated into a <STYLE> section. Style definitions in B<-code>
5970override similarly-named ones in B<-src>, hence the name "cascading."
5971
424ec8fa
GS		 5972You may also specify the type of the stylesheet by adding the optional
5973B<-type> parameter to the hash pointed to by B<-style>. If not
5974specified, the style defaults to 'text/css'.
5975
7d37aa8e
LS		 5976To refer to a style within the body of your document, add the
5977B<-class> parameter to any HTML element:
5978
5979 print h1({-class=>'Fancy'},'Welcome to the Party');
5980
5981Or define styles on the fly with the B<-style> parameter:
5982
5983 print h1({-style=>'Color: red;'},'Welcome to Hell');
5984
5985You may also use the new B<span()> element to apply a style to a
5986section of text:
5987
5988 print span({-style=>'Color: red;'},
5989 h1('Welcome to Hell'),
5990 "Where did that handbasket get to?"
5991 );
5992
5993Note that you must import the ":html3" definitions to have the
5994B<span()> method available. Here's a quick and dirty example of using
5995CSS's. See the CSS specification at
5996http://www.w3.org/pub/WWW/TR/Wd-css-1.html for more information.
5997
5998 use CGI qw/:standard :html3/;
5999
6000 #here's a stylesheet incorporated directly into the page
6001 $newStyle=<<END;
6002 <!--
6003 P.Tip {
6004 margin-right: 50pt;
6005 margin-left: 50pt;
6006 color: red;
6007 }
6008 P.Alert {
6009 font-size: 30pt;
6010 font-family: sans-serif;
6011 color: red;
6012 }
6013 -->
6014 END
6015 print header();
6016 print start_html( -title=>'CGI with Style',
6017 -style=>{-src=>'http://www.capricorn.com/style/st1.css',
6018 -code=>$newStyle}
6019 );
6020 print h1('CGI with Style'),
6021 p({-class=>'Tip'},
6022 "Better read the cascading style sheet spec before playing with this!"),
6023 span({-style=>'color: magenta'},
6024 "Look Mom, no hands!",
6025 p(),
6026 "Whooo wee!"
6027 );
6028 print end_html;
6029
6b4ac661
JH		 6030Pass an array reference to B<-style> in order to incorporate multiple
6031stylesheets into your document.
6032
54310121 6033=head1 DEBUGGING
6034
3d1a2ec4
GS		 6035If you are running the script from the command line or in the perl
6036debugger, you can pass the script a list of keywords or
6037parameter=value pairs on the command line or from standard input (you
6038don't have to worry about tricking your script into reading from
6039environment variables). You can pass keywords like this:
54310121 6040
6041 your_script.pl keyword1 keyword2 keyword3
6042
6043or this:
6044
6045 your_script.pl keyword1+keyword2+keyword3
6046
6047or this:
6048
6049 your_script.pl name1=value1 name2=value2
6050
6051or this:
6052
6053 your_script.pl name1=value1&name2=value2
6054
3d1a2ec4
GS		 6055To turn off this feature, use the -no_debug pragma.
6056
6057To test the POST method, you may enable full debugging with the -debug
6058pragma. This will allow you to feed newline-delimited name=value
6059pairs to the script on standard input.
54310121 6060
6061When debugging, you can use quotes and backslashes to escape
6062characters in the familiar shell manner, letting you place
6063spaces and other funny characters in your parameter=value
6064pairs:
6065
6066 your_script.pl "name1='I am a long value'" "name2=two\ words"
6067
6068=head2 DUMPING OUT ALL THE NAME/VALUE PAIRS
6069
3d1a2ec4 6070The Dump() method produces a string consisting of all the query's
54310121 6071name/value pairs formatted nicely as a nested list. This is useful
6072for debugging purposes:
6073
3d1a2ec4 6074 print $query->Dump
3cb6de81 6075
54310121 6076
6077Produces something that looks like:
6078
6079 <UL>
6080 <LI>name1
6081 <UL>
6082 <LI>value1
6083 <LI>value2
6084 </UL>
6085 <LI>name2
6086 <UL>
6087 <LI>value1
6088 </UL>
6089 </UL>
6090
71f3e297
JH		 6091As a shortcut, you can interpolate the entire CGI object into a string
6092and it will be replaced with the a nice HTML dump shown above:
54310121 6093
6094 $query=new CGI;
6095 print "<H2>Current Values</H2> $query\n";
6096
6097=head1 FETCHING ENVIRONMENT VARIABLES
6098
6099Some of the more useful environment variables can be fetched
6100through this interface. The methods are as follows:
6101
6102=over 4
6103
71f3e297
JH		 6104=item B<Accept()>
6105
6106Return a list of MIME types that the remote browser accepts. If you
6107give this method a single argument corresponding to a MIME type, as in
6108$query->Accept('text/html'), it will return a floating point value
6109corresponding to the browser's preference for this type from 0.0
6110(don't want) to 1.0. Glob types (e.g. text/*) in the browser's accept
6111list are handled correctly.
54310121 6112
71f3e297
JH		 6113Note that the capitalization changed between version 2.43 and 2.44 in
6114order to avoid conflict with Perl's accept() function.
54310121 6115
6116=item B<raw_cookie()>
6117
424ec8fa 6118Returns the HTTP_COOKIE variable, an HTTP extension implemented by
71f3e297
JH		 6119Netscape browsers version 1.1 and higher, and all versions of Internet
6120Explorer. Cookies have a special format, and this method call just
6121returns the raw form (?cookie dough). See cookie() for ways of
6122setting and retrieving cooked cookies.
424ec8fa
GS		 6123
6124Called with no parameters, raw_cookie() returns the packed cookie
6125structure. You can separate it into individual cookies by splitting
6126on the character sequence "; ". Called with the name of a cookie,
6127retrieves the B<unescaped> form of the cookie. You can use the
6128regular cookie() method to get the names, or use the raw_fetch()
6129method from the CGI::Cookie module.
54310121 6130
6131=item B<user_agent()>
6132
6133Returns the HTTP_USER_AGENT variable. If you give
6134this method a single argument, it will attempt to
6135pattern match on it, allowing you to do something
6136like $query->user_agent(netscape);
6137
6138=item B<path_info()>
6139
6140Returns additional path information from the script URL.
6b4ac661
JH		 6141E.G. fetching /cgi-bin/your_script/additional/stuff will result in
6142$query->path_info() returning "/additional/stuff".
54310121 6143
6144NOTE: The Microsoft Internet Information Server
6145is broken with respect to additional path information. If
6146you use the Perl DLL library, the IIS server will attempt to
6147execute the additional path information as a Perl script.
6148If you use the ordinary file associations mapping, the
6149path information will be present in the environment,
6150but incorrect. The best thing to do is to avoid using additional
6151path information in CGI scripts destined for use with IIS.
6152
6153=item B<path_translated()>
6154
6155As per path_info() but returns the additional
6156path information translated into a physical path, e.g.
6157"/usr/local/etc/httpd/htdocs/additional/stuff".
6158
6159The Microsoft IIS is broken with respect to the translated
6160path as well.
6161
6162=item B<remote_host()>
6163
6164Returns either the remote host name or IP address.
6165if the former is unavailable.
6166
6167=item B<script_name()>
551e1d92 6168
54310121 6169Return the script name as a partial URL, for self-refering
6170scripts.
6171
6172=item B<referer()>
6173
6174Return the URL of the page the browser was viewing
6175prior to fetching your script. Not available for all
6176browsers.
6177
6178=item B<auth_type ()>
6179
6180Return the authorization/verification method in use for this
6181script, if any.
6182
6183=item B<server_name ()>
6184
6185Returns the name of the server, usually the machine's host
6186name.
6187
6188=item B<virtual_host ()>
6189
6190When using virtual hosts, returns the name of the host that
6191the browser attempted to contact
6192
03b9648d
JH		 6193=item B<server_port ()>
6194
6195Return the port that the server is listening on.
6196
54310121 6197=item B<server_software ()>
6198
6199Returns the server software and version number.
6200
6201=item B<remote_user ()>
6202
6203Return the authorization/verification name used for user
6204verification, if this script is protected.
6205
6206=item B<user_name ()>
6207
71f3e297
JH		 6208Attempt to obtain the remote user's name, using a variety of different
6209techniques. This only works with older browsers such as Mosaic.
6210Newer browsers do not report the user name for privacy reasons!
54310121 6211
6212=item B<request_method()>
6213
6214Returns the method used to access your script, usually
6215one of 'POST', 'GET' or 'HEAD'.
6216
3538e1d5
GS		 6217=item B<content_type()>
6218
6219Returns the content_type of data submitted in a POST, generally
6220multipart/form-data or application/x-www-form-urlencoded
6221
6222=item B<http()>
6223
6224Called with no arguments returns the list of HTTP environment
6225variables, including such things as HTTP_USER_AGENT,
6226HTTP_ACCEPT_LANGUAGE, and HTTP_ACCEPT_CHARSET, corresponding to the
6227like-named HTTP header fields in the request. Called with the name of
6228an HTTP header field, returns its value. Capitalization and the use
6229of hyphens versus underscores are not significant.
6230
6231For example, all three of these examples are equivalent:
6232
6233 $requested_language = $q->http('Accept-language');
6234 $requested_language = $q->http('Accept_language');
6235 $requested_language = $q->http('HTTP_ACCEPT_LANGUAGE');
6236
6237=item B<https()>
6238
6239The same as I<http()>, but operates on the HTTPS environment variables
6240present when the SSL protocol is in effect. Can be used to determine
6241whether SSL is turned on.
6242
54310121 6243=back
6244
424ec8fa 6245=head1 USING NPH SCRIPTS
54310121 6246
424ec8fa
GS		 6247NPH, or "no-parsed-header", scripts bypass the server completely by
6248sending the complete HTTP header directly to the browser. This has
6249slight performance benefits, but is of most use for taking advantage
6250of HTTP extensions that are not directly supported by your server,
6251such as server push and PICS headers.
54310121 6252
424ec8fa
GS		 6253Servers use a variety of conventions for designating CGI scripts as
6254NPH. Many Unix servers look at the beginning of the script's name for
6255the prefix "nph-". The Macintosh WebSTAR server and Microsoft's
6256Internet Information Server, in contrast, try to decide whether a
6257program is an NPH script by examining the first line of script output.
54310121 6258
54310121 6259
424ec8fa
GS		 6260CGI.pm supports NPH scripts with a special NPH mode. When in this
6261mode, CGI.pm will output the necessary extra header information when
6262the header() and redirect() methods are
6263called.
54310121 6264
69c89ae7
JH		 6265The Microsoft Internet Information Server requires NPH mode. As of
6266version 2.30, CGI.pm will automatically detect when the script is
6267running under IIS and put itself into this mode. You do not need to
6268do this manually, although it won't hurt anything if you do. However,
6269note that if you have applied Service Pack 6, much of the
6270functionality of NPH scripts, including the ability to redirect while
6271setting a cookie, b<do not work at all> on IIS without a special patch
6272from Microsoft. See
6273http://support.microsoft.com/support/kb/articles/Q280/3/41.ASP:
6274Non-Parsed Headers Stripped From CGI Applications That Have nph-
6275Prefix in Name.
54310121 6276
424ec8fa 6277=over 4
54310121 6278
424ec8fa 6279=item In the B<use> statement
54310121 6280
424ec8fa
GS		 6281Simply add the "-nph" pragmato the list of symbols to be imported into
6282your script:
54310121 6283
424ec8fa 6284 use CGI qw(:standard -nph)
54310121 6285
424ec8fa 6286=item By calling the B<nph()> method:
54310121 6287
424ec8fa 6288Call B<nph()> with a non-zero parameter at any point after using CGI.pm in your program.
54310121 6289
424ec8fa 6290 CGI->nph(1)
54310121 6291
551e1d92
RB		 6292=item By using B<-nph> parameters
6293
6294in the B<header()> and B<redirect()> statements:
54310121 6295
424ec8fa 6296 print $q->header(-nph=>1);
54310121 6297
424ec8fa 6298=back
54310121 6299
424ec8fa
GS		 6300=head1 Server Push
6301
ba056755 6302CGI.pm provides four simple functions for producing multipart
424ec8fa
GS		 6303documents of the type needed to implement server push. These
6304functions were graciously provided by Ed Jordan <ed@fidalgo.net>. To
6305import these into your namespace, you must import the ":push" set.
6306You are also advised to put the script into NPH mode and to set $| to
63071 to avoid buffering problems.
6308
6309Here is a simple script that demonstrates server push:
6310
6311 #!/usr/local/bin/perl
6312 use CGI qw/:push -nph/;
6313 $| = 1;
ba056755
JH		 6314 print multipart_init(-boundary=>'----here we go!');
6315 foreach (0 .. 4) {
424ec8fa 6316 print multipart_start(-type=>'text/plain'),
ba056755
JH		 6317 "The current time is ",scalar(localtime),"\n";
6318 if ($_ < 4) {
6319 print multipart_end;
6320 } else {
6321 print multipart_final;
6322 }
424ec8fa
GS		 6323 sleep 1;
6324 }
54310121 6325
424ec8fa 6326This script initializes server push by calling B<multipart_init()>.
ba056755
JH		 6327It then enters a loop in which it begins a new multipart section by
6328calling B<multipart_start()>, prints the current local time,
424ec8fa 6329and ends a multipart section with B<multipart_end()>. It then sleeps
ba056755
JH		 6330a second, and begins again. On the final iteration, it ends the
6331multipart section with B<multipart_final()> rather than with
6332B<multipart_end()>.
54310121 6333
424ec8fa 6334=over 4
54310121 6335
424ec8fa 6336=item multipart_init()
3cb6de81 6337
424ec8fa 6338 multipart_init(-boundary=>$boundary);
54310121 6339
424ec8fa
GS		 6340Initialize the multipart system. The -boundary argument specifies
6341what MIME boundary string to use to separate parts of the document.
6342If not provided, CGI.pm chooses a reasonable boundary for you.
54310121 6343
424ec8fa 6344=item multipart_start()
54310121 6345
424ec8fa 6346 multipart_start(-type=>$type)
54310121 6347
424ec8fa
GS		 6348Start a new part of the multipart document using the specified MIME
6349type. If not specified, text/html is assumed.
54310121 6350
424ec8fa 6351=item multipart_end()
54310121 6352
424ec8fa 6353 multipart_end()
54310121 6354
424ec8fa 6355End a part. You must remember to call multipart_end() once for each
ba056755
JH		 6356multipart_start(), except at the end of the last part of the multipart
6357document when multipart_final() should be called instead of multipart_end().
6358
6359=item multipart_final()
6360
6361 multipart_final()
6362
6363End all parts. You should call multipart_final() rather than
6364multipart_end() at the end of the last part of the multipart document.
54310121 6365
424ec8fa 6366=back
54310121 6367
424ec8fa
GS		 6368Users interested in server push applications should also have a look
6369at the CGI::Push module.
54310121 6370
ba056755
JH		 6371Only Netscape Navigator supports server push. Internet Explorer
6372browsers do not.
6373
424ec8fa 6374=head1 Avoiding Denial of Service Attacks
54310121 6375
424ec8fa
GS		 6376A potential problem with CGI.pm is that, by default, it attempts to
6377process form POSTings no matter how large they are. A wily hacker
6378could attack your site by sending a CGI script a huge POST of many
6379megabytes. CGI.pm will attempt to read the entire POST into a
6380variable, growing hugely in size until it runs out of memory. While
6381the script attempts to allocate the memory the system may slow down
6382dramatically. This is a form of denial of service attack.
54310121 6383
424ec8fa
GS		 6384Another possible attack is for the remote user to force CGI.pm to
6385accept a huge file upload. CGI.pm will accept the upload and store it
6386in a temporary directory even if your script doesn't expect to receive
6387an uploaded file. CGI.pm will delete the file automatically when it
6388terminates, but in the meantime the remote user may have filled up the
6389server's disk space, causing problems for other programs.
54310121 6390
424ec8fa
GS		 6391The best way to avoid denial of service attacks is to limit the amount
6392of memory, CPU time and disk space that CGI scripts can use. Some Web
6393servers come with built-in facilities to accomplish this. In other
6394cases, you can use the shell I<limit> or I<ulimit>
6395commands to put ceilings on CGI resource usage.
54310121 6396
54310121 6397
424ec8fa
GS		 6398CGI.pm also has some simple built-in protections against denial of
6399service attacks, but you must activate them before you can use them.
6400These take the form of two global variables in the CGI name space:
54310121 6401
424ec8fa 6402=over 4
54310121 6403
424ec8fa 6404=item B<$CGI::POST_MAX>
54310121 6405
424ec8fa
GS		 6406If set to a non-negative integer, this variable puts a ceiling
6407on the size of POSTings, in bytes. If CGI.pm detects a POST
6408that is greater than the ceiling, it will immediately exit with an error
6409message. This value will affect both ordinary POSTs and
6410multipart POSTs, meaning that it limits the maximum size of file
6411uploads as well. You should set this to a reasonably high
6412value, such as 1 megabyte.
54310121 6413
424ec8fa 6414=item B<$CGI::DISABLE_UPLOADS>
54310121 6415
424ec8fa
GS		 6416If set to a non-zero value, this will disable file uploads
6417completely. Other fill-out form values will work as usual.
54310121 6418
6419=back
6420
424ec8fa 6421You can use these variables in either of two ways.
54310121 6422
424ec8fa 6423=over 4
54310121 6424
424ec8fa 6425=item B<1. On a script-by-script basis>
54310121 6426
424ec8fa 6427Set the variable at the top of the script, right after the "use" statement:
54310121 6428
424ec8fa
GS		 6429 use CGI qw/:standard/;
6430 use CGI::Carp 'fatalsToBrowser';
6431 $CGI::POST_MAX=1024 * 100; # max 100K posts
6432 $CGI::DISABLE_UPLOADS = 1; # no uploads
54310121 6433
424ec8fa 6434=item B<2. Globally for all scripts>
54310121 6435
424ec8fa
GS		 6436Open up CGI.pm, find the definitions for $POST_MAX and
6437$DISABLE_UPLOADS, and set them to the desired values. You'll
6438find them towards the top of the file in a subroutine named
6439initialize_globals().
54310121 6440
424ec8fa 6441=back
54310121 6442
3538e1d5
GS		 6443An attempt to send a POST larger than $POST_MAX bytes will cause
6444I<param()> to return an empty CGI parameter list. You can test for
6445this event by checking I<cgi_error()>, either after you create the CGI
6446object or, if you are using the function-oriented interface, call
6447<param()> for the first time. If the POST was intercepted, then
6448cgi_error() will return the message "413 POST too large".
6449
6450This error message is actually defined by the HTTP protocol, and is
6451designed to be returned to the browser as the CGI script's status
6452 code. For example:
6453
6454 $uploaded_file = param('upload');
6455 if (!$uploaded_file && cgi_error()) {
6456 print header(-status=>cgi_error());
6457 exit 0;
6458 }
6459
6460However it isn't clear that any browser currently knows what to do
6461with this status code. It might be better just to create an
6462HTML page that warns the user of the problem.
54310121 6463
424ec8fa 6464=head1 COMPATIBILITY WITH CGI-LIB.PL
54310121 6465
3538e1d5
GS		 6466To make it easier to port existing programs that use cgi-lib.pl the
6467compatibility routine "ReadParse" is provided. Porting is simple:
54310121 6468
424ec8fa
GS		 6469OLD VERSION
6470 require "cgi-lib.pl";
6471 &ReadParse;
6472 print "The value of the antique is $in{antique}.\n";
54310121 6473
424ec8fa
GS		 6474NEW VERSION
6475 use CGI;
6476 CGI::ReadParse
6477 print "The value of the antique is $in{antique}.\n";
54310121 6478
424ec8fa
GS		 6479CGI.pm's ReadParse() routine creates a tied variable named %in,
6480which can be accessed to obtain the query variables. Like
6481ReadParse, you can also provide your own variable. Infrequently
6482used features of ReadParse, such as the creation of @in and $in
6483variables, are not supported.
54310121 6484
424ec8fa
GS		 6485Once you use ReadParse, you can retrieve the query object itself
6486this way:
54310121 6487
424ec8fa
GS		 6488 $q = $in{CGI};
6489 print $q->textfield(-name=>'wow',
6490 -value=>'does this really work?');
54310121 6491
424ec8fa
GS		 6492This allows you to start using the more interesting features
6493of CGI.pm without rewriting your old scripts from scratch.
54310121 6494
6495=head1 AUTHOR INFORMATION
6496
71f3e297
JH		 6497Copyright 1995-1998, Lincoln D. Stein. All rights reserved.
6498
6499This library is free software; you can redistribute it and/or modify
6500it under the same terms as Perl itself.
54310121 6501
71f3e297
JH		 6502Address bug reports and comments to: lstein@cshl.org. When sending
6503bug reports, please provide the version of CGI.pm, the version of
6504Perl, the name and version of your Web server, and the name and
6505version of the operating system you are using. If the problem is even
6506remotely browser dependent, please provide information about the
6507affected browers as well.
54310121 6508
6509=head1 CREDITS
6510
6511Thanks very much to:
6512
6513=over 4
6514
6515=item Matt Heffron (heffron@falstaff.css.beckman.com)
6516
6517=item James Taylor (james.taylor@srs.gov)
6518
6519=item Scott Anguish <sanguish@digifix.com>
6520
6521=item Mike Jewell (mlj3u@virginia.edu)
6522
6523=item Timothy Shimmin (tes@kbs.citri.edu.au)
6524
6525=item Joergen Haegg (jh@axis.se)
6526
71f3e297 6527=item Laurent Delfosse (delfosse@delfosse.com)
54310121 6528
6529=item Richard Resnick (applepi1@aol.com)
6530
6531=item Craig Bishop (csb@barwonwater.vic.gov.au)
6532
6533=item Tony Curtis (tc@vcpc.univie.ac.at)
6534
6535=item Tim Bunce (Tim.Bunce@ig.co.uk)
6536
6537=item Tom Christiansen (tchrist@convex.com)
6538
6539=item Andreas Koenig (k@franz.ww.TU-Berlin.DE)
6540
6541=item Tim MacKenzie (Tim.MacKenzie@fulcrum.com.au)
6542
6543=item Kevin B. Hendricks (kbhend@dogwood.tyler.wm.edu)
6544
6545=item Stephen Dahmen (joyfire@inxpress.net)
6546
6547=item Ed Jordan (ed@fidalgo.net)
6548
6549=item David Alan Pisoni (david@cnation.com)
6550
424ec8fa
GS		 6551=item Doug MacEachern (dougm@opengroup.org)
6552
6553=item Robin Houston (robin@oneworld.org)
6554
54310121 6555=item ...and many many more...
6556
6557for suggestions and bug fixes.
6558
6559=back
6560
6561=head1 A COMPLETE EXAMPLE OF A SIMPLE FORM-BASED SCRIPT
6562
6563
6564 #!/usr/local/bin/perl
3cb6de81 6565
54310121 6566 use CGI;
3cb6de81 6567
54310121 6568 $query = new CGI;
6569
6570 print $query->header;
6571 print $query->start_html("Example CGI.pm Form");
6572 print "<H1> Example CGI.pm Form</H1>\n";
6573 &print_prompt($query);
6574 &do_work($query);
6575 &print_tail;
6576 print $query->end_html;
3cb6de81 6577
54310121 6578 sub print_prompt {
6579 my($query) = @_;
3cb6de81 6580
3d1a2ec4 6581 print $query->start_form;
54310121 6582 print "<EM>What's your name?</EM><BR>";
6583 print $query->textfield('name');
6584 print $query->checkbox('Not my real name');
3cb6de81 6585
54310121 6586 print "<P><EM>Where can you find English Sparrows?</EM><BR>";
6587 print $query->checkbox_group(
6588 -name=>'Sparrow locations',
6589 -values=>[England,France,Spain,Asia,Hoboken],
6590 -linebreak=>'yes',
6591 -defaults=>[England,Asia]);
3cb6de81 6592
54310121 6593 print "<P><EM>How far can they fly?</EM><BR>",
6594 $query->radio_group(
6595 -name=>'how far',
6596 -values=>['10 ft','1 mile','10 miles','real far'],
6597 -default=>'1 mile');
3cb6de81 6598
54310121 6599 print "<P><EM>What's your favorite color?</EM> ";
6600 print $query->popup_menu(-name=>'Color',
6601 -values=>['black','brown','red','yellow'],
6602 -default=>'red');
3cb6de81 6603
54310121 6604 print $query->hidden('Reference','Monty Python and the Holy Grail');
3cb6de81 6605
54310121 6606 print "<P><EM>What have you got there?</EM><BR>";
6607 print $query->scrolling_list(
6608 -name=>'possessions',
6609 -values=>['A Coconut','A Grail','An Icon',
6610 'A Sword','A Ticket'],
6611 -size=>5,
6612 -multiple=>'true');
3cb6de81 6613
54310121 6614 print "<P><EM>Any parting comments?</EM><BR>";
6615 print $query->textarea(-name=>'Comments',
6616 -rows=>10,
6617 -columns=>50);
3cb6de81 6618
ffd2dff2 6619 print "<P>",$query->reset;
54310121 6620 print $query->submit('Action','Shout');
6621 print $query->submit('Action','Scream');
6622 print $query->endform;
6623 print "<HR>\n";
6624 }
3cb6de81 6625
54310121 6626 sub do_work {
6627 my($query) = @_;
6628 my(@values,$key);
6629
6630 print "<H2>Here are the current settings in this form</H2>";
6631
6632 foreach $key ($query->param) {
6633 print "<STRONG>$key</STRONG> -> ";
6634 @values = $query->param($key);
6635 print join(", ",@values),"<BR>\n";
6636 }
6637 }
3cb6de81 6638
54310121 6639 sub print_tail {
6640 print <<END;
6641 <HR>
6642 <ADDRESS>Lincoln D. Stein</ADDRESS><BR>
6643 <A HREF="/">Home Page</A>
6644 END
6645 }
6646
6647=head1 BUGS
6648
6649This module has grown large and monolithic. Furthermore it's doing many
6650things, such as handling URLs, parsing CGI input, writing HTML, etc., that
6651are also done in the LWP modules. It should be discarded in favor of
6652the CGI::* modules, but somehow I continue to work on it.
6653
6654Note that the code is truly contorted in order to avoid spurious
6655warnings when programs are run with the B<-w> switch.
6656
6657=head1 SEE ALSO
6658
6659L<CGI::Carp>, L<URI::URL>, L<CGI::Request>, L<CGI::MiniSvr>,
71f3e297
JH		 6660L<CGI::Base>, L<CGI::Form>, L<CGI::Push>, L<CGI::Fast>,
6661L<CGI::Pretty>
54310121 6662
6663=cut
6664
Unnamed repository; edit this file 'description' to name the repository.