This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[perl #41587] [PATCH] 5.8.8 make sure we get the proper ldflags on libperl.so
[perl5.git] / lib / CGI.pm
CommitLineData
54310121 1package CGI;
424ec8fa 2require 5.004;
ba056755 3use Carp 'croak';
54310121 4
5# See the bottom of this file for the POD documentation. Search for the
6# string '=head'.
7
8# You can run this file through either pod2man or pod2html to produce pretty
9# documentation in manual or html file format (these utilities are part of the
10# Perl 5 distribution).
11
424ec8fa 12# Copyright 1995-1998 Lincoln D. Stein. All rights reserved.
54310121 13# It may be used and modified freely, but I do request that this copyright
14# notice remain attached to the file. You may modify this module as you
15# wish, but if you redistribute a modified version, please attach a note
16# listing the modifications you have made.
17
18# The most recent version and complete docs are available at:
71f3e297 19# http://stein.cshl.org/WWW/software/CGI/
54310121 20
8869a4b7
SP		 21$CGI::revision = '$Id: CGI.pm,v 1.227 2007/02/23 23:03:16 lstein Exp $';
22$CGI::VERSION='3.27';
54310121 23
24# HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
25# UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
ac734d8b 26# $CGITempFile::TMPDIRECTORY = '/usr/tmp';
2ed511ec 27use CGI::Util qw(rearrange make_attributes unescape escape expires ebcdic2ascii ascii2ebcdic);
54310121 28
3acbd4f5
JH		 29#use constant XHTML_DTD => ['-//W3C//DTD XHTML Basic 1.0//EN',
30# 'http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd'];
31
32use constant XHTML_DTD => ['-//W3C//DTD XHTML 1.0 Transitional//EN',
33 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'];
6b4ac661 34
8f3ccfa2
JH		 35{
36 local $^W = 0;
37 $TAINTED = substr("$0$^X",0,0);
38}
188ba755 39
8f3ccfa2 40$MOD_PERL = 0; # no mod_perl by default
13548fdf 41@SAVED_SYMBOLS = ();
8f3ccfa2 42
adb86593 43
424ec8fa
GS		 44# >>>>> Here are some globals that you might want to adjust <<<<<<
45sub initialize_globals {
46 # Set this to 1 to enable copious autoloader debugging messages
47 $AUTOLOAD_DEBUG = 0;
2371fea9 48
6b4ac661
JH		 49 # Set this to 1 to generate XTML-compatible output
50 $XHTML = 1;
424ec8fa
GS		 51
52 # Change this to the preferred DTD to print in start_html()
53 # or use default_dtd('text of DTD to use');
3d1a2ec4
GS		 54 $DEFAULT_DTD = [ '-//W3C//DTD HTML 4.01 Transitional//EN',
55 'http://www.w3.org/TR/html4/loose.dtd' ] ;
56
57 # Set this to 1 to enable NOSTICKY scripts
58 # or:
59 # 1) use CGI qw(-nosticky)
60 # 2) $CGI::nosticky(1)
61 $NOSTICKY = 0;
424ec8fa
GS		 62
63 # Set this to 1 to enable NPH scripts
64 # or:
65 # 1) use CGI qw(-nph)
3d1a2ec4 66 # 2) CGI::nph(1)
424ec8fa
GS		 67 # 3) print header(-nph=>1)
68 $NPH = 0;
69
3d1a2ec4
GS		 70 # Set this to 1 to enable debugging from @ARGV
71 # Set to 2 to enable debugging from STDIN
72 $DEBUG = 1;
424ec8fa
GS		 73
74 # Set this to 1 to make the temporary files created
75 # during file uploads safe from prying eyes
76 # or do...
77 # 1) use CGI qw(:private_tempfiles)
3d1a2ec4 78 # 2) CGI::private_tempfiles(1);
424ec8fa
GS		 79 $PRIVATE_TEMPFILES = 0;
80
0a9bdad4
SP		 81 # Set this to 1 to generate automatic tab indexes
82 $TABINDEX = 0;
83
8f3ccfa2
JH		 84 # Set this to 1 to cause files uploaded in multipart documents
85 # to be closed, instead of caching the file handle
86 # or:
87 # 1) use CGI qw(:close_upload_files)
88 # 2) $CGI::close_upload_files(1);
89 # Uploads with many files run out of file handles.
90 # Also, for performance, since the file is already on disk,
91 # it can just be renamed, instead of read and written.
92 $CLOSE_UPLOAD_FILES = 0;
93
424ec8fa
GS		 94 # Set this to a positive value to limit the size of a POSTing
95 # to a certain number of bytes:
96 $POST_MAX = -1;
97
98 # Change this to 1 to disable uploads entirely:
99 $DISABLE_UPLOADS = 0;
100
3538e1d5
GS		 101 # Automatically determined -- don't change
102 $EBCDIC = 0;
103
71f3e297
JH		 104 # Change this to 1 to suppress redundant HTTP headers
105 $HEADERS_ONCE = 0;
106
107 # separate the name=value pairs by semicolons rather than ampersands
3d1a2ec4 108 $USE_PARAM_SEMICOLONS = 1;
71f3e297 109
2371fea9
JH		 110 # Do not include undefined params parsed from query string
111 # use CGI qw(-no_undef_params);
112 $NO_UNDEF_PARAMS = 0;
199d4a26 113
424ec8fa
GS		 114 # Other globals that you shouldn't worry about.
115 undef $Q;
116 $BEEN_THERE = 0;
13548fdf 117 $DTD_PUBLIC_IDENTIFIER = "";
424ec8fa
GS		 118 undef @QUERY_PARAM;
119 undef %EXPORT;
d45d855d
JH		 120 undef $QUERY_CHARSET;
121 undef %QUERY_FIELDNAMES;
424ec8fa
GS		 122
123 # prevent complaints by mod_perl
124 1;
125}
126
54310121 127# ------------------ START OF THE LIBRARY ------------
128
13548fdf
RGS		 129*end_form = \&endform;
130
424ec8fa
GS		 131# make mod_perlhappy
132initialize_globals();
133
54310121 134# FIGURE OUT THE OS WE'RE RUNNING UNDER
135# Some systems support the $^O variable. If not
136# available then require() the Config library
137unless ($OS) {
138 unless ($OS = $^O) {
139 require Config;
140 $OS = $Config::Config{'osname'};
141 }
142}
ac1855b3 143if ($OS =~ /^MSWin/i) {
3538e1d5 144 $OS = 'WINDOWS';
ac1855b3 145} elsif ($OS =~ /^VMS/i) {
3538e1d5 146 $OS = 'VMS';
ac1855b3 147} elsif ($OS =~ /^dos/i) {
3538e1d5 148 $OS = 'DOS';
ac1855b3 149} elsif ($OS =~ /^MacOS/i) {
54310121 150 $OS = 'MACINTOSH';
ac1855b3 151} elsif ($OS =~ /^os2/i) {
54310121 152 $OS = 'OS2';
ac1855b3 153} elsif ($OS =~ /^epoc/i) {
fa6a1c44 154 $OS = 'EPOC';
188ba755
JH		 155} elsif ($OS =~ /^cygwin/i) {
156 $OS = 'CYGWIN';
54310121 157} else {
158 $OS = 'UNIX';
159}
160
161# Some OS logic. Binary mode enabled on DOS, NT and VMS
188ba755 162$needs_binmode = $OS=~/^(WINDOWS|DOS|OS2|MSWin|CYGWIN)/;
54310121 163
164# This is the default class for the CGI object to use when all else fails.
165$DefaultClass = 'CGI' unless defined $CGI::DefaultClass;
424ec8fa 166
54310121 167# This is where to look for autoloaded routines.
168$AutoloadClass = $DefaultClass unless defined $CGI::AutoloadClass;
169
170# The path separator is a slash, backslash or semicolon, depending
171# on the paltform.
172$SL = {
8f3ccfa2
JH		 173 UNIX => '/', OS2 => '\\', EPOC => '/', CYGWIN => '/',
174 WINDOWS => '\\', DOS => '\\', MACINTOSH => ':', VMS => '/'
54310121 175 }->{$OS};
176
424ec8fa 177# This no longer seems to be necessary
54310121 178# Turn on NPH scripts by default when running under IIS server!
424ec8fa
GS		 179# $NPH++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/;
180$IIS++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/;
54310121 181
182# Turn on special checking for Doug MacEachern's modperl
8f3ccfa2 183if (exists $ENV{MOD_PERL}) {
8f3ccfa2
JH		 184 # mod_perl handlers may run system() on scripts using CGI.pm;
185 # Make sure so we don't get fooled by inherited $ENV{MOD_PERL}
70194bd6 186 if (exists $ENV{MOD_PERL_API_VERSION} && $ENV{MOD_PERL_API_VERSION} == 2) {
741ff09d
RGS		 187 $MOD_PERL = 2;
188 require Apache2::Response;
189 require Apache2::RequestRec;
190 require Apache2::RequestUtil;
70194bd6 191 require Apache2::RequestIO;
741ff09d
RGS		 192 require APR::Pool;
193 } else {
194 $MOD_PERL = 1;
195 require Apache;
188ba755 196 }
8f3ccfa2 197}
188ba755 198
424ec8fa
GS		 199# Turn on special checking for ActiveState's PerlEx
200$PERLEX++ if defined($ENV{'GATEWAY_INTERFACE'}) && $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-PerlEx/;
201
202# Define the CRLF sequence. I can't use a simple "\r\n" because the meaning
203# of "\n" is different on different OS's (sometimes it generates CRLF, sometimes LF
204# and sometimes CR). The most popular VMS web server
205# doesn't accept CRLF -- instead it wants a LR. EBCDIC machines don't
206# use ASCII, so \015\012 means something different. I find this all
207# really annoying.
208$EBCDIC = "\t" ne "\011";
209if ($OS eq 'VMS') {
3538e1d5 210 $CRLF = "\n";
424ec8fa 211} elsif ($EBCDIC) {
3538e1d5 212 $CRLF= "\r\n";
424ec8fa 213} else {
3538e1d5
GS		 214 $CRLF = "\015\012";
215}
216
54310121 217if ($needs_binmode) {
2ed511ec
RGS		 218 $CGI::DefaultClass->binmode(\*main::STDOUT);
219 $CGI::DefaultClass->binmode(\*main::STDIN);
220 $CGI::DefaultClass->binmode(\*main::STDERR);
54310121 221}
222
54310121 223%EXPORT_TAGS = (
424ec8fa
GS		 224 ':html2'=>['h1'..'h6',qw/p br hr ol ul li dl dt dd menu code var strong em
225 tt u i b blockquote pre img a address cite samp dfn html head
226 base body Link nextid title meta kbd start_html end_html
3d1a2ec4 227 input Select option comment charset escapeHTML/],
71f3e297 228 ':html3'=>[qw/div table caption th td TR Tr sup Sub strike applet Param
1c87da1d 229 embed basefont style span layer ilayer font frameset frame script small big Area Map/],
3acbd4f5
JH		 230 ':html4'=>[qw/abbr acronym bdo col colgroup del fieldset iframe
231 ins label legend noframes noscript object optgroup Q
232 thead tbody tfoot/],
424ec8fa
GS		 233 ':netscape'=>[qw/blink fontsize center/],
234 ':form'=>[qw/textfield textarea filefield password_field hidden checkbox checkbox_group
235 submit reset defaults radio_group popup_menu button autoEscape
236 scrolling_list image_button start_form end_form startform endform
71f3e297 237 start_multipart_form end_multipart_form isindex tmpFileName uploadInfo URL_ENCODED MULTIPART/],
7dc108d1
SP		 238 ':cgi'=>[qw/param upload path_info path_translated request_uri url self_url script_name
239 cookie Dump
3538e1d5 240 raw_cookie request_method query_string Accept user_agent remote_host content_type
2ed511ec
RGS		 241 remote_addr referer server_name server_software server_port server_protocol virtual_port
242 virtual_host remote_ident auth_type http append
424ec8fa 243 save_parameters restore_parameters param_fetch
3538e1d5
GS		 244 remote_user user_name header redirect import_names put
245 Delete Delete_all url_param cgi_error/],
424ec8fa 246 ':ssl' => [qw/https/],
3538e1d5 247 ':cgi-lib' => [qw/ReadParse PrintHeader HtmlTop HtmlBot SplitParam Vars/],
3acbd4f5
JH		 248 ':html' => [qw/:html2 :html3 :html4 :netscape/],
249 ':standard' => [qw/:html2 :html3 :html4 :form :cgi/],
ba056755 250 ':push' => [qw/multipart_init multipart_start multipart_end multipart_final/],
3acbd4f5 251 ':all' => [qw/:html2 :html3 :netscape :form :cgi :internal :html4/]
424ec8fa 252 );
54310121 253
29ddc2a4
RGS		 254# Custom 'can' method for both autoloaded and non-autoloaded subroutines.
255# Author: Cees Hek <cees@sitesuite.com.au>
256
257sub can {
258 my($class, $method) = @_;
259
260 # See if UNIVERSAL::can finds it.
261
262 if (my $func = $class -> SUPER::can($method) ){
263 return $func;
264 }
265
266 # Try to compile the function.
267
268 eval {
269 # _compile looks at $AUTOLOAD for the function name.
270
271 local $AUTOLOAD = join "::", $class, $method;
272 &_compile;
273 };
274
275 # Now that the function is loaded (if it exists)
276 # just use UNIVERSAL::can again to do the work.
277
278 return $class -> SUPER::can($method);
279}
280
54310121 281# to import symbols into caller
282sub import {
283 my $self = shift;
424ec8fa 284
188ba755 285 # This causes modules to clash.
b2d0d414
JH		 286 undef %EXPORT_OK;
287 undef %EXPORT;
424ec8fa
GS		 288
289 $self->_setup_symbols(@_);
54310121 290 my ($callpack, $callfile, $callline) = caller;
424ec8fa 291
54310121 292 # To allow overriding, search through the packages
293 # Till we find one in which the correct subroutine is defined.
294 my @packages = ($self,@{"$self\:\:ISA"});
295 foreach $sym (keys %EXPORT) {
296 my $pck;
297 my $def = ${"$self\:\:AutoloadClass"} || $DefaultClass;
298 foreach $pck (@packages) {
299 if (defined(&{"$pck\:\:$sym"})) {
300 $def = $pck;
301 last;
302 }
303 }
304 *{"${callpack}::$sym"} = \&{"$def\:\:$sym"};
305 }
306}
307
424ec8fa
GS		 308sub compile {
309 my $pack = shift;
310 $pack->_setup_symbols('-compile',@_);
311}
312
54310121 313sub expand_tags {
314 my($tag) = @_;
71f3e297 315 return ("start_$1","end_$1") if $tag=~/^(?:\*|start_|end_)(.+)/;
54310121 316 my(@r);
317 return ($tag) unless $EXPORT_TAGS{$tag};
318 foreach (@{$EXPORT_TAGS{$tag}}) {
319 push(@r,&expand_tags($_));
320 }
321 return @r;
322}
323
324#### Method: new
325# The new routine. This will check the current environment
326# for an existing query string, and initialize itself, if so.
327####
328sub new {
8f3ccfa2
JH		 329 my($class,@initializer) = @_;
330 my $self = {};
2ed511ec 331
8f3ccfa2 332 bless $self,ref $class || $class || $DefaultClass;
cb3b230c
SP		 333
334 # always use a tempfile
335 $self->{'use_tempfile'} = 1;
336
8f3ccfa2
JH		 337 if (ref($initializer[0])
338 && (UNIVERSAL::isa($initializer[0],'Apache')
339 ||
741ff09d 340 UNIVERSAL::isa($initializer[0],'Apache2::RequestRec')
8f3ccfa2
JH		 341 )) {
342 $self->r(shift @initializer);
343 }
efc8e943
NC		 344 if (ref($initializer[0])
345 && (UNIVERSAL::isa($initializer[0],'CODE'))) {
346 $self->upload_hook(shift @initializer, shift @initializer);
cb3b230c 347 $self->{'use_tempfile'} = shift @initializer if (@initializer > 0);
efc8e943 348 }
8f3ccfa2 349 if ($MOD_PERL) {
8f3ccfa2 350 if ($MOD_PERL == 1) {
741ff09d
RGS		 351 $self->r(Apache->request) unless $self->r;
352 my $r = $self->r;
8f3ccfa2
JH		 353 $r->register_cleanup(\&CGI::_reset_globals);
354 }
355 else {
356 # XXX: once we have the new API
357 # will do a real PerlOptions -SetupEnv check
741ff09d
RGS		 358 $self->r(Apache2::RequestUtil->request) unless $self->r;
359 my $r = $self->r;
8f3ccfa2
JH		 360 $r->subprocess_env unless exists $ENV{REQUEST_METHOD};
361 $r->pool->cleanup_register(\&CGI::_reset_globals);
424ec8fa 362 }
8f3ccfa2
JH		 363 undef $NPH;
364 }
365 $self->_reset_globals if $PERLEX;
366 $self->init(@initializer);
367 return $self;
54310121 368}
369
2ed511ec
RGS		 370# We provide a DESTROY method so that we can ensure that
371# temporary files are closed (via Fh->DESTROY) before they
372# are unlinked (via CGITempFile->DESTROY) because it is not
373# possible to unlink an open file on Win32. We explicitly
374# call DESTROY on each, rather than just undefing them and
375# letting Perl DESTROY them by garbage collection, in case the
376# user is still holding any reference to them as well.
377sub DESTROY {
378 my $self = shift;
0a9bdad4
SP		 379 if ($OS eq 'WINDOWS') {
380 foreach my $href (values %{$self->{'.tmpfiles'}}) {
381 $href->{hndl}->DESTROY if defined $href->{hndl};
382 $href->{name}->DESTROY if defined $href->{name};
383 }
2ed511ec
RGS		 384 }
385}
54310121 386
8f3ccfa2
JH		 387sub r {
388 my $self = shift;
389 my $r = $self->{'.r'};
390 $self->{'.r'} = shift if @_;
391 $r;
392}
393
2ed511ec 394sub upload_hook {
0a9bdad4
SP		 395 my $self;
396 if (ref $_[0] eq 'CODE') {
397 $CGI::Q = $self = $CGI::DefaultClass->new(@_);
398 } else {
399 $self = shift;
400 }
cb3b230c 401 my ($hook,$data,$use_tempfile) = @_;
2ed511ec
RGS		 402 $self->{'.upload_hook'} = $hook;
403 $self->{'.upload_data'} = $data;
cb3b230c 404 $self->{'use_tempfile'} = $use_tempfile if defined $use_tempfile;
2ed511ec
RGS		 405}
406
54310121 407#### Method: param
408# Returns the value(s)of a named parameter.
409# If invoked in a list context, returns the
410# entire list. Otherwise returns the first
411# member of the list.
412# If name is not provided, return a list of all
413# the known parameters names available.
414# If more than one argument is provided, the
415# second and subsequent arguments are used to
416# set the value of the parameter.
417####
418sub param {
419 my($self,@p) = self_or_default(@_);
420 return $self->all_parameters unless @p;
421 my($name,$value,@other);
422
423 # For compatibility between old calling style and use_named_parameters() style,
424 # we have to special case for a single parameter present.
425 if (@p > 1) {
3d1a2ec4 426 ($name,$value,@other) = rearrange([NAME,[DEFAULT,VALUE,VALUES]],@p);
54310121 427 my(@values);
428
3d1a2ec4 429 if (substr($p[0],0,1) eq '-') {
54310121 430 @values = defined($value) ? (ref($value) && ref($value) eq 'ARRAY' ? @{$value} : $value) : ();
431 } else {
432 foreach ($value,@other) {
433 push(@values,$_) if defined($_);
434 }
435 }
436 # If values is provided, then we set it.
fc786e8b 437 if (@values or defined $value) {
54310121 438 $self->add_parameter($name);
439 $self->{$name}=[@values];
440 }
441 } else {
442 $name = $p[0];
443 }
444
71f3e297 445 return unless defined($name) && $self->{$name};
fc786e8b
SP		 446
447 my $charset = $self->charset || '';
448 my $utf8 = $charset eq 'utf-8';
449 if ($utf8) {
450 eval "require Encode; 1;" if $utf8 && !Encode->can('decode'); # bring in these functions
451 return wantarray ? map {Encode::decode(utf8=>$_) } @{$self->{$name}}
452 : Encode::decode(utf8=>$self->{$name}->[0]);
453 } else {
454 return wantarray ? @{$self->{$name}} : $self->{$name}->[0];
455 }
54310121 456}
457
54310121 458sub self_or_default {
424ec8fa 459 return @_ if defined($_[0]) && (!ref($_[0])) &&($_[0] eq 'CGI');
54310121 460 unless (defined($_[0]) &&
424ec8fa
GS		 461 (ref($_[0]) eq 'CGI' || UNIVERSAL::isa($_[0],'CGI')) # slightly optimized for common case
462 ) {
54310121 463 $Q = $CGI::DefaultClass->new unless defined($Q);
464 unshift(@_,$Q);
465 }
3d1a2ec4 466 return wantarray ? @_ : $Q;
54310121 467}
468
54310121 469sub self_or_CGI {
470 local $^W=0; # prevent a warning
471 if (defined($_[0]) &&
472 (substr(ref($_[0]),0,3) eq 'CGI'
424ec8fa 473 || UNIVERSAL::isa($_[0],'CGI'))) {
54310121 474 return @_;
475 } else {
476 return ($DefaultClass,@_);
477 }
478}
479
54310121 480########################################
481# THESE METHODS ARE MORE OR LESS PRIVATE
482# GO TO THE __DATA__ SECTION TO SEE MORE
483# PUBLIC METHODS
484########################################
485
486# Initialize the query object from the environment.
487# If a parameter list is found, this object will be set
488# to an associative array in which parameter names are keys
489# and the values are stored as lists
490# If a keyword list is found, this method creates a bogus
491# parameter list with the single parameter 'keywords'.
492
493sub init {
8f3ccfa2
JH		 494 my $self = shift;
495 my($query_string,$meth,$content_length,$fh,@lines) = ('','','','');
496
8869a4b7
SP		 497 my $is_xforms;
498
8f3ccfa2
JH		 499 my $initializer = shift; # for backward compatibility
500 local($/) = "\n";
501
502 # set autoescaping on by default
503 $self->{'escape'} = 1;
54310121 504
505 # if we get called more than once, we want to initialize
506 # ourselves from the original query (which may be gone
507 # if it was read from STDIN originally.)
d45d855d 508 if (defined(@QUERY_PARAM) && !defined($initializer)) {
54310121 509 foreach (@QUERY_PARAM) {
510 $self->param('-name'=>$_,'-value'=>$QUERY_PARAM{$_});
511 }
d45d855d
JH		 512 $self->charset($QUERY_CHARSET);
513 $self->{'.fieldnames'} = {%QUERY_FIELDNAMES};
54310121 514 return;
515 }
516
517 $meth=$ENV{'REQUEST_METHOD'} if defined($ENV{'REQUEST_METHOD'});
424ec8fa 518 $content_length = defined($ENV{'CONTENT_LENGTH'}) ? $ENV{'CONTENT_LENGTH'} : 0;
3538e1d5 519
424ec8fa 520 $fh = to_filehandle($initializer) if $initializer;
54310121 521
a3b3a725
JH		 522 # set charset to the safe ISO-8859-1
523 $self->charset('ISO-8859-1');
524
54310121 525 METHOD: {
54310121 526
3538e1d5
GS		 527 # avoid unreasonably large postings
528 if (($POST_MAX > 0) && ($content_length > $POST_MAX)) {
fc786e8b
SP		 529 #discard the post, unread
530 $self->cgi_error("413 Request entity too large");
531 last METHOD;
532 }
3538e1d5 533
424ec8fa
GS		 534 # Process multipart postings, but only if the initializer is
535 # not defined.
536 if ($meth eq 'POST'
537 && defined($ENV{'CONTENT_TYPE'})
538 && $ENV{'CONTENT_TYPE'}=~m|^multipart/form-data|
539 && !defined($initializer)
540 ) {
71f3e297 541 my($boundary) = $ENV{'CONTENT_TYPE'} =~ /boundary=\"?([^\";,]+)\"?/;
424ec8fa
GS		 542 $self->read_multipart($boundary,$content_length);
543 last METHOD;
544 }
545
8869a4b7
SP		 546 # Process XForms postings. We know that we have XForms in the
547 # following cases:
548 # method eq 'POST' && content-type eq 'application/xml'
549 # method eq 'POST' && content-type =~ /multipart\/related.+start=/
550 # There are more cases, actually, but for now, we don't support other
551 # methods for XForm posts.
552 # In a XForm POST, the QUERY_STRING is parsed normally.
553 # If the content-type is 'application/xml', we just set the param
554 # XForms:Model (referring to the xml syntax) param containing the
555 # unparsed XML data.
556 # In the case of multipart/related we set XForms:Model as above, but
557 # the other parts are available as uploads with the Content-ID as the
558 # the key.
559 # See the URL below for XForms specs on this issue.
560 # http://www.w3.org/TR/2006/REC-xforms-20060314/slice11.html#submit-options
561 if ($meth eq 'POST' && defined($ENV{'CONTENT_TYPE'})) {
562 if ($ENV{'CONTENT_TYPE'} eq 'application/xml') {
563 my($param) = 'XForms:Model';
564 my($value) = '';
565 $self->add_parameter($param);
566 $self->read_from_client(\$value,$content_length,0)
567 if $content_length > 0;
568 push (@{$self->{$param}},$value);
569 $is_xforms = 1;
570 } elsif ($ENV{'CONTENT_TYPE'} =~ /multipart\/related.+boundary=\"?([^\";,]+)\"?.+start=\"?\<?([^\"\>]+)\>?\"?/) {
571 my($boundary,$start) = ($1,$2);
572 my($param) = 'XForms:Model';
573 $self->add_parameter($param);
574 my($value) = $self->read_multipart_related($start,$boundary,$content_length,0);
575 push (@{$self->{$param}},$value);
576 if ($MOD_PERL) {
577 $query_string = $self->r->args;
578 } else {
579 $query_string = $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
580 $query_string ||= $ENV{'REDIRECT_QUERY_STRING'} if defined $ENV{'REDIRECT_QUERY_STRING'};
581 }
582 $is_xforms = 1;
583 }
584 }
585
586
424ec8fa
GS		 587 # If initializer is defined, then read parameters
588 # from it.
8869a4b7 589 if (!$is_xforms && defined($initializer)) {
424ec8fa
GS		 590 if (UNIVERSAL::isa($initializer,'CGI')) {
591 $query_string = $initializer->query_string;
592 last METHOD;
593 }
54310121 594 if (ref($initializer) && ref($initializer) eq 'HASH') {
595 foreach (keys %$initializer) {
596 $self->param('-name'=>$_,'-value'=>$initializer->{$_});
597 }
598 last METHOD;
599 }
600
424ec8fa
GS		 601 if (defined($fh) && ($fh ne '')) {
602 while (<$fh>) {
54310121 603 chomp;
604 last if /^=/;
605 push(@lines,$_);
606 }
607 # massage back into standard format
608 if ("@lines" =~ /=/) {
609 $query_string=join("&",@lines);
610 } else {
611 $query_string=join("+",@lines);
612 }
613 last METHOD;
614 }
424ec8fa 615
2ed511ec
RGS		 616 if (defined($fh) && ($fh ne '')) {
617 while (<$fh>) {
618 chomp;
619 last if /^=/;
620 push(@lines,$_);
621 }
622 # massage back into standard format
623 if ("@lines" =~ /=/) {
624 $query_string=join("&",@lines);
625 } else {
626 $query_string=join("+",@lines);
627 }
628 last METHOD;
629 }
630
424ec8fa
GS		 631 # last chance -- treat it as a string
632 $initializer = $$initializer if ref($initializer) eq 'SCALAR';
54310121 633 $query_string = $initializer;
424ec8fa 634
54310121 635 last METHOD;
636 }
54310121 637
424ec8fa
GS		 638 # If method is GET or HEAD, fetch the query from
639 # the environment.
8869a4b7 640 if ($is_xforms || $meth=~/^(GET|HEAD)$/) {
3538e1d5 641 if ($MOD_PERL) {
8f3ccfa2 642 $query_string = $self->r->args;
3538e1d5
GS		 643 } else {
644 $query_string = $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
3d1a2ec4 645 $query_string ||= $ENV{'REDIRECT_QUERY_STRING'} if defined $ENV{'REDIRECT_QUERY_STRING'};
3538e1d5 646 }
424ec8fa
GS		 647 last METHOD;
648 }
54310121 649
424ec8fa 650 if ($meth eq 'POST') {
2ed511ec 651 $self->read_from_client(\$query_string,$content_length,0)
424ec8fa 652 if $content_length > 0;
54310121 653 # Some people want to have their cake and eat it too!
654 # Uncomment this line to have the contents of the query string
655 # APPENDED to the POST data.
424ec8fa 656 # $query_string .= (length($query_string) ? '&' : '') . $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
54310121 657 last METHOD;
658 }
424ec8fa
GS		 659
660 # If $meth is not of GET, POST or HEAD, assume we're being debugged offline.
54310121 661 # Check the command line and then the standard input for data.
662 # We use the shellwords package in order to behave the way that
663 # UN*X programmers expect.
2ed511ec
RGS		 664 if ($DEBUG)
665 {
666 my $cmdline_ret = read_from_cmdline();
667 $query_string = $cmdline_ret->{'query_string'};
668 if (defined($cmdline_ret->{'subpath'}))
669 {
670 $self->path_info($cmdline_ret->{'subpath'});
671 }
672 }
54310121 673 }
424ec8fa 674
8f3ccfa2 675# YL: Begin Change for XML handler 10/19/2001
8869a4b7 676 if (!$is_xforms && $meth eq 'POST'
8f3ccfa2 677 && defined($ENV{'CONTENT_TYPE'})
1c87da1d
JH		 678 && $ENV{'CONTENT_TYPE'} !~ m|^application/x-www-form-urlencoded|
679 && $ENV{'CONTENT_TYPE'} !~ m|^multipart/form-data| ) {
8f3ccfa2
JH		 680 my($param) = 'POSTDATA' ;
681 $self->add_parameter($param) ;
682 push (@{$self->{$param}},$query_string);
683 undef $query_string ;
684 }
685# YL: End Change for XML handler 10/19/2001
686
54310121 687 # We now have the query string in hand. We do slightly
688 # different things for keyword lists and parameter lists.
ba056755 689 if (defined $query_string && length $query_string) {
3d1a2ec4 690 if ($query_string =~ /[&=;]/) {
54310121 691 $self->parse_params($query_string);
692 } else {
693 $self->add_parameter('keywords');
694 $self->{'keywords'} = [$self->parse_keywordlist($query_string)];
695 }
696 }
697
698 # Special case. Erase everything if there is a field named
699 # .defaults.
700 if ($self->param('.defaults')) {
e70cb7eb 701 $self->delete_all();
54310121 702 }
703
704 # Associative array containing our defined fieldnames
705 $self->{'.fieldnames'} = {};
706 foreach ($self->param('.cgifields')) {
707 $self->{'.fieldnames'}->{$_}++;
708 }
709
710 # Clear out our default submission button flag if present
711 $self->delete('.submit');
712 $self->delete('.cgifields');
3d1a2ec4 713
8f3ccfa2 714 $self->save_request unless defined $initializer;
54310121 715}
716
54310121 717# FUNCTIONS TO OVERRIDE:
54310121 718# Turn a string into a filehandle
719sub to_filehandle {
424ec8fa
GS		 720 my $thingy = shift;
721 return undef unless $thingy;
722 return $thingy if UNIVERSAL::isa($thingy,'GLOB');
723 return $thingy if UNIVERSAL::isa($thingy,'FileHandle');
724 if (!ref($thingy)) {
725 my $caller = 1;
726 while (my $package = caller($caller++)) {
727 my($tmp) = $thingy=~/[\':]/ ? $thingy : "$package\:\:$thingy";
728 return $tmp if defined(fileno($tmp));
729 }
54310121 730 }
424ec8fa 731 return undef;
54310121 732}
733
734# send output to the browser
735sub put {
736 my($self,@p) = self_or_default(@_);
737 $self->print(@p);
738}
739
740# print to standard output (for overriding in mod_perl)
741sub print {
742 shift;
743 CORE::print(@_);
744}
745
3538e1d5
GS		 746# get/set last cgi_error
747sub cgi_error {
748 my ($self,$err) = self_or_default(@_);
749 $self->{'.cgi_error'} = $err if defined $err;
750 return $self->{'.cgi_error'};
751}
752
54310121 753sub save_request {
754 my($self) = @_;
755 # We're going to play with the package globals now so that if we get called
756 # again, we initialize ourselves in exactly the same way. This allows
757 # us to have several of these objects.
758 @QUERY_PARAM = $self->param; # save list of parameters
759 foreach (@QUERY_PARAM) {
3d1a2ec4
GS		 760 next unless defined $_;
761 $QUERY_PARAM{$_}=$self->{$_};
54310121 762 }
d45d855d
JH		 763 $QUERY_CHARSET = $self->charset;
764 %QUERY_FIELDNAMES = %{$self->{'.fieldnames'}};
54310121 765}
766
54310121 767sub parse_params {
768 my($self,$tosplit) = @_;
71f3e297 769 my(@pairs) = split(/[&;]/,$tosplit);
54310121 770 my($param,$value);
771 foreach (@pairs) {
424ec8fa 772 ($param,$value) = split('=',$_,2);
b2d0d414 773 next unless defined $param;
69c89ae7 774 next if $NO_UNDEF_PARAMS and not defined $value;
3d1a2ec4 775 $value = '' unless defined $value;
424ec8fa
GS		 776 $param = unescape($param);
777 $value = unescape($value);
54310121 778 $self->add_parameter($param);
779 push (@{$self->{$param}},$value);
780 }
781}
782
783sub add_parameter {
784 my($self,$param)=@_;
3d1a2ec4 785 return unless defined $param;
54310121 786 push (@{$self->{'.parameters'}},$param)
787 unless defined($self->{$param});
788}
789
790sub all_parameters {
791 my $self = shift;
792 return () unless defined($self) && $self->{'.parameters'};
793 return () unless @{$self->{'.parameters'}};
794 return @{$self->{'.parameters'}};
795}
796
424ec8fa
GS		 797# put a filehandle into binary mode (DOS)
798sub binmode {
2ed511ec 799 return unless defined($_[1]) && defined fileno($_[1]);
424ec8fa
GS		 800 CORE::binmode($_[1]);
801}
802
803sub _make_tag_func {
71f3e297 804 my ($self,$tagname) = @_;
3538e1d5 805 my $func = qq(
3d1a2ec4 806 sub $tagname {
8f3ccfa2
JH		 807 my (\$q,\$a,\@rest) = self_or_default(\@_);
808 my(\$attr) = '';
809 if (ref(\$a) && ref(\$a) eq 'HASH') {
810 my(\@attr) = make_attributes(\$a,\$q->{'escape'});
811 \$attr = " \@attr" if \@attr;
812 } else {
1c87da1d 813 unshift \@rest,\$a if defined \$a;
8f3ccfa2 814 }
3538e1d5 815 );
71f3e297 816 if ($tagname=~/start_(\w+)/i) {
6b4ac661 817 $func .= qq! return "<\L$1\E\$attr>";} !;
71f3e297 818 } elsif ($tagname=~/end_(\w+)/i) {
6b4ac661 819 $func .= qq! return "<\L/$1\E>"; } !;
71f3e297
JH		 820 } else {
821 $func .= qq#
1c87da1d 822 return \$XHTML ? "\L<$tagname\E\$attr />" : "\L<$tagname\E\$attr>" unless \@rest;
6b4ac661 823 my(\$tag,\$untag) = ("\L<$tagname\E\$attr>","\L</$tagname>\E");
3d1a2ec4 824 my \@result = map { "\$tag\$_\$untag" }
8f3ccfa2 825 (ref(\$rest[0]) eq 'ARRAY') ? \@{\$rest[0]} : "\@rest";
424ec8fa 826 return "\@result";
71f3e297
JH		 827 }#;
828 }
829return $func;
54310121 830}
831
832sub AUTOLOAD {
833 print STDERR "CGI::AUTOLOAD for $AUTOLOAD\n" if $CGI::AUTOLOAD_DEBUG;
424ec8fa
GS		 834 my $func = &_compile;
835 goto &$func;
54310121 836}
837
424ec8fa
GS		 838sub _compile {
839 my($func) = $AUTOLOAD;
840 my($pack,$func_name);
841 {
842 local($1,$2); # this fixes an obscure variable suicide problem.
843 $func=~/(.+)::([^:]+)$/;
844 ($pack,$func_name) = ($1,$2);
845 $pack=~s/::SUPER$//; # fix another obscure problem
846 $pack = ${"$pack\:\:AutoloadClass"} || $CGI::DefaultClass
847 unless defined(${"$pack\:\:AUTOLOADED_ROUTINES"});
848
849 my($sub) = \%{"$pack\:\:SUBS"};
850 unless (%$sub) {
851 my($auto) = \${"$pack\:\:AUTOLOADED_ROUTINES"};
29ddc2a4 852 local ($@,$!);
424ec8fa 853 eval "package $pack; $$auto";
ba056755 854 croak("$AUTOLOAD: $@") if $@;
424ec8fa
GS		 855 $$auto = ''; # Free the unneeded storage (but don't undef it!!!)
856 }
857 my($code) = $sub->{$func_name};
858
859 $code = "sub $AUTOLOAD { }" if (!$code and $func_name eq 'DESTROY');
860 if (!$code) {
71f3e297 861 (my $base = $func_name) =~ s/^(start_|end_)//i;
424ec8fa
GS		 862 if ($EXPORT{':any'} ||
863 $EXPORT{'-any'} ||
71f3e297 864 $EXPORT{$base} ||
424ec8fa 865 (%EXPORT_OK || grep(++$EXPORT_OK{$_},&expand_tags(':html')))
71f3e297
JH		 866 && $EXPORT_OK{$base}) {
867 $code = $CGI::DefaultClass->_make_tag_func($func_name);
424ec8fa
GS		 868 }
869 }
ba056755 870 croak("Undefined subroutine $AUTOLOAD\n") unless $code;
29ddc2a4 871 local ($@,$!);
424ec8fa
GS		 872 eval "package $pack; $code";
873 if ($@) {
874 $@ =~ s/ at .*\n//;
ba056755 875 croak("$AUTOLOAD: $@");
424ec8fa
GS		 876 }
877 }
3538e1d5 878 CORE::delete($sub->{$func_name}); #free storage
424ec8fa
GS		 879 return "$pack\:\:$func_name";
880}
881
3acbd4f5
JH		 882sub _selected {
883 my $self = shift;
884 my $value = shift;
885 return '' unless $value;
0a9bdad4 886 return $XHTML ? qq(selected="selected" ) : qq(selected );
3acbd4f5
JH		 887}
888
889sub _checked {
890 my $self = shift;
891 my $value = shift;
892 return '' unless $value;
0a9bdad4 893 return $XHTML ? qq(checked="checked" ) : qq(checked );
3acbd4f5
JH		 894}
895
424ec8fa
GS		 896sub _reset_globals { initialize_globals(); }
897
898sub _setup_symbols {
899 my $self = shift;
900 my $compile = 0;
b2d0d414
JH		 901
902 # to avoid reexporting unwanted variables
903 undef %EXPORT;
904
424ec8fa 905 foreach (@_) {
71f3e297
JH		 906 $HEADERS_ONCE++, next if /^[:-]unique_headers$/;
907 $NPH++, next if /^[:-]nph$/;
3d1a2ec4
GS		 908 $NOSTICKY++, next if /^[:-]nosticky$/;
909 $DEBUG=0, next if /^[:-]no_?[Dd]ebug$/;
910 $DEBUG=2, next if /^[:-][Dd]ebug$/;
71f3e297 911 $USE_PARAM_SEMICOLONS++, next if /^[:-]newstyle_urls$/;
6b4ac661
JH		 912 $XHTML++, next if /^[:-]xhtml$/;
913 $XHTML=0, next if /^[:-]no_?xhtml$/;
3d1a2ec4 914 $USE_PARAM_SEMICOLONS=0, next if /^[:-]oldstyle_urls$/;
71f3e297 915 $PRIVATE_TEMPFILES++, next if /^[:-]private_tempfiles$/;
0a9bdad4 916 $TABINDEX++, next if /^[:-]tabindex$/;
13548fdf 917 $CLOSE_UPLOAD_FILES++, next if /^[:-]close_upload_files$/;
71f3e297
JH		 918 $EXPORT{$_}++, next if /^[:-]any$/;
919 $compile++, next if /^[:-]compile$/;
199d4a26 920 $NO_UNDEF_PARAMS++, next if /^[:-]no_undef_params$/;
424ec8fa 921
71f3e297 922 # This is probably extremely evil code -- to be deleted some day.
424ec8fa
GS		 923 if (/^[-]autoload$/) {
924 my($pkg) = caller(1);
925 *{"${pkg}::AUTOLOAD"} = sub {
926 my($routine) = $AUTOLOAD;
927 $routine =~ s/^.*::/CGI::/;
928 &$routine;
929 };
930 next;
931 }
932
933 foreach (&expand_tags($_)) {
934 tr/a-zA-Z0-9_//cd; # don't allow weird function names
935 $EXPORT{$_}++;
54310121 936 }
54310121 937 }
424ec8fa 938 _compile_all(keys %EXPORT) if $compile;
188ba755 939 @SAVED_SYMBOLS = @_;
54310121 940}
941
3d1a2ec4
GS		 942sub charset {
943 my ($self,$charset) = self_or_default(@_);
944 $self->{'.charset'} = $charset if defined $charset;
945 $self->{'.charset'};
946}
947
29ddc2a4
RGS		 948sub element_id {
949 my ($self,$new_value) = self_or_default(@_);
950 $self->{'.elid'} = $new_value if defined $new_value;
951 sprintf('%010d',$self->{'.elid'}++);
952}
953
954sub element_tab {
955 my ($self,$new_value) = self_or_default(@_);
70194bd6 956 $self->{'.etab'} ||= 1;
29ddc2a4 957 $self->{'.etab'} = $new_value if defined $new_value;
0a9bdad4
SP		 958 my $tab = $self->{'.etab'}++;
959 return '' unless $TABINDEX or defined $new_value;
960 return qq(tabindex="$tab" );
29ddc2a4
RGS		 961}
962
54310121 963###############################################################################
964################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
965###############################################################################
966$AUTOLOADED_ROUTINES = ''; # get rid of -w warning
967$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
968
969%SUBS = (
970
971'URL_ENCODED'=> <<'END_OF_FUNC',
972sub URL_ENCODED { 'application/x-www-form-urlencoded'; }
973END_OF_FUNC
974
975'MULTIPART' => <<'END_OF_FUNC',
976sub MULTIPART { 'multipart/form-data'; }
977END_OF_FUNC
978
424ec8fa 979'SERVER_PUSH' => <<'END_OF_FUNC',
ba056755 980sub SERVER_PUSH { 'multipart/x-mixed-replace;boundary="' . shift() . '"'; }
424ec8fa
GS		 981END_OF_FUNC
982
424ec8fa
GS		 983'new_MultipartBuffer' => <<'END_OF_FUNC',
984# Create a new multipart buffer
985sub new_MultipartBuffer {
2ed511ec
RGS		 986 my($self,$boundary,$length) = @_;
987 return MultipartBuffer->new($self,$boundary,$length);
424ec8fa
GS		 988}
989END_OF_FUNC
990
991'read_from_client' => <<'END_OF_FUNC',
992# Read data from a file handle
993sub read_from_client {
2ed511ec 994 my($self, $buff, $len, $offset) = @_;
424ec8fa 995 local $^W=0; # prevent a warning
2ed511ec
RGS		 996 return $MOD_PERL
997 ? $self->r->read($$buff, $len, $offset)
998 : read(\*STDIN, $$buff, $len, $offset);
424ec8fa
GS		 999}
1000END_OF_FUNC
1001
1002'delete' => <<'END_OF_FUNC',
1003#### Method: delete
1004# Deletes the named parameter entirely.
1005####
1006sub delete {
6b4ac661 1007 my($self,@p) = self_or_default(@_);
1c87da1d
JH		 1008 my(@names) = rearrange([NAME],@p);
1009 my @to_delete = ref($names[0]) eq 'ARRAY' ? @$names[0] : @names;
8f3ccfa2
JH		 1010 my %to_delete;
1011 foreach my $name (@to_delete)
1012 {
1013 CORE::delete $self->{$name};
1014 CORE::delete $self->{'.fieldnames'}->{$name};
1015 $to_delete{$name}++;
188ba755 1016 }
8f3ccfa2 1017 @{$self->{'.parameters'}}=grep { !exists($to_delete{$_}) } $self->param();
13548fdf 1018 return;
424ec8fa
GS		 1019}
1020END_OF_FUNC
1021
1022#### Method: import_names
1023# Import all parameters into the given namespace.
1024# Assumes namespace 'Q' if not specified
1025####
1026'import_names' => <<'END_OF_FUNC',
1027sub import_names {
1028 my($self,$namespace,$delete) = self_or_default(@_);
1029 $namespace = 'Q' unless defined($namespace);
1030 die "Can't import names into \"main\"\n" if \%{"${namespace}::"} == \%::;
3538e1d5 1031 if ($delete || $MOD_PERL || exists $ENV{'FCGI_ROLE'}) {
424ec8fa
GS		 1032 # can anyone find an easier way to do this?
1033 foreach (keys %{"${namespace}::"}) {
1034 local *symbol = "${namespace}::${_}";
1035 undef $symbol;
1036 undef @symbol;
1037 undef %symbol;
54310121 1038 }
424ec8fa
GS		 1039 }
1040 my($param,@value,$var);
1041 foreach $param ($self->param) {
1042 # protect against silly names
1043 ($var = $param)=~tr/a-zA-Z0-9_/_/c;
1044 $var =~ s/^(?=\d)/_/;
1045 local *symbol = "${namespace}::$var";
1046 @value = $self->param($param);
1047 @symbol = @value;
1048 $symbol = $value[0];
54310121 1049 }
1050}
1051END_OF_FUNC
1052
1053#### Method: keywords
1054# Keywords acts a bit differently. Calling it in a list context
1055# returns the list of keywords.
1056# Calling it in a scalar context gives you the size of the list.
1057####
1058'keywords' => <<'END_OF_FUNC',
1059sub keywords {
1060 my($self,@values) = self_or_default(@_);
1061 # If values is provided, then we set it.
475342a6 1062 $self->{'keywords'}=[@values] if @values;
424ec8fa 1063 my(@result) = defined($self->{'keywords'}) ? @{$self->{'keywords'}} : ();
54310121 1064 @result;
1065}
1066END_OF_FUNC
1067
1068# These are some tie() interfaces for compatibility
1069# with Steve Brenner's cgi-lib.pl routines
3538e1d5
GS		 1070'Vars' => <<'END_OF_FUNC',
1071sub Vars {
ffd2dff2 1072 my $q = shift;
3538e1d5 1073 my %in;
ffd2dff2 1074 tie(%in,CGI,$q);
3538e1d5
GS		 1075 return %in if wantarray;
1076 return \%in;
1077}
1078END_OF_FUNC
1079
1080# These are some tie() interfaces for compatibility
1081# with Steve Brenner's cgi-lib.pl routines
54310121 1082'ReadParse' => <<'END_OF_FUNC',
1083sub ReadParse {
1084 local(*in);
1085 if (@_) {
1086 *in = $_[0];
1087 } else {
1088 my $pkg = caller();
1089 *in=*{"${pkg}::in"};
1090 }
1091 tie(%in,CGI);
424ec8fa 1092 return scalar(keys %in);
54310121 1093}
1094END_OF_FUNC
1095
1096'PrintHeader' => <<'END_OF_FUNC',
1097sub PrintHeader {
1098 my($self) = self_or_default(@_);
1099 return $self->header();
1100}
1101END_OF_FUNC
1102
1103'HtmlTop' => <<'END_OF_FUNC',
1104sub HtmlTop {
1105 my($self,@p) = self_or_default(@_);
1106 return $self->start_html(@p);
1107}
1108END_OF_FUNC
1109
1110'HtmlBot' => <<'END_OF_FUNC',
1111sub HtmlBot {
1112 my($self,@p) = self_or_default(@_);
1113 return $self->end_html(@p);
1114}
1115END_OF_FUNC
1116
1117'SplitParam' => <<'END_OF_FUNC',
1118sub SplitParam {
1119 my ($param) = @_;
1120 my (@params) = split ("\0", $param);
1121 return (wantarray ? @params : $params[0]);
1122}
1123END_OF_FUNC
1124
1125'MethGet' => <<'END_OF_FUNC',
1126sub MethGet {
1127 return request_method() eq 'GET';
1128}
1129END_OF_FUNC
1130
1131'MethPost' => <<'END_OF_FUNC',
1132sub MethPost {
1133 return request_method() eq 'POST';
1134}
1135END_OF_FUNC
1136
1137'TIEHASH' => <<'END_OF_FUNC',
8f3ccfa2
JH		 1138sub TIEHASH {
1139 my $class = shift;
1140 my $arg = $_[0];
1141 if (ref($arg) && UNIVERSAL::isa($arg,'CGI')) {
1142 return $arg;
1143 }
1144 return $Q ||= $class->new(@_);
54310121 1145}
1146END_OF_FUNC
1147
1148'STORE' => <<'END_OF_FUNC',
1149sub STORE {
3d1a2ec4
GS		 1150 my $self = shift;
1151 my $tag = shift;
6b4ac661
JH		 1152 my $vals = shift;
1153 my @vals = index($vals,"\0")!=-1 ? split("\0",$vals) : $vals;
3d1a2ec4 1154 $self->param(-name=>$tag,-value=>\@vals);
54310121 1155}
1156END_OF_FUNC
1157
1158'FETCH' => <<'END_OF_FUNC',
1159sub FETCH {
1160 return $_[0] if $_[1] eq 'CGI';
1161 return undef unless defined $_[0]->param($_[1]);
1162 return join("\0",$_[0]->param($_[1]));
1163}
1164END_OF_FUNC
1165
1166'FIRSTKEY' => <<'END_OF_FUNC',
1167sub FIRSTKEY {
1168 $_[0]->{'.iterator'}=0;
1169 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++];
1170}
1171END_OF_FUNC
1172
1173'NEXTKEY' => <<'END_OF_FUNC',
1174sub NEXTKEY {
1175 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++];
1176}
1177END_OF_FUNC
1178
1179'EXISTS' => <<'END_OF_FUNC',
1180sub EXISTS {
1181 exists $_[0]->{$_[1]};
1182}
1183END_OF_FUNC
1184
1185'DELETE' => <<'END_OF_FUNC',
1186sub DELETE {
1187 $_[0]->delete($_[1]);
1188}
1189END_OF_FUNC
1190
1191'CLEAR' => <<'END_OF_FUNC',
1192sub CLEAR {
1193 %{$_[0]}=();
1194}
1195####
1196END_OF_FUNC
1197
1198####
1199# Append a new value to an existing query
1200####
1201'append' => <<'EOF',
1202sub append {
7dc108d1 1203 my($self,@p) = self_or_default(@_);
3d1a2ec4 1204 my($name,$value) = rearrange([NAME,[VALUE,VALUES]],@p);
54310121 1205 my(@values) = defined($value) ? (ref($value) ? @{$value} : $value) : ();
1206 if (@values) {
1207 $self->add_parameter($name);
1208 push(@{$self->{$name}},@values);
1209 }
1210 return $self->param($name);
1211}
1212EOF
1213
1214#### Method: delete_all
1215# Delete all parameters
1216####
1217'delete_all' => <<'EOF',
1218sub delete_all {
1219 my($self) = self_or_default(@_);
1c87da1d 1220 my @param = $self->param();
8f3ccfa2 1221 $self->delete(@param);
54310121 1222}
1223EOF
1224
424ec8fa
GS		 1225'Delete' => <<'EOF',
1226sub Delete {
1227 my($self,@p) = self_or_default(@_);
1228 $self->delete(@p);
1229}
1230EOF
1231
1232'Delete_all' => <<'EOF',
1233sub Delete_all {
1234 my($self,@p) = self_or_default(@_);
1235 $self->delete_all(@p);
1236}
1237EOF
1238
54310121 1239#### Method: autoescape
1240# If you want to turn off the autoescaping features,
1241# call this method with undef as the argument
1242'autoEscape' => <<'END_OF_FUNC',
1243sub autoEscape {
1244 my($self,$escape) = self_or_default(@_);
188ba755
JH		 1245 my $d = $self->{'escape'};
1246 $self->{'escape'} = $escape;
1247 $d;
54310121 1248}
1249END_OF_FUNC
1250
1251
1252#### Method: version
1253# Return the current version
1254####
1255'version' => <<'END_OF_FUNC',
1256sub version {
1257 return $VERSION;
1258}
1259END_OF_FUNC
1260
424ec8fa
GS		 1261#### Method: url_param
1262# Return a parameter in the QUERY_STRING, regardless of
1263# whether this was a POST or a GET
1264####
1265'url_param' => <<'END_OF_FUNC',
1266sub url_param {
1267 my ($self,@p) = self_or_default(@_);
1268 my $name = shift(@p);
1269 return undef unless exists($ENV{QUERY_STRING});
1270 unless (exists($self->{'.url_param'})) {
1271 $self->{'.url_param'}={}; # empty hash
1272 if ($ENV{QUERY_STRING} =~ /=/) {
71f3e297 1273 my(@pairs) = split(/[&;]/,$ENV{QUERY_STRING});
424ec8fa
GS		 1274 my($param,$value);
1275 foreach (@pairs) {
1276 ($param,$value) = split('=',$_,2);
1277 $param = unescape($param);
1278 $value = unescape($value);
1279 push(@{$self->{'.url_param'}->{$param}},$value);
1280 }
1281 } else {
1282 $self->{'.url_param'}->{'keywords'} = [$self->parse_keywordlist($ENV{QUERY_STRING})];
1283 }
1284 }
1285 return keys %{$self->{'.url_param'}} unless defined($name);
1286 return () unless $self->{'.url_param'}->{$name};
1287 return wantarray ? @{$self->{'.url_param'}->{$name}}
1288 : $self->{'.url_param'}->{$name}->[0];
1289}
1290END_OF_FUNC
1291
3d1a2ec4 1292#### Method: Dump
54310121 1293# Returns a string in which all the known parameter/value
1294# pairs are represented as nested lists, mainly for the purposes
1295# of debugging.
1296####
3d1a2ec4
GS		 1297'Dump' => <<'END_OF_FUNC',
1298sub Dump {
54310121 1299 my($self) = self_or_default(@_);
1300 my($param,$value,@result);
3acbd4f5
JH		 1301 return '<ul></ul>' unless $self->param;
1302 push(@result,"<ul>");
54310121 1303 foreach $param ($self->param) {
1304 my($name)=$self->escapeHTML($param);
1c87da1d 1305 push(@result,"<li><strong>$param</strong></li>");
3acbd4f5 1306 push(@result,"<ul>");
54310121 1307 foreach $value ($self->param($param)) {
1308 $value = $self->escapeHTML($value);
58129083 1309 $value =~ s/\n/<br \/>\n/g;
1c87da1d 1310 push(@result,"<li>$value</li>");
54310121 1311 }
3acbd4f5 1312 push(@result,"</ul>");
54310121 1313 }
3acbd4f5 1314 push(@result,"</ul>");
54310121 1315 return join("\n",@result);
1316}
1317END_OF_FUNC
1318
424ec8fa
GS		 1319#### Method as_string
1320#
1321# synonym for "dump"
1322####
1323'as_string' => <<'END_OF_FUNC',
1324sub as_string {
3d1a2ec4 1325 &Dump(@_);
424ec8fa
GS		 1326}
1327END_OF_FUNC
1328
1329#### Method: save
1330# Write values out to a filehandle in such a way that they can
1331# be reinitialized by the filehandle form of the new() method
54310121 1332####
1333'save' => <<'END_OF_FUNC',
1334sub save {
1335 my($self,$filehandle) = self_or_default(@_);
54310121 1336 $filehandle = to_filehandle($filehandle);
424ec8fa
GS		 1337 my($param);
1338 local($,) = ''; # set print field separator back to a sane value
71f3e297 1339 local($\) = ''; # set output line separator to a sane value
54310121 1340 foreach $param ($self->param) {
424ec8fa 1341 my($escaped_param) = escape($param);
54310121 1342 my($value);
1343 foreach $value ($self->param($param)) {
3538e1d5 1344 print $filehandle "$escaped_param=",escape("$value"),"\n";
54310121 1345 }
1346 }
d45d855d
JH		 1347 foreach (keys %{$self->{'.fieldnames'}}) {
1348 print $filehandle ".cgifields=",escape("$_"),"\n";
1349 }
54310121 1350 print $filehandle "=\n"; # end of record
1351}
1352END_OF_FUNC
1353
1354
424ec8fa
GS		 1355#### Method: save_parameters
1356# An alias for save() that is a better name for exportation.
1357# Only intended to be used with the function (non-OO) interface.
1358####
1359'save_parameters' => <<'END_OF_FUNC',
1360sub save_parameters {
1361 my $fh = shift;
1362 return save(to_filehandle($fh));
1363}
1364END_OF_FUNC
1365
1366#### Method: restore_parameters
1367# A way to restore CGI parameters from an initializer.
1368# Only intended to be used with the function (non-OO) interface.
1369####
1370'restore_parameters' => <<'END_OF_FUNC',
1371sub restore_parameters {
1372 $Q = $CGI::DefaultClass->new(@_);
1373}
1374END_OF_FUNC
1375
1376#### Method: multipart_init
1377# Return a Content-Type: style header for server-push
ba056755 1378# This has to be NPH on most web servers, and it is advisable to set $| = 1
424ec8fa
GS		 1379#
1380# Many thanks to Ed Jordan <ed@fidalgo.net> for this
ba056755 1381# contribution, updated by Andrew Benham (adsb@bigfoot.com)
424ec8fa
GS		 1382####
1383'multipart_init' => <<'END_OF_FUNC',
1384sub multipart_init {
1385 my($self,@p) = self_or_default(@_);
3d1a2ec4 1386 my($boundary,@other) = rearrange([BOUNDARY],@p);
424ec8fa 1387 $boundary = $boundary || '------- =_aaaaaaaaaa0';
ba056755
JH		 1388 $self->{'separator'} = "$CRLF--$boundary$CRLF";
1389 $self->{'final_separator'} = "$CRLF--$boundary--$CRLF";
424ec8fa
GS		 1390 $type = SERVER_PUSH($boundary);
1391 return $self->header(
13548fdf 1392 -nph => 0,
424ec8fa
GS		 1393 -type => $type,
1394 (map { split "=", $_, 2 } @other),
ba056755 1395 ) . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $self->multipart_end;
424ec8fa
GS		 1396}
1397END_OF_FUNC
1398
1399
1400#### Method: multipart_start
1401# Return a Content-Type: style header for server-push, start of section
1402#
1403# Many thanks to Ed Jordan <ed@fidalgo.net> for this
ba056755 1404# contribution, updated by Andrew Benham (adsb@bigfoot.com)
424ec8fa
GS		 1405####
1406'multipart_start' => <<'END_OF_FUNC',
1407sub multipart_start {
ba056755 1408 my(@header);
424ec8fa 1409 my($self,@p) = self_or_default(@_);
3d1a2ec4 1410 my($type,@other) = rearrange([TYPE],@p);
424ec8fa 1411 $type = $type || 'text/html';
ba056755
JH		 1412 push(@header,"Content-Type: $type");
1413
1414 # rearrange() was designed for the HTML portion, so we
1415 # need to fix it up a little.
1416 foreach (@other) {
8f3ccfa2
JH		 1417 # Don't use \s because of perl bug 21951
1418 next unless my($header,$value) = /([^ \r\n\t=]+)=\"?(.+?)\"?$/;
ba056755
JH		 1419 ($_ = $header) =~ s/^(\w)(.*)/$1 . lc ($2) . ': '.$self->unescapeHTML($value)/e;
1420 }
1421 push(@header,@other);
1422 my $header = join($CRLF,@header)."${CRLF}${CRLF}";
1423 return $header;
424ec8fa
GS		 1424}
1425END_OF_FUNC
1426
1427
1428#### Method: multipart_end
ba056755 1429# Return a MIME boundary separator for server-push, end of section
424ec8fa
GS		 1430#
1431# Many thanks to Ed Jordan <ed@fidalgo.net> for this
1432# contribution
1433####
1434'multipart_end' => <<'END_OF_FUNC',
1435sub multipart_end {
1436 my($self,@p) = self_or_default(@_);
1437 return $self->{'separator'};
1438}
1439END_OF_FUNC
1440
1441
ba056755
JH		 1442#### Method: multipart_final
1443# Return a MIME boundary separator for server-push, end of all sections
1444#
1445# Contributed by Andrew Benham (adsb@bigfoot.com)
1446####
1447'multipart_final' => <<'END_OF_FUNC',
1448sub multipart_final {
1449 my($self,@p) = self_or_default(@_);
1450 return $self->{'final_separator'} . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $CRLF;
1451}
1452END_OF_FUNC
1453
1454
54310121 1455#### Method: header
1456# Return a Content-Type: style header
1457#
1458####
1459'header' => <<'END_OF_FUNC',
1460sub header {
1461 my($self,@p) = self_or_default(@_);
1462 my(@header);
1463
2ed511ec 1464 return "" if $self->{'.header_printed'}++ and $HEADERS_ONCE;
71f3e297 1465
8f3ccfa2 1466 my($type,$status,$cookie,$target,$expires,$nph,$charset,$attachment,$p3p,@other) =
3d1a2ec4
GS		 1467 rearrange([['TYPE','CONTENT_TYPE','CONTENT-TYPE'],
1468 'STATUS',['COOKIE','COOKIES'],'TARGET',
6b4ac661 1469 'EXPIRES','NPH','CHARSET',
8f3ccfa2 1470 'ATTACHMENT','P3P'],@p);
3d1a2ec4
GS		 1471
1472 $nph ||= $NPH;
55b5d700
SP		 1473
1474 $type ||= 'text/html' unless defined($type);
1475
3d1a2ec4
GS		 1476 if (defined $charset) {
1477 $self->charset($charset);
1478 } else {
55b5d700 1479 $charset = $self->charset if $type =~ /^text\//;
3d1a2ec4 1480 }
cb3b230c 1481 $charset ||= '';
54310121 1482
1483 # rearrange() was designed for the HTML portion, so we
1484 # need to fix it up a little.
1485 foreach (@other) {
8f3ccfa2
JH		 1486 # Don't use \s because of perl bug 21951
1487 next unless my($header,$value) = /([^ \r\n\t=]+)=\"?(.+?)\"?$/;
1488 ($_ = $header) =~ s/^(\w)(.*)/"\u$1\L$2" . ': '.$self->unescapeHTML($value)/e;
54310121 1489 }
1490
cd755de4
JJ		 1491 $type .= "; charset=$charset"
1492 if $type ne ''
1493 and $type !~ /\bcharset\b/
1494 and defined $charset
1495 and $charset ne '';
54310121 1496
424ec8fa
GS		 1497 # Maybe future compatibility. Maybe not.
1498 my $protocol = $ENV{SERVER_PROTOCOL} || 'HTTP/1.0';
1499 push(@header,$protocol . ' ' . ($status || '200 OK')) if $nph;
ba056755 1500 push(@header,"Server: " . &server_software()) if $nph;
424ec8fa 1501
54310121 1502 push(@header,"Status: $status") if $status;
424ec8fa 1503 push(@header,"Window-Target: $target") if $target;
8f3ccfa2
JH		 1504 if ($p3p) {
1505 $p3p = join ' ',@$p3p if ref($p3p) eq 'ARRAY';
1506 push(@header,qq(P3P: policyref="/w3c/p3p.xml", CP="$p3p"));
1507 }
54310121 1508 # push all the cookies -- there may be several
1509 if ($cookie) {
424ec8fa 1510 my(@cookie) = ref($cookie) && ref($cookie) eq 'ARRAY' ? @{$cookie} : $cookie;
54310121 1511 foreach (@cookie) {
71f3e297
JH		 1512 my $cs = UNIVERSAL::isa($_,'CGI::Cookie') ? $_->as_string : $_;
1513 push(@header,"Set-Cookie: $cs") if $cs ne '';
54310121 1514 }
1515 }
1516 # if the user indicates an expiration time, then we need
1517 # both an Expires and a Date header (so that the browser is
1518 # uses OUR clock)
424ec8fa 1519 push(@header,"Expires: " . expires($expires,'http'))
7d37aa8e 1520 if $expires;
ba056755 1521 push(@header,"Date: " . expires(0,'http')) if $expires || $cookie || $nph;
54310121 1522 push(@header,"Pragma: no-cache") if $self->cache();
6b4ac661 1523 push(@header,"Content-Disposition: attachment; filename=\"$attachment\"") if $attachment;
69c89ae7 1524 push(@header,map {ucfirst $_} @other);
71f3e297 1525 push(@header,"Content-Type: $type") if $type ne '';
424ec8fa
GS		 1526 my $header = join($CRLF,@header)."${CRLF}${CRLF}";
1527 if ($MOD_PERL and not $nph) {
8f3ccfa2
JH		 1528 $self->r->send_cgi_header($header);
1529 return '';
424ec8fa
GS		 1530 }
1531 return $header;
54310121 1532}
1533END_OF_FUNC
1534
1535
1536#### Method: cache
1537# Control whether header() will produce the no-cache
1538# Pragma directive.
1539####
1540'cache' => <<'END_OF_FUNC',
1541sub cache {
1542 my($self,$new_value) = self_or_default(@_);
1543 $new_value = '' unless $new_value;
1544 if ($new_value ne '') {
1545 $self->{'cache'} = $new_value;
1546 }
1547 return $self->{'cache'};
1548}
1549END_OF_FUNC
1550
1551
1552#### Method: redirect
1553# Return a Location: style header
1554#
1555####
1556'redirect' => <<'END_OF_FUNC',
1557sub redirect {
1558 my($self,@p) = self_or_default(@_);
13548fdf
RGS		 1559 my($url,$target,$status,$cookie,$nph,@other) =
1560 rearrange([[LOCATION,URI,URL],TARGET,STATUS,['COOKIE','COOKIES'],NPH],@p);
55b5d700 1561 $status = '302 Found' unless defined $status;
6b4ac661 1562 $url ||= $self->self_url;
54310121 1563 my(@o);
424ec8fa
GS		 1564 foreach (@other) { tr/\"//d; push(@o,split("=",$_,2)); }
1565 unshift(@o,
13548fdf 1566 '-Status' => $status,
8f3ccfa2
JH		 1567 '-Location'=> $url,
1568 '-nph' => $nph);
424ec8fa 1569 unshift(@o,'-Target'=>$target) if $target;
71f3e297 1570 unshift(@o,'-Type'=>'');
8f3ccfa2
JH		 1571 my @unescaped;
1572 unshift(@unescaped,'-Cookie'=>$cookie) if $cookie;
1573 return $self->header((map {$self->unescapeHTML($_)} @o),@unescaped);
54310121 1574}
1575END_OF_FUNC
1576
1577
1578#### Method: start_html
1579# Canned HTML header
1580#
1581# Parameters:
1582# $title -> (optional) The title for this HTML document (-title)
1583# $author -> (optional) e-mail address of the author (-author)
1584# $base -> (optional) if set to true, will enter the BASE address of this document
1585# for resolving relative references (-base)
1586# $xbase -> (optional) alternative base at some remote location (-xbase)
1587# $target -> (optional) target window to load all links into (-target)
1588# $script -> (option) Javascript code (-script)
47e3cabd 1589# $no_script -> (option) Javascript <noscript> tag (-noscript)
54310121 1590# $meta -> (optional) Meta information tags
3acbd4f5 1591# $head -> (optional) any other elements you'd like to incorporate into the <head> tag
7d37aa8e
LS		 1592# (a scalar or array ref)
1593# $style -> (optional) reference to an external style sheet
54310121 1594# @other -> (optional) any other named parameters you'd like to incorporate into
3acbd4f5 1595# the <body> tag.
54310121 1596####
1597'start_html' => <<'END_OF_FUNC',
1598sub start_html {
1599 my($self,@p) = &self_or_default(@_);
ac734d8b 1600 my($title,$author,$base,$xbase,$script,$noscript,
29ddc2a4
RGS		 1601 $target,$meta,$head,$style,$dtd,$lang,$encoding,$declare_xml,@other) =
1602 rearrange([TITLE,AUTHOR,BASE,XBASE,SCRIPT,NOSCRIPT,TARGET,
1603 META,HEAD,STYLE,DTD,LANG,ENCODING,DECLARE_XML],@p);
1604
1605 $self->element_id(0);
1606 $self->element_tab(0);
ac734d8b 1607
55b5d700 1608 $encoding = lc($self->charset) unless defined $encoding;
54310121 1609
13548fdf 1610 # Need to sort out the DTD before it's okay to call escapeHTML().
ba056755 1611 my(@result,$xml_dtd);
3d1a2ec4 1612 if ($dtd) {
6b4ac661 1613 if (defined(ref($dtd)) and (ref($dtd) eq 'ARRAY')) {
3d1a2ec4
GS		 1614 $dtd = $DEFAULT_DTD unless $dtd->[0] =~ m|^-//|;
1615 } else {
1616 $dtd = $DEFAULT_DTD unless $dtd =~ m|^-//|;
1617 }
1618 } else {
6b4ac661 1619 $dtd = $XHTML ? XHTML_DTD : $DEFAULT_DTD;
3d1a2ec4 1620 }
ba056755
JH		 1621
1622 $xml_dtd++ if ref($dtd) eq 'ARRAY' && $dtd->[0] =~ /\bXHTML\b/i;
1623 $xml_dtd++ if ref($dtd) eq '' && $dtd =~ /\bXHTML\b/i;
29ddc2a4 1624 push @result,qq(<?xml version="1.0" encoding="$encoding"?>) if $xml_dtd && $declare_xml;
ba056755 1625
3d1a2ec4 1626 if (ref($dtd) && ref($dtd) eq 'ARRAY') {
b2d0d414 1627 push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd->[0]"\n\t "$dtd->[1]">));
13548fdf 1628 $DTD_PUBLIC_IDENTIFIER = $dtd->[0];
3d1a2ec4 1629 } else {
03b9648d 1630 push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd">));
13548fdf
RGS		 1631 $DTD_PUBLIC_IDENTIFIER = $dtd;
1632 }
1633
1634 # Now that we know whether we're using the HTML 3.2 DTD or not, it's okay to
1635 # call escapeHTML(). Strangely enough, the title needs to be escaped as
1636 # HTML while the author needs to be escaped as a URL.
1637 $title = $self->escapeHTML($title || 'Untitled Document');
1638 $author = $self->escape($author);
1639
1640 if ($DTD_PUBLIC_IDENTIFIER =~ /[^X]HTML (2\.0|3\.2)/i) {
1641 $lang = "" unless defined $lang;
1642 $XHTML = 0;
3d1a2ec4 1643 }
13548fdf
RGS		 1644 else {
1645 $lang = 'en-US' unless defined $lang;
1646 }
1647
29ddc2a4
RGS		 1648 my $lang_bits = $lang ne '' ? qq( lang="$lang" xml:lang="$lang") : '';
1649 my $meta_bits = qq(<meta http-equiv="Content-Type" content="text/html; charset=$encoding" />)
1650 if $XHTML && $encoding && !$declare_xml;
1651
1652 push(@result,$XHTML ? qq(<html xmlns="http://www.w3.org/1999/xhtml"$lang_bits>\n<head>\n<title>$title</title>)
1653 : ($lang ? qq(<html lang="$lang">) : "<html>")
8f3ccfa2 1654 . "<head><title>$title</title>");
6b4ac661
JH		 1655 if (defined $author) {
1656 push(@result,$XHTML ? "<link rev=\"made\" href=\"mailto:$author\" />"
29ddc2a4 1657 : "<link rev=\"made\" href=\"mailto:$author\">");
6b4ac661 1658 }
54310121 1659
1660 if ($base || $xbase || $target) {
424ec8fa 1661 my $href = $xbase || $self->url('-path'=>1);
6b4ac661
JH		 1662 my $t = $target ? qq/ target="$target"/ : '';
1663 push(@result,$XHTML ? qq(<base href="$href"$t />) : qq(<base href="$href"$t>));
54310121 1664 }
1665
1666 if ($meta && ref($meta) && (ref($meta) eq 'HASH')) {
6b4ac661
JH		 1667 foreach (keys %$meta) { push(@result,$XHTML ? qq(<meta name="$_" content="$meta->{$_}" />)
1668 : qq(<meta name="$_" content="$meta->{$_}">)); }
54310121 1669 }
7d37aa8e
LS		 1670
1671 push(@result,ref($head) ? @$head : $head) if $head;
1672
424ec8fa 1673 # handle the infrequently-used -style and -script parameters
13548fdf 1674 push(@result,$self->_style($style)) if defined $style;
424ec8fa 1675 push(@result,$self->_script($script)) if defined $script;
29ddc2a4 1676 push(@result,$meta_bits) if defined $meta_bits;
424ec8fa
GS		 1677
1678 # handle -noscript parameter
1679 push(@result,<<END) if $noscript;
6b4ac661 1680<noscript>
424ec8fa 1681$noscript
6b4ac661 1682</noscript>
424ec8fa
GS		 1683END
1684 ;
1685 my($other) = @other ? " @other" : '';
29ddc2a4 1686 push(@result,"</head>\n<body$other>\n");
424ec8fa
GS		 1687 return join("\n",@result);
1688}
1689END_OF_FUNC
1690
1691### Method: _style
1692# internal method for generating a CSS style section
1693####
1694'_style' => <<'END_OF_FUNC',
1695sub _style {
1696 my ($self,$style) = @_;
1697 my (@result);
8869a4b7 1698
424ec8fa 1699 my $type = 'text/css';
0664a57d 1700 my $rel = 'stylesheet';
a3b3a725 1701
8869a4b7 1702
a3b3a725
JH		 1703 my $cdata_start = $XHTML ? "\n<!--/* <![CDATA[ */" : "\n<!-- ";
1704 my $cdata_end = $XHTML ? "\n/* ]]> */-->\n" : " -->\n";
1705
13548fdf
RGS		 1706 my @s = ref($style) eq 'ARRAY' ? @$style : $style;
1707
1708 for my $s (@s) {
1709 if (ref($s)) {
0664a57d
SP		 1710 my($src,$code,$verbatim,$stype,$alternate,$foo,@other) =
1711 rearrange([qw(SRC CODE VERBATIM TYPE ALTERNATE FOO)],
13548fdf
RGS		 1712 ('-foo'=>'bar',
1713 ref($s) eq 'ARRAY' ? @$s : %$s));
8869a4b7
SP		 1714 my $type = defined $stype ? $stype : 'text/css';
1715 my $rel = $alternate ? 'alternate stylesheet' : 'stylesheet';
13548fdf
RGS		 1716 my $other = @other ? join ' ',@other : '';
1717
1718 if (ref($src) eq "ARRAY") # Check to see if the $src variable is an array reference
1719 { # If it is, push a LINK tag for each one
1720 foreach $src (@$src)
1721 {
0664a57d
SP		 1722 push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>)
1723 : qq(<link rel="$rel" type="$type" href="$src"$other>)) if $src;
13548fdf 1724 }
6b4ac661 1725 }
13548fdf
RGS		 1726 else
1727 { # Otherwise, push the single -src, if it exists.
0664a57d
SP		 1728 push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>)
1729 : qq(<link rel="$rel" type="$type" href="$src"$other>)
13548fdf
RGS		 1730 ) if $src;
1731 }
1732 if ($verbatim) {
1733 my @v = ref($verbatim) eq 'ARRAY' ? @$verbatim : $verbatim;
1734 push(@result, "<style type=\"text/css\">\n$_\n</style>") foreach @v;
1735 }
1736 my @c = ref($code) eq 'ARRAY' ? @$code : $code if $code;
1737 push(@result,style({'type'=>$type},"$cdata_start\n$_\n$cdata_end")) foreach @c;
1738
1739 } else {
1740 my $src = $s;
0664a57d
SP		 1741 push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>)
1742 : qq(<link rel="$rel" type="$type" href="$src"$other>));
13548fdf 1743 }
7d37aa8e 1744 }
424ec8fa
GS		 1745 @result;
1746}
1747END_OF_FUNC
1748
424ec8fa
GS		 1749'_script' => <<'END_OF_FUNC',
1750sub _script {
1751 my ($self,$script) = @_;
1752 my (@result);
a3b3a725 1753
424ec8fa
GS		 1754 my (@scripts) = ref($script) eq 'ARRAY' ? @$script : ($script);
1755 foreach $script (@scripts) {
7d37aa8e
LS		 1756 my($src,$code,$language);
1757 if (ref($script)) { # script is a hash
8869a4b7
SP		 1758 ($src,$code,$type) =
1759 rearrange(['SRC','CODE',['LANGUAGE','TYPE']],
7d37aa8e 1760 '-foo'=>'bar', # a trick to allow the '-' to be omitted
3538e1d5 1761 ref($script) eq 'ARRAY' ? @$script : %$script);
8869a4b7
SP		 1762 $type ||= 'text/javascript';
1763 unless ($type =~ m!\w+/\w+!) {
1764 $type =~ s/[\d.]+$//;
1765 $type = "text/$type";
3d1a2ec4 1766 }
7d37aa8e 1767 } else {
8869a4b7 1768 ($src,$code,$type) = ('',$script, 'text/javascript');
7d37aa8e 1769 }
a3b3a725
JH		 1770
1771 my $comment = '//'; # javascript by default
1772 $comment = '#' if $type=~/perl|tcl/i;
1773 $comment = "'" if $type=~/vbscript/i;
1774
58129083
JH		 1775 my ($cdata_start,$cdata_end);
1776 if ($XHTML) {
1777 $cdata_start = "$comment<![CDATA[\n";
1778 $cdata_end .= "\n$comment]]>";
1779 } else {
1780 $cdata_start = "\n<!-- Hide script\n";
1781 $cdata_end = $comment;
1782 $cdata_end .= " End script hiding -->\n";
1783 }
1784 my(@satts);
1785 push(@satts,'src'=>$src) if $src;
58129083 1786 push(@satts,'type'=>$type);
29ddc2a4
RGS		 1787 $code = $cdata_start . $code . $cdata_end if defined $code;
1788 push(@result,$self->script({@satts},$code || ''));
7d37aa8e 1789 }
424ec8fa 1790 @result;
54310121 1791}
1792END_OF_FUNC
1793
54310121 1794#### Method: end_html
1795# End an HTML document.
3acbd4f5 1796# Trivial method for completeness. Just returns "</body>"
54310121 1797####
1798'end_html' => <<'END_OF_FUNC',
1799sub end_html {
29ddc2a4 1800 return "\n</body>\n</html>";
54310121 1801}
1802END_OF_FUNC
1803
1804
1805################################
1806# METHODS USED IN BUILDING FORMS
1807################################
1808
1809#### Method: isindex
1810# Just prints out the isindex tag.
1811# Parameters:
1812# $action -> optional URL of script to run
1813# Returns:
188ba755 1814# A string containing a <isindex> tag
54310121 1815'isindex' => <<'END_OF_FUNC',
1816sub isindex {
1817 my($self,@p) = self_or_default(@_);
3d1a2ec4 1818 my($action,@other) = rearrange([ACTION],@p);
188ba755 1819 $action = qq/ action="$action"/ if $action;
54310121 1820 my($other) = @other ? " @other" : '';
188ba755 1821 return $XHTML ? "<isindex$action$other />" : "<isindex$action$other>";
54310121 1822}
1823END_OF_FUNC
1824
1825
1826#### Method: startform
1827# Start a form
1828# Parameters:
1829# $method -> optional submission method to use (GET or POST)
1830# $action -> optional URL of script to run
1831# $enctype ->encoding to use (URL_ENCODED or MULTIPART)
1832'startform' => <<'END_OF_FUNC',
1833sub startform {
1834 my($self,@p) = self_or_default(@_);
1835
1836 my($method,$action,$enctype,@other) =
3d1a2ec4 1837 rearrange([METHOD,ACTION,ENCTYPE],@p);
54310121 1838
13548fdf
RGS		 1839 $method = $self->escapeHTML(lc($method) || 'post');
1840 $enctype = $self->escapeHTML($enctype || &URL_ENCODED);
1841 if (defined $action) {
1842 $action = $self->escapeHTML($action);
1843 }
1844 else {
0664a57d 1845 $action = $self->escapeHTML($self->request_uri || $self->self_url);
03b9648d
JH		 1846 }
1847 $action = qq(action="$action");
54310121 1848 my($other) = @other ? " @other" : '';
1849 $self->{'.parametersToAdd'}={};
6b4ac661 1850 return qq/<form method="$method" $action enctype="$enctype"$other>\n/;
54310121 1851}
1852END_OF_FUNC
1853
1854
1855#### Method: start_form
1856# synonym for startform
1857'start_form' => <<'END_OF_FUNC',
1858sub start_form {
29ddc2a4 1859 $XHTML ? &start_multipart_form : &startform;
54310121 1860}
1861END_OF_FUNC
1862
71f3e297
JH		 1863'end_multipart_form' => <<'END_OF_FUNC',
1864sub end_multipart_form {
1865 &endform;
1866}
1867END_OF_FUNC
54310121 1868
1869#### Method: start_multipart_form
1870# synonym for startform
1871'start_multipart_form' => <<'END_OF_FUNC',
1872sub start_multipart_form {
1873 my($self,@p) = self_or_default(@_);
0a9bdad4 1874 if (defined($p[0]) && substr($p[0],0,1) eq '-') {
adb86593 1875 return $self->startform(-enctype=>&MULTIPART,@p);
54310121 1876 } else {
1877 my($method,$action,@other) =
3d1a2ec4 1878 rearrange([METHOD,ACTION],@p);
54310121 1879 return $self->startform($method,$action,&MULTIPART,@other);
1880 }
1881}
1882END_OF_FUNC
1883
1884
1885#### Method: endform
1886# End a form
1887'endform' => <<'END_OF_FUNC',
1888sub endform {
0a9bdad4 1889 my($self,@p) = self_or_default(@_);
3d1a2ec4 1890 if ( $NOSTICKY ) {
6b4ac661 1891 return wantarray ? ("</form>") : "\n</form>";
3d1a2ec4 1892 } else {
0a9bdad4
SP		 1893 if (my @fields = $self->get_fields) {
1894 return wantarray ? ("<div>",@fields,"</div>","</form>")
1895 : "<div>".(join '',@fields)."</div>\n</form>";
1896 } else {
1897 return "</form>";
1898 }
3d1a2ec4 1899 }
54310121 1900}
1901END_OF_FUNC
1902
1903
424ec8fa
GS		 1904'_textfield' => <<'END_OF_FUNC',
1905sub _textfield {
1906 my($self,$tag,@p) = self_or_default(@_);
29ddc2a4
RGS		 1907 my($name,$default,$size,$maxlength,$override,$tabindex,@other) =
1908 rearrange([NAME,[DEFAULT,VALUE,VALUES],SIZE,MAXLENGTH,[OVERRIDE,FORCE],TABINDEX],@p);
424ec8fa
GS		 1909
1910 my $current = $override ? $default :
1911 (defined($self->param($name)) ? $self->param($name) : $default);
1912
a3b3a725 1913 $current = defined($current) ? $self->escapeHTML($current,1) : '';
424ec8fa 1914 $name = defined($name) ? $self->escapeHTML($name) : '';
ba056755
JH		 1915 my($s) = defined($size) ? qq/ size="$size"/ : '';
1916 my($m) = defined($maxlength) ? qq/ maxlength="$maxlength"/ : '';
71f3e297
JH		 1917 my($other) = @other ? " @other" : '';
1918 # this entered at cristy's request to fix problems with file upload fields
1919 # and WebTV -- not sure it won't break stuff
6b4ac661 1920 my($value) = $current ne '' ? qq(value="$current") : '';
29ddc2a4 1921 $tabindex = $self->element_tab($tabindex);
0a9bdad4 1922 return $XHTML ? qq(<input type="$tag" name="$name" $tabindex$value$s$m$other />)
b2d0d414 1923 : qq(<input type="$tag" name="$name" $value$s$m$other>);
424ec8fa
GS		 1924}
1925END_OF_FUNC
1926
54310121 1927#### Method: textfield
1928# Parameters:
1929# $name -> Name of the text field
1930# $default -> Optional default value of the field if not
1931# already defined.
1932# $size -> Optional width of field in characaters.
1933# $maxlength -> Optional maximum number of characters.
1934# Returns:
188ba755 1935# A string containing a <input type="text"> field
54310121 1936#
1937'textfield' => <<'END_OF_FUNC',
1938sub textfield {
1939 my($self,@p) = self_or_default(@_);
424ec8fa 1940 $self->_textfield('text',@p);
54310121 1941}
1942END_OF_FUNC
1943
1944
1945#### Method: filefield
1946# Parameters:
1947# $name -> Name of the file upload field
1948# $size -> Optional width of field in characaters.
1949# $maxlength -> Optional maximum number of characters.
1950# Returns:
188ba755 1951# A string containing a <input type="file"> field
54310121 1952#
1953'filefield' => <<'END_OF_FUNC',
1954sub filefield {
1955 my($self,@p) = self_or_default(@_);
424ec8fa 1956 $self->_textfield('file',@p);
54310121 1957}
1958END_OF_FUNC
1959
1960
1961#### Method: password
1962# Create a "secret password" entry field
1963# Parameters:
1964# $name -> Name of the field
1965# $default -> Optional default value of the field if not
1966# already defined.
1967# $size -> Optional width of field in characters.
1968# $maxlength -> Optional maximum characters that can be entered.
1969# Returns:
188ba755 1970# A string containing a <input type="password"> field
54310121 1971#
1972'password_field' => <<'END_OF_FUNC',
1973sub password_field {
1974 my ($self,@p) = self_or_default(@_);
424ec8fa 1975 $self->_textfield('password',@p);
54310121 1976}
1977END_OF_FUNC
1978
54310121 1979#### Method: textarea
1980# Parameters:
1981# $name -> Name of the text field
1982# $default -> Optional default value of the field if not
1983# already defined.
1984# $rows -> Optional number of rows in text area
1985# $columns -> Optional number of columns in text area
1986# Returns:
3acbd4f5 1987# A string containing a <textarea></textarea> tag
54310121 1988#
1989'textarea' => <<'END_OF_FUNC',
1990sub textarea {
1991 my($self,@p) = self_or_default(@_);
29ddc2a4
RGS		 1992 my($name,$default,$rows,$cols,$override,$tabindex,@other) =
1993 rearrange([NAME,[DEFAULT,VALUE],ROWS,[COLS,COLUMNS],[OVERRIDE,FORCE],TABINDEX],@p);
54310121 1994
1995 my($current)= $override ? $default :
1996 (defined($self->param($name)) ? $self->param($name) : $default);
1997
1998 $name = defined($name) ? $self->escapeHTML($name) : '';
1999 $current = defined($current) ? $self->escapeHTML($current) : '';
3acbd4f5
JH		 2000 my($r) = $rows ? qq/ rows="$rows"/ : '';
2001 my($c) = $cols ? qq/ cols="$cols"/ : '';
54310121 2002 my($other) = @other ? " @other" : '';
29ddc2a4 2003 $tabindex = $self->element_tab($tabindex);
0a9bdad4 2004 return qq{<textarea name="$name" $tabindex$r$c$other>$current</textarea>};
54310121 2005}
2006END_OF_FUNC
2007
2008
2009#### Method: button
2010# Create a javascript button.
2011# Parameters:
2012# $name -> (optional) Name for the button. (-name)
2013# $value -> (optional) Value of the button when selected (and visible name) (-value)
2014# $onclick -> (optional) Text of the JavaScript to run when the button is
2015# clicked.
2016# Returns:
188ba755 2017# A string containing a <input type="button"> tag
54310121 2018####
2019'button' => <<'END_OF_FUNC',
2020sub button {
2021 my($self,@p) = self_or_default(@_);
2022
29ddc2a4
RGS		 2023 my($label,$value,$script,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL],
2024 [ONCLICK,SCRIPT],TABINDEX],@p);
54310121 2025
2026 $label=$self->escapeHTML($label);
a3b3a725 2027 $value=$self->escapeHTML($value,1);
54310121 2028 $script=$self->escapeHTML($script);
2029
2030 my($name) = '';
ba056755 2031 $name = qq/ name="$label"/ if $label;
54310121 2032 $value = $value || $label;
2033 my($val) = '';
6b4ac661
JH		 2034 $val = qq/ value="$value"/ if $value;
2035 $script = qq/ onclick="$script"/ if $script;
54310121 2036 my($other) = @other ? " @other" : '';
29ddc2a4 2037 $tabindex = $self->element_tab($tabindex);
0a9bdad4 2038 return $XHTML ? qq(<input type="button" $tabindex$name$val$script$other />)
b2d0d414 2039 : qq(<input type="button"$name$val$script$other>);
54310121 2040}
2041END_OF_FUNC
2042
2043
2044#### Method: submit
2045# Create a "submit query" button.
2046# Parameters:
2047# $name -> (optional) Name for the button.
2048# $value -> (optional) Value of the button when selected (also doubles as label).
2049# $label -> (optional) Label printed on the button(also doubles as the value).
2050# Returns:
188ba755 2051# A string containing a <input type="submit"> tag
54310121 2052####
2053'submit' => <<'END_OF_FUNC',
2054sub submit {
2055 my($self,@p) = self_or_default(@_);
2056
29ddc2a4 2057 my($label,$value,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL],TABINDEX],@p);
54310121 2058
2059 $label=$self->escapeHTML($label);
a3b3a725 2060 $value=$self->escapeHTML($value,1);
54310121 2061
0a9bdad4
SP		 2062 my $name = $NOSTICKY ? '' : 'name=".submit" ';
2063 $name = qq/name="$label" / if defined($label);
424ec8fa 2064 $value = defined($value) ? $value : $label;
8f3ccfa2 2065 my $val = '';
0a9bdad4 2066 $val = qq/value="$value" / if defined($value);
29ddc2a4 2067 $tabindex = $self->element_tab($tabindex);
0a9bdad4
SP		 2068 my($other) = @other ? "@other " : '';
2069 return $XHTML ? qq(<input type="submit" $tabindex$name$val$other/>)
2070 : qq(<input type="submit" $name$val$other>);
54310121 2071}
2072END_OF_FUNC
2073
2074
2075#### Method: reset
2076# Create a "reset" button.
2077# Parameters:
2078# $name -> (optional) Name for the button.
2079# Returns:
188ba755 2080# A string containing a <input type="reset"> tag
54310121 2081####
2082'reset' => <<'END_OF_FUNC',
2083sub reset {
2084 my($self,@p) = self_or_default(@_);
29ddc2a4 2085 my($label,$value,$tabindex,@other) = rearrange(['NAME',['VALUE','LABEL'],TABINDEX],@p);
54310121 2086 $label=$self->escapeHTML($label);
8f3ccfa2
JH		 2087 $value=$self->escapeHTML($value,1);
2088 my ($name) = ' name=".reset"';
2089 $name = qq/ name="$label"/ if defined($label);
2090 $value = defined($value) ? $value : $label;
2091 my($val) = '';
2092 $val = qq/ value="$value"/ if defined($value);
54310121 2093 my($other) = @other ? " @other" : '';
29ddc2a4 2094 $tabindex = $self->element_tab($tabindex);
0a9bdad4 2095 return $XHTML ? qq(<input type="reset" $tabindex$name$val$other />)
8f3ccfa2 2096 : qq(<input type="reset"$name$val$other>);
54310121 2097}
2098END_OF_FUNC
2099
2100
2101#### Method: defaults
2102# Create a "defaults" button.
2103# Parameters:
2104# $name -> (optional) Name for the button.
2105# Returns:
188ba755 2106# A string containing a <input type="submit" name=".defaults"> tag
54310121 2107#
2108# Note: this button has a special meaning to the initialization script,
2109# and tells it to ERASE the current query string so that your defaults
2110# are used again!
2111####
2112'defaults' => <<'END_OF_FUNC',
2113sub defaults {
2114 my($self,@p) = self_or_default(@_);
2115
29ddc2a4 2116 my($label,$tabindex,@other) = rearrange([[NAME,VALUE],TABINDEX],@p);
54310121 2117
a3b3a725 2118 $label=$self->escapeHTML($label,1);
54310121 2119 $label = $label || "Defaults";
6b4ac661 2120 my($value) = qq/ value="$label"/;
54310121 2121 my($other) = @other ? " @other" : '';
29ddc2a4 2122 $tabindex = $self->element_tab($tabindex);
0a9bdad4 2123 return $XHTML ? qq(<input type="submit" name=".defaults" $tabindex$value$other />)
6b4ac661 2124 : qq/<input type="submit" NAME=".defaults"$value$other>/;
54310121 2125}
2126END_OF_FUNC
2127
2128
424ec8fa
GS		 2129#### Method: comment
2130# Create an HTML <!-- comment -->
2131# Parameters: a string
2132'comment' => <<'END_OF_FUNC',
2133sub comment {
2134 my($self,@p) = self_or_CGI(@_);
2135 return "<!-- @p -->";
2136}
2137END_OF_FUNC
2138
54310121 2139#### Method: checkbox
2140# Create a checkbox that is not logically linked to any others.
2141# The field value is "on" when the button is checked.
2142# Parameters:
2143# $name -> Name of the checkbox
2144# $checked -> (optional) turned on by default if true
2145# $value -> (optional) value of the checkbox, 'on' by default
2146# $label -> (optional) a user-readable label printed next to the box.
2147# Otherwise the checkbox name is used.
2148# Returns:
188ba755 2149# A string containing a <input type="checkbox"> field
54310121 2150####
2151'checkbox' => <<'END_OF_FUNC',
2152sub checkbox {
2153 my($self,@p) = self_or_default(@_);
2154
29ddc2a4
RGS		 2155 my($name,$checked,$value,$label,$override,$tabindex,@other) =
2156 rearrange([NAME,[CHECKED,SELECTED,ON],VALUE,LABEL,[OVERRIDE,FORCE],TABINDEX],@p);
2157
424ec8fa
GS		 2158 $value = defined $value ? $value : 'on';
2159
2160 if (!$override && ($self->{'.fieldnames'}->{$name} ||
2161 defined $self->param($name))) {
3acbd4f5 2162 $checked = grep($_ eq $value,$self->param($name)) ? $self->_checked(1) : '';
54310121 2163 } else {
3acbd4f5 2164 $checked = $self->_checked($checked);
54310121 2165 }
2166 my($the_label) = defined $label ? $label : $name;
2167 $name = $self->escapeHTML($name);
a3b3a725 2168 $value = $self->escapeHTML($value,1);
54310121 2169 $the_label = $self->escapeHTML($the_label);
0a9bdad4 2170 my($other) = @other ? "@other " : '';
29ddc2a4 2171 $tabindex = $self->element_tab($tabindex);
54310121 2172 $self->register_parameter($name);
0a9bdad4 2173 return $XHTML ? CGI::label(qq{<input type="checkbox" name="$name" value="$value" $tabindex$checked$other/>$the_label})
6b4ac661 2174 : qq{<input type="checkbox" name="$name" value="$value"$checked$other>$the_label};
54310121 2175}
2176END_OF_FUNC
2177
2178
54310121 2179
54310121 2180# Escape HTML -- used internally
2181'escapeHTML' => <<'END_OF_FUNC',
2182sub escapeHTML {
ac734d8b
JH		 2183 # hack to work around earlier hacks
2184 push @_,$_[0] if @_==1 && $_[0] eq 'CGI';
a3b3a725 2185 my ($self,$toencode,$newlinestoo) = CGI::self_or_default(@_);
6b4ac661 2186 return undef unless defined($toencode);
188ba755 2187 return $toencode if ref($self) && !$self->{'escape'};
6b4ac661
JH		 2188 $toencode =~ s{&}{&amp;}gso;
2189 $toencode =~ s{<}{&lt;}gso;
2190 $toencode =~ s{>}{&gt;}gso;
13548fdf
RGS		 2191 if ($DTD_PUBLIC_IDENTIFIER =~ /[^X]HTML 3\.2/i) {
2192 # $quot; was accidentally omitted from the HTML 3.2 DTD -- see
2193 # <http://validator.w3.org/docs/errors.html#bad-entity> /
2194 # <http://lists.w3.org/Archives/Public/www-html/1997Mar/0003.html>.
2195 $toencode =~ s{"}{&#34;}gso;
2196 }
2197 else {
2198 $toencode =~ s{"}{&quot;}gso;
2199 }
a3b3a725
JH		 2200 my $latin = uc $self->{'.charset'} eq 'ISO-8859-1' ||
2201 uc $self->{'.charset'} eq 'WINDOWS-1252';
2202 if ($latin) { # bug in some browsers
ba056755 2203 $toencode =~ s{'}{&#39;}gso;
188ba755
JH		 2204 $toencode =~ s{\x8b}{&#8249;}gso;
2205 $toencode =~ s{\x9b}{&#8250;}gso;
a3b3a725
JH		 2206 if (defined $newlinestoo && $newlinestoo) {
2207 $toencode =~ s{\012}{&#10;}gso;
2208 $toencode =~ s{\015}{&#13;}gso;
2209 }
2210 }
6b4ac661 2211 return $toencode;
54310121 2212}
2213END_OF_FUNC
2214
424ec8fa
GS		 2215# unescape HTML -- used internally
2216'unescapeHTML' => <<'END_OF_FUNC',
2217sub unescapeHTML {
efc8e943
NC		 2218 # hack to work around earlier hacks
2219 push @_,$_[0] if @_==1 && $_[0] eq 'CGI';
6b4ac661 2220 my ($self,$string) = CGI::self_or_default(@_);
424ec8fa 2221 return undef unless defined($string);
a3b3a725
JH		 2222 my $latin = defined $self->{'.charset'} ? $self->{'.charset'} =~ /^(ISO-8859-1|WINDOWS-1252)$/i
2223 : 1;
71f3e297
JH		 2224 # thanks to Randal Schwartz for the correct solution to this one
2225 $string=~ s[&(.*?);]{
2226 local $_ = $1;
2227 /^amp$/i ? "&" :
2228 /^quot$/i ? '"' :
2229 /^gt$/i ? ">" :
2230 /^lt$/i ? "<" :
6b4ac661
JH		 2231 /^#(\d+)$/ && $latin ? chr($1) :
2232 /^#x([0-9a-f]+)$/i && $latin ? chr(hex($1)) :
71f3e297
JH		 2233 $_
2234 }gex;
424ec8fa
GS		 2235 return $string;
2236}
2237END_OF_FUNC
54310121 2238
2239# Internal procedure - don't use
2240'_tableize' => <<'END_OF_FUNC',
2241sub _tableize {
2242 my($rows,$columns,$rowheaders,$colheaders,@elements) = @_;
29ddc2a4
RGS		 2243 my @rowheaders = $rowheaders ? @$rowheaders : ();
2244 my @colheaders = $colheaders ? @$colheaders : ();
54310121 2245 my($result);
2246
424ec8fa
GS		 2247 if (defined($columns)) {
2248 $rows = int(0.99 + @elements/$columns) unless defined($rows);
2249 }
2250 if (defined($rows)) {
2251 $columns = int(0.99 + @elements/$rows) unless defined($columns);
2252 }
29ddc2a4 2253
54310121 2254 # rearrange into a pretty table
6b4ac661 2255 $result = "<table>";
54310121 2256 my($row,$column);
29ddc2a4
RGS		 2257 unshift(@colheaders,'') if @colheaders && @rowheaders;
2258 $result .= "<tr>" if @colheaders;
2259 foreach (@colheaders) {
6b4ac661 2260 $result .= "<th>$_</th>";
54310121 2261 }
2262 for ($row=0;$row<$rows;$row++) {
6b4ac661 2263 $result .= "<tr>";
29ddc2a4 2264 $result .= "<th>$rowheaders[$row]</th>" if @rowheaders;
54310121 2265 for ($column=0;$column<$columns;$column++) {
6b4ac661 2266 $result .= "<td>" . $elements[$column*$rows + $row] . "</td>"
424ec8fa 2267 if defined($elements[$column*$rows + $row]);
54310121 2268 }
6b4ac661 2269 $result .= "</tr>";
54310121 2270 }
6b4ac661 2271 $result .= "</table>";
54310121 2272 return $result;
2273}
2274END_OF_FUNC
2275
2276
2277#### Method: radio_group
2278# Create a list of logically-linked radio buttons.
2279# Parameters:
2280# $name -> Common name for all the buttons.
2281# $values -> A pointer to a regular array containing the
2282# values for each button in the group.
2283# $default -> (optional) Value of the button to turn on by default. Pass '-'
2284# to turn _nothing_ on.
2285# $linebreak -> (optional) Set to true to place linebreaks
2286# between the buttons.
2287# $labels -> (optional)
2288# A pointer to an associative array of labels to print next to each checkbox
2289# in the form $label{'value'}="Long explanatory label".
2290# Otherwise the provided values are used as the labels.
2291# Returns:
188ba755 2292# An ARRAY containing a series of <input type="radio"> fields
54310121 2293####
2294'radio_group' => <<'END_OF_FUNC',
2295sub radio_group {
2296 my($self,@p) = self_or_default(@_);
29ddc2a4
RGS		 2297 $self->_box_group('radio',@p);
2298}
2299END_OF_FUNC
2300
2301#### Method: checkbox_group
2302# Create a list of logically-linked checkboxes.
2303# Parameters:
2304# $name -> Common name for all the check boxes
2305# $values -> A pointer to a regular array containing the
2306# values for each checkbox in the group.
2307# $defaults -> (optional)
2308# 1. If a pointer to a regular array of checkbox values,
2309# then this will be used to decide which
2310# checkboxes to turn on by default.
2311# 2. If a scalar, will be assumed to hold the
2312# value of a single checkbox in the group to turn on.
2313# $linebreak -> (optional) Set to true to place linebreaks
2314# between the buttons.
2315# $labels -> (optional)
2316# A pointer to an associative array of labels to print next to each checkbox
2317# in the form $label{'value'}="Long explanatory label".
2318# Otherwise the provided values are used as the labels.
2319# Returns:
2320# An ARRAY containing a series of <input type="checkbox"> fields
2321####
2322
2323'checkbox_group' => <<'END_OF_FUNC',
2324sub checkbox_group {
2325 my($self,@p) = self_or_default(@_);
2326 $self->_box_group('checkbox',@p);
2327}
2328END_OF_FUNC
54310121 2329
29ddc2a4
RGS		 2330'_box_group' => <<'END_OF_FUNC',
2331sub _box_group {
2332 my $self = shift;
2333 my $box_type = shift;
2334
2335 my($name,$values,$defaults,$linebreak,$labels,$attributes,
2336 $rows,$columns,$rowheaders,$colheaders,
8869a4b7 2337 $override,$nolabels,$tabindex,$disabled,@other) =
29ddc2a4 2338 rearrange([ NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LINEBREAK,LABELS,ATTRIBUTES,
8869a4b7
SP		 2339 ROWS,[COLUMNS,COLS],[ROWHEADERS,ROWHEADER],[COLHEADERS,COLHEADER],
2340 [OVERRIDE,FORCE],NOLABELS,TABINDEX,DISABLED
29ddc2a4 2341 ],@_);
54310121 2342
8869a4b7 2343 my($result,$checked,@elements,@values);
29ddc2a4 2344
424ec8fa 2345 @values = $self->_set_values_and_labels($values,\$labels,$name);
29ddc2a4 2346 my %checked = $self->previous_or_default($name,$defaults,$override);
424ec8fa 2347
71f3e297 2348 # If no check array is specified, check the first by default
29ddc2a4
RGS		 2349 $checked{$values[0]}++ if $box_type eq 'radio' && !%checked;
2350
71f3e297
JH		 2351 $name=$self->escapeHTML($name);
2352
29ddc2a4 2353 my %tabs = ();
0a9bdad4 2354 if ($TABINDEX && $tabindex) {
29ddc2a4
RGS		 2355 if (!ref $tabindex) {
2356 $self->element_tab($tabindex);
2357 } elsif (ref $tabindex eq 'ARRAY') {
2358 %tabs = map {$_=>$self->element_tab} @$tabindex;
2359 } elsif (ref $tabindex eq 'HASH') {
2360 %tabs = %$tabindex;
2361 }
2362 }
2363 %tabs = map {$_=>$self->element_tab} @values unless %tabs;
0a9bdad4 2364 my $other = @other ? "@other " : '';
29ddc2a4 2365 my $radio_checked;
8869a4b7
SP		 2366
2367 # for disabling groups of radio/checkbox buttons
2368 my %disabled;
2369 foreach (@{$disabled}) {
2370 $disabled{$_}=1;
2371 }
2372
54310121 2373 foreach (@values) {
8869a4b7
SP		 2374 my $disable="";
2375 if ($disabled{$_}) {
2376 $disable="disabled='1'";
2377 }
2378
29ddc2a4
RGS		 2379 my $checkit = $self->_checked($box_type eq 'radio' ? ($checked{$_} && !$radio_checked++)
2380 : $checked{$_});
6b4ac661
JH		 2381 my($break);
2382 if ($linebreak) {
ba056755 2383 $break = $XHTML ? "<br />" : "<br>";
6b4ac661
JH		 2384 }
2385 else {
ba056755 2386 $break = '';
6b4ac661 2387 }
54310121 2388 my($label)='';
2389 unless (defined($nolabels) && $nolabels) {
2390 $label = $_;
424ec8fa 2391 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
a3b3a725 2392 $label = $self->escapeHTML($label,1);
8869a4b7 2393 $label = "<span style=\"color:gray\">$label</span>" if $disabled{$_};
54310121 2394 }
29ddc2a4 2395 my $attribs = $self->_set_attributes($_, $attributes);
0a9bdad4 2396 my $tab = $tabs{$_};
54310121 2397 $_=$self->escapeHTML($_);
8869a4b7 2398
29ddc2a4
RGS		 2399 if ($XHTML) {
2400 push @elements,
2401 CGI::label(
8869a4b7 2402 qq(<input type="$box_type" name="$name" value="$_" $checkit$other$tab$attribs$disable/>$label)).${break};
29ddc2a4 2403 } else {
8869a4b7 2404 push(@elements,qq/<input type="$box_type" name="$name" value="$_"$checkit$other$tab$attribs$disable>${label}${break}/);
29ddc2a4 2405 }
54310121 2406 }
2407 $self->register_parameter($name);
29ddc2a4 2408 return wantarray ? @elements : "@elements"
424ec8fa 2409 unless defined($columns) || defined($rows);
54310121 2410 return _tableize($rows,$columns,$rowheaders,$colheaders,@elements);
2411}
2412END_OF_FUNC
2413
2414
2415#### Method: popup_menu
2416# Create a popup menu.
2417# Parameters:
2418# $name -> Name for all the menu
2419# $values -> A pointer to a regular array containing the
2420# text of each menu item.
2421# $default -> (optional) Default item to display
2422# $labels -> (optional)
2423# A pointer to an associative array of labels to print next to each checkbox
2424# in the form $label{'value'}="Long explanatory label".
2425# Otherwise the provided values are used as the labels.
2426# Returns:
2427# A string containing the definition of a popup menu.
2428####
2429'popup_menu' => <<'END_OF_FUNC',
2430sub popup_menu {
2431 my($self,@p) = self_or_default(@_);
2432
29ddc2a4 2433 my($name,$values,$default,$labels,$attributes,$override,$tabindex,@other) =
188ba755 2434 rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LABELS,
29ddc2a4 2435 ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p);
54310121 2436 my($result,$selected);
2437
2438 if (!$override && defined($self->param($name))) {
2439 $selected = $self->param($name);
2440 } else {
2441 $selected = $default;
2442 }
2443 $name=$self->escapeHTML($name);
2444 my($other) = @other ? " @other" : '';
2445
424ec8fa
GS		 2446 my(@values);
2447 @values = $self->_set_values_and_labels($values,\$labels,$name);
29ddc2a4 2448 $tabindex = $self->element_tab($tabindex);
0a9bdad4 2449 $result = qq/<select name="$name" $tabindex$other>\n/;
54310121 2450 foreach (@values) {
188ba755
JH		 2451 if (/<optgroup/) {
2452 foreach (split(/\n/)) {
2453 my $selectit = $XHTML ? 'selected="selected"' : 'selected';
2454 s/(value="$selected")/$selectit $1/ if defined $selected;
2455 $result .= "$_\n";
2456 }
2457 }
2458 else {
cb3b230c
SP		 2459 my $attribs = $self->_set_attributes($_, $attributes);
2460 my($selectit) = defined($selected) ? $self->_selected($selected eq $_) : '';
2461 my($label) = $_;
2462 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
2463 my($value) = $self->escapeHTML($_);
2464 $label=$self->escapeHTML($label,1);
2465 $result .= "<option${attribs} ${selectit}value=\"$value\">$label</option>\n";
188ba755 2466 }
54310121 2467 }
2468
69c89ae7 2469 $result .= "</select>";
54310121 2470 return $result;
2471}
2472END_OF_FUNC
2473
2474
188ba755
JH		 2475#### Method: optgroup
2476# Create a optgroup.
2477# Parameters:
2478# $name -> Label for the group
2479# $values -> A pointer to a regular array containing the
2480# values for each option line in the group.
2481# $labels -> (optional)
2482# A pointer to an associative array of labels to print next to each item
2483# in the form $label{'value'}="Long explanatory label".
2484# Otherwise the provided values are used as the labels.
2485# $labeled -> (optional)
2486# A true value indicates the value should be used as the label attribute
2487# in the option elements.
2488# The label attribute specifies the option label presented to the user.
2489# This defaults to the content of the <option> element, but the label
2490# attribute allows authors to more easily use optgroup without sacrificing
2491# compatibility with browsers that do not support option groups.
2492# $novals -> (optional)
2493# A true value indicates to suppress the val attribute in the option elements
2494# Returns:
2495# A string containing the definition of an option group.
2496####
2497'optgroup' => <<'END_OF_FUNC',
2498sub optgroup {
2499 my($self,@p) = self_or_default(@_);
2500 my($name,$values,$attributes,$labeled,$noval,$labels,@other)
2501 = rearrange([NAME,[VALUES,VALUE],ATTRIBUTES,LABELED,NOVALS,LABELS],@p);
2502
2503 my($result,@values);
2504 @values = $self->_set_values_and_labels($values,\$labels,$name,$labeled,$novals);
2505 my($other) = @other ? " @other" : '';
2506
2507 $name=$self->escapeHTML($name);
2508 $result = qq/<optgroup label="$name"$other>\n/;
2509 foreach (@values) {
2510 if (/<optgroup/) {
2511 foreach (split(/\n/)) {
2512 my $selectit = $XHTML ? 'selected="selected"' : 'selected';
2513 s/(value="$selected")/$selectit $1/ if defined $selected;
2514 $result .= "$_\n";
2515 }
2516 }
2517 else {
2518 my $attribs = $self->_set_attributes($_, $attributes);
2519 my($label) = $_;
2520 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
2521 $label=$self->escapeHTML($label);
2522 my($value)=$self->escapeHTML($_,1);
2523 $result .= $labeled ? $novals ? "<option$attribs label=\"$value\">$label</option>\n"
2524 : "<option$attribs label=\"$value\" value=\"$value\">$label</option>\n"
2525 : $novals ? "<option$attribs>$label</option>\n"
2526 : "<option$attribs value=\"$value\">$label</option>\n";
2527 }
2528 }
2529 $result .= "</optgroup>";
2530 return $result;
2531}
2532END_OF_FUNC
2533
2534
54310121 2535#### Method: scrolling_list
2536# Create a scrolling list.
2537# Parameters:
2538# $name -> name for the list
2539# $values -> A pointer to a regular array containing the
2540# values for each option line in the list.
2541# $defaults -> (optional)
2542# 1. If a pointer to a regular array of options,
2543# then this will be used to decide which
2544# lines to turn on by default.
2545# 2. Otherwise holds the value of the single line to turn on.
2546# $size -> (optional) Size of the list.
2547# $multiple -> (optional) If set, allow multiple selections.
2548# $labels -> (optional)
2549# A pointer to an associative array of labels to print next to each checkbox
2550# in the form $label{'value'}="Long explanatory label".
2551# Otherwise the provided values are used as the labels.
2552# Returns:
2553# A string containing the definition of a scrolling list.
2554####
2555'scrolling_list' => <<'END_OF_FUNC',
2556sub scrolling_list {
2557 my($self,@p) = self_or_default(@_);
29ddc2a4 2558 my($name,$values,$defaults,$size,$multiple,$labels,$attributes,$override,$tabindex,@other)
3d1a2ec4 2559 = rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT],
29ddc2a4 2560 SIZE,MULTIPLE,LABELS,ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p);
54310121 2561
424ec8fa
GS		 2562 my($result,@values);
2563 @values = $self->_set_values_and_labels($values,\$labels,$name);
2564
54310121 2565 $size = $size || scalar(@values);
2566
2567 my(%selected) = $self->previous_or_default($name,$defaults,$override);
ac734d8b 2568 my($is_multiple) = $multiple ? qq/ multiple="multiple"/ : '';
6b4ac661 2569 my($has_size) = $size ? qq/ size="$size"/: '';
54310121 2570 my($other) = @other ? " @other" : '';
2571
2572 $name=$self->escapeHTML($name);
29ddc2a4 2573 $tabindex = $self->element_tab($tabindex);
0a9bdad4 2574 $result = qq/<select name="$name" $tabindex$has_size$is_multiple$other>\n/;
54310121 2575 foreach (@values) {
3acbd4f5 2576 my($selectit) = $self->_selected($selected{$_});
54310121 2577 my($label) = $_;
424ec8fa 2578 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
54310121 2579 $label=$self->escapeHTML($label);
a3b3a725 2580 my($value)=$self->escapeHTML($_,1);
188ba755 2581 my $attribs = $self->_set_attributes($_, $attributes);
1f426928 2582 $result .= "<option ${selectit}${attribs}value=\"$value\">$label</option>\n";
54310121 2583 }
69c89ae7 2584 $result .= "</select>";
54310121 2585 $self->register_parameter($name);
2586 return $result;
2587}
2588END_OF_FUNC
2589
2590
2591#### Method: hidden
2592# Parameters:
2593# $name -> Name of the hidden field
2594# @default -> (optional) Initial values of field (may be an array)
2595# or
2596# $default->[initial values of field]
2597# Returns:
188ba755 2598# A string containing a <input type="hidden" name="name" value="value">
54310121 2599####
2600'hidden' => <<'END_OF_FUNC',
2601sub hidden {
2602 my($self,@p) = self_or_default(@_);
2603
2604 # this is the one place where we departed from our standard
2605 # calling scheme, so we have to special-case (darn)
2606 my(@result,@value);
2607 my($name,$default,$override,@other) =
3d1a2ec4 2608 rearrange([NAME,[DEFAULT,VALUE,VALUES],[OVERRIDE,FORCE]],@p);
54310121 2609
2610 my $do_override = 0;
3d1a2ec4 2611 if ( ref($p[0]) || substr($p[0],0,1) eq '-') {
54310121 2612 @value = ref($default) ? @{$default} : $default;
2613 $do_override = $override;
2614 } else {
2615 foreach ($default,$override,@other) {
2616 push(@value,$_) if defined($_);
2617 }
2618 }
2619
2620 # use previous values if override is not set
2621 my @prev = $self->param($name);
2622 @value = @prev if !$do_override && @prev;
2623
2624 $name=$self->escapeHTML($name);
2625 foreach (@value) {
a3b3a725 2626 $_ = defined($_) ? $self->escapeHTML($_,1) : '';
13548fdf
RGS		 2627 push @result,$XHTML ? qq(<input type="hidden" name="$name" value="$_" @other />)
2628 : qq(<input type="hidden" name="$name" value="$_" @other>);
54310121 2629 }
2630 return wantarray ? @result : join('',@result);
2631}
2632END_OF_FUNC
2633
2634
2635#### Method: image_button
2636# Parameters:
2637# $name -> Name of the button
2638# $src -> URL of the image source
2639# $align -> Alignment style (TOP, BOTTOM or MIDDLE)
2640# Returns:
188ba755 2641# A string containing a <input type="image" name="name" src="url" align="alignment">
54310121 2642####
2643'image_button' => <<'END_OF_FUNC',
2644sub image_button {
2645 my($self,@p) = self_or_default(@_);
2646
2647 my($name,$src,$alignment,@other) =
3d1a2ec4 2648 rearrange([NAME,SRC,ALIGN],@p);
54310121 2649
0664a57d 2650 my($align) = $alignment ? " align=\L\"$alignment\"" : '';
54310121 2651 my($other) = @other ? " @other" : '';
2652 $name=$self->escapeHTML($name);
6b4ac661
JH		 2653 return $XHTML ? qq(<input type="image" name="$name" src="$src"$align$other />)
2654 : qq/<input type="image" name="$name" src="$src"$align$other>/;
54310121 2655}
2656END_OF_FUNC
2657
2658
2659#### Method: self_url
2660# Returns a URL containing the current script and all its
2661# param/value pairs arranged as a query. You can use this
2662# to create a link that, when selected, will reinvoke the
2663# script with all its state information preserved.
2664####
2665'self_url' => <<'END_OF_FUNC',
2666sub self_url {
424ec8fa
GS		 2667 my($self,@p) = self_or_default(@_);
2668 return $self->url('-path_info'=>1,'-query'=>1,'-full'=>1,@p);
54310121 2669}
2670END_OF_FUNC
2671
2672
2673# This is provided as a synonym to self_url() for people unfortunate
2674# enough to have incorporated it into their programs already!
2675'state' => <<'END_OF_FUNC',
2676sub state {
2677 &self_url;
2678}
2679END_OF_FUNC
2680
2681
2682#### Method: url
2683# Like self_url, but doesn't return the query string part of
2684# the URL.
2685####
2686'url' => <<'END_OF_FUNC',
2687sub url {
424ec8fa 2688 my($self,@p) = self_or_default(@_);
0a9bdad4
SP		 2689 my ($relative,$absolute,$full,$path_info,$query,$base,$rewrite) =
2690 rearrange(['RELATIVE','ABSOLUTE','FULL',['PATH','PATH_INFO'],['QUERY','QUERY_STRING'],'BASE','REWRITE'],@p);
2691 my $url = '';
2371fea9 2692 $full++ if $base || !($relative || $absolute);
0a9bdad4 2693 $rewrite++ unless defined $rewrite;
424ec8fa 2694
0a9bdad4
SP		 2695 my $path = $self->path_info;
2696 my $script_name = $self->script_name;
cb3b230c 2697 my $request_uri = unescape($self->request_uri) || '';
0a9bdad4
SP		 2698 my $query_str = $self->query_string;
2699
2700 my $rewrite_in_use = $request_uri && $request_uri !~ /^$script_name/;
2701 undef $path if $rewrite_in_use && $rewrite; # path not valid when rewriting active
2702
2703 my $uri = $rewrite && $request_uri ? $request_uri : $script_name;
edc47407 2704 $uri =~ s/\?.*$//; # remove query string
adb86593 2705 $uri =~ s/\Q$path\E$// if defined $path; # remove path
d45d855d 2706
424ec8fa
GS		 2707 if ($full) {
2708 my $protocol = $self->protocol();
2709 $url = "$protocol://";
13548fdf 2710 my $vh = http('x_forwarded_host') || http('host');
424ec8fa
GS		 2711 if ($vh) {
2712 $url .= $vh;
2713 } else {
2714 $url .= server_name();
424ec8fa 2715 }
8869a4b7
SP		 2716 my $port = $self->server_port;
2717 $url .= ":" . $port
2718 unless (lc($protocol) eq 'http' && $port == 80)
2719 || (lc($protocol) eq 'https' && $port == 443);
03b9648d 2720 return $url if $base;
0a9bdad4 2721 $url .= $uri;
424ec8fa 2722 } elsif ($relative) {
cb3b230c 2723 ($url) = $uri =~ m!([^/]+)$!;
424ec8fa 2724 } elsif ($absolute) {
0a9bdad4 2725 $url = $uri;
424ec8fa 2726 }
03b9648d 2727
0a9bdad4
SP		 2728 $url .= $path if $path_info and defined $path;
2729 $url .= "?$query_str" if $query and $query_str ne '';
2371fea9 2730 $url =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/sprintf("%%%02X",ord($1))/eg;
424ec8fa 2731 return $url;
54310121 2732}
2733
2734END_OF_FUNC
2735
2736#### Method: cookie
2737# Set or read a cookie from the specified name.
2738# Cookie can then be passed to header().
2739# Usual rules apply to the stickiness of -value.
2740# Parameters:
2741# -name -> name for this cookie (optional)
2742# -value -> value of this cookie (scalar, array or hash)
2743# -path -> paths for which this cookie is valid (optional)
2744# -domain -> internet domain in which this cookie is valid (optional)
2745# -secure -> if true, cookie only passed through secure channel (optional)
7d37aa8e 2746# -expires -> expiry date in format Wdy, DD-Mon-YYYY HH:MM:SS GMT (optional)
54310121 2747####
2748'cookie' => <<'END_OF_FUNC',
54310121 2749sub cookie {
2750 my($self,@p) = self_or_default(@_);
fc786e8b
SP		 2751 my($name,$value,$path,$domain,$secure,$expires,$httponly) =
2752 rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES,HTTPONLY],@p);
54310121 2753
424ec8fa 2754 require CGI::Cookie;
54310121 2755
2756 # if no value is supplied, then we retrieve the
2757 # value of the cookie, if any. For efficiency, we cache the parsed
424ec8fa
GS		 2758 # cookies in our state variables.
2759 unless ( defined($value) ) {
2760 $self->{'.cookies'} = CGI::Cookie->fetch
2761 unless $self->{'.cookies'};
54310121 2762
2763 # If no name is supplied, then retrieve the names of all our cookies.
2764 return () unless $self->{'.cookies'};
424ec8fa
GS		 2765 return keys %{$self->{'.cookies'}} unless $name;
2766 return () unless $self->{'.cookies'}->{$name};
2767 return $self->{'.cookies'}->{$name}->value if defined($name) && $name ne '';
54310121 2768 }
54310121 2769
424ec8fa 2770 # If we get here, we're creating a new cookie
ba056755 2771 return undef unless defined($name) && $name ne ''; # this is an error
54310121 2772
424ec8fa
GS		 2773 my @param;
2774 push(@param,'-name'=>$name);
2775 push(@param,'-value'=>$value);
2776 push(@param,'-domain'=>$domain) if $domain;
2777 push(@param,'-path'=>$path) if $path;
2778 push(@param,'-expires'=>$expires) if $expires;
2779 push(@param,'-secure'=>$secure) if $secure;
fc786e8b 2780 push(@param,'-httponly'=>$httponly) if $httponly;
54310121 2781
6b4ac661 2782 return new CGI::Cookie(@param);
54310121 2783}
2784END_OF_FUNC
2785
424ec8fa
GS		 2786'parse_keywordlist' => <<'END_OF_FUNC',
2787sub parse_keywordlist {
2788 my($self,$tosplit) = @_;
2789 $tosplit = unescape($tosplit); # unescape the keywords
2790 $tosplit=~tr/+/ /; # pluses to spaces
2791 my(@keywords) = split(/\s+/,$tosplit);
2792 return @keywords;
2793}
2794END_OF_FUNC
2795
2796'param_fetch' => <<'END_OF_FUNC',
2797sub param_fetch {
2798 my($self,@p) = self_or_default(@_);
3d1a2ec4 2799 my($name) = rearrange([NAME],@p);
424ec8fa
GS		 2800 unless (exists($self->{$name})) {
2801 $self->add_parameter($name);
2802 $self->{$name} = [];
2803 }
2804
2805 return $self->{$name};
2806}
2807END_OF_FUNC
2808
54310121 2809###############################################
2810# OTHER INFORMATION PROVIDED BY THE ENVIRONMENT
2811###############################################
2812
2813#### Method: path_info
2814# Return the extra virtual path information provided
2815# after the URL (if any)
2816####
2817'path_info' => <<'END_OF_FUNC',
2818sub path_info {
424ec8fa
GS		 2819 my ($self,$info) = self_or_default(@_);
2820 if (defined($info)) {
2821 $info = "/$info" if $info ne '' && substr($info,0,1) ne '/';
2822 $self->{'.path_info'} = $info;
2823 } elsif (! defined($self->{'.path_info'}) ) {
7dc108d1
SP		 2824 my (undef,$path_info) = $self->_name_and_path_from_env;
2825 $self->{'.path_info'} = $path_info || '';
424ec8fa
GS		 2826 }
2827 return $self->{'.path_info'};
54310121 2828}
2829END_OF_FUNC
2830
7dc108d1
SP		 2831# WE USE THIS TO COMPENSATE FOR A BUG IN APACHE 2 PRESENT AT LEAST UP THROUGH 2.0.54
2832'_name_and_path_from_env' => <<'END_OF_FUNC',
2833sub _name_and_path_from_env {
2834 my $self = shift;
2835 my $raw_script_name = $ENV{SCRIPT_NAME} || '';
2836 my $raw_path_info = $ENV{PATH_INFO} || '';
cb3b230c 2837 my $uri = unescape($self->request_uri) || '';
7dc108d1 2838
adb86593
SP		 2839 my $protected = quotemeta($raw_path_info);
2840 $raw_script_name =~ s/$protected$//;
0a9bdad4 2841
7dc108d1
SP		 2842 my @uri_double_slashes = $uri =~ m^(/{2,}?)^g;
2843 my @path_double_slashes = "$raw_script_name $raw_path_info" =~ m^(/{2,}?)^g;
2844
2845 my $apache_bug = @uri_double_slashes != @path_double_slashes;
2846 return ($raw_script_name,$raw_path_info) unless $apache_bug;
2847
cb3b230c 2848 my $path_info_search = quotemeta($raw_path_info);
7dc108d1
SP		 2849 $path_info_search =~ s!/!/+!g;
2850 if ($uri =~ m/^(.+)($path_info_search)/) {
2851 return ($1,$2);
2852 } else {
2853 return ($raw_script_name,$raw_path_info);
2854 }
2855}
2856END_OF_FUNC
2857
54310121 2858
2859#### Method: request_method
2860# Returns 'POST', 'GET', 'PUT' or 'HEAD'
2861####
2862'request_method' => <<'END_OF_FUNC',
2863sub request_method {
2864 return $ENV{'REQUEST_METHOD'};
2865}
2866END_OF_FUNC
2867
3538e1d5
GS		 2868#### Method: content_type
2869# Returns the content_type string
2870####
2871'content_type' => <<'END_OF_FUNC',
2872sub content_type {
2873 return $ENV{'CONTENT_TYPE'};
2874}
2875END_OF_FUNC
2876
54310121 2877#### Method: path_translated
2878# Return the physical path information provided
2879# by the URL (if any)
2880####
2881'path_translated' => <<'END_OF_FUNC',
2882sub path_translated {
2883 return $ENV{'PATH_TRANSLATED'};
2884}
2885END_OF_FUNC
2886
2887
7dc108d1
SP		 2888#### Method: request_uri
2889# Return the literal request URI
2890####
2891'request_uri' => <<'END_OF_FUNC',
2892sub request_uri {
2893 return $ENV{'REQUEST_URI'};
2894}
2895END_OF_FUNC
2896
2897
54310121 2898#### Method: query_string
2899# Synthesize a query string from our current
2900# parameters
2901####
2902'query_string' => <<'END_OF_FUNC',
2903sub query_string {
2904 my($self) = self_or_default(@_);
2905 my($param,$value,@pairs);
2906 foreach $param ($self->param) {
424ec8fa 2907 my($eparam) = escape($param);
54310121 2908 foreach $value ($self->param($param)) {
424ec8fa 2909 $value = escape($value);
3538e1d5 2910 next unless defined $value;
54310121 2911 push(@pairs,"$eparam=$value");
2912 }
2913 }
d45d855d
JH		 2914 foreach (keys %{$self->{'.fieldnames'}}) {
2915 push(@pairs,".cgifields=".escape("$_"));
2916 }
71f3e297 2917 return join($USE_PARAM_SEMICOLONS ? ';' : '&',@pairs);
54310121 2918}
2919END_OF_FUNC
2920
2921
2922#### Method: accept
2923# Without parameters, returns an array of the
2924# MIME types the browser accepts.
2925# With a single parameter equal to a MIME
2926# type, will return undef if the browser won't
2927# accept it, 1 if the browser accepts it but
2928# doesn't give a preference, or a floating point
2929# value between 0.0 and 1.0 if the browser
2930# declares a quantitative score for it.
2931# This handles MIME type globs correctly.
2932####
71f3e297
JH		 2933'Accept' => <<'END_OF_FUNC',
2934sub Accept {
54310121 2935 my($self,$search) = self_or_CGI(@_);
2936 my(%prefs,$type,$pref,$pat);
2937
2938 my(@accept) = split(',',$self->http('accept'));
2939
2940 foreach (@accept) {
2941 ($pref) = /q=(\d\.\d+|\d+)/;
2942 ($type) = m#(\S+/[^;]+)#;
2943 next unless $type;
2944 $prefs{$type}=$pref || 1;
2945 }
2946
2947 return keys %prefs unless $search;
2948
2949 # if a search type is provided, we may need to
2950 # perform a pattern matching operation.
2951 # The MIME types use a glob mechanism, which
2952 # is easily translated into a perl pattern match
2953
2954 # First return the preference for directly supported
2955 # types:
2956 return $prefs{$search} if $prefs{$search};
2957
2958 # Didn't get it, so try pattern matching.
2959 foreach (keys %prefs) {
2960 next unless /\*/; # not a pattern match
2961 ($pat = $_) =~ s/([^\w*])/\\$1/g; # escape meta characters
2962 $pat =~ s/\*/.*/g; # turn it into a pattern
2963 return $prefs{$_} if $search=~/$pat/;
2964 }
2965}
2966END_OF_FUNC
2967
2968
2969#### Method: user_agent
2970# If called with no parameters, returns the user agent.
2971# If called with one parameter, does a pattern match (case
2972# insensitive) on the user agent.
2973####
2974'user_agent' => <<'END_OF_FUNC',
2975sub user_agent {
2976 my($self,$match)=self_or_CGI(@_);
2977 return $self->http('user_agent') unless $match;
2978 return $self->http('user_agent') =~ /$match/i;
2979}
2980END_OF_FUNC
2981
2982
424ec8fa
GS		 2983#### Method: raw_cookie
2984# Returns the magic cookies for the session.
2985# The cookies are not parsed or altered in any way, i.e.
2986# cookies are returned exactly as given in the HTTP
2987# headers. If a cookie name is given, only that cookie's
2988# value is returned, otherwise the entire raw cookie
2989# is returned.
54310121 2990####
2991'raw_cookie' => <<'END_OF_FUNC',
2992sub raw_cookie {
424ec8fa
GS		 2993 my($self,$key) = self_or_CGI(@_);
2994
2995 require CGI::Cookie;
2996
2997 if (defined($key)) {
2998 $self->{'.raw_cookies'} = CGI::Cookie->raw_fetch
2999 unless $self->{'.raw_cookies'};
3000
3001 return () unless $self->{'.raw_cookies'};
3002 return () unless $self->{'.raw_cookies'}->{$key};
3003 return $self->{'.raw_cookies'}->{$key};
3004 }
54310121 3005 return $self->http('cookie') || $ENV{'COOKIE'} || '';
3006}
3007END_OF_FUNC
3008
3009#### Method: virtual_host
3010# Return the name of the virtual_host, which
3011# is not always the same as the server
3012######
3013'virtual_host' => <<'END_OF_FUNC',
3014sub virtual_host {
13548fdf 3015 my $vh = http('x_forwarded_host') || http('host') || server_name();
424ec8fa
GS		 3016 $vh =~ s/:\d+$//; # get rid of port number
3017 return $vh;
54310121 3018}
3019END_OF_FUNC
3020
3021#### Method: remote_host
3022# Return the name of the remote host, or its IP
3023# address if unavailable. If this variable isn't
3024# defined, it returns "localhost" for debugging
3025# purposes.
3026####
3027'remote_host' => <<'END_OF_FUNC',
3028sub remote_host {
3029 return $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'}
3030 || 'localhost';
3031}
3032END_OF_FUNC
3033
3034
3035#### Method: remote_addr
3036# Return the IP addr of the remote host.
3037####
3038'remote_addr' => <<'END_OF_FUNC',
3039sub remote_addr {
3040 return $ENV{'REMOTE_ADDR'} || '127.0.0.1';
3041}
3042END_OF_FUNC
3043
3044
3045#### Method: script_name
3046# Return the partial URL to this script for
3047# self-referencing scripts. Also see
3048# self_url(), which returns a URL with all state information
3049# preserved.
3050####
3051'script_name' => <<'END_OF_FUNC',
3052sub script_name {
7dc108d1
SP		 3053 my ($self,@p) = self_or_default(@_);
3054 if (@p) {
3055 $self->{'.script_name'} = shift;
3056 } elsif (!exists $self->{'.script_name'}) {
3057 my ($script_name,$path_info) = $self->_name_and_path_from_env();
3058 $self->{'.script_name'} = $script_name;
3059 }
3060 return $self->{'.script_name'};
54310121 3061}
3062END_OF_FUNC
3063
3064
3065#### Method: referer
3066# Return the HTTP_REFERER: useful for generating
3067# a GO BACK button.
3068####
3069'referer' => <<'END_OF_FUNC',
3070sub referer {
3071 my($self) = self_or_CGI(@_);
3072 return $self->http('referer');
3073}
3074END_OF_FUNC
3075
3076
3077#### Method: server_name
3078# Return the name of the server
3079####
3080'server_name' => <<'END_OF_FUNC',
3081sub server_name {
3082 return $ENV{'SERVER_NAME'} || 'localhost';
3083}
3084END_OF_FUNC
3085
3086#### Method: server_software
3087# Return the name of the server software
3088####
3089'server_software' => <<'END_OF_FUNC',
3090sub server_software {
3091 return $ENV{'SERVER_SOFTWARE'} || 'cmdline';
3092}
3093END_OF_FUNC
3094
2ed511ec
RGS		 3095#### Method: virtual_port
3096# Return the server port, taking virtual hosts into account
3097####
3098'virtual_port' => <<'END_OF_FUNC',
3099sub virtual_port {
3100 my($self) = self_or_default(@_);
13548fdf 3101 my $vh = $self->http('x_forwarded_host') || $self->http('host');
0a9bdad4 3102 my $protocol = $self->protocol;
2ed511ec 3103 if ($vh) {
0a9bdad4 3104 return ($vh =~ /:(\d+)$/)[0] || ($protocol eq 'https' ? 443 : 80);
2ed511ec
RGS		 3105 } else {
3106 return $self->server_port();
3107 }
3108}
3109END_OF_FUNC
3110
54310121 3111#### Method: server_port
3112# Return the tcp/ip port the server is running on
3113####
3114'server_port' => <<'END_OF_FUNC',
3115sub server_port {
3116 return $ENV{'SERVER_PORT'} || 80; # for debugging
3117}
3118END_OF_FUNC
3119
3120#### Method: server_protocol
3121# Return the protocol (usually HTTP/1.0)
3122####
3123'server_protocol' => <<'END_OF_FUNC',
3124sub server_protocol {
3125 return $ENV{'SERVER_PROTOCOL'} || 'HTTP/1.0'; # for debugging
3126}
3127END_OF_FUNC
3128
3129#### Method: http
3130# Return the value of an HTTP variable, or
3131# the list of variables if none provided
3132####
3133'http' => <<'END_OF_FUNC',
3134sub http {
3135 my ($self,$parameter) = self_or_CGI(@_);
3136 return $ENV{$parameter} if $parameter=~/^HTTP/;
3538e1d5 3137 $parameter =~ tr/-/_/;
54310121 3138 return $ENV{"HTTP_\U$parameter\E"} if $parameter;
3139 my(@p);
3140 foreach (keys %ENV) {
3141 push(@p,$_) if /^HTTP/;
3142 }
3143 return @p;
3144}
3145END_OF_FUNC
3146
3147#### Method: https
3148# Return the value of HTTPS
3149####
3150'https' => <<'END_OF_FUNC',
3151sub https {
3152 local($^W)=0;
3153 my ($self,$parameter) = self_or_CGI(@_);
3154 return $ENV{HTTPS} unless $parameter;
3155 return $ENV{$parameter} if $parameter=~/^HTTPS/;
3538e1d5 3156 $parameter =~ tr/-/_/;
54310121 3157 return $ENV{"HTTPS_\U$parameter\E"} if $parameter;
3158 my(@p);
3159 foreach (keys %ENV) {
3160 push(@p,$_) if /^HTTPS/;
3161 }
3162 return @p;
3163}
3164END_OF_FUNC
3165
3166#### Method: protocol
3167# Return the protocol (http or https currently)
3168####
3169'protocol' => <<'END_OF_FUNC',
3170sub protocol {
3171 local($^W)=0;
3172 my $self = shift;
424ec8fa 3173 return 'https' if uc($self->https()) eq 'ON';
54310121 3174 return 'https' if $self->server_port == 443;
3175 my $prot = $self->server_protocol;
3176 my($protocol,$version) = split('/',$prot);
3177 return "\L$protocol\E";
3178}
3179END_OF_FUNC
3180
3181#### Method: remote_ident
3182# Return the identity of the remote user
3183# (but only if his host is running identd)
3184####
3185'remote_ident' => <<'END_OF_FUNC',
3186sub remote_ident {
3187 return $ENV{'REMOTE_IDENT'};
3188}
3189END_OF_FUNC
3190
3191
3192#### Method: auth_type
3193# Return the type of use verification/authorization in use, if any.
3194####
3195'auth_type' => <<'END_OF_FUNC',
3196sub auth_type {
3197 return $ENV{'AUTH_TYPE'};
3198}
3199END_OF_FUNC
3200
3201
3202#### Method: remote_user
3203# Return the authorization name used for user
3204# verification.
3205####
3206'remote_user' => <<'END_OF_FUNC',
3207sub remote_user {
3208 return $ENV{'REMOTE_USER'};
3209}
3210END_OF_FUNC
3211
3212
3213#### Method: user_name
3214# Try to return the remote user's name by hook or by
3215# crook
3216####
3217'user_name' => <<'END_OF_FUNC',
3218sub user_name {
3219 my ($self) = self_or_CGI(@_);
3220 return $self->http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'};
3221}
3222END_OF_FUNC
3223
3d1a2ec4
GS		 3224#### Method: nosticky
3225# Set or return the NOSTICKY global flag
3226####
3227'nosticky' => <<'END_OF_FUNC',
3228sub nosticky {
3229 my ($self,$param) = self_or_CGI(@_);
3230 $CGI::NOSTICKY = $param if defined($param);
3231 return $CGI::NOSTICKY;
3232}
3233END_OF_FUNC
3234
54310121 3235#### Method: nph
3236# Set or return the NPH global flag
3237####
3238'nph' => <<'END_OF_FUNC',
3239sub nph {
3240 my ($self,$param) = self_or_CGI(@_);
7d37aa8e
LS		 3241 $CGI::NPH = $param if defined($param);
3242 return $CGI::NPH;
3243}
3244END_OF_FUNC
3245
3246#### Method: private_tempfiles
3247# Set or return the private_tempfiles global flag
3248####
3249'private_tempfiles' => <<'END_OF_FUNC',
3250sub private_tempfiles {
3251 my ($self,$param) = self_or_CGI(@_);
424ec8fa 3252 $CGI::PRIVATE_TEMPFILES = $param if defined($param);
7d37aa8e 3253 return $CGI::PRIVATE_TEMPFILES;
54310121 3254}
3255END_OF_FUNC
8f3ccfa2
JH		 3256#### Method: close_upload_files
3257# Set or return the close_upload_files global flag
3258####
3259'close_upload_files' => <<'END_OF_FUNC',
3260sub close_upload_files {
3261 my ($self,$param) = self_or_CGI(@_);
3262 $CGI::CLOSE_UPLOAD_FILES = $param if defined($param);
3263 return $CGI::CLOSE_UPLOAD_FILES;
3264}
3265END_OF_FUNC
3266
54310121 3267
424ec8fa
GS		 3268#### Method: default_dtd
3269# Set or return the default_dtd global
3270####
3271'default_dtd' => <<'END_OF_FUNC',
3272sub default_dtd {
3d1a2ec4
GS		 3273 my ($self,$param,$param2) = self_or_CGI(@_);
3274 if (defined $param2 && defined $param) {
3275 $CGI::DEFAULT_DTD = [ $param, $param2 ];
3276 } elsif (defined $param) {
3277 $CGI::DEFAULT_DTD = $param;
3278 }
424ec8fa
GS		 3279 return $CGI::DEFAULT_DTD;
3280}
3281END_OF_FUNC
3282
54310121 3283# -------------- really private subroutines -----------------
3284'previous_or_default' => <<'END_OF_FUNC',
3285sub previous_or_default {
3286 my($self,$name,$defaults,$override) = @_;
3287 my(%selected);
3288
3289 if (!$override && ($self->{'.fieldnames'}->{$name} ||
3290 defined($self->param($name)) ) ) {
3291 grep($selected{$_}++,$self->param($name));
3292 } elsif (defined($defaults) && ref($defaults) &&
3293 (ref($defaults) eq 'ARRAY')) {
3294 grep($selected{$_}++,@{$defaults});
3295 } else {
3296 $selected{$defaults}++ if defined($defaults);
3297 }
3298
3299 return %selected;
3300}
3301END_OF_FUNC
3302
3303'register_parameter' => <<'END_OF_FUNC',
3304sub register_parameter {
3305 my($self,$param) = @_;
3306 $self->{'.parametersToAdd'}->{$param}++;
3307}
3308END_OF_FUNC
3309
3310'get_fields' => <<'END_OF_FUNC',
3311sub get_fields {
3312 my($self) = @_;
424ec8fa
GS		 3313 return $self->CGI::hidden('-name'=>'.cgifields',
3314 '-values'=>[keys %{$self->{'.parametersToAdd'}}],
3315 '-override'=>1);
54310121 3316}
3317END_OF_FUNC
3318
3319'read_from_cmdline' => <<'END_OF_FUNC',
3320sub read_from_cmdline {
54310121 3321 my($input,@words);
3322 my($query_string);
2ed511ec 3323 my($subpath);
3d1a2ec4 3324 if ($DEBUG && @ARGV) {
424ec8fa 3325 @words = @ARGV;
3d1a2ec4 3326 } elsif ($DEBUG > 1) {
424ec8fa 3327 require "shellwords.pl";
2ed511ec 3328 print STDERR "(offline mode: enter name=value pairs on standard input; press ^D or ^Z when done)\n";
424ec8fa 3329 chomp(@lines = <STDIN>); # remove newlines
54310121 3330 $input = join(" ",@lines);
424ec8fa
GS		 3331 @words = &shellwords($input);
3332 }
3333 foreach (@words) {
3334 s/\\=/%3D/g;
3335 s/\\&/%26/g;
54310121 3336 }
3337
54310121 3338 if ("@words"=~/=/) {
3339 $query_string = join('&',@words);
3340 } else {
3341 $query_string = join('+',@words);
3342 }
2ed511ec
RGS		 3343 if ($query_string =~ /^(.*?)\?(.*)$/)
3344 {
3345 $query_string = $2;
3346 $subpath = $1;
3347 }
3348 return { 'query_string' => $query_string, 'subpath' => $subpath };
54310121 3349}
3350END_OF_FUNC
3351
3352#####
3353# subroutine: read_multipart
3354#
3355# Read multipart data and store it into our parameters.
3356# An interesting feature is that if any of the parts is a file, we
3357# create a temporary file and open up a filehandle on it so that the
3358# caller can read from it if necessary.
3359#####
3360'read_multipart' => <<'END_OF_FUNC',
3361sub read_multipart {
2ed511ec
RGS		 3362 my($self,$boundary,$length) = @_;
3363 my($buffer) = $self->new_MultipartBuffer($boundary,$length);
54310121 3364 return unless $buffer;
3365 my(%header,$body);
424ec8fa 3366 my $filenumber = 0;
54310121 3367 while (!$buffer->eof) {
3368 %header = $buffer->readHeader;
3538e1d5
GS		 3369
3370 unless (%header) {
3371 $self->cgi_error("400 Bad request (malformed multipart POST)");
3372 return;
3373 }
54310121 3374
c29edf6c 3375 my($param)= $header{'Content-Disposition'}=~/ name="([^"]*)"/;
188ba755 3376 $param .= $TAINTED;
54310121 3377
424ec8fa 3378 # Bug: Netscape doesn't escape quotation marks in file names!!!
c29edf6c 3379 my($filename) = $header{'Content-Disposition'}=~/ filename="([^"]*)"/;
8f3ccfa2
JH		 3380 # Test for Opera's multiple upload feature
3381 my($multipart) = ( defined( $header{'Content-Type'} ) &&
3382 $header{'Content-Type'} =~ /multipart\/mixed/ ) ?
3383 1 : 0;
54310121 3384
3385 # add this parameter to our list
3386 $self->add_parameter($param);
3387
3388 # If no filename specified, then just read the data and assign it
3389 # to our parameter list.
8f3ccfa2 3390 if ( ( !defined($filename) || $filename eq '' ) && !$multipart ) {
54310121 3391 my($value) = $buffer->readBody;
188ba755 3392 $value .= $TAINTED;
54310121 3393 push(@{$self->{$param}},$value);
3394 next;
3395 }
3396
424ec8fa
GS		 3397 my ($tmpfile,$tmp,$filehandle);
3398 UPLOADS: {
3399 # If we get here, then we are dealing with a potentially large
3400 # uploaded form. Save the data to a temporary file, then open
3401 # the file for reading.
54310121 3402
424ec8fa
GS		 3403 # skip the file if uploads disabled
3404 if ($DISABLE_UPLOADS) {
3405 while (defined($data = $buffer->read)) { }
3406 last UPLOADS;
3407 }
7d37aa8e 3408
8f3ccfa2
JH		 3409 # set the filename to some recognizable value
3410 if ( ( !defined($filename) || $filename eq '' ) && $multipart ) {
3411 $filename = "multipart/mixed";
3412 }
3413
3538e1d5 3414 # choose a relatively unpredictable tmpfile sequence number
29ddc2a4 3415 my $seqno = unpack("%16C*",join('',localtime,grep {defined $_} values %ENV));
3538e1d5 3416 for (my $cnt=10;$cnt>0;$cnt--) {
ac734d8b 3417 next unless $tmpfile = new CGITempFile($seqno);
3538e1d5 3418 $tmp = $tmpfile->as_string;
ffd2dff2 3419 last if defined($filehandle = Fh->new($filename,$tmp,$PRIVATE_TEMPFILES));
3538e1d5
GS		 3420 $seqno += int rand(100);
3421 }
69c89ae7 3422 die "CGI open of tmpfile: $!\n" unless defined $filehandle;
2ed511ec
RGS		 3423 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode
3424 && defined fileno($filehandle);
424ec8fa 3425
8f3ccfa2 3426 # if this is an multipart/mixed attachment, save the header
2ed511ec 3427 # together with the body for later parsing with an external
8f3ccfa2
JH		 3428 # MIME parser module
3429 if ( $multipart ) {
3430 foreach ( keys %header ) {
3431 print $filehandle "$_: $header{$_}${CRLF}";
3432 }
3433 print $filehandle "${CRLF}";
3434 }
3435
424ec8fa 3436 my ($data);
71f3e297 3437 local($\) = '';
2ed511ec
RGS		 3438 my $totalbytes;
3439 while (defined($data = $buffer->read)) {
3440 if (defined $self->{'.upload_hook'})
3441 {
3442 $totalbytes += length($data);
3443 &{$self->{'.upload_hook'}}($filename ,$data, $totalbytes, $self->{'.upload_data'});
3444 }
cb3b230c 3445 print $filehandle $data if ($self->{'use_tempfile'});
2ed511ec 3446 }
424ec8fa
GS		 3447
3448 # back up to beginning of file
3449 seek($filehandle,0,0);
8f3ccfa2
JH		 3450
3451 ## Close the filehandle if requested this allows a multipart MIME
3452 ## upload to contain many files, and we won't die due to too many
3453 ## open file handles. The user can access the files using the hash
3454 ## below.
3455 close $filehandle if $CLOSE_UPLOAD_FILES;
424ec8fa
GS		 3456 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;
3457
3458 # Save some information about the uploaded file where we can get
3459 # at it later.
0a9bdad4
SP		 3460 # Use the typeglob as the key, as this is guaranteed to be
3461 # unique for each filehandle. Don't use the file descriptor as
3462 # this will be re-used for each filehandle if the
3463 # close_upload_files feature is used.
3464 $self->{'.tmpfiles'}->{$$filehandle}= {
2ed511ec 3465 hndl => $filehandle,
424ec8fa
GS		 3466 name => $tmpfile,
3467 info => {%header},
3468 };
3469 push(@{$self->{$param}},$filehandle);
3470 }
54310121 3471 }
3472}
3473END_OF_FUNC
3474
8869a4b7
SP		 3475#####
3476# subroutine: read_multipart_related
3477#
3478# Read multipart/related data and store it into our parameters. The
3479# first parameter sets the start of the data. The part identified by
3480# this Content-ID will not be stored as a file upload, but will be
3481# returned by this method. All other parts will be available as file
3482# uploads accessible by their Content-ID
3483#####
3484'read_multipart_related' => <<'END_OF_FUNC',
3485sub read_multipart_related {
3486 my($self,$start,$boundary,$length) = @_;
3487 my($buffer) = $self->new_MultipartBuffer($boundary,$length);
3488 return unless $buffer;
3489 my(%header,$body);
3490 my $filenumber = 0;
3491 my $returnvalue;
3492 while (!$buffer->eof) {
3493 %header = $buffer->readHeader;
3494
3495 unless (%header) {
3496 $self->cgi_error("400 Bad request (malformed multipart POST)");
3497 return;
3498 }
3499
3500 my($param) = $header{'Content-ID'}=~/\<([^\>]*)\>/;
3501 $param .= $TAINTED;
3502
3503 # If this is the start part, then just read the data and assign it
3504 # to our return variable.
3505 if ( $param eq $start ) {
3506 $returnvalue = $buffer->readBody;
3507 $returnvalue .= $TAINTED;
3508 next;
3509 }
3510
3511 # add this parameter to our list
3512 $self->add_parameter($param);
3513
3514 my ($tmpfile,$tmp,$filehandle);
3515 UPLOADS: {
3516 # If we get here, then we are dealing with a potentially large
3517 # uploaded form. Save the data to a temporary file, then open
3518 # the file for reading.
3519
3520 # skip the file if uploads disabled
3521 if ($DISABLE_UPLOADS) {
3522 while (defined($data = $buffer->read)) { }
3523 last UPLOADS;
3524 }
3525
3526 # choose a relatively unpredictable tmpfile sequence number
3527 my $seqno = unpack("%16C*",join('',localtime,grep {defined $_} values %ENV));
3528 for (my $cnt=10;$cnt>0;$cnt--) {
3529 next unless $tmpfile = new CGITempFile($seqno);
3530 $tmp = $tmpfile->as_string;
3531 last if defined($filehandle = Fh->new($param,$tmp,$PRIVATE_TEMPFILES));
3532 $seqno += int rand(100);
3533 }
3534 die "CGI open of tmpfile: $!\n" unless defined $filehandle;
3535 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode
3536 && defined fileno($filehandle);
3537
3538 my ($data);
3539 local($\) = '';
3540 my $totalbytes;
3541 while (defined($data = $buffer->read)) {
3542 if (defined $self->{'.upload_hook'})
3543 {
3544 $totalbytes += length($data);
3545 &{$self->{'.upload_hook'}}($param ,$data, $totalbytes, $self->{'.upload_data'});
3546 }
3547 print $filehandle $data if ($self->{'use_tempfile'});
3548 }
3549
3550 # back up to beginning of file
3551 seek($filehandle,0,0);
3552
3553 ## Close the filehandle if requested this allows a multipart MIME
3554 ## upload to contain many files, and we won't die due to too many
3555 ## open file handles. The user can access the files using the hash
3556 ## below.
3557 close $filehandle if $CLOSE_UPLOAD_FILES;
3558 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;
3559
3560 # Save some information about the uploaded file where we can get
3561 # at it later.
3562 # Use the typeglob as the key, as this is guaranteed to be
3563 # unique for each filehandle. Don't use the file descriptor as
3564 # this will be re-used for each filehandle if the
3565 # close_upload_files feature is used.
3566 $self->{'.tmpfiles'}->{$$filehandle}= {
3567 hndl => $filehandle,
3568 name => $tmpfile,
3569 info => {%header},
3570 };
3571 push(@{$self->{$param}},$filehandle);
3572 }
3573 }
3574 return $returnvalue;
3575}
3576END_OF_FUNC
3577
3578
3538e1d5
GS		 3579'upload' =><<'END_OF_FUNC',
3580sub upload {
3581 my($self,$param_name) = self_or_default(@_);
0664a57d 3582 my @param = grep {ref($_) && defined(fileno($_))} $self->param($param_name);
199d4a26
JH		 3583 return unless @param;
3584 return wantarray ? @param : $param[0];
3538e1d5
GS		 3585}
3586END_OF_FUNC
3587
54310121 3588'tmpFileName' => <<'END_OF_FUNC',
3589sub tmpFileName {
3590 my($self,$filename) = self_or_default(@_);
0a9bdad4
SP		 3591 return $self->{'.tmpfiles'}->{$$filename}->{name} ?
3592 $self->{'.tmpfiles'}->{$$filename}->{name}->as_string
7d37aa8e 3593 : '';
54310121 3594}
3595END_OF_FUNC
3596
424ec8fa 3597'uploadInfo' => <<'END_OF_FUNC',
54310121 3598sub uploadInfo {
3599 my($self,$filename) = self_or_default(@_);
0a9bdad4 3600 return $self->{'.tmpfiles'}->{$$filename}->{info};
54310121 3601}
3602END_OF_FUNC
3603
424ec8fa
GS		 3604# internal routine, don't use
3605'_set_values_and_labels' => <<'END_OF_FUNC',
3606sub _set_values_and_labels {
3607 my $self = shift;
3608 my ($v,$l,$n) = @_;
3609 $$l = $v if ref($v) eq 'HASH' && !ref($$l);
3610 return $self->param($n) if !defined($v);
3611 return $v if !ref($v);
3612 return ref($v) eq 'HASH' ? keys %$v : @$v;
3613}
3614END_OF_FUNC
3615
188ba755
JH		 3616# internal routine, don't use
3617'_set_attributes' => <<'END_OF_FUNC',
3618sub _set_attributes {
3619 my $self = shift;
3620 my($element, $attributes) = @_;
3621 return '' unless defined($attributes->{$element});
3622 $attribs = ' ';
3623 foreach my $attrib (keys %{$attributes->{$element}}) {
13548fdf
RGS		 3624 (my $clean_attrib = $attrib) =~ s/^-//;
3625 $attribs .= "@{[lc($clean_attrib)]}=\"$attributes->{$element}{$attrib}\" ";
188ba755
JH		 3626 }
3627 $attribs =~ s/ $//;
3628 return $attribs;
3629}
3630END_OF_FUNC
3631
424ec8fa
GS		 3632'_compile_all' => <<'END_OF_FUNC',
3633sub _compile_all {
3634 foreach (@_) {
3635 next if defined(&$_);
3636 $AUTOLOAD = "CGI::$_";
3637 _compile();
3638 }
3639}
3640END_OF_FUNC
3641
54310121 3642);
3643END_OF_AUTOLOAD
3644;
3645
424ec8fa
GS		 3646#########################################################
3647# Globals and stubs for other packages that we use.
3648#########################################################
3649
3650################### Fh -- lightweight filehandle ###############
3651package Fh;
3652use overload
3653 '""' => \&asString,
3654 'cmp' => \&compare,
3655 'fallback'=>1;
3656
3657$FH='fh00000';
3658
3659*Fh::AUTOLOAD = \&CGI::AUTOLOAD;
3660
29ddc2a4
RGS		 3661sub DESTROY {
3662 my $self = shift;
3663 close $self;
3664}
3665
424ec8fa
GS		 3666$AUTOLOADED_ROUTINES = ''; # prevent -w error
3667$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3668%SUBS = (
3669'asString' => <<'END_OF_FUNC',
3670sub asString {
3671 my $self = shift;
71f3e297 3672 # get rid of package name
ffd2dff2 3673 (my $i = $$self) =~ s/^\*(\w+::fh\d{5})+//;
ba056755 3674 $i =~ s/%(..)/ chr(hex($1)) /eg;
188ba755 3675 return $i.$CGI::TAINTED;
71f3e297
JH		 3676# BEGIN DEAD CODE
3677# This was an extremely clever patch that allowed "use strict refs".
3678# Unfortunately it relied on another bug that caused leaky file descriptors.
3679# The underlying bug has been fixed, so this no longer works. However
3680# "strict refs" still works for some reason.
3681# my $self = shift;
3682# return ${*{$self}{SCALAR}};
3683# END DEAD CODE
424ec8fa
GS		 3684}
3685END_OF_FUNC
3686
3687'compare' => <<'END_OF_FUNC',
3688sub compare {
3689 my $self = shift;
3690 my $value = shift;
3691 return "$self" cmp $value;
3692}
3693END_OF_FUNC
3694
3695'new' => <<'END_OF_FUNC',
3696sub new {
3697 my($pack,$name,$file,$delete) = @_;
188ba755 3698 _setup_symbols(@SAVED_SYMBOLS) if @SAVED_SYMBOLS;
424ec8fa 3699 require Fcntl unless defined &Fcntl::O_RDWR;
ba056755
JH		 3700 (my $safename = $name) =~ s/([':%])/ sprintf '%%%02X', ord $1 /eg;
3701 my $fv = ++$FH . $safename;
6b4ac661 3702 my $ref = \*{"Fh::$fv"};
188ba755
JH		 3703 $file =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return;
3704 my $safe = $1;
3705 sysopen($ref,$safe,Fcntl::O_RDWR()|Fcntl::O_CREAT()|Fcntl::O_EXCL(),0600) || return;
3706 unlink($safe) if $delete;
6b4ac661 3707 CORE::delete $Fh::{$fv};
71f3e297 3708 return bless $ref,$pack;
424ec8fa
GS		 3709}
3710END_OF_FUNC
3711
424ec8fa
GS		 3712);
3713END_OF_AUTOLOAD
3714
3715######################## MultipartBuffer ####################
54310121 3716package MultipartBuffer;
3717
2ed511ec
RGS		 3718use constant DEBUG => 0;
3719
54310121 3720# how many bytes to read at a time. We use
71f3e297
JH		 3721# a 4K buffer by default.
3722$INITIAL_FILLUNIT = 1024 * 4;
3723$TIMEOUT = 240*60; # 4 hour timeout for big files
3724$SPIN_LOOP_MAX = 2000; # bug fix for some Netscape servers
54310121 3725$CRLF=$CGI::CRLF;
3726
3727#reuse the autoload function
3728*MultipartBuffer::AUTOLOAD = \&CGI::AUTOLOAD;
3729
424ec8fa
GS		 3730# avoid autoloader warnings
3731sub DESTROY {}
3732
54310121 3733###############################################################################
3734################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
3735###############################################################################
3736$AUTOLOADED_ROUTINES = ''; # prevent -w error
3737$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3738%SUBS = (
3739
3740'new' => <<'END_OF_FUNC',
3741sub new {
2ed511ec 3742 my($package,$interface,$boundary,$length) = @_;
424ec8fa 3743 $FILLUNIT = $INITIAL_FILLUNIT;
2ed511ec 3744 $CGI::DefaultClass->binmode($IN); # if $CGI::needs_binmode; # just do it always
29ddc2a4 3745
54310121 3746 # If the user types garbage into the file upload field,
3747 # then Netscape passes NOTHING to the server (not good).
3748 # We may hang on this read in that case. So we implement
3749 # a read timeout. If nothing is ready to read
3750 # by then, we return.
3751
3752 # Netscape seems to be a little bit unreliable
3753 # about providing boundary strings.
3d1a2ec4 3754 my $boundary_read = 0;
54310121 3755 if ($boundary) {
3756
3757 # Under the MIME spec, the boundary consists of the
3758 # characters "--" PLUS the Boundary string
424ec8fa
GS		 3759
3760 # BUG: IE 3.01 on the Macintosh uses just the boundary -- not
71f3e297 3761 # the two extra hyphens. We do a special case here on the user-agent!!!!
69c89ae7 3762 $boundary = "--$boundary" unless CGI::user_agent('MSIE\s+3\.0[12];\s*Mac|DreamPassport');
424ec8fa 3763
54310121 3764 } else { # otherwise we find it ourselves
3765 my($old);
3766 ($old,$/) = ($/,$CRLF); # read a CRLF-delimited line
2ed511ec 3767 $boundary = <STDIN>; # BUG: This won't work correctly under mod_perl
54310121 3768 $length -= length($boundary);
3769 chomp($boundary); # remove the CRLF
3770 $/ = $old; # restore old line separator
3d1a2ec4 3771 $boundary_read++;
54310121 3772 }
3773
3774 my $self = {LENGTH=>$length,
29ddc2a4 3775 CHUNKED=>!defined $length,
54310121 3776 BOUNDARY=>$boundary,
54310121 3777 INTERFACE=>$interface,
3778 BUFFER=>'',
3779 };
3780
3781 $FILLUNIT = length($boundary)
3782 if length($boundary) > $FILLUNIT;
3783
424ec8fa
GS		 3784 my $retval = bless $self,ref $package || $package;
3785
3786 # Read the preamble and the topmost (boundary) line plus the CRLF.
3d1a2ec4
GS		 3787 unless ($boundary_read) {
3788 while ($self->read(0)) { }
3789 }
2ed511ec 3790 die "Malformed multipart POST: data truncated\n" if $self->eof;
424ec8fa
GS		 3791
3792 return $retval;
54310121 3793}
3794END_OF_FUNC
3795
3796'readHeader' => <<'END_OF_FUNC',
3797sub readHeader {
3798 my($self) = @_;
3799 my($end);
3800 my($ok) = 0;
47e3cabd 3801 my($bad) = 0;
424ec8fa 3802
2ed511ec 3803 local($CRLF) = "\015\012" if $CGI::OS eq 'VMS' || $CGI::EBCDIC;
424ec8fa 3804
54310121 3805 do {
3806 $self->fillBuffer($FILLUNIT);
3807 $ok++ if ($end = index($self->{BUFFER},"${CRLF}${CRLF}")) >= 0;
3808 $ok++ if $self->{BUFFER} eq '';
47e3cabd 3809 $bad++ if !$ok && $self->{LENGTH} <= 0;
424ec8fa
GS		 3810 # this was a bad idea
3811 # $FILLUNIT *= 2 if length($self->{BUFFER}) >= $FILLUNIT;
47e3cabd
LS		 3812 } until $ok || $bad;
3813 return () if $bad;
54310121 3814
2ed511ec
RGS		 3815 #EBCDIC NOTE: translate header into EBCDIC, but watch out for continuation lines!
3816
54310121 3817 my($header) = substr($self->{BUFFER},0,$end+2);
3818 substr($self->{BUFFER},0,$end+4) = '';
3819 my %return;
424ec8fa 3820
2ed511ec
RGS		 3821 if ($CGI::EBCDIC) {
3822 warn "untranslated header=$header\n" if DEBUG;
3823 $header = CGI::Util::ascii2ebcdic($header);
3824 warn "translated header=$header\n" if DEBUG;
3825 }
3826
424ec8fa
GS		 3827 # See RFC 2045 Appendix A and RFC 822 sections 3.4.8
3828 # (Folding Long Header Fields), 3.4.3 (Comments)
3829 # and 3.4.5 (Quoted-Strings).
3830
3831 my $token = '[-\w!\#$%&\'*+.^_\`|{}~]';
3832 $header=~s/$CRLF\s+/ /og; # merge continuation lines
188ba755 3833
424ec8fa 3834 while ($header=~/($token+):\s+([^$CRLF]*)/mgox) {
188ba755 3835 my ($field_name,$field_value) = ($1,$2);
424ec8fa
GS		 3836 $field_name =~ s/\b(\w)/uc($1)/eg; #canonicalize
3837 $return{$field_name}=$field_value;
54310121 3838 }
3839 return %return;
3840}
3841END_OF_FUNC
3842
3843# This reads and returns the body as a single scalar value.
3844'readBody' => <<'END_OF_FUNC',
3845sub readBody {
3846 my($self) = @_;
3847 my($data);
3848 my($returnval)='';
2ed511ec
RGS		 3849
3850 #EBCDIC NOTE: want to translate returnval into EBCDIC HERE
3851
54310121 3852 while (defined($data = $self->read)) {
3853 $returnval .= $data;
3854 }
2ed511ec
RGS		 3855
3856 if ($CGI::EBCDIC) {
3857 warn "untranslated body=$returnval\n" if DEBUG;
3858 $returnval = CGI::Util::ascii2ebcdic($returnval);
3859 warn "translated body=$returnval\n" if DEBUG;
3860 }
54310121 3861 return $returnval;
3862}
3863END_OF_FUNC
3864
3865# This will read $bytes or until the boundary is hit, whichever happens
3866# first. After the boundary is hit, we return undef. The next read will
3867# skip over the boundary and begin reading again;
3868'read' => <<'END_OF_FUNC',
3869sub read {
3870 my($self,$bytes) = @_;
3871
3872 # default number of bytes to read
2ed511ec 3873 $bytes = $bytes || $FILLUNIT;
54310121 3874
3875 # Fill up our internal buffer in such a way that the boundary
3876 # is never split between reads.
3877 $self->fillBuffer($bytes);
3878
2ed511ec
RGS		 3879 my $boundary_start = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY}) : $self->{BOUNDARY};
3880 my $boundary_end = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY}.'--') : $self->{BOUNDARY}.'--';
3881
54310121 3882 # Find the boundary in the buffer (it may not be there).
2ed511ec
RGS		 3883 my $start = index($self->{BUFFER},$boundary_start);
3884
3885 warn "boundary=$self->{BOUNDARY} length=$self->{LENGTH} start=$start\n" if DEBUG;
54310121 3886
29ddc2a4
RGS		 3887 # protect against malformed multipart POST operations
3888 die "Malformed multipart POST\n" unless $self->{CHUNKED} || ($start >= 0 || $self->{LENGTH} > 0);
2ed511ec
RGS		 3889
3890 #EBCDIC NOTE: want to translate boundary search into ASCII here.
3891
54310121 3892 # If the boundary begins the data, then skip past it
03b9648d 3893 # and return undef.
54310121 3894 if ($start == 0) {
3895
3896 # clear us out completely if we've hit the last boundary.
2ed511ec 3897 if (index($self->{BUFFER},$boundary_end)==0) {
54310121 3898 $self->{BUFFER}='';
3899 $self->{LENGTH}=0;
3900 return undef;
3901 }
3902
3903 # just remove the boundary.
2ed511ec 3904 substr($self->{BUFFER},0,length($boundary_start))='';
03b9648d 3905 $self->{BUFFER} =~ s/^\012\015?//;
54310121 3906 return undef;
3907 }
3908
8f3ccfa2 3909 my $bytesToReturn;
54310121 3910 if ($start > 0) { # read up to the boundary
8f3ccfa2 3911 $bytesToReturn = $start-2 > $bytes ? $bytes : $start;
54310121 3912 } else { # read the requested number of bytes
3913 # leave enough bytes in the buffer to allow us to read
3914 # the boundary. Thanks to Kevin Hendrick for finding
3915 # this one.
2ed511ec 3916 $bytesToReturn = $bytes - (length($boundary_start)+1);
54310121 3917 }
3918
3919 my $returnval=substr($self->{BUFFER},0,$bytesToReturn);
3920 substr($self->{BUFFER},0,$bytesToReturn)='';
3921
3922 # If we hit the boundary, remove the CRLF from the end.
8f3ccfa2 3923 return ($bytesToReturn==$start)
ac734d8b 3924 ? substr($returnval,0,-2) : $returnval;
54310121 3925}
3926END_OF_FUNC
3927
3928
3929# This fills up our internal buffer in such a way that the
3930# boundary is never split between reads
3931'fillBuffer' => <<'END_OF_FUNC',
3932sub fillBuffer {
3933 my($self,$bytes) = @_;
29ddc2a4 3934 return unless $self->{CHUNKED} || $self->{LENGTH};
54310121 3935
3936 my($boundaryLength) = length($self->{BOUNDARY});
3937 my($bufferLength) = length($self->{BUFFER});
3938 my($bytesToRead) = $bytes - $bufferLength + $boundaryLength + 2;
29ddc2a4 3939 $bytesToRead = $self->{LENGTH} if !$self->{CHUNKED} && $self->{LENGTH} < $bytesToRead;
54310121 3940
2ed511ec
RGS		 3941 # Try to read some data. We may hang here if the browser is screwed up.
3942 my $bytesRead = $self->{INTERFACE}->read_from_client(\$self->{BUFFER},
54310121 3943 $bytesToRead,
3944 $bufferLength);
2ed511ec 3945 warn "bytesToRead=$bytesToRead, bufferLength=$bufferLength, buffer=$self->{BUFFER}\n" if DEBUG;
71f3e297 3946 $self->{BUFFER} = '' unless defined $self->{BUFFER};
54310121 3947
47e3cabd 3948 # An apparent bug in the Apache server causes the read()
54310121 3949 # to return zero bytes repeatedly without blocking if the
3950 # remote user aborts during a file transfer. I don't know how
3951 # they manage this, but the workaround is to abort if we get
3952 # more than SPIN_LOOP_MAX consecutive zero reads.
29ddc2a4 3953 if ($bytesRead <= 0) {
54310121 3954 die "CGI.pm: Server closed socket during multipart read (client aborted?).\n"
3955 if ($self->{ZERO_LOOP_COUNTER}++ >= $SPIN_LOOP_MAX);
3956 } else {
3957 $self->{ZERO_LOOP_COUNTER}=0;
3958 }
3959
29ddc2a4 3960 $self->{LENGTH} -= $bytesRead if !$self->{CHUNKED} && $bytesRead;
54310121 3961}
3962END_OF_FUNC
3963
3964
3965# Return true when we've finished reading
3966'eof' => <<'END_OF_FUNC'
3967sub eof {
3968 my($self) = @_;
3969 return 1 if (length($self->{BUFFER}) == 0)
3970 && ($self->{LENGTH} <= 0);
3971 undef;
3972}
3973END_OF_FUNC
3974
3975);
3976END_OF_AUTOLOAD
3977
3978####################################################################################
3979################################## TEMPORARY FILES #################################
3980####################################################################################
ac734d8b 3981package CGITempFile;
54310121 3982
cff99809 3983sub find_tempdir {
cff99809
JH		 3984 $SL = $CGI::SL;
3985 $MAC = $CGI::OS eq 'MACINTOSH';
3986 my ($vol) = $MAC ? MacPerl::Volumes() =~ /:(.*)/ : "";
0a9bdad4 3987 unless (defined $TMPDIRECTORY) {
424ec8fa 3988 @TEMP=("${SL}usr${SL}tmp","${SL}var${SL}tmp",
3538e1d5 3989 "C:${SL}temp","${SL}tmp","${SL}temp",
3d1a2ec4 3990 "${vol}${SL}Temporary Items",
ba056755
JH		 3991 "${SL}WWW_ROOT", "${SL}SYS\$SCRATCH",
3992 "C:${SL}system${SL}temp");
188ba755 3993 unshift(@TEMP,$ENV{'TMPDIR'}) if defined $ENV{'TMPDIR'};
3538e1d5 3994
3d1a2ec4
GS		 3995 # this feature was supposed to provide per-user tmpfiles, but
3996 # it is problematic.
3538e1d5
GS		 3997 # unshift(@TEMP,(getpwuid($<))[7].'/tmp') if $CGI::OS eq 'UNIX';
3998 # Rob: getpwuid() is unfortunately UNIX specific. On brain dead OS'es this
3999 # : can generate a 'getpwuid() not implemented' exception, even though
4000 # : it's never called. Found under DOS/Win with the DJGPP perl port.
4001 # : Refer to getpwuid() only at run-time if we're fortunate and have UNIX.
3d1a2ec4 4002 # unshift(@TEMP,(eval {(getpwuid($>))[7]}).'/tmp') if $CGI::OS eq 'UNIX' and $> != 0;
3538e1d5 4003
54310121 4004 foreach (@TEMP) {
cff99809 4005 do {$TMPDIRECTORY = $_; last} if -d $_ && -w _;
54310121 4006 }
cff99809
JH		 4007 }
4008 $TMPDIRECTORY = $MAC ? "" : "." unless $TMPDIRECTORY;
54310121 4009}
4010
cff99809
JH		 4011find_tempdir();
4012
424ec8fa 4013$MAXTRIES = 5000;
54310121 4014
4015# cute feature, but overload implementation broke it
4016# %OVERLOAD = ('""'=>'as_string');
ac734d8b 4017*CGITempFile::AUTOLOAD = \&CGI::AUTOLOAD;
54310121 4018
2371fea9
JH		 4019sub DESTROY {
4020 my($self) = @_;
188ba755
JH		 4021 $$self =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return;
4022 my $safe = $1; # untaint operation
4023 unlink $safe; # get rid of the file
2371fea9
JH		 4024}
4025
54310121 4026###############################################################################
4027################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
4028###############################################################################
4029$AUTOLOADED_ROUTINES = ''; # prevent -w error
4030$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
4031%SUBS = (
4032
4033'new' => <<'END_OF_FUNC',
4034sub new {
3538e1d5
GS		 4035 my($package,$sequence) = @_;
4036 my $filename;
cff99809 4037 find_tempdir() unless -w $TMPDIRECTORY;
3538e1d5
GS		 4038 for (my $i = 0; $i < $MAXTRIES; $i++) {
4039 last if ! -f ($filename = sprintf("${TMPDIRECTORY}${SL}CGItemp%d",$sequence++));
424ec8fa 4040 }
188ba755
JH		 4041 # check that it is a more-or-less valid filename
4042 return unless $filename =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$!;
4043 # this used to untaint, now it doesn't
4044 # $filename = $1;
3538e1d5 4045 return bless \$filename;
54310121 4046}
4047END_OF_FUNC
4048
54310121 4049'as_string' => <<'END_OF_FUNC'
4050sub as_string {
4051 my($self) = @_;
4052 return $$self;
4053}
4054END_OF_FUNC
4055
4056);
4057END_OF_AUTOLOAD
4058
4059package CGI;
4060
4061# We get a whole bunch of warnings about "possibly uninitialized variables"
4062# when running with the -w switch. Touch them all once to get rid of the
4063# warnings. This is ugly and I hate it.
4064if ($^W) {
4065 $CGI::CGI = '';
4066 $CGI::CGI=<<EOF;
4067 $CGI::VERSION;
4068 $MultipartBuffer::SPIN_LOOP_MAX;
4069 $MultipartBuffer::CRLF;
4070 $MultipartBuffer::TIMEOUT;
424ec8fa 4071 $MultipartBuffer::INITIAL_FILLUNIT;
54310121 4072EOF
4073 ;
4074}
4075
424ec8fa 40761;
54310121 4077
4078__END__
4079
4080=head1 NAME
4081
4082CGI - Simple Common Gateway Interface Class
4083
dc848c6f 4084=head1 SYNOPSIS
4085
424ec8fa
GS		 4086 # CGI script that creates a fill-out form
4087 # and echoes back its values.
4088
4089 use CGI qw/:standard/;
4090 print header,
4091 start_html('A Simple Example'),
4092 h1('A Simple Example'),
4093 start_form,
4094 "What's your name? ",textfield('name'),p,
4095 "What's the combination?", p,
4096 checkbox_group(-name=>'words',
4097 -values=>['eenie','meenie','minie','moe'],
4098 -defaults=>['eenie','minie']), p,
4099 "What's your favorite color? ",
4100 popup_menu(-name=>'color',
4101 -values=>['red','green','blue','chartreuse']),p,
4102 submit,
4103 end_form,
4104 hr;
4105
4106 if (param()) {
7dc108d1
SP		 4107 my $name = param('name');
4108 my $keywords = join ', ',param('words');
4109 my $color = param('color');
4110 print "Your name is",em(escapeHTML($name)),p,
4111 "The keywords are: ",em(escapeHTML($keywords)),p,
4112 "Your favorite color is ",em(escapeHTML($color)),
424ec8fa
GS		 4113 hr;
4114 }
dc848c6f 4115
54310121 4116=head1 ABSTRACT
4117
424ec8fa
GS		 4118This perl library uses perl5 objects to make it easy to create Web
4119fill-out forms and parse their contents. This package defines CGI
4120objects, entities that contain the values of the current query string
4121and other state variables. Using a CGI object's methods, you can
4122examine keywords and parameters passed to your script, and create
4123forms whose initial values are taken from the current query (thereby
4124preserving state information). The module provides shortcut functions
4125that produce boilerplate HTML, reducing typing and coding errors. It
4126also provides functionality for some of the more advanced features of
4127CGI scripting, including support for file uploads, cookies, cascading
4128style sheets, server push, and frames.
4129
4130CGI.pm also provides a simple function-oriented programming style for
4131those who don't need its object-oriented features.
54310121 4132
4133The current version of CGI.pm is available at
4134
4135 http://www.genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html
4136 ftp://ftp-genome.wi.mit.edu/pub/software/WWW/
4137
424ec8fa 4138=head1 DESCRIPTION
47e3cabd 4139
424ec8fa
GS		 4140=head2 PROGRAMMING STYLE
4141
4142There are two styles of programming with CGI.pm, an object-oriented
4143style and a function-oriented style. In the object-oriented style you
4144create one or more CGI objects and then use object methods to create
4145the various elements of the page. Each CGI object starts out with the
4146list of named parameters that were passed to your CGI script by the
4147server. You can modify the objects, save them to a file or database
4148and recreate them. Because each object corresponds to the "state" of
4149the CGI script, and because each object's parameter list is
4150independent of the others, this allows you to save the state of the
4151script and restore it later.
4152
f610777f 4153For example, using the object oriented style, here is how you create
424ec8fa
GS		 4154a simple "Hello World" HTML page:
4155
3538e1d5 4156 #!/usr/local/bin/perl -w
424ec8fa
GS		 4157 use CGI; # load CGI routines
4158 $q = new CGI; # create new CGI object
4159 print $q->header, # create the HTTP header
4160 $q->start_html('hello world'), # start the HTML
4161 $q->h1('hello world'), # level 1 header
4162 $q->end_html; # end the HTML
4163
4164In the function-oriented style, there is one default CGI object that
4165you rarely deal with directly. Instead you just call functions to
4166retrieve CGI parameters, create HTML tags, manage cookies, and so
4167on. This provides you with a cleaner programming interface, but
4168limits you to using one CGI object at a time. The following example
4169prints the same page, but uses the function-oriented interface.
4170The main differences are that we now need to import a set of functions
4171into our name space (usually the "standard" functions), and we don't
4172need to create the CGI object.
4173
71f3e297 4174 #!/usr/local/bin/perl
424ec8fa
GS		 4175 use CGI qw/:standard/; # load standard CGI routines
4176 print header, # create the HTTP header
4177 start_html('hello world'), # start the HTML
4178 h1('hello world'), # level 1 header
4179 end_html; # end the HTML
4180
4181The examples in this document mainly use the object-oriented style.
4182See HOW TO IMPORT FUNCTIONS for important information on
4183function-oriented programming in CGI.pm
4184
4185=head2 CALLING CGI.PM ROUTINES
4186
4187Most CGI.pm routines accept several arguments, sometimes as many as 20
4188optional ones! To simplify this interface, all routines use a named
4189argument calling style that looks like this:
4190
4191 print $q->header(-type=>'image/gif',-expires=>'+3d');
4192
4193Each argument name is preceded by a dash. Neither case nor order
4194matters in the argument list. -type, -Type, and -TYPE are all
4195acceptable. In fact, only the first argument needs to begin with a
4196dash. If a dash is present in the first argument, CGI.pm assumes
4197dashes for the subsequent ones.
4198
424ec8fa
GS		 4199Several routines are commonly called with just one argument. In the
4200case of these routines you can provide the single argument without an
4201argument name. header() happens to be one of these routines. In this
4202case, the single argument is the document type.
4203
4204 print $q->header('text/html');
4205
4206Other such routines are documented below.
4207
4208Sometimes named arguments expect a scalar, sometimes a reference to an
4209array, and sometimes a reference to a hash. Often, you can pass any
4210type of argument and the routine will do whatever is most appropriate.
4211For example, the param() routine is used to set a CGI parameter to a
4212single or a multi-valued value. The two cases are shown below:
4213
4214 $q->param(-name=>'veggie',-value=>'tomato');
3d1a2ec4 4215 $q->param(-name=>'veggie',-value=>['tomato','tomahto','potato','potahto']);
424ec8fa
GS		 4216
4217A large number of routines in CGI.pm actually aren't specifically
4218defined in the module, but are generated automatically as needed.
4219These are the "HTML shortcuts," routines that generate HTML tags for
4220use in dynamically-generated pages. HTML tags have both attributes
4221(the attribute="value" pairs within the tag itself) and contents (the
4222part between the opening and closing pairs.) To distinguish between
4223attributes and contents, CGI.pm uses the convention of passing HTML
4224attributes as a hash reference as the first argument, and the
4225contents, if any, as any subsequent arguments. It works out like
4226this:
4227
4228 Code Generated HTML
4229 ---- --------------
3acbd4f5
JH		 4230 h1() <h1>
4231 h1('some','contents'); <h1>some contents</h1>
188ba755
JH		 4232 h1({-align=>left}); <h1 align="LEFT">
4233 h1({-align=>left},'contents'); <h1 align="LEFT">contents</h1>
424ec8fa 4234
188ba755 4235HTML tags are described in more detail later.
424ec8fa
GS		 4236
4237Many newcomers to CGI.pm are puzzled by the difference between the
4238calling conventions for the HTML shortcuts, which require curly braces
4239around the HTML tag attributes, and the calling conventions for other
4240routines, which manage to generate attributes without the curly
4241brackets. Don't be confused. As a convenience the curly braces are
4242optional in all but the HTML shortcuts. If you like, you can use
4243curly braces when calling any routine that takes named arguments. For
4244example:
4245
4246 print $q->header( {-type=>'image/gif',-expires=>'+3d'} );
4247
4248If you use the B<-w> switch, you will be warned that some CGI.pm argument
4249names conflict with built-in Perl functions. The most frequent of
4250these is the -values argument, used to create multi-valued menus,
4251radio button clusters and the like. To get around this warning, you
4252have several choices:
54310121 4253
424ec8fa 4254=over 4
54310121 4255
551e1d92
RB		 4256=item 1.
4257
4258Use another name for the argument, if one is available.
4259For example, -value is an alias for -values.
54310121 4260
551e1d92 4261=item 2.
54310121 4262
551e1d92
RB		 4263Change the capitalization, e.g. -Values
4264
4265=item 3.
4266
4267Put quotes around the argument name, e.g. '-values'
54310121 4268
424ec8fa 4269=back
54310121 4270
424ec8fa
GS		 4271Many routines will do something useful with a named argument that it
4272doesn't recognize. For example, you can produce non-standard HTTP
4273header fields by providing them as named arguments:
54310121 4274
424ec8fa
GS		 4275 print $q->header(-type => 'text/html',
4276 -cost => 'Three smackers',
4277 -annoyance_level => 'high',
4278 -complaints_to => 'bit bucket');
54310121 4279
424ec8fa
GS		 4280This will produce the following nonstandard HTTP header:
4281
4282 HTTP/1.0 200 OK
4283 Cost: Three smackers
4284 Annoyance-level: high
4285 Complaints-to: bit bucket
4286 Content-type: text/html
4287
4288Notice the way that underscores are translated automatically into
4289hyphens. HTML-generating routines perform a different type of
4290translation.
4291
4292This feature allows you to keep up with the rapidly changing HTTP and
4293HTML "standards".
54310121 4294
424ec8fa 4295=head2 CREATING A NEW QUERY OBJECT (OBJECT-ORIENTED STYLE):
54310121 4296
4297 $query = new CGI;
4298
4299This will parse the input (from both POST and GET methods) and store
4300it into a perl5 object called $query.
4301
4302=head2 CREATING A NEW QUERY OBJECT FROM AN INPUT FILE
4303
4304 $query = new CGI(INPUTFILE);
4305
424ec8fa
GS		 4306If you provide a file handle to the new() method, it will read
4307parameters from the file (or STDIN, or whatever). The file can be in
4308any of the forms describing below under debugging (i.e. a series of
4309newline delimited TAG=VALUE pairs will work). Conveniently, this type
4310of file is created by the save() method (see below). Multiple records
4311can be saved and restored.
54310121 4312
4313Perl purists will be pleased to know that this syntax accepts
4314references to file handles, or even references to filehandle globs,
4315which is the "official" way to pass a filehandle:
4316
4317 $query = new CGI(\*STDIN);
4318
424ec8fa
GS		 4319You can also initialize the CGI object with a FileHandle or IO::File
4320object.
4321
4322If you are using the function-oriented interface and want to
4323initialize CGI state from a file handle, the way to do this is with
4324B<restore_parameters()>. This will (re)initialize the
4325default CGI object from the indicated file handle.
4326
4327 open (IN,"test.in") || die;
4328 restore_parameters(IN);
4329 close IN;
4330
54310121 4331You can also initialize the query object from an associative array
4332reference:
4333
4334 $query = new CGI( {'dinosaur'=>'barney',
4335 'song'=>'I love you',
4336 'friends'=>[qw/Jessica George Nancy/]}
4337 );
4338
4339or from a properly formatted, URL-escaped query string:
4340
4341 $query = new CGI('dinosaur=barney&color=purple');
4342
424ec8fa
GS		 4343or from a previously existing CGI object (currently this clones the
4344parameter list, but none of the other object-specific fields, such as
4345autoescaping):
4346
4347 $old_query = new CGI;
4348 $new_query = new CGI($old_query);
4349
54310121 4350To create an empty query, initialize it from an empty string or hash:
4351
424ec8fa
GS		 4352 $empty_query = new CGI("");
4353
4354 -or-
4355
4356 $empty_query = new CGI({});
54310121 4357
4358=head2 FETCHING A LIST OF KEYWORDS FROM THE QUERY:
4359
4360 @keywords = $query->keywords
4361
4362If the script was invoked as the result of an <ISINDEX> search, the
4363parsed keywords can be obtained as an array using the keywords() method.
4364
4365=head2 FETCHING THE NAMES OF ALL THE PARAMETERS PASSED TO YOUR SCRIPT:
4366
4367 @names = $query->param
4368
4369If the script was invoked with a parameter list
3d1a2ec4
GS		 4370(e.g. "name1=value1&name2=value2&name3=value3"), the param() method
4371will return the parameter names as a list. If the script was invoked
4372as an <ISINDEX> script and contains a string without ampersands
4373(e.g. "value1+value2+value3") , there will be a single parameter named
4374"keywords" containing the "+"-delimited keywords.
54310121 4375
4376NOTE: As of version 1.5, the array of parameter names returned will
4377be in the same order as they were submitted by the browser.
4378Usually this order is the same as the order in which the
4379parameters are defined in the form (however, this isn't part
4380of the spec, and so isn't guaranteed).
4381
4382=head2 FETCHING THE VALUE OR VALUES OF A SINGLE NAMED PARAMETER:
4383
4384 @values = $query->param('foo');
4385
4386 -or-
4387
4388 $value = $query->param('foo');
4389
4390Pass the param() method a single argument to fetch the value of the
4391named parameter. If the parameter is multivalued (e.g. from multiple
4392selections in a scrolling list), you can ask to receive an array. Otherwise
4393the method will return a single value.
4394
3d1a2ec4
GS		 4395If a value is not given in the query string, as in the queries
4396"name1=&name2=" or "name1&name2", it will be returned as an empty
4397string. This feature is new in 2.63.
4398
8f3ccfa2
JH		 4399
4400If the parameter does not exist at all, then param() will return undef
4401in a scalar context, and the empty list in a list context.
4402
4403
54310121 4404=head2 SETTING THE VALUE(S) OF A NAMED PARAMETER:
4405
4406 $query->param('foo','an','array','of','values');
4407
4408This sets the value for the named parameter 'foo' to an array of
4409values. This is one way to change the value of a field AFTER
4410the script has been invoked once before. (Another way is with
4411the -override parameter accepted by all methods that generate
4412form elements.)
4413
4414param() also recognizes a named parameter style of calling described
4415in more detail later:
4416
4417 $query->param(-name=>'foo',-values=>['an','array','of','values']);
4418
4419 -or-
4420
4421 $query->param(-name=>'foo',-value=>'the value');
4422
4423=head2 APPENDING ADDITIONAL VALUES TO A NAMED PARAMETER:
4424
424ec8fa 4425 $query->append(-name=>'foo',-values=>['yet','more','values']);
54310121 4426
4427This adds a value or list of values to the named parameter. The
4428values are appended to the end of the parameter if it already exists.
4429Otherwise the parameter is created. Note that this method only
4430recognizes the named argument calling syntax.
4431
4432=head2 IMPORTING ALL PARAMETERS INTO A NAMESPACE:
4433
4434 $query->import_names('R');
4435
4436This creates a series of variables in the 'R' namespace. For example,
4437$R::foo, @R:foo. For keyword lists, a variable @R::keywords will appear.
4438If no namespace is given, this method will assume 'Q'.
4439WARNING: don't import anything into 'main'; this is a major security
4440risk!!!!
4441
8f3ccfa2
JH		 4442NOTE 1: Variable names are transformed as necessary into legal Perl
4443variable names. All non-legal characters are transformed into
4444underscores. If you need to keep the original names, you should use
4445the param() method instead to access CGI variables by name.
4446
4447NOTE 2: In older versions, this method was called B<import()>. As of version 2.20,
54310121 4448this name has been removed completely to avoid conflict with the built-in
4449Perl module B<import> operator.
4450
4451=head2 DELETING A PARAMETER COMPLETELY:
4452
188ba755 4453 $query->delete('foo','bar','baz');
54310121 4454
188ba755
JH		 4455This completely clears a list of parameters. It sometimes useful for
4456resetting parameters that you don't want passed down between script
4457invocations.
54310121 4458
424ec8fa
GS		 4459If you are using the function call interface, use "Delete()" instead
4460to avoid conflicts with Perl's built-in delete operator.
4461
54310121 4462=head2 DELETING ALL PARAMETERS:
4463
424ec8fa 4464 $query->delete_all();
54310121 4465
4466This clears the CGI object completely. It might be useful to ensure
4467that all the defaults are taken when you create a fill-out form.
4468
424ec8fa
GS		 4469Use Delete_all() instead if you are using the function call interface.
4470
0a9bdad4
SP		 4471=head2 HANDLING NON-URLENCODED ARGUMENTS
4472
4473
4474If POSTed data is not of type application/x-www-form-urlencoded or
4475multipart/form-data, then the POSTed data will not be processed, but
4476instead be returned as-is in a parameter named POSTDATA. To retrieve
4477it, use code like this:
4478
4479 my $data = $query->param('POSTDATA');
4480
4481(If you don't know what the preceding means, don't worry about it. It
4482only affects people trying to use CGI for XML processing and other
4483specialized tasks.)
4484
4485
424ec8fa
GS		 4486=head2 DIRECT ACCESS TO THE PARAMETER LIST:
4487
4488 $q->param_fetch('address')->[1] = '1313 Mockingbird Lane';
4489 unshift @{$q->param_fetch(-name=>'address')},'George Munster';
4490
4491If you need access to the parameter list in a way that isn't covered
4492by the methods above, you can obtain a direct reference to it by
4493calling the B<param_fetch()> method with the name of the . This
4494will return an array reference to the named parameters, which you then
4495can manipulate in any way you like.
4496
4497You can also use a named argument style using the B<-name> argument.
4498
3538e1d5
GS		 4499=head2 FETCHING THE PARAMETER LIST AS A HASH:
4500
4501 $params = $q->Vars;
4502 print $params->{'address'};
4503 @foo = split("\0",$params->{'foo'});
4504 %params = $q->Vars;
4505
4506 use CGI ':cgi-lib';
4507 $params = Vars;
4508
4509Many people want to fetch the entire parameter list as a hash in which
4510the keys are the names of the CGI parameters, and the values are the
4511parameters' values. The Vars() method does this. Called in a scalar
4512context, it returns the parameter list as a tied hash reference.
4513Changing a key changes the value of the parameter in the underlying
a3b3a725 4514CGI parameter list. Called in a list context, it returns the
3538e1d5
GS		 4515parameter list as an ordinary hash. This allows you to read the
4516contents of the parameter list, but not to change it.
4517
4518When using this, the thing you must watch out for are multivalued CGI
4519parameters. Because a hash cannot distinguish between scalar and
a3b3a725 4520list context, multivalued parameters will be returned as a packed
3538e1d5
GS		 4521string, separated by the "\0" (null) character. You must split this
4522packed string in order to get at the individual values. This is the
4523convention introduced long ago by Steve Brenner in his cgi-lib.pl
4524module for Perl version 4.
4525
4526If you wish to use Vars() as a function, import the I<:cgi-lib> set of
4527function calls (also see the section on CGI-LIB compatibility).
4528
424ec8fa 4529=head2 SAVING THE STATE OF THE SCRIPT TO A FILE:
54310121 4530
29ddc2a4 4531 $query->save(\*FILEHANDLE)
54310121 4532
4533This will write the current state of the form to the provided
4534filehandle. You can read it back in by providing a filehandle
4535to the new() method. Note that the filehandle can be a file, a pipe,
4536or whatever!
4537
4538The format of the saved file is:
4539
4540 NAME1=VALUE1
4541 NAME1=VALUE1'
4542 NAME2=VALUE2
4543 NAME3=VALUE3
4544 =
4545
4546Both name and value are URL escaped. Multi-valued CGI parameters are
4547represented as repeated names. A session record is delimited by a
4548single = symbol. You can write out multiple records and read them
4549back in with several calls to B<new>. You can do this across several
4550sessions by opening the file in append mode, allowing you to create
4551primitive guest books, or to keep a history of users' queries. Here's
4552a short example of creating multiple session records:
4553
4554 use CGI;
4555
4556 open (OUT,">>test.out") || die;
4557 $records = 5;
4558 foreach (0..$records) {
4559 my $q = new CGI;
4560 $q->param(-name=>'counter',-value=>$_);
29ddc2a4 4561 $q->save(\*OUT);
54310121 4562 }
4563 close OUT;
4564
4565 # reopen for reading
4566 open (IN,"test.out") || die;
4567 while (!eof(IN)) {
29ddc2a4 4568 my $q = new CGI(\*IN);
54310121 4569 print $q->param('counter'),"\n";
4570 }
4571
4572The file format used for save/restore is identical to that used by the
4573Whitehead Genome Center's data exchange format "Boulderio", and can be
4574manipulated and even databased using Boulderio utilities. See
3cb6de81 4575
3538e1d5 4576 http://stein.cshl.org/boulder/
54310121 4577
4578for further details.
4579
424ec8fa
GS		 4580If you wish to use this method from the function-oriented (non-OO)
4581interface, the exported name for this method is B<save_parameters()>.
54310121 4582
3538e1d5
GS		 4583=head2 RETRIEVING CGI ERRORS
4584
4585Errors can occur while processing user input, particularly when
4586processing uploaded files. When these errors occur, CGI will stop
4587processing and return an empty parameter list. You can test for
4588the existence and nature of errors using the I<cgi_error()> function.
4589The error messages are formatted as HTTP status codes. You can either
4590incorporate the error text into an HTML page, or use it as the value
4591of the HTTP status:
4592
4593 my $error = $q->cgi_error;
4594 if ($error) {
4595 print $q->header(-status=>$error),
4596 $q->start_html('Problems'),
4597 $q->h2('Request not processed'),
4598 $q->strong($error);
4599 exit 0;
4600 }
4601
4602When using the function-oriented interface (see the next section),
4603errors may only occur the first time you call I<param()>. Be ready
4604for this!
4605
424ec8fa 4606=head2 USING THE FUNCTION-ORIENTED INTERFACE
54310121 4607
424ec8fa
GS		 4608To use the function-oriented interface, you must specify which CGI.pm
4609routines or sets of routines to import into your script's namespace.
4610There is a small overhead associated with this importation, but it
4611isn't much.
54310121 4612
424ec8fa 4613 use CGI <list of methods>;
54310121 4614
424ec8fa
GS		 4615The listed methods will be imported into the current package; you can
4616call them directly without creating a CGI object first. This example
4617shows how to import the B<param()> and B<header()>
4618methods, and then use them directly:
54310121 4619
424ec8fa
GS		 4620 use CGI 'param','header';
4621 print header('text/plain');
4622 $zipcode = param('zipcode');
54310121 4623
424ec8fa 4624More frequently, you'll import common sets of functions by referring
f610777f 4625to the groups by name. All function sets are preceded with a ":"
424ec8fa 4626character as in ":html3" (for tags defined in the HTML 3 standard).
54310121 4627
424ec8fa 4628Here is a list of the function sets you can import:
54310121 4629
424ec8fa 4630=over 4
54310121 4631
424ec8fa 4632=item B<:cgi>
54310121 4633
424ec8fa
GS		 4634Import all CGI-handling methods, such as B<param()>, B<path_info()>
4635and the like.
54310121 4636
424ec8fa 4637=item B<:form>
54310121 4638
424ec8fa 4639Import all fill-out form generating methods, such as B<textfield()>.
54310121 4640
424ec8fa 4641=item B<:html2>
54310121 4642
424ec8fa 4643Import all methods that generate HTML 2.0 standard elements.
54310121 4644
424ec8fa 4645=item B<:html3>
54310121 4646
3acbd4f5 4647Import all methods that generate HTML 3.0 elements (such as
424ec8fa 4648<table>, <super> and <sub>).
54310121 4649
3acbd4f5
JH		 4650=item B<:html4>
4651
4652Import all methods that generate HTML 4 elements (such as
4653<abbrev>, <acronym> and <thead>).
4654
424ec8fa 4655=item B<:netscape>
54310121 4656
424ec8fa 4657Import all methods that generate Netscape-specific HTML extensions.
54310121 4658
424ec8fa 4659=item B<:html>
54310121 4660
424ec8fa
GS		 4661Import all HTML-generating shortcuts (i.e. 'html2' + 'html3' +
4662'netscape')...
54310121 4663
424ec8fa 4664=item B<:standard>
54310121 4665
3acbd4f5 4666Import "standard" features, 'html2', 'html3', 'html4', 'form' and 'cgi'.
54310121 4667
424ec8fa 4668=item B<:all>
54310121 4669
424ec8fa 4670Import all the available methods. For the full list, see the CGI.pm
3538e1d5 4671code, where the variable %EXPORT_TAGS is defined.
424ec8fa
GS		 4672
4673=back
4674
4675If you import a function name that is not part of CGI.pm, the module
4676will treat it as a new HTML tag and generate the appropriate
4677subroutine. You can then use it like any other HTML tag. This is to
4678provide for the rapidly-evolving HTML "standard." For example, say
3acbd4f5 4679Microsoft comes out with a new tag called <gradient> (which causes the
424ec8fa
GS		 4680user's desktop to be flooded with a rotating gradient fill until his
4681machine reboots). You don't need to wait for a new version of CGI.pm
d23a249d 4682to start using it immediately:
424ec8fa
GS		 4683
4684 use CGI qw/:standard :html3 gradient/;
4685 print gradient({-start=>'red',-end=>'blue'});
4686
4687Note that in the interests of execution speed CGI.pm does B<not> use
4688the standard L<Exporter> syntax for specifying load symbols. This may
4689change in the future.
4690
4691If you import any of the state-maintaining CGI or form-generating
4692methods, a default CGI object will be created and initialized
4693automatically the first time you use any of the methods that require
4694one to be present. This includes B<param()>, B<textfield()>,
4695B<submit()> and the like. (If you need direct access to the CGI
4696object, you can find it in the global variable B<$CGI::Q>). By
4697importing CGI.pm methods, you can create visually elegant scripts:
4698
4699 use CGI qw/:standard/;
4700 print
4701 header,
4702 start_html('Simple Script'),
4703 h1('Simple Script'),
4704 start_form,
4705 "What's your name? ",textfield('name'),p,
4706 "What's the combination?",
4707 checkbox_group(-name=>'words',
4708 -values=>['eenie','meenie','minie','moe'],
4709 -defaults=>['eenie','moe']),p,
4710 "What's your favorite color?",
4711 popup_menu(-name=>'color',
4712 -values=>['red','green','blue','chartreuse']),p,
4713 submit,
4714 end_form,
4715 hr,"\n";
4716
4717 if (param) {
4718 print
4719 "Your name is ",em(param('name')),p,
4720 "The keywords are: ",em(join(", ",param('words'))),p,
4721 "Your favorite color is ",em(param('color')),".\n";
4722 }
4723 print end_html;
4724
4725=head2 PRAGMAS
4726
4727In addition to the function sets, there are a number of pragmas that
4728you can import. Pragmas, which are always preceded by a hyphen,
4729change the way that CGI.pm functions in various ways. Pragmas,
4730function sets, and individual functions can all be imported in the
4731same use() line. For example, the following use statement imports the
3d1a2ec4
GS		 4732standard set of functions and enables debugging mode (pragma
4733-debug):
424ec8fa 4734
3d1a2ec4 4735 use CGI qw/:standard -debug/;
424ec8fa
GS		 4736
4737The current list of pragmas is as follows:
4738
4739=over 4
4740
4741=item -any
4742
4743When you I<use CGI -any>, then any method that the query object
4744doesn't recognize will be interpreted as a new HTML tag. This allows
4745you to support the next I<ad hoc> Netscape or Microsoft HTML
4746extension. This lets you go wild with new and unsupported tags:
4747
4748 use CGI qw(-any);
4749 $q=new CGI;
4750 print $q->gradient({speed=>'fast',start=>'red',end=>'blue'});
4751
4752Since using <cite>any</cite> causes any mistyped method name
4753to be interpreted as an HTML tag, use it with care or not at
4754all.
54310121 4755
424ec8fa 4756=item -compile
54310121 4757
424ec8fa
GS		 4758This causes the indicated autoloaded methods to be compiled up front,
4759rather than deferred to later. This is useful for scripts that run
4760for an extended period of time under FastCGI or mod_perl, and for
8869a4b7 4761those destined to be crunched by Malcolm Beattie's Perl compiler. Use
f610777f 4762it in conjunction with the methods or method families you plan to use.
424ec8fa
GS		 4763
4764 use CGI qw(-compile :standard :html3);
4765
4766or even
4767
4768 use CGI qw(-compile :all);
4769
4770Note that using the -compile pragma in this way will always have
4771the effect of importing the compiled functions into the current
4772namespace. If you want to compile without importing use the
188ba755
JH		 4773compile() method instead:
4774
4775 use CGI();
4776 CGI->compile();
4777
4778This is particularly useful in a mod_perl environment, in which you
4779might want to precompile all CGI routines in a startup script, and
4780then import the functions individually in each mod_perl script.
424ec8fa 4781
3d1a2ec4
GS		 4782=item -nosticky
4783
29ddc2a4
RGS		 4784By default the CGI module implements a state-preserving behavior
4785called "sticky" fields. The way this works is that if you are
4786regenerating a form, the methods that generate the form field values
4787will interrogate param() to see if similarly-named parameters are
4788present in the query string. If they find a like-named parameter, they
4789will use it to set their default values.
4790
4791Sometimes this isn't what you want. The B<-nosticky> pragma prevents
4792this behavior. You can also selectively change the sticky behavior in
4793each element that you generate.
3d1a2ec4 4794
0a9bdad4
SP		 4795=item -tabindex
4796
4797Automatically add tab index attributes to each form field. With this
4798option turned off, you can still add tab indexes manually by passing a
4799-tabindex option to each field-generating method.
4800
199d4a26
JH		 4801=item -no_undef_params
4802
4803This keeps CGI.pm from including undef params in the parameter list.
4804
6b4ac661
JH		 4805=item -no_xhtml
4806
4807By default, CGI.pm versions 2.69 and higher emit XHTML
4808(http://www.w3.org/TR/xhtml1/). The -no_xhtml pragma disables this
4809feature. Thanks to Michalis Kabrianis <kabrianis@hellug.gr> for this
4810feature.
4811
13548fdf
RGS		 4812If start_html()'s -dtd parameter specifies an HTML 2.0 or 3.2 DTD,
4813XHTML will automatically be disabled without needing to use this
4814pragma.
4815
424ec8fa
GS		 4816=item -nph
4817
4818This makes CGI.pm produce a header appropriate for an NPH (no
4819parsed header) script. You may need to do other things as well
4820to tell the server that the script is NPH. See the discussion
4821of NPH scripts below.
4822
71f3e297
JH		 4823=item -newstyle_urls
4824
4825Separate the name=value pairs in CGI parameter query strings with
4826semicolons rather than ampersands. For example:
4827
4828 ?name=fred;age=24;favorite_color=3
4829
4830Semicolon-delimited query strings are always accepted, but will not be
4831emitted by self_url() and query_string() unless the -newstyle_urls
4832pragma is specified.
4833
3d1a2ec4
GS		 4834This became the default in version 2.64.
4835
4836=item -oldstyle_urls
4837
4838Separate the name=value pairs in CGI parameter query strings with
4839ampersands rather than semicolons. This is no longer the default.
4840
424ec8fa
GS		 4841=item -autoload
4842
4843This overrides the autoloader so that any function in your program
4844that is not recognized is referred to CGI.pm for possible evaluation.
4845This allows you to use all the CGI.pm functions without adding them to
4846your symbol table, which is of concern for mod_perl users who are
4847worried about memory consumption. I<Warning:> when
4848I<-autoload> is in effect, you cannot use "poetry mode"
4849(functions without the parenthesis). Use I<hr()> rather
4850than I<hr>, or add something like I<use subs qw/hr p header/>
4851to the top of your script.
4852
4853=item -no_debug
4854
4855This turns off the command-line processing features. If you want to
4856run a CGI.pm script from the command line to produce HTML, and you
3d1a2ec4
GS		 4857don't want it to read CGI parameters from the command line or STDIN,
4858then use this pragma:
424ec8fa
GS		 4859
4860 use CGI qw(-no_debug :standard);
4861
3d1a2ec4 4862=item -debug
424ec8fa 4863
3d1a2ec4
GS		 4864This turns on full debugging. In addition to reading CGI arguments
4865from the command-line processing, CGI.pm will pause and try to read
4866arguments from STDIN, producing the message "(offline mode: enter
4867name=value pairs on standard input)" features.
3cb6de81 4868
424ec8fa
GS		 4869See the section on debugging for more details.
4870
4871=item -private_tempfiles
4872
3538e1d5
GS		 4873CGI.pm can process uploaded file. Ordinarily it spools the uploaded
4874file to a temporary directory, then deletes the file when done.
4875However, this opens the risk of eavesdropping as described in the file
4876upload section. Another CGI script author could peek at this data
4877during the upload, even if it is confidential information. On Unix
4878systems, the -private_tempfiles pragma will cause the temporary file
4879to be unlinked as soon as it is opened and before any data is written
4880into it, reducing, but not eliminating the risk of eavesdropping
4881(there is still a potential race condition). To make life harder for
4882the attacker, the program chooses tempfile names by calculating a 32
4883bit checksum of the incoming HTTP headers.
4884
4885To ensure that the temporary file cannot be read by other CGI scripts,
4886use suEXEC or a CGI wrapper program to run your script. The temporary
4887file is created with mode 0600 (neither world nor group readable).
4888
4889The temporary directory is selected using the following algorithm:
4890
4891 1. if the current user (e.g. "nobody") has a directory named
4892 "tmp" in its home directory, use that (Unix systems only).
4893
4894 2. if the environment variable TMPDIR exists, use the location
4895 indicated.
4896
4897 3. Otherwise try the locations /usr/tmp, /var/tmp, C:\temp,
4898 /tmp, /temp, ::Temporary Items, and \WWW_ROOT.
4899
4900Each of these locations is checked that it is a directory and is
4901writable. If not, the algorithm tries the next choice.
71f3e297
JH		 4902
4903=back
4904
4905=head2 SPECIAL FORMS FOR IMPORTING HTML-TAG FUNCTIONS
4906
4907Many of the methods generate HTML tags. As described below, tag
4908functions automatically generate both the opening and closing tags.
4909For example:
4910
4911 print h1('Level 1 Header');
4912
4913produces
4914
3acbd4f5 4915 <h1>Level 1 Header</h1>
71f3e297
JH		 4916
4917There will be some times when you want to produce the start and end
4918tags yourself. In this case, you can use the form start_I<tag_name>
4919and end_I<tag_name>, as in:
4920
4921 print start_h1,'Level 1 Header',end_h1;
4922
4923With a few exceptions (described below), start_I<tag_name> and
4924end_I<tag_name> functions are not generated automatically when you
4925I<use CGI>. However, you can specify the tags you want to generate
4926I<start/end> functions for by putting an asterisk in front of their
4927name, or, alternatively, requesting either "start_I<tag_name>" or
4928"end_I<tag_name>" in the import list.
4929
4930Example:
4931
4932 use CGI qw/:standard *table start_ul/;
4933
4934In this example, the following functions are generated in addition to
4935the standard ones:
4936
4937=over 4
4938
3acbd4f5 4939=item 1. start_table() (generates a <table> tag)
71f3e297 4940
3acbd4f5 4941=item 2. end_table() (generates a </table> tag)
71f3e297 4942
3acbd4f5 4943=item 3. start_ul() (generates a <ul> tag)
71f3e297 4944
3acbd4f5 4945=item 4. end_ul() (generates a </ul> tag)
71f3e297 4946
424ec8fa
GS		 4947=back
4948
4949=head1 GENERATING DYNAMIC DOCUMENTS
4950
4951Most of CGI.pm's functions deal with creating documents on the fly.
4952Generally you will produce the HTTP header first, followed by the
4953document itself. CGI.pm provides functions for generating HTTP
4954headers of various types as well as for generating HTML. For creating
4955GIF images, see the GD.pm module.
4956
4957Each of these functions produces a fragment of HTML or HTTP which you
4958can print out directly so that it displays in the browser window,
4959append to a string, or save to a file for later use.
4960
4961=head2 CREATING A STANDARD HTTP HEADER:
4962
4963Normally the first thing you will do in any CGI script is print out an
4964HTTP header. This tells the browser what type of document to expect,
4965and gives other optional information, such as the language, expiration
4966date, and whether to cache the document. The header can also be
4967manipulated for special purposes, such as server push and pay per view
4968pages.
54310121 4969
29ddc2a4 4970 print header;
54310121 4971
4972 -or-
4973
29ddc2a4 4974 print header('image/gif');
54310121 4975
4976 -or-
4977
29ddc2a4 4978 print header('text/html','204 No response');
54310121 4979
4980 -or-
4981
29ddc2a4 4982 print header(-type=>'image/gif',
54310121 4983 -nph=>1,
4984 -status=>'402 Payment required',
4985 -expires=>'+3d',
4986 -cookie=>$cookie,
3d1a2ec4 4987 -charset=>'utf-7',
6b4ac661 4988 -attachment=>'foo.gif',
54310121 4989 -Cost=>'$2.00');
4990
4991header() returns the Content-type: header. You can provide your own
4992MIME type if you choose, otherwise it defaults to text/html. An
4993optional second parameter specifies the status code and a human-readable
4994message. For example, you can specify 204, "No response" to create a
424ec8fa 4995script that tells the browser to do nothing at all.
54310121 4996
4997The last example shows the named argument style for passing arguments
4998to the CGI methods using named parameters. Recognized parameters are
424ec8fa 4999B<-type>, B<-status>, B<-expires>, and B<-cookie>. Any other named
54310121 5000parameters will be stripped of their initial hyphens and turned into
5001header fields, allowing you to specify any HTTP header you desire.
424ec8fa
GS		 5002Internal underscores will be turned into hyphens:
5003
29ddc2a4 5004 print header(-Content_length=>3002);
54310121 5005
5006Most browsers will not cache the output from CGI scripts. Every time
5007the browser reloads the page, the script is invoked anew. You can
5008change this behavior with the B<-expires> parameter. When you specify
5009an absolute or relative expiration interval with this parameter, some
5010browsers and proxy servers will cache the script's output until the
5011indicated expiration date. The following forms are all valid for the
5012-expires field:
5013
5014 +30s 30 seconds from now
5015 +10m ten minutes from now
5016 +1h one hour from now
5017 -1d yesterday (i.e. "ASAP!")
5018 now immediately
5019 +3M in three months
5020 +10y in ten years time
424ec8fa 5021 Thursday, 25-Apr-1999 00:40:33 GMT at the indicated time & date
54310121 5022
5023The B<-cookie> parameter generates a header that tells the browser to provide
5024a "magic cookie" during all subsequent transactions with your script.
5025Netscape cookies have a special format that includes interesting attributes
5026such as expiration time. Use the cookie() method to create and retrieve
5027session cookies.
5028
5029The B<-nph> parameter, if set to a true value, will issue the correct
8f3ccfa2 5030headers to work with a NPH (no-parse-header) script. This is important
3d1a2ec4
GS		 5031to use with certain servers that expect all their scripts to be NPH.
5032
5033The B<-charset> parameter can be used to control the character set
5034sent to the browser. If not provided, defaults to ISO-8859-1. As a
5035side effect, this sets the charset() method as well.
54310121 5036
6b4ac661
JH		 5037The B<-attachment> parameter can be used to turn the page into an
5038attachment. Instead of displaying the page, some browsers will prompt
5039the user to save it to disk. The value of the argument is the
5040suggested name for the saved file. In order for this to work, you may
5041have to set the B<-type> to "application/octet-stream".
5042
8f3ccfa2
JH		 5043The B<-p3p> parameter will add a P3P tag to the outgoing header. The
5044parameter can be an arrayref or a space-delimited string of P3P tags.
5045For example:
5046
5047 print header(-p3p=>[qw(CAO DSP LAW CURa)]);
5048 print header(-p3p=>'CAO DSP LAW CURa');
5049
5050In either case, the outgoing header will be formatted as:
5051
5052 P3P: policyref="/w3c/p3p.xml" cp="CAO DSP LAW CURa"
5053
424ec8fa 5054=head2 GENERATING A REDIRECTION HEADER
54310121 5055
29ddc2a4 5056 print redirect('http://somewhere.else/in/movie/land');
54310121 5057
424ec8fa
GS		 5058Sometimes you don't want to produce a document yourself, but simply
5059redirect the browser elsewhere, perhaps choosing a URL based on the
5060time of day or the identity of the user.
5061
5062The redirect() function redirects the browser to a different URL. If
5063you use redirection like this, you should B<not> print out a header as
6b4ac661 5064well.
54310121 5065
2ed511ec
RGS		 5066You should always use full URLs (including the http: or ftp: part) in
5067redirection requests. Relative URLs will not work correctly.
54310121 5068
424ec8fa 5069You can also use named arguments:
54310121 5070
29ddc2a4 5071 print redirect(-uri=>'http://somewhere.else/in/movie/land',
13548fdf
RGS		 5072 -nph=>1,
5073 -status=>301);
54310121 5074
5075The B<-nph> parameter, if set to a true value, will issue the correct
8f3ccfa2 5076headers to work with a NPH (no-parse-header) script. This is important
58129083 5077to use with certain servers, such as Microsoft IIS, which
54310121 5078expect all their scripts to be NPH.
5079
13548fdf
RGS		 5080The B<-status> parameter will set the status of the redirect. HTTP
5081defines three different possible redirection status codes:
5082
5083 301 Moved Permanently
5084 302 Found
5085 303 See Other
5086
5087The default if not specified is 302, which means "moved temporarily."
5088You may change the status to another status code if you wish. Be
5089advised that changing the status to anything other than 301, 302 or
5090303 will probably break redirection.
5091
424ec8fa 5092=head2 CREATING THE HTML DOCUMENT HEADER
54310121 5093
29ddc2a4 5094 print start_html(-title=>'Secrets of the Pyramids',
54310121 5095 -author=>'fred@capricorn.org',
5096 -base=>'true',
5097 -target=>'_blank',
5098 -meta=>{'keywords'=>'pharaoh secret mummy',
5099 'copyright'=>'copyright 1996 King Tut'},
7d37aa8e 5100 -style=>{'src'=>'/styles/style1.css'},
54310121 5101 -BGCOLOR=>'blue');
5102
424ec8fa
GS		 5103After creating the HTTP header, most CGI scripts will start writing
5104out an HTML document. The start_html() routine creates the top of the
5105page, along with a lot of optional information that controls the
5106page's appearance and behavior.
54310121 5107
3acbd4f5 5108This method returns a canned HTML header and the opening <body> tag.
424ec8fa 5109All parameters are optional. In the named parameter form, recognized
6b4ac661
JH		 5110parameters are -title, -author, -base, -xbase, -dtd, -lang and -target
5111(see below for the explanation). Any additional parameters you
5112provide, such as the Netscape unofficial BGCOLOR attribute, are added
3acbd4f5 5113to the <body> tag. Additional parameters must be proceeded by a
6b4ac661 5114hyphen.
54310121 5115
3acbd4f5 5116The argument B<-xbase> allows you to provide an HREF for the <base> tag
54310121 5117different from the current location, as in
5118
5119 -xbase=>"http://home.mcom.com/"
5120
5121All relative links will be interpreted relative to this tag.
5122
5123The argument B<-target> allows you to provide a default target frame
3d1a2ec4
GS		 5124for all the links and fill-out forms on the page. B<This is a
5125non-standard HTTP feature which only works with Netscape browsers!>
5126See the Netscape documentation on frames for details of how to
5127manipulate this.
54310121 5128
5129 -target=>"answer_window"
5130
5131All relative links will be interpreted relative to this tag.
5132You add arbitrary meta information to the header with the B<-meta>
5133argument. This argument expects a reference to an associative array
5134containing name/value pairs of meta information. These will be turned
3acbd4f5 5135into a series of header <meta> tags that look something like this:
54310121 5136
3acbd4f5
JH		 5137 <meta name="keywords" content="pharaoh secret mummy">
5138 <meta name="description" content="copyright 1996 King Tut">
424ec8fa 5139
3acbd4f5 5140To create an HTTP-EQUIV type of <meta> tag, use B<-head>, described
6b4ac661 5141below.
424ec8fa 5142
6b4ac661
JH		 5143The B<-style> argument is used to incorporate cascading stylesheets
5144into your code. See the section on CASCADING STYLESHEETS for more
5145information.
424ec8fa 5146
6b4ac661 5147The B<-lang> argument is used to incorporate a language attribute into
13548fdf 5148the <html> tag. For example:
6b4ac661 5149
ba056755 5150 print $q->start_html(-lang=>'fr-CA');
424ec8fa 5151
13548fdf
RGS		 5152The default if not specified is "en-US" for US English, unless the
5153-dtd parameter specifies an HTML 2.0 or 3.2 DTD, in which case the
5154lang attribute is left off. You can force the lang attribute to left
5155off in other cases by passing an empty string (-lang=>'').
8f3ccfa2 5156
ac734d8b 5157The B<-encoding> argument can be used to specify the character set for
b2d0d414 5158XHTML. It defaults to iso-8859-1 if not specified.
ac734d8b 5159
29ddc2a4
RGS		 5160The B<-declare_xml> argument, when used in conjunction with XHTML,
5161will put a <?xml> declaration at the top of the HTML header. The sole
5162purpose of this declaration is to declare the character set
5163encoding. In the absence of -declare_xml, the output HTML will contain
5164a <meta> tag that specifies the encoding, allowing the HTML to pass
5165most validators. The default for -declare_xml is false.
5166
3acbd4f5
JH		 5167You can place other arbitrary HTML elements to the <head> section with the
5168B<-head> tag. For example, to place the rarely-used <link> element in the
424ec8fa
GS		 5169head section, use this:
5170
3538e1d5 5171 print start_html(-head=>Link({-rel=>'next',
6b4ac661 5172 -href=>'http://www.capricorn.com/s2.html'}));
424ec8fa 5173
3acbd4f5 5174To incorporate multiple HTML elements into the <head> section, just pass an
424ec8fa
GS		 5175array reference:
5176
3538e1d5
GS		 5177 print start_html(-head=>[
5178 Link({-rel=>'next',
5179 -href=>'http://www.capricorn.com/s2.html'}),
5180 Link({-rel=>'previous',
5181 -href=>'http://www.capricorn.com/s1.html'})
424ec8fa
GS		 5182 ]
5183 );
5184
3acbd4f5 5185And here's how to create an HTTP-EQUIV <meta> tag:
6b4ac661 5186
ba056755
JH		 5187 print start_html(-head=>meta({-http_equiv => 'Content-Type',
5188 -content => 'text/html'}))
6b4ac661
JH		 5189
5190
424ec8fa
GS		 5191JAVASCRIPTING: The B<-script>, B<-noScript>, B<-onLoad>,
5192B<-onMouseOver>, B<-onMouseOut> and B<-onUnload> parameters are used
5193to add Netscape JavaScript calls to your pages. B<-script> should
5194point to a block of text containing JavaScript function definitions.
3acbd4f5 5195This block will be placed within a <script> block inside the HTML (not
424ec8fa
GS		 5196HTTP) header. The block is placed in the header in order to give your
5197page a fighting chance of having all its JavaScript functions in place
5198even if the user presses the stop button before the page has loaded
5199completely. CGI.pm attempts to format the script in such a way that
5200JavaScript-naive browsers will not choke on the code: unfortunately
5201there are some browsers, such as Chimera for Unix, that get confused
5202by it nevertheless.
5203
5204The B<-onLoad> and B<-onUnload> parameters point to fragments of JavaScript
5205code to execute when the page is respectively opened and closed by the
5206browser. Usually these parameters are calls to functions defined in the
5207B<-script> field:
5208
5209 $query = new CGI;
29ddc2a4 5210 print header;
424ec8fa
GS		 5211 $JSCRIPT=<<END;
5212 // Ask a silly question
5213 function riddle_me_this() {
5214 var r = prompt("What walks on four legs in the morning, " +
5215 "two legs in the afternoon, " +
5216 "and three legs in the evening?");
5217 response(r);
5218 }
5219 // Get a silly answer
5220 function response(answer) {
5221 if (answer == "man")
5222 alert("Right you are!");
5223 else
5224 alert("Wrong! Guess again.");
5225 }
5226 END
29ddc2a4 5227 print start_html(-title=>'The Riddle of the Sphinx',
424ec8fa
GS		 5228 -script=>$JSCRIPT);
5229
5230Use the B<-noScript> parameter to pass some HTML text that will be displayed on
5231browsers that do not have JavaScript (or browsers where JavaScript is turned
5232off).
5233
8869a4b7
SP		 5234The <script> tag, has several attributes including "type" and src.
5235The latter is particularly interesting, as it allows you to keep the
5236JavaScript code in a file or CGI script rather than cluttering up each
5237page with the source. To use these attributes pass a HASH reference
5238in the B<-script> parameter containing one or more of -type, -src, or
5239-code:
424ec8fa
GS		 5240
5241 print $q->start_html(-title=>'The Riddle of the Sphinx',
8869a4b7 5242 -script=>{-type=>'JAVASCRIPT',
424ec8fa
GS		 5243 -src=>'/javascript/sphinx.js'}
5244 );
5245
5246 print $q->(-title=>'The Riddle of the Sphinx',
8869a4b7 5247 -script=>{-type=>'PERLSCRIPT',
3538e1d5 5248 -code=>'print "hello world!\n;"'}
424ec8fa
GS		 5249 );
5250
5251
3acbd4f5 5252A final feature allows you to incorporate multiple <script> sections into the
424ec8fa
GS		 5253header. Just pass the list of script sections as an array reference.
5254this allows you to specify different source files for different dialects
8869a4b7 5255of JavaScript. Example:
424ec8fa 5256
3538e1d5
GS		 5257 print $q->start_html(-title=>'The Riddle of the Sphinx',
5258 -script=>[
8869a4b7 5259 { -type => 'text/javascript',
3538e1d5 5260 -src => '/javascript/utilities10.js'
424ec8fa 5261 },
8869a4b7 5262 { -type => 'text/javascript',
3538e1d5 5263 -src => '/javascript/utilities11.js'
424ec8fa 5264 },
8869a4b7 5265 { -type => 'text/jscript',
3538e1d5 5266 -src => '/javascript/utilities12.js'
424ec8fa 5267 },
8869a4b7 5268 { -type => 'text/ecmascript',
3538e1d5 5269 -src => '/javascript/utilities219.js'
424ec8fa
GS		 5270 }
5271 ]
5272 );
424ec8fa 5273
8869a4b7
SP		 5274The option "-language" is a synonym for -type, and is supported for
5275backwad compatibility.
424ec8fa
GS		 5276
5277The old-style positional parameters are as follows:
5278
5279=over 4
5280
5281=item B<Parameters:>
5282
5283=item 1.
5284
5285The title
5286
5287=item 2.
5288
3acbd4f5 5289The author's e-mail address (will create a <link rev="MADE"> tag if present
424ec8fa
GS		 5290
5291=item 3.
5292
3acbd4f5 5293A 'true' flag if you want to include a <base> tag in the header. This
424ec8fa
GS		 5294helps resolve relative addresses to absolute ones when the document is moved,
5295but makes the document hierarchy non-portable. Use with care!
5296
5297=item 4, 5, 6...
5298
3acbd4f5 5299Any other parameters you want to include in the <body> tag. This is a good
424ec8fa
GS		 5300place to put Netscape extensions, such as colors and wallpaper patterns.
5301
5302=back
5303
5304=head2 ENDING THE HTML DOCUMENT:
5305
29ddc2a4 5306 print end_html
424ec8fa 5307
3acbd4f5 5308This ends an HTML document by printing the </body></html> tags.
424ec8fa
GS		 5309
5310=head2 CREATING A SELF-REFERENCING URL THAT PRESERVES STATE INFORMATION:
5311
29ddc2a4 5312 $myself = self_url;
3acbd4f5 5313 print q(<a href="$myself">I'm talking to myself.</a>);
424ec8fa
GS		 5314
5315self_url() will return a URL, that, when selected, will reinvoke
5316this script with all its state information intact. This is most
5317useful when you want to jump around within the document using
5318internal anchors but you don't want to disrupt the current contents
5319of the form(s). Something like this will do the trick.
5320
29ddc2a4 5321 $myself = self_url;
188ba755
JH		 5322 print "<a href=\"$myself#table1\">See table 1</a>";
5323 print "<a href=\"$myself#table2\">See table 2</a>";
5324 print "<a href=\"$myself#yourself\">See for yourself</a>";
424ec8fa
GS		 5325
5326If you want more control over what's returned, using the B<url()>
5327method instead.
5328
5329You can also retrieve the unprocessed query string with query_string():
5330
29ddc2a4 5331 $the_string = query_string;
424ec8fa
GS		 5332
5333=head2 OBTAINING THE SCRIPT'S URL
5334
29ddc2a4
RGS		 5335 $full_url = url();
5336 $full_url = url(-full=>1); #alternative syntax
5337 $relative_url = url(-relative=>1);
5338 $absolute_url = url(-absolute=>1);
5339 $url_with_path = url(-path_info=>1);
5340 $url_with_path_and_query = url(-path_info=>1,-query=>1);
5341 $netloc = url(-base => 1);
424ec8fa
GS		 5342
5343B<url()> returns the script's URL in a variety of formats. Called
5344without any arguments, it returns the full form of the URL, including
5345host name and port number
5346
5347 http://your.host.com/path/to/script.cgi
5348
5349You can modify this format with the following named arguments:
5350
5351=over 4
5352
5353=item B<-absolute>
5354
5355If true, produce an absolute URL, e.g.
5356
5357 /path/to/script.cgi
5358
5359=item B<-relative>
5360
5361Produce a relative URL. This is useful if you want to reinvoke your
5362script with different parameters. For example:
5363
5364 script.cgi
5365
5366=item B<-full>
5367
5368Produce the full URL, exactly as if called without any arguments.
5369This overrides the -relative and -absolute arguments.
5370
5371=item B<-path> (B<-path_info>)
5372
5373Append the additional path information to the URL. This can be
5374combined with B<-full>, B<-absolute> or B<-relative>. B<-path_info>
5375is provided as a synonym.
5376
5377=item B<-query> (B<-query_string>)
5378
5379Append the query string to the URL. This can be combined with
5380B<-full>, B<-absolute> or B<-relative>. B<-query_string> is provided
5381as a synonym.
5382
03b9648d
JH		 5383=item B<-base>
5384
5385Generate just the protocol and net location, as in http://www.foo.com:8000
5386
0a9bdad4
SP		 5387=item B<-rewrite>
5388
5389If Apache's mod_rewrite is turned on, then the script name and path
5390info probably won't match the request that the user sent. Set
5391-rewrite=>1 (default) to return URLs that match what the user sent
5392(the original request URI). Set -rewrite->0 to return URLs that match
5393the URL after mod_rewrite's rules have run. Because the additional
5394path information only makes sense in the context of the rewritten URL,
5395-rewrite is set to false when you request path info in the URL.
5396
424ec8fa
GS		 5397=back
5398
71f3e297
JH		 5399=head2 MIXING POST AND URL PARAMETERS
5400
29ddc2a4 5401 $color = url_param('color');
71f3e297
JH		 5402
5403It is possible for a script to receive CGI parameters in the URL as
5404well as in the fill-out form by creating a form that POSTs to a URL
5405containing a query string (a "?" mark followed by arguments). The
5406B<param()> method will always return the contents of the POSTed
5407fill-out form, ignoring the URL's query string. To retrieve URL
5408parameters, call the B<url_param()> method. Use it in the same way as
5409B<param()>. The main difference is that it allows you to read the
5410parameters, but not set them.
5411
5412
5413Under no circumstances will the contents of the URL query string
5414interfere with similarly-named CGI parameters in POSTed forms. If you
5415try to mix a URL query string with a form submitted with the GET
5416method, the results will not be what you expect.
5417
424ec8fa
GS		 5418=head1 CREATING STANDARD HTML ELEMENTS:
5419
5420CGI.pm defines general HTML shortcut methods for most, if not all of
5421the HTML 3 and HTML 4 tags. HTML shortcuts are named after a single
5422HTML element and return a fragment of HTML text that you can then
5423print or manipulate as you like. Each shortcut returns a fragment of
5424HTML code that you can append to a string, save to a file, or, most
5425commonly, print out so that it displays in the browser window.
5426
5427This example shows how to use the HTML methods:
5428
424ec8fa
GS		 5429 print $q->blockquote(
5430 "Many years ago on the island of",
5431 $q->a({href=>"http://crete.org/"},"Crete"),
3538e1d5 5432 "there lived a Minotaur named",
424ec8fa
GS		 5433 $q->strong("Fred."),
5434 ),
5435 $q->hr;
5436
5437This results in the following HTML code (extra newlines have been
5438added for readability):
5439
5440 <blockquote>
5441 Many years ago on the island of
3acbd4f5 5442 <a href="http://crete.org/">Crete</a> there lived
424ec8fa
GS		 5443 a minotaur named <strong>Fred.</strong>
5444 </blockquote>
5445 <hr>
5446
5447If you find the syntax for calling the HTML shortcuts awkward, you can
5448import them into your namespace and dispense with the object syntax
5449completely (see the next section for more details):
5450
5451 use CGI ':standard';
5452 print blockquote(
5453 "Many years ago on the island of",
5454 a({href=>"http://crete.org/"},"Crete"),
5455 "there lived a minotaur named",
5456 strong("Fred."),
5457 ),
5458 hr;
54310121 5459
424ec8fa 5460=head2 PROVIDING ARGUMENTS TO HTML SHORTCUTS
7d37aa8e 5461
424ec8fa
GS		 5462The HTML methods will accept zero, one or multiple arguments. If you
5463provide no arguments, you get a single tag:
7d37aa8e 5464
3acbd4f5 5465 print hr; # <hr>
7d37aa8e 5466
424ec8fa
GS		 5467If you provide one or more string arguments, they are concatenated
5468together with spaces and placed between opening and closing tags:
7d37aa8e 5469
3acbd4f5 5470 print h1("Chapter","1"); # <h1>Chapter 1</h1>"
7d37aa8e 5471
424ec8fa
GS		 5472If the first argument is an associative array reference, then the keys
5473and values of the associative array become the HTML tag's attributes:
7d37aa8e 5474
424ec8fa
GS		 5475 print a({-href=>'fred.html',-target=>'_new'},
5476 "Open a new frame");
7d37aa8e 5477
3acbd4f5 5478 <a href="fred.html",target="_new">Open a new frame</a>
3cb6de81 5479
424ec8fa
GS		 5480You may dispense with the dashes in front of the attribute names if
5481you prefer:
54310121 5482
424ec8fa 5483 print img {src=>'fred.gif',align=>'LEFT'};
54310121 5484
3acbd4f5 5485 <img align="LEFT" src="fred.gif">
54310121 5486
424ec8fa 5487Sometimes an HTML tag attribute has no argument. For example, ordered
8f3ccfa2 5488lists can be marked as COMPACT. The syntax for this is an argument that
424ec8fa 5489that points to an undef string:
54310121 5490
424ec8fa 5491 print ol({compact=>undef},li('one'),li('two'),li('three'));
47e3cabd 5492
424ec8fa
GS		 5493Prior to CGI.pm version 2.41, providing an empty ('') string as an
5494attribute argument was the same as providing undef. However, this has
8f3ccfa2 5495changed in order to accommodate those who want to create tags of the form
3acbd4f5 5496<img alt="">. The difference is shown in these two pieces of code:
3cb6de81 5497
8f3ccfa2
JH		 5498 CODE RESULT
5499 img({alt=>undef}) <img alt>
5500 img({alt=>''}) <img alt="">
7d37aa8e 5501
424ec8fa 5502=head2 THE DISTRIBUTIVE PROPERTY OF HTML SHORTCUTS
7d37aa8e 5503
424ec8fa
GS		 5504One of the cool features of the HTML shortcuts is that they are
5505distributive. If you give them an argument consisting of a
5506B<reference> to a list, the tag will be distributed across each
5507element of the list. For example, here's one way to make an ordered
5508list:
7d37aa8e 5509
424ec8fa 5510 print ul(
6b4ac661 5511 li({-type=>'disc'},['Sneezy','Doc','Sleepy','Happy'])
424ec8fa 5512 );
7d37aa8e 5513
424ec8fa 5514This example will result in HTML output that looks like this:
54310121 5515
3acbd4f5
JH		 5516 <ul>
5517 <li type="disc">Sneezy</li>
5518 <li type="disc">Doc</li>
5519 <li type="disc">Sleepy</li>
5520 <li type="disc">Happy</li>
5521 </ul>
54310121 5522
424ec8fa 5523This is extremely useful for creating tables. For example:
54310121 5524
424ec8fa
GS		 5525 print table({-border=>undef},
5526 caption('When Should You Eat Your Vegetables?'),
5527 Tr({-align=>CENTER,-valign=>TOP},
5528 [
5529 th(['Vegetable', 'Breakfast','Lunch','Dinner']),
5530 td(['Tomatoes' , 'no', 'yes', 'yes']),
5531 td(['Broccoli' , 'no', 'no', 'yes']),
5532 td(['Onions' , 'yes','yes', 'yes'])
5533 ]
5534 )
5535 );
54310121 5536
424ec8fa 5537=head2 HTML SHORTCUTS AND LIST INTERPOLATION
54310121 5538
424ec8fa 5539Consider this bit of code:
54310121 5540
424ec8fa 5541 print blockquote(em('Hi'),'mom!'));
54310121 5542
424ec8fa 5543It will ordinarily return the string that you probably expect, namely:
54310121 5544
3acbd4f5 5545 <blockquote><em>Hi</em> mom!</blockquote>
54310121 5546
424ec8fa
GS		 5547Note the space between the element "Hi" and the element "mom!".
5548CGI.pm puts the extra space there using array interpolation, which is
5549controlled by the magic $" variable. Sometimes this extra space is
5550not what you want, for example, when you are trying to align a series
5551of images. In this case, you can simply change the value of $" to an
5552empty string.
54310121 5553
424ec8fa
GS		 5554 {
5555 local($") = '';
5556 print blockquote(em('Hi'),'mom!'));
5557 }
54310121 5558
424ec8fa
GS		 5559I suggest you put the code in a block as shown here. Otherwise the
5560change to $" will affect all subsequent code until you explicitly
5561reset it.
54310121 5562
424ec8fa 5563=head2 NON-STANDARD HTML SHORTCUTS
54310121 5564
424ec8fa
GS		 5565A few HTML tags don't follow the standard pattern for various
5566reasons.
54310121 5567
424ec8fa
GS		 5568B<comment()> generates an HTML comment (<!-- comment -->). Call it
5569like
54310121 5570
424ec8fa 5571 print comment('here is my comment');
54310121 5572
424ec8fa
GS		 5573Because of conflicts with built-in Perl functions, the following functions
5574begin with initial caps:
54310121 5575
424ec8fa
GS		 5576 Select
5577 Tr
5578 Link
5579 Delete
71f3e297
JH		 5580 Accept
5581 Sub
54310121 5582
424ec8fa
GS		 5583In addition, start_html(), end_html(), start_form(), end_form(),
5584start_multipart_form() and all the fill-out form tags are special.
5585See their respective sections.
5586
3d1a2ec4
GS		 5587=head2 AUTOESCAPING HTML
5588
5589By default, all HTML that is emitted by the form-generating functions
5590is passed through a function called escapeHTML():
5591
5592=over 4
5593
5594=item $escaped_string = escapeHTML("unescaped string");
5595
5596Escape HTML formatting characters in a string.
5597
5598=back
5599
5600Provided that you have specified a character set of ISO-8859-1 (the
5601default), the standard HTML escaping rules will be used. The "<"
5602character becomes "&lt;", ">" becomes "&gt;", "&" becomes "&amp;", and
5603the quote character becomes "&quot;". In addition, the hexadecimal
188ba755 56040x8b and 0x9b characters, which some browsers incorrectly interpret
3d1a2ec4 5605as the left and right angle-bracket characters, are replaced by their
188ba755 5606numeric character entities ("&#8249" and "&#8250;"). If you manually change
3d1a2ec4
GS		 5607the charset, either by calling the charset() method explicitly or by
5608passing a -charset argument to header(), then B<all> characters will
5609be replaced by their numeric entities, since CGI.pm has no lookup
5610table for all the possible encodings.
5611
5612The automatic escaping does not apply to other shortcuts, such as
5613h1(). You should call escapeHTML() yourself on untrusted data in
5614order to protect your pages against nasty tricks that people may enter
5615into guestbooks, etc.. To change the character set, use charset().
188ba755 5616To turn autoescaping off completely, use autoEscape(0):
3d1a2ec4
GS		 5617
5618=over 4
5619
5620=item $charset = charset([$charset]);
5621
5622Get or set the current character set.
5623
5624=item $flag = autoEscape([$flag]);
5625
5626Get or set the value of the autoescape flag.
5627
5628=back
5629
71f3e297
JH		 5630=head2 PRETTY-PRINTING HTML
5631
5632By default, all the HTML produced by these functions comes out as one
5633long line without carriage returns or indentation. This is yuck, but
5634it does reduce the size of the documents by 10-20%. To get
5635pretty-printed output, please use L<CGI::Pretty>, a subclass
5636contributed by Brian Paulsen.
5637
424ec8fa 5638=head1 CREATING FILL-OUT FORMS:
54310121 5639
5640I<General note> The various form-creating methods all return strings
5641to the caller, containing the tag or tags that will create the requested
5642form element. You are responsible for actually printing out these strings.
5643It's set up this way so that you can place formatting tags
5644around the form elements.
5645
5646I<Another note> The default values that you specify for the forms are only
5647used the B<first> time the script is invoked (when there is no query
5648string). On subsequent invocations of the script (when there is a query
5649string), the former values are used even if they are blank.
5650
5651If you want to change the value of a field from its previous value, you have two
5652choices:
5653
5654(1) call the param() method to set it.
5655
5656(2) use the -override (alias -force) parameter (a new feature in version 2.15).
5657This forces the default value to be used, regardless of the previous value:
5658
29ddc2a4 5659 print textfield(-name=>'field_name',
54310121 5660 -default=>'starting value',
5661 -override=>1,
5662 -size=>50,
5663 -maxlength=>80);
5664
5665I<Yet another note> By default, the text and labels of form elements are
5666escaped according to HTML rules. This means that you can safely use
5667"<CLICK ME>" as the label for a button. However, it also interferes with
5668your ability to incorporate special HTML character sequences, such as &Aacute;,
5669into your fields. If you wish to turn off automatic escaping, call the
5670autoEscape() method with a false value immediately after creating the CGI object:
5671
5672 $query = new CGI;
29ddc2a4 5673 autoEscape(undef);
3cb6de81 5674
13548fdf
RGS		 5675I<A Lurking Trap!> Some of the form-element generating methods return
5676multiple tags. In a scalar context, the tags will be concatenated
5677together with spaces, or whatever is the current value of the $"
5678global. In a list context, the methods will return a list of
5679elements, allowing you to modify them if you wish. Usually you will
5680not notice this behavior, but beware of this:
5681
29ddc2a4 5682 printf("%s\n",end_form())
13548fdf
RGS		 5683
5684end_form() produces several tags, and only the first of them will be
5685printed because the format only expects one value.
5686
5687<p>
5688
5689
54310121 5690=head2 CREATING AN ISINDEX TAG
5691
29ddc2a4 5692 print isindex(-action=>$action);
54310121 5693
5694 -or-
5695
29ddc2a4 5696 print isindex($action);
54310121 5697
3acbd4f5 5698Prints out an <isindex> tag. Not very exciting. The parameter
54310121 5699-action specifies the URL of the script to process the query. The
5700default is to process the query with the current script.
5701
5702=head2 STARTING AND ENDING A FORM
5703
29ddc2a4
RGS		 5704 print start_form(-method=>$method,
5705 -action=>$action,
5706 -enctype=>$encoding);
54310121 5707 <... various form stuff ...>
29ddc2a4 5708 print endform;
54310121 5709
5710 -or-
5711
29ddc2a4 5712 print start_form($method,$action,$encoding);
54310121 5713 <... various form stuff ...>
29ddc2a4 5714 print endform;
54310121 5715
3acbd4f5 5716start_form() will return a <form> tag with the optional method,
54310121 5717action and form encoding that you specify. The defaults are:
3cb6de81 5718
54310121 5719 method: POST
5720 action: this script
71f3e297 5721 enctype: application/x-www-form-urlencoded
54310121 5722
3acbd4f5 5723endform() returns the closing </form> tag.
54310121 5724
3d1a2ec4 5725Start_form()'s enctype argument tells the browser how to package the various
54310121 5726fields of the form before sending the form to the server. Two
5727values are possible:
5728
3d1a2ec4
GS		 5729B<Note:> This method was previously named startform(), and startform()
5730is still recognized as an alias.
5731
54310121 5732=over 4
5733
5734=item B<application/x-www-form-urlencoded>
5735
5736This is the older type of encoding used by all browsers prior to
5737Netscape 2.0. It is compatible with many CGI scripts and is
5738suitable for short fields containing text data. For your
5739convenience, CGI.pm stores the name of this encoding
6b4ac661 5740type in B<&CGI::URL_ENCODED>.
54310121 5741
5742=item B<multipart/form-data>
5743
5744This is the newer type of encoding introduced by Netscape 2.0.
5745It is suitable for forms that contain very large fields or that
5746are intended for transferring binary data. Most importantly,
5747it enables the "file upload" feature of Netscape 2.0 forms. For
5748your convenience, CGI.pm stores the name of this encoding type
424ec8fa 5749in B<&CGI::MULTIPART>
54310121 5750
5751Forms that use this type of encoding are not easily interpreted
5752by CGI scripts unless they use CGI.pm or another library designed
5753to handle them.
5754
29ddc2a4
RGS		 5755If XHTML is activated (the default), then forms will be automatically
5756created using this type of encoding.
5757
54310121 5758=back
5759
3d1a2ec4 5760For compatibility, the start_form() method uses the older form of
54310121 5761encoding by default. If you want to use the newer form of encoding
5762by default, you can call B<start_multipart_form()> instead of
3d1a2ec4 5763B<start_form()>.
54310121 5764
5765JAVASCRIPTING: The B<-name> and B<-onSubmit> parameters are provided
5766for use with JavaScript. The -name parameter gives the
5767form a name so that it can be identified and manipulated by
5768JavaScript functions. -onSubmit should point to a JavaScript
5769function that will be executed just before the form is submitted to your
5770server. You can use this opportunity to check the contents of the form
5771for consistency and completeness. If you find something wrong, you
5772can put up an alert box or maybe fix things up yourself. You can
5773abort the submission by returning false from this function.
5774
3acbd4f5 5775Usually the bulk of JavaScript functions are defined in a <script>
54310121 5776block in the HTML header and -onSubmit points to one of these function
5777call. See start_html() for details.
5778
29ddc2a4
RGS		 5779=head2 FORM ELEMENTS
5780
5781After starting a form, you will typically create one or more
5782textfields, popup menus, radio groups and other form elements. Each
5783of these elements takes a standard set of named arguments. Some
5784elements also have optional arguments. The standard arguments are as
5785follows:
5786
5787=over 4
5788
5789=item B<-name>
5790
5791The name of the field. After submission this name can be used to
5792retrieve the field's value using the param() method.
5793
5794=item B<-value>, B<-values>
5795
5796The initial value of the field which will be returned to the script
5797after form submission. Some form elements, such as text fields, take
5798a single scalar -value argument. Others, such as popup menus, take a
5799reference to an array of values. The two arguments are synonyms.
5800
5801=item B<-tabindex>
5802
5803A numeric value that sets the order in which the form element receives
5804focus when the user presses the tab key. Elements with lower values
5805receive focus first.
5806
5807=item B<-id>
5808
5809A string identifier that can be used to identify this element to
5810JavaScript and DHTML.
5811
5812=item B<-override>
5813
5814A boolean, which, if true, forces the element to take on the value
5815specified by B<-value>, overriding the sticky behavior described
5816earlier for the B<-no_sticky> pragma.
5817
5818=item B<-onChange>, B<-onFocus>, B<-onBlur>, B<-onMouseOver>, B<-onMouseOut>, B<-onSelect>
5819
5820These are used to assign JavaScript event handlers. See the
5821JavaScripting section for more details.
5822
5823=back
5824
5825Other common arguments are described in the next section. In addition
5826to these, all attributes described in the HTML specifications are
5827supported.
5828
54310121 5829=head2 CREATING A TEXT FIELD
5830
29ddc2a4
RGS		 5831 print textfield(-name=>'field_name',
5832 -value=>'starting value',
5833 -size=>50,
5834 -maxlength=>80);
54310121 5835 -or-
5836
29ddc2a4 5837 print textfield('field_name','starting value',50,80);
54310121 5838
29ddc2a4 5839textfield() will return a text input field.
54310121 5840
5841=over 4
5842
5843=item B<Parameters>
5844
5845=item 1.
5846
29ddc2a4 5847The first parameter is the required name for the field (-name).
54310121 5848
5849=item 2.
5850
5851The optional second parameter is the default starting value for the field
29ddc2a4 5852contents (-value, formerly known as -default).
54310121 5853
5854=item 3.
5855
5856The optional third parameter is the size of the field in
5857 characters (-size).
5858
5859=item 4.
5860
5861The optional fourth parameter is the maximum number of characters the
5862 field will accept (-maxlength).
5863
5864=back
5865
5866As with all these methods, the field will be initialized with its
5867previous contents from earlier invocations of the script.
5868When the form is processed, the value of the text field can be
5869retrieved with:
5870
29ddc2a4 5871 $value = param('foo');
54310121 5872
5873If you want to reset it from its initial value after the script has been
5874called once, you can do so like this:
5875
29ddc2a4 5876 param('foo',"I'm taking over this value!");
54310121 5877
5878=head2 CREATING A BIG TEXT FIELD
5879
29ddc2a4 5880 print textarea(-name=>'foo',
54310121 5881 -default=>'starting value',
5882 -rows=>10,
5883 -columns=>50);
5884
5885 -or
5886
29ddc2a4 5887 print textarea('foo','starting value',10,50);
54310121 5888
5889textarea() is just like textfield, but it allows you to specify
5890rows and columns for a multiline text entry box. You can provide
5891a starting value for the field, which can be long and contain
5892multiple lines.
5893
54310121 5894=head2 CREATING A PASSWORD FIELD
5895
29ddc2a4 5896 print password_field(-name=>'secret',
54310121 5897 -value=>'starting value',
5898 -size=>50,
5899 -maxlength=>80);
5900 -or-
5901
29ddc2a4 5902 print password_field('secret','starting value',50,80);
54310121 5903
5904password_field() is identical to textfield(), except that its contents
5905will be starred out on the web page.
5906
54310121 5907=head2 CREATING A FILE UPLOAD FIELD
5908
29ddc2a4 5909 print filefield(-name=>'uploaded_file',
54310121 5910 -default=>'starting value',
5911 -size=>50,
5912 -maxlength=>80);
5913 -or-
5914
29ddc2a4 5915 print filefield('uploaded_file','starting value',50,80);
54310121 5916
5917filefield() will return a file upload field for Netscape 2.0 browsers.
5918In order to take full advantage of this I<you must use the new
5919multipart encoding scheme> for the form. You can do this either
6b4ac661 5920by calling B<start_form()> with an encoding type of B<&CGI::MULTIPART>,
54310121 5921or by calling the new method B<start_multipart_form()> instead of
3d1a2ec4 5922vanilla B<start_form()>.
54310121 5923
5924=over 4
5925
5926=item B<Parameters>
5927
5928=item 1.
5929
5930The first parameter is the required name for the field (-name).
5931
5932=item 2.
5933
5934The optional second parameter is the starting value for the field contents
5935to be used as the default file name (-default).
5936
71f3e297
JH		 5937For security reasons, browsers don't pay any attention to this field,
5938and so the starting value will always be blank. Worse, the field
5939loses its "sticky" behavior and forgets its previous contents. The
5940starting value field is called for in the HTML specification, however,
5941and possibly some browser will eventually provide support for it.
54310121 5942
5943=item 3.
5944
5945The optional third parameter is the size of the field in
5946characters (-size).
5947
5948=item 4.
5949
5950The optional fourth parameter is the maximum number of characters the
5951field will accept (-maxlength).
5952
5953=back
5954
5955When the form is processed, you can retrieve the entered filename
3538e1d5 5956by calling param():
54310121 5957
29ddc2a4 5958 $filename = param('uploaded_file');
54310121 5959
3538e1d5
GS		 5960Different browsers will return slightly different things for the
5961name. Some browsers return the filename only. Others return the full
5962path to the file, using the path conventions of the user's machine.
5963Regardless, the name returned is always the name of the file on the
5964I<user's> machine, and is unrelated to the name of the temporary file
5965that CGI.pm creates during upload spooling (see below).
54310121 5966
5967The filename returned is also a file handle. You can read the contents
5968of the file using standard Perl file reading calls:
5969
5970 # Read a text file and print it out
5971 while (<$filename>) {
5972 print;
5973 }
5974
5975 # Copy a binary file to somewhere safe
5976 open (OUTFILE,">>/usr/local/web/users/feedback");
5977 while ($bytesread=read($filename,$buffer,1024)) {
5978 print OUTFILE $buffer;
5979 }
5980
3538e1d5
GS		 5981However, there are problems with the dual nature of the upload fields.
5982If you C<use strict>, then Perl will complain when you try to use a
5983string as a filehandle. You can get around this by placing the file
5984reading code in a block containing the C<no strict> pragma. More
5985seriously, it is possible for the remote user to type garbage into the
5986upload field, in which case what you get from param() is not a
5987filehandle at all, but a string.
5988
5989To be safe, use the I<upload()> function (new in version 2.47). When
5990called with the name of an upload field, I<upload()> returns a
5991filehandle, or undef if the parameter is not a valid filehandle.
5992
29ddc2a4 5993 $fh = upload('uploaded_file');
3538e1d5
GS		 5994 while (<$fh>) {
5995 print;
5996 }
5997
13548fdf 5998In an list context, upload() will return an array of filehandles.
199d4a26
JH		 5999This makes it possible to create forms that use the same name for
6000multiple upload fields.
6001
3538e1d5
GS		 6002This is the recommended idiom.
6003
54310121 6004When a file is uploaded the browser usually sends along some
6005information along with it in the format of headers. The information
6006usually includes the MIME content type. Future browsers may send
6007other information as well (such as modification date and size). To
6008retrieve this information, call uploadInfo(). It returns a reference to
6009an associative array containing all the document headers.
6010
29ddc2a4
RGS		 6011 $filename = param('uploaded_file');
6012 $type = uploadInfo($filename)->{'Content-Type'};
54310121 6013 unless ($type eq 'text/html') {
6014 die "HTML FILES ONLY!";
6015 }
6016
6017If you are using a machine that recognizes "text" and "binary" data
6018modes, be sure to understand when and how to use them (see the Camel book).
3538e1d5
GS		 6019Otherwise you may find that binary files are corrupted during file
6020uploads.
6021
6022There are occasionally problems involving parsing the uploaded file.
6023This usually happens when the user presses "Stop" before the upload is
6024finished. In this case, CGI.pm will return undef for the name of the
6025uploaded file and set I<cgi_error()> to the string "400 Bad request
6026(malformed multipart POST)". This error message is designed so that
6027you can incorporate it into a status code to be sent to the browser.
6028Example:
6029
29ddc2a4
RGS		 6030 $file = upload('uploaded_file');
6031 if (!$file && cgi_error) {
6032 print header(-status=>cgi_error);
3538e1d5
GS		 6033 exit 0;
6034 }
6035
6036You are free to create a custom HTML page to complain about the error,
6037if you wish.
54310121 6038
2ed511ec
RGS		 6039You can set up a callback that will be called whenever a file upload
6040is being read during the form processing. This is much like the
6041UPLOAD_HOOK facility available in Apache::Request, with the exception
6042that the first argument to the callback is an Apache::Upload object,
6043here it's the remote filename.
6044
cb3b230c 6045 $q = CGI->new(\&hook [,$data [,$use_tempfile]]);
2ed511ec
RGS		 6046
6047 sub hook
6048 {
6049 my ($filename, $buffer, $bytes_read, $data) = @_;
6050 print "Read $bytes_read bytes of $filename\n";
6051 }
6052
cb3b230c
SP		 6053The $data field is optional; it lets you pass configuration
6054information (e.g. a database handle) to your hook callback.
6055
6056The $use_tempfile field is a flag that lets you turn on and off
6057CGI.pm's use of a temporary disk-based file during file upload. If you
6058set this to a FALSE value (default true) then param('uploaded_file')
6059will no longer work, and the only way to get at the uploaded data is
6060via the hook you provide.
6061
2ed511ec
RGS		 6062If using the function-oriented interface, call the CGI::upload_hook()
6063method before calling param() or any other CGI functions:
6064
cb3b230c 6065 CGI::upload_hook(\&hook [,$data [,$use_tempfile]]);
2ed511ec
RGS		 6066
6067This method is not exported by default. You will have to import it
6068explicitly if you wish to use it without the CGI:: prefix.
6069
199d4a26
JH		 6070If you are using CGI.pm on a Windows platform and find that binary
6071files get slightly larger when uploaded but that text files remain the
6072same, then you have forgotten to activate binary mode on the output
6073filehandle. Be sure to call binmode() on any handle that you create
6074to write the uploaded file to disk.
6075
424ec8fa
GS		 6076JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur>,
6077B<-onMouseOver>, B<-onMouseOut> and B<-onSelect> parameters are
6078recognized. See textfield() for details.
54310121 6079
6080=head2 CREATING A POPUP MENU
6081
29ddc2a4 6082 print popup_menu('menu_name',
54310121 6083 ['eenie','meenie','minie'],
6084 'meenie');
6085
6086 -or-
6087
6088 %labels = ('eenie'=>'your first choice',
6089 'meenie'=>'your second choice',
6090 'minie'=>'your third choice');
188ba755 6091 %attributes = ('eenie'=>{'class'=>'class of first choice'});
29ddc2a4 6092 print popup_menu('menu_name',
54310121 6093 ['eenie','meenie','minie'],
188ba755 6094 'meenie',\%labels,\%attributes);
54310121 6095
6096 -or (named parameter style)-
6097
29ddc2a4 6098 print popup_menu(-name=>'menu_name',
54310121 6099 -values=>['eenie','meenie','minie'],
6100 -default=>'meenie',
188ba755
JH		 6101 -labels=>\%labels,
6102 -attributes=>\%attributes);
54310121 6103
6104popup_menu() creates a menu.
6105
6106=over 4
6107
6108=item 1.
6109
6110The required first argument is the menu's name (-name).
6111
6112=item 2.
6113
6114The required second argument (-values) is an array B<reference>
6115containing the list of menu items in the menu. You can pass the
6116method an anonymous array, as shown in the example, or a reference to
6117a named array, such as "\@foo".
6118
6119=item 3.
6120
6121The optional third parameter (-default) is the name of the default
6122menu choice. If not specified, the first item will be the default.
6123The values of the previous choice will be maintained across queries.
6124
6125=item 4.
6126
6127The optional fourth parameter (-labels) is provided for people who
6128want to use different values for the user-visible label inside the
188ba755 6129popup menu and the value returned to your script. It's a pointer to an
54310121 6130associative array relating menu values to user-visible labels. If you
6131leave this parameter blank, the menu values will be displayed by
6132default. (You can also leave a label undefined if you want to).
6133
188ba755
JH		 6134=item 5.
6135
6136The optional fifth parameter (-attributes) is provided to assign
6137any of the common HTML attributes to an individual menu item. It's
6138a pointer to an associative array relating menu values to another
6139associative array with the attribute's name as the key and the
6140attribute's value as the value.
6141
54310121 6142=back
6143
6144When the form is processed, the selected value of the popup menu can
6145be retrieved using:
6146
29ddc2a4 6147 $popup_menu_value = param('menu_name');
54310121 6148
188ba755
JH		 6149=head2 CREATING AN OPTION GROUP
6150
6151Named parameter style
6152
29ddc2a4 6153 print popup_menu(-name=>'menu_name',
188ba755 6154 -values=>[qw/eenie meenie minie/,
29ddc2a4
RGS		 6155 optgroup(-name=>'optgroup_name',
6156 -values => ['moe','catch'],
6157 -attributes=>{'catch'=>{'class'=>'red'}})],
188ba755
JH		 6158 -labels=>{'eenie'=>'one',
6159 'meenie'=>'two',
6160 'minie'=>'three'},
6161 -default=>'meenie');
6162
6163 Old style
29ddc2a4 6164 print popup_menu('menu_name',
188ba755 6165 ['eenie','meenie','minie',
29ddc2a4
RGS		 6166 optgroup('optgroup_name', ['moe', 'catch'],
6167 {'catch'=>{'class'=>'red'}})],'meenie',
188ba755
JH		 6168 {'eenie'=>'one','meenie'=>'two','minie'=>'three'});
6169
29ddc2a4 6170optgroup() creates an option group within a popup menu.
188ba755
JH		 6171
6172=over 4
6173
6174=item 1.
6175
6176The required first argument (B<-name>) is the label attribute of the
6177optgroup and is B<not> inserted in the parameter list of the query.
6178
6179=item 2.
6180
6181The required second argument (B<-values>) is an array reference
6182containing the list of menu items in the menu. You can pass the
6183method an anonymous array, as shown in the example, or a reference
6184to a named array, such as \@foo. If you pass a HASH reference,
6185the keys will be used for the menu values, and the values will be
6186used for the menu labels (see -labels below).
6187
6188=item 3.
6189
6190The optional third parameter (B<-labels>) allows you to pass a reference
6191to an associative array containing user-visible labels for one or more
6192of the menu items. You can use this when you want the user to see one
6193menu string, but have the browser return your program a different one.
6194If you don't specify this, the value string will be used instead
6195("eenie", "meenie" and "minie" in this example). This is equivalent
6196to using a hash reference for the -values parameter.
6197
6198=item 4.
6199
6200An optional fourth parameter (B<-labeled>) can be set to a true value
6201and indicates that the values should be used as the label attribute
6202for each option element within the optgroup.
6203
6204=item 5.
6205
6206An optional fifth parameter (-novals) can be set to a true value and
3c4b39be 6207indicates to suppress the val attribute in each option element within
188ba755
JH		 6208the optgroup.
6209
6210See the discussion on optgroup at W3C
6211(http://www.w3.org/TR/REC-html40/interact/forms.html#edef-OPTGROUP)
6212for details.
6213
6214=item 6.
6215
6216An optional sixth parameter (-attributes) is provided to assign
6217any of the common HTML attributes to an individual menu item. It's
6218a pointer to an associative array relating menu values to another
6219associative array with the attribute's name as the key and the
6220attribute's value as the value.
6221
cff99809
JH		 6222=back
6223
54310121 6224=head2 CREATING A SCROLLING LIST
6225
29ddc2a4 6226 print scrolling_list('list_name',
54310121 6227 ['eenie','meenie','minie','moe'],
188ba755 6228 ['eenie','moe'],5,'true',{'moe'=>{'class'=>'red'}});
54310121 6229 -or-
6230
29ddc2a4 6231 print scrolling_list('list_name',
54310121 6232 ['eenie','meenie','minie','moe'],
6233 ['eenie','moe'],5,'true',
188ba755 6234 \%labels,%attributes);
54310121 6235
6236 -or-
6237
29ddc2a4 6238 print scrolling_list(-name=>'list_name',
54310121 6239 -values=>['eenie','meenie','minie','moe'],
6240 -default=>['eenie','moe'],
6241 -size=>5,
6242 -multiple=>'true',
188ba755
JH		 6243 -labels=>\%labels,
6244 -attributes=>\%attributes);
54310121 6245
6246scrolling_list() creates a scrolling list.
6247
6248=over 4
6249
6250=item B<Parameters:>
6251
6252=item 1.
6253
6254The first and second arguments are the list name (-name) and values
6255(-values). As in the popup menu, the second argument should be an
6256array reference.
6257
6258=item 2.
6259
6260The optional third argument (-default) can be either a reference to a
6261list containing the values to be selected by default, or can be a
6262single value to select. If this argument is missing or undefined,
6263then nothing is selected when the list first appears. In the named
6264parameter version, you can use the synonym "-defaults" for this
6265parameter.
6266
6267=item 3.
6268
6269The optional fourth argument is the size of the list (-size).
6270
6271=item 4.
6272
6273The optional fifth argument can be set to true to allow multiple
6274simultaneous selections (-multiple). Otherwise only one selection
6275will be allowed at a time.
6276
6277=item 5.
6278
6279The optional sixth argument is a pointer to an associative array
6280containing long user-visible labels for the list items (-labels).
6281If not provided, the values will be displayed.
6282
188ba755
JH		 6283=item 6.
6284
6285The optional sixth parameter (-attributes) is provided to assign
6286any of the common HTML attributes to an individual menu item. It's
6287a pointer to an associative array relating menu values to another
6288associative array with the attribute's name as the key and the
6289attribute's value as the value.
6290
54310121 6291When this form is processed, all selected list items will be returned as
6292a list under the parameter name 'list_name'. The values of the
6293selected items can be retrieved with:
6294
29ddc2a4 6295 @selected = param('list_name');
54310121 6296
6297=back
6298
54310121 6299=head2 CREATING A GROUP OF RELATED CHECKBOXES
6300
29ddc2a4 6301 print checkbox_group(-name=>'group_name',
54310121 6302 -values=>['eenie','meenie','minie','moe'],
6303 -default=>['eenie','moe'],
6304 -linebreak=>'true',
8869a4b7 6305 -disabled => ['moe'],
188ba755
JH		 6306 -labels=>\%labels,
6307 -attributes=>\%attributes);
54310121 6308
29ddc2a4 6309 print checkbox_group('group_name',
54310121 6310 ['eenie','meenie','minie','moe'],
188ba755
JH		 6311 ['eenie','moe'],'true',\%labels,
6312 {'moe'=>{'class'=>'red'}});
54310121 6313
6314 HTML3-COMPATIBLE BROWSERS ONLY:
6315
29ddc2a4 6316 print checkbox_group(-name=>'group_name',
54310121 6317 -values=>['eenie','meenie','minie','moe'],
6318 -rows=2,-columns=>2);
3cb6de81 6319
54310121 6320
6321checkbox_group() creates a list of checkboxes that are related
6322by the same name.
6323
6324=over 4
6325
6326=item B<Parameters:>
6327
6328=item 1.
6329
6330The first and second arguments are the checkbox name and values,
6331respectively (-name and -values). As in the popup menu, the second
6332argument should be an array reference. These values are used for the
6333user-readable labels printed next to the checkboxes as well as for the
6334values passed to your script in the query string.
6335
6336=item 2.
6337
6338The optional third argument (-default) can be either a reference to a
6339list containing the values to be checked by default, or can be a
6340single value to checked. If this argument is missing or undefined,
6341then nothing is selected when the list first appears.
6342
6343=item 3.
6344
6345The optional fourth argument (-linebreak) can be set to true to place
6346line breaks between the checkboxes so that they appear as a vertical
6347list. Otherwise, they will be strung together on a horizontal line.
6348
29ddc2a4 6349=back
54310121 6350
54310121 6351
29ddc2a4
RGS		 6352The optional b<-labels> argument is a pointer to an associative array
6353relating the checkbox values to the user-visible labels that will be
6354printed next to them. If not provided, the values will be used as the
6355default.
54310121 6356
54310121 6357
8869a4b7
SP		 6358The optional parameters B<-rows>, and B<-columns> cause
6359checkbox_group() to return an HTML3 compatible table containing the
6360checkbox group formatted with the specified number of rows and
6361columns. You can provide just the -columns parameter if you wish;
6362checkbox_group will calculate the correct number of rows for you.
188ba755 6363
8869a4b7
SP		 6364The option b<-disabled> takes an array of checkbox values and disables
6365them by greying them out (this may not be supported by all browsers).
188ba755 6366
29ddc2a4
RGS		 6367The optional B<-attributes> argument is provided to assign any of the
6368common HTML attributes to an individual menu item. It's a pointer to
6369an associative array relating menu values to another associative array
6370with the attribute's name as the key and the attribute's value as the
6371value.
54310121 6372
29ddc2a4
RGS		 6373The optional B<-tabindex> argument can be used to control the order in which
6374radio buttons receive focus when the user presses the tab button. If
6375passed a scalar numeric value, the first element in the group will
6376receive this tab index and subsequent elements will be incremented by
6377one. If given a reference to an array of radio button values, then
6378the indexes will be jiggered so that the order specified in the array
6379will correspond to the tab order. You can also pass a reference to a
6380hash in which the hash keys are the radio button values and the values
6381are the tab indexes of each button. Examples:
6382
6383 -tabindex => 100 # this group starts at index 100 and counts up
6384 -tabindex => ['moe','minie','eenie','meenie'] # tab in this order
6385 -tabindex => {meenie=>100,moe=>101,minie=>102,eenie=>200} # tab in this order
54310121 6386
6387When the form is processed, all checked boxes will be returned as
6388a list under the parameter name 'group_name'. The values of the
6389"on" checkboxes can be retrieved with:
6390
29ddc2a4 6391 @turned_on = param('group_name');
54310121 6392
6393The value returned by checkbox_group() is actually an array of button
6394elements. You can capture them and use them within tables, lists,
6395or in other creative ways:
6396
29ddc2a4 6397 @h = checkbox_group(-name=>'group_name',-values=>\@values);
54310121 6398 &use_in_creative_way(@h);
6399
54310121 6400=head2 CREATING A STANDALONE CHECKBOX
6401
29ddc2a4 6402 print checkbox(-name=>'checkbox_name',
ac734d8b 6403 -checked=>1,
54310121 6404 -value=>'ON',
6405 -label=>'CLICK ME');
6406
6407 -or-
6408
29ddc2a4 6409 print checkbox('checkbox_name','checked','ON','CLICK ME');
54310121 6410
6411checkbox() is used to create an isolated checkbox that isn't logically
6412related to any others.
6413
6414=over 4
6415
6416=item B<Parameters:>
6417
6418=item 1.
6419
6420The first parameter is the required name for the checkbox (-name). It
6421will also be used for the user-readable label printed next to the
6422checkbox.
6423
6424=item 2.
6425
6426The optional second parameter (-checked) specifies that the checkbox
6427is turned on by default. Synonyms are -selected and -on.
6428
6429=item 3.
6430
6431The optional third parameter (-value) specifies the value of the
6432checkbox when it is checked. If not provided, the word "on" is
6433assumed.
6434
6435=item 4.
6436
6437The optional fourth parameter (-label) is the user-readable label to
6438be attached to the checkbox. If not provided, the checkbox name is
6439used.
6440
6441=back
6442
6443The value of the checkbox can be retrieved using:
6444
29ddc2a4 6445 $turned_on = param('checkbox_name');
54310121 6446
6447=head2 CREATING A RADIO BUTTON GROUP
6448
29ddc2a4 6449 print radio_group(-name=>'group_name',
54310121 6450 -values=>['eenie','meenie','minie'],
6451 -default=>'meenie',
6452 -linebreak=>'true',
188ba755
JH		 6453 -labels=>\%labels,
6454 -attributes=>\%attributes);
54310121 6455
6456 -or-
6457
29ddc2a4 6458 print radio_group('group_name',['eenie','meenie','minie'],
188ba755 6459 'meenie','true',\%labels,\%attributes);
54310121 6460
6461
6462 HTML3-COMPATIBLE BROWSERS ONLY:
6463
29ddc2a4 6464 print radio_group(-name=>'group_name',
54310121 6465 -values=>['eenie','meenie','minie','moe'],
6466 -rows=2,-columns=>2);
6467
6468radio_group() creates a set of logically-related radio buttons
6469(turning one member of the group on turns the others off)
6470
6471=over 4
6472
6473=item B<Parameters:>
6474
6475=item 1.
6476
6477The first argument is the name of the group and is required (-name).
6478
6479=item 2.
6480
6481The second argument (-values) is the list of values for the radio
6482buttons. The values and the labels that appear on the page are
6483identical. Pass an array I<reference> in the second argument, either
6484using an anonymous array, as shown, or by referencing a named array as
6485in "\@foo".
6486
6487=item 3.
6488
6489The optional third parameter (-default) is the name of the default
6490button to turn on. If not specified, the first item will be the
6491default. You can provide a nonexistent button name, such as "-" to
6492start up with no buttons selected.
6493
6494=item 4.
6495
6496The optional fourth parameter (-linebreak) can be set to 'true' to put
6497line breaks between the buttons, creating a vertical list.
6498
6499=item 5.
6500
6501The optional fifth parameter (-labels) is a pointer to an associative
6502array relating the radio button values to user-visible labels to be
6503used in the display. If not provided, the values themselves are
6504displayed.
6505
29ddc2a4 6506=back
54310121 6507
188ba755 6508
29ddc2a4
RGS		 6509All modern browsers can take advantage of the optional parameters
6510B<-rows>, and B<-columns>. These parameters cause radio_group() to
6511return an HTML3 compatible table containing the radio group formatted
6512with the specified number of rows and columns. You can provide just
6513the -columns parameter if you wish; radio_group will calculate the
6514correct number of rows for you.
188ba755 6515
54310121 6516To include row and column headings in the returned table, you
8869a4b7 6517can use the B<-rowheaders> and B<-colheaders> parameters. Both
54310121 6518of these accept a pointer to an array of headings to use.
6519The headings are just decorative. They don't reorganize the
f610777f 6520interpretation of the radio buttons -- they're still a single named
54310121 6521unit.
6522
29ddc2a4
RGS		 6523The optional B<-tabindex> argument can be used to control the order in which
6524radio buttons receive focus when the user presses the tab button. If
6525passed a scalar numeric value, the first element in the group will
6526receive this tab index and subsequent elements will be incremented by
6527one. If given a reference to an array of radio button values, then
6528the indexes will be jiggered so that the order specified in the array
6529will correspond to the tab order. You can also pass a reference to a
6530hash in which the hash keys are the radio button values and the values
6531are the tab indexes of each button. Examples:
6532
6533 -tabindex => 100 # this group starts at index 100 and counts up
6534 -tabindex => ['moe','minie','eenie','meenie'] # tab in this order
6535 -tabindex => {meenie=>100,moe=>101,minie=>102,eenie=>200} # tab in this order
6536
6537
6538The optional B<-attributes> argument is provided to assign any of the
6539common HTML attributes to an individual menu item. It's a pointer to
6540an associative array relating menu values to another associative array
6541with the attribute's name as the key and the attribute's value as the
6542value.
54310121 6543
6544When the form is processed, the selected radio button can
6545be retrieved using:
6546
29ddc2a4 6547 $which_radio_button = param('group_name');
54310121 6548
6549The value returned by radio_group() is actually an array of button
6550elements. You can capture them and use them within tables, lists,
6551or in other creative ways:
6552
29ddc2a4 6553 @h = radio_group(-name=>'group_name',-values=>\@values);
54310121 6554 &use_in_creative_way(@h);
6555
6556=head2 CREATING A SUBMIT BUTTON
6557
29ddc2a4 6558 print submit(-name=>'button_name',
54310121 6559 -value=>'value');
6560
6561 -or-
6562
29ddc2a4 6563 print submit('button_name','value');
54310121 6564
6565submit() will create the query submission button. Every form
6566should have one of these.
6567
6568=over 4
6569
6570=item B<Parameters:>
6571
6572=item 1.
6573
6574The first argument (-name) is optional. You can give the button a
6575name if you have several submission buttons in your form and you want
13548fdf 6576to distinguish between them.
54310121 6577
6578=item 2.
6579
6580The second argument (-value) is also optional. This gives the button
13548fdf
RGS		 6581a value that will be passed to your script in the query string. The
6582name will also be used as the user-visible label.
6583
6584=item 3.
6585
6586You can use -label as an alias for -value. I always get confused
6587about which of -name and -value changes the user-visible label on the
6588button.
54310121 6589
6590=back
6591
6592You can figure out which button was pressed by using different
6593values for each one:
6594
29ddc2a4 6595 $which_one = param('button_name');
54310121 6596
6597=head2 CREATING A RESET BUTTON
6598
29ddc2a4 6599 print reset
54310121 6600
6601reset() creates the "reset" button. Note that it restores the
6602form to its value from the last time the script was called,
6603NOT necessarily to the defaults.
6604
71f3e297
JH		 6605Note that this conflicts with the Perl reset() built-in. Use
6606CORE::reset() to get the original reset function.
6607
54310121 6608=head2 CREATING A DEFAULT BUTTON
6609
29ddc2a4 6610 print defaults('button_label')
54310121 6611
6612defaults() creates a button that, when invoked, will cause the
6613form to be completely reset to its defaults, wiping out all the
6614changes the user ever made.
6615
6616=head2 CREATING A HIDDEN FIELD
6617
29ddc2a4 6618 print hidden(-name=>'hidden_name',
54310121 6619 -default=>['value1','value2'...]);
6620
6621 -or-
6622
29ddc2a4 6623 print hidden('hidden_name','value1','value2'...);
54310121 6624
6625hidden() produces a text field that can't be seen by the user. It
6626is useful for passing state variable information from one invocation
6627of the script to the next.
6628
6629=over 4
6630
6631=item B<Parameters:>
6632
6633=item 1.
6634
6635The first argument is required and specifies the name of this
6636field (-name).
6637
6638=item 2.
6639
6640The second argument is also required and specifies its value
6641(-default). In the named parameter style of calling, you can provide
6642a single value here or a reference to a whole list
6643
6644=back
6645
6646Fetch the value of a hidden field this way:
6647
29ddc2a4 6648 $hidden_value = param('hidden_name');
54310121 6649
6650Note, that just like all the other form elements, the value of a
6651hidden field is "sticky". If you want to replace a hidden field with
6652some other values after the script has been called once you'll have to
6653do it manually:
6654
29ddc2a4 6655 param('hidden_name','new','values','here');
54310121 6656
6657=head2 CREATING A CLICKABLE IMAGE BUTTON
6658
29ddc2a4 6659 print image_button(-name=>'button_name',
54310121 6660 -src=>'/source/URL',
6661 -align=>'MIDDLE');
6662
6663 -or-
6664
29ddc2a4 6665 print image_button('button_name','/source/URL','MIDDLE');
54310121 6666
6667image_button() produces a clickable image. When it's clicked on the
6668position of the click is returned to your script as "button_name.x"
6669and "button_name.y", where "button_name" is the name you've assigned
6670to it.
6671
54310121 6672=over 4
6673
6674=item B<Parameters:>
6675
6676=item 1.
6677
6678The first argument (-name) is required and specifies the name of this
6679field.
6680
6681=item 2.
6682
6683The second argument (-src) is also required and specifies the URL
6684
6685=item 3.
6686The third option (-align, optional) is an alignment type, and may be
6687TOP, BOTTOM or MIDDLE
6688
6689=back
6690
6691Fetch the value of the button this way:
29ddc2a4
RGS		 6692 $x = param('button_name.x');
6693 $y = param('button_name.y');
54310121 6694
6695=head2 CREATING A JAVASCRIPT ACTION BUTTON
6696
29ddc2a4 6697 print button(-name=>'button_name',
54310121 6698 -value=>'user visible label',
6699 -onClick=>"do_something()");
6700
6701 -or-
6702
29ddc2a4 6703 print button('button_name',"do_something()");
54310121 6704
6705button() produces a button that is compatible with Netscape 2.0's
6706JavaScript. When it's pressed the fragment of JavaScript code
6707pointed to by the B<-onClick> parameter will be executed. On
6708non-Netscape browsers this form element will probably not even
6709display.
6710
71f3e297 6711=head1 HTTP COOKIES
54310121 6712
71f3e297
JH		 6713Netscape browsers versions 1.1 and higher, and all versions of
6714Internet Explorer, support a so-called "cookie" designed to help
6715maintain state within a browser session. CGI.pm has several methods
6716that support cookies.
54310121 6717
6718A cookie is a name=value pair much like the named parameters in a CGI
6719query string. CGI scripts create one or more cookies and send
6720them to the browser in the HTTP header. The browser maintains a list
6721of cookies that belong to a particular Web server, and returns them
6722to the CGI script during subsequent interactions.
6723
6724In addition to the required name=value pair, each cookie has several
6725optional attributes:
6726
6727=over 4
6728
6729=item 1. an expiration time
6730
6731This is a time/date string (in a special GMT format) that indicates
6732when a cookie expires. The cookie will be saved and returned to your
6733script until this expiration date is reached if the user exits
71f3e297
JH		 6734the browser and restarts it. If an expiration date isn't specified, the cookie
6735will remain active until the user quits the browser.
54310121 6736
6737=item 2. a domain
6738
6739This is a partial or complete domain name for which the cookie is
6740valid. The browser will return the cookie to any host that matches
6741the partial domain name. For example, if you specify a domain name
71f3e297 6742of ".capricorn.com", then the browser will return the cookie to
54310121 6743Web servers running on any of the machines "www.capricorn.com",
6744"www2.capricorn.com", "feckless.capricorn.com", etc. Domain names
6745must contain at least two periods to prevent attempts to match
6746on top level domains like ".edu". If no domain is specified, then
6747the browser will only return the cookie to servers on the host the
6748cookie originated from.
6749
6750=item 3. a path
6751
6752If you provide a cookie path attribute, the browser will check it
6753against your script's URL before returning the cookie. For example,
6754if you specify the path "/cgi-bin", then the cookie will be returned
6755to each of the scripts "/cgi-bin/tally.pl", "/cgi-bin/order.pl",
6756and "/cgi-bin/customer_service/complain.pl", but not to the script
6757"/cgi-private/site_admin.pl". By default, path is set to "/", which
6758causes the cookie to be sent to any CGI script on your site.
6759
6760=item 4. a "secure" flag
6761
6762If the "secure" attribute is set, the cookie will only be sent to your
6763script if the CGI request is occurring on a secure channel, such as SSL.
6764
6765=back
6766
71f3e297 6767The interface to HTTP cookies is the B<cookie()> method:
54310121 6768
29ddc2a4 6769 $cookie = cookie(-name=>'sessionID',
54310121 6770 -value=>'xyzzy',
6771 -expires=>'+1h',
6772 -path=>'/cgi-bin/database',
6773 -domain=>'.capricorn.org',
6774 -secure=>1);
29ddc2a4 6775 print header(-cookie=>$cookie);
54310121 6776
6777B<cookie()> creates a new cookie. Its parameters include:
6778
6779=over 4
6780
6781=item B<-name>
6782
6783The name of the cookie (required). This can be any string at all.
71f3e297 6784Although browsers limit their cookie names to non-whitespace
54310121 6785alphanumeric characters, CGI.pm removes this restriction by escaping
6786and unescaping cookies behind the scenes.
6787
6788=item B<-value>
6789
6790The value of the cookie. This can be any scalar value,
6791array reference, or even associative array reference. For example,
6792you can store an entire associative array into a cookie this way:
6793
29ddc2a4 6794 $cookie=cookie(-name=>'family information',
54310121 6795 -value=>\%childrens_ages);
6796
6797=item B<-path>
6798
6799The optional partial path for which this cookie will be valid, as described
6800above.
6801
6802=item B<-domain>
6803
6804The optional partial domain for which this cookie will be valid, as described
6805above.
6806
6807=item B<-expires>
6808
6809The optional expiration date for this cookie. The format is as described
6810in the section on the B<header()> method:
6811
6812 "+1h" one hour from now
6813
6814=item B<-secure>
6815
6816If set to true, this cookie will only be used within a secure
6817SSL session.
6818
6819=back
6820
6821The cookie created by cookie() must be incorporated into the HTTP
6822header within the string returned by the header() method:
6823
0664a57d 6824 use CGI ':standard';
29ddc2a4 6825 print header(-cookie=>$my_cookie);
54310121 6826
6827To create multiple cookies, give header() an array reference:
6828
29ddc2a4 6829 $cookie1 = cookie(-name=>'riddle_name',
54310121 6830 -value=>"The Sphynx's Question");
29ddc2a4 6831 $cookie2 = cookie(-name=>'answers',
54310121 6832 -value=>\%answers);
29ddc2a4 6833 print header(-cookie=>[$cookie1,$cookie2]);
54310121 6834
03b9648d 6835To retrieve a cookie, request it by name by calling cookie() method
0664a57d
SP		 6836without the B<-value> parameter. This example uses the object-oriented
6837form:
54310121 6838
6839 use CGI;
6840 $query = new CGI;
0664a57d
SP		 6841 $riddle = $query->cookie('riddle_name');
6842 %answers = $query->cookie('answers');
03b9648d
JH		 6843
6844Cookies created with a single scalar value, such as the "riddle_name"
6845cookie, will be returned in that form. Cookies with array and hash
6846values can also be retrieved.
54310121 6847
6848The cookie and CGI namespaces are separate. If you have a parameter
6849named 'answers' and a cookie named 'answers', the values retrieved by
6850param() and cookie() are independent of each other. However, it's
6851simple to turn a CGI parameter into a cookie, and vice-versa:
6852
6853 # turn a CGI parameter into a cookie
29ddc2a4 6854 $c=cookie(-name=>'answers',-value=>[param('answers')]);
54310121 6855 # vice-versa
29ddc2a4 6856 param(-name=>'answers',-value=>[cookie('answers')]);
54310121 6857
55b5d700
SP		 6858If you call cookie() without any parameters, it will return a list of
6859the names of all cookies passed to your script:
6860
6861 @cookies = cookie();
6862
54310121 6863See the B<cookie.cgi> example script for some ideas on how to use
6864cookies effectively.
6865
71f3e297 6866=head1 WORKING WITH FRAMES
54310121 6867
71f3e297
JH		 6868It's possible for CGI.pm scripts to write into several browser panels
6869and windows using the HTML 4 frame mechanism. There are three
6870techniques for defining new frames programmatically:
54310121 6871
6872=over 4
6873
6874=item 1. Create a <Frameset> document
6875
6876After writing out the HTTP header, instead of creating a standard
3acbd4f5 6877HTML document using the start_html() call, create a <frameset>
54310121 6878document that defines the frames on the page. Specify your script(s)
6879(with appropriate parameters) as the SRC for each of the frames.
6880
3acbd4f5 6881There is no specific support for creating <frameset> sections
54310121 6882in CGI.pm, but the HTML is very simple to write. See the frame
6883documentation in Netscape's home pages for details
6884
0664a57d 6885 http://wp.netscape.com/assist/net_sites/frames.html
54310121 6886
6887=item 2. Specify the destination for the document in the HTTP header
6888
6889You may provide a B<-target> parameter to the header() method:
3cb6de81 6890
29ddc2a4 6891 print header(-target=>'ResultsWindow');
54310121 6892
71f3e297
JH		 6893This will tell the browser to load the output of your script into the
6894frame named "ResultsWindow". If a frame of that name doesn't already
6895exist, the browser will pop up a new window and load your script's
6896document into that. There are a number of magic names that you can
6897use for targets. See the frame documents on Netscape's home pages for
6898details.
54310121 6899
3acbd4f5 6900=item 3. Specify the destination for the document in the <form> tag
54310121 6901
6902You can specify the frame to load in the FORM tag itself. With
6903CGI.pm it looks like this:
6904
29ddc2a4 6905 print start_form(-target=>'ResultsWindow');
54310121 6906
6907When your script is reinvoked by the form, its output will be loaded
6908into the frame named "ResultsWindow". If one doesn't already exist
6909a new window will be created.
6910
6911=back
6912
6913The script "frameset.cgi" in the examples directory shows one way to
6914create pages in which the fill-out form and the response live in
6915side-by-side frames.
6916
29ddc2a4
RGS		 6917=head1 SUPPORT FOR JAVASCRIPT
6918
6919Netscape versions 2.0 and higher incorporate an interpreted language
6920called JavaScript. Internet Explorer, 3.0 and higher, supports a
6921closely-related dialect called JScript. JavaScript isn't the same as
6922Java, and certainly isn't at all the same as Perl, which is a great
3c4b39be 6923pity. JavaScript allows you to programmatically change the contents of
29ddc2a4
RGS		 6924fill-out forms, create new windows, and pop up dialog box from within
6925Netscape itself. From the point of view of CGI scripting, JavaScript
6926is quite useful for validating fill-out forms prior to submitting
6927them.
6928
6929You'll need to know JavaScript in order to use it. There are many good
6930sources in bookstores and on the web.
6931
6932The usual way to use JavaScript is to define a set of functions in a
6933<SCRIPT> block inside the HTML header and then to register event
6934handlers in the various elements of the page. Events include such
6935things as the mouse passing over a form element, a button being
6936clicked, the contents of a text field changing, or a form being
6937submitted. When an event occurs that involves an element that has
6938registered an event handler, its associated JavaScript code gets
6939called.
6940
6941The elements that can register event handlers include the <BODY> of an
6942HTML document, hypertext links, all the various elements of a fill-out
6943form, and the form itself. There are a large number of events, and
6944each applies only to the elements for which it is relevant. Here is a
6945partial list:
6946
6947=over 4
6948
6949=item B<onLoad>
6950
6951The browser is loading the current document. Valid in:
6952
6953 + The HTML <BODY> section only.
6954
6955=item B<onUnload>
6956
6957The browser is closing the current page or frame. Valid for:
6958
6959 + The HTML <BODY> section only.
6960
6961=item B<onSubmit>
6962
6963The user has pressed the submit button of a form. This event happens
6964just before the form is submitted, and your function can return a
6965value of false in order to abort the submission. Valid for:
6966
6967 + Forms only.
6968
6969=item B<onClick>
6970
6971The mouse has clicked on an item in a fill-out form. Valid for:
6972
6973 + Buttons (including submit, reset, and image buttons)
6974 + Checkboxes
6975 + Radio buttons
6976
6977=item B<onChange>
6978
6979The user has changed the contents of a field. Valid for:
6980
6981 + Text fields
6982 + Text areas
6983 + Password fields
6984 + File fields
6985 + Popup Menus
6986 + Scrolling lists
6987
6988=item B<onFocus>
6989
6990The user has selected a field to work with. Valid for:
6991
6992 + Text fields
6993 + Text areas
6994 + Password fields
6995 + File fields
6996 + Popup Menus
6997 + Scrolling lists
6998
6999=item B<onBlur>
7000
7001The user has deselected a field (gone to work somewhere else). Valid
7002for:
7003
7004 + Text fields
7005 + Text areas
7006 + Password fields
7007 + File fields
7008 + Popup Menus
7009 + Scrolling lists
7010
7011=item B<onSelect>
7012
7013The user has changed the part of a text field that is selected. Valid
7014for:
7015
7016 + Text fields
7017 + Text areas
7018 + Password fields
7019 + File fields
7020
7021=item B<onMouseOver>
7022
7023The mouse has moved over an element.
7024
7025 + Text fields
7026 + Text areas
7027 + Password fields
7028 + File fields
7029 + Popup Menus
7030 + Scrolling lists
7031
7032=item B<onMouseOut>
7033
7034The mouse has moved off an element.
7035
7036 + Text fields
7037 + Text areas
7038 + Password fields
7039 + File fields
7040 + Popup Menus
7041 + Scrolling lists
7042
7043=back
7044
7045In order to register a JavaScript event handler with an HTML element,
7046just use the event name as a parameter when you call the corresponding
7047CGI method. For example, to have your validateAge() JavaScript code
7048executed every time the textfield named "age" changes, generate the
7049field like this:
7050
7051 print textfield(-name=>'age',-onChange=>"validateAge(this)");
7052
7053This example assumes that you've already declared the validateAge()
7054function by incorporating it into a <SCRIPT> block. The CGI.pm
7055start_html() method provides a convenient way to create this section.
7056
7057Similarly, you can create a form that checks itself over for
7058consistency and alerts the user if some essential value is missing by
7059creating it this way:
7060 print startform(-onSubmit=>"validateMe(this)");
7061
7062See the javascript.cgi script for a demonstration of how this all
7063works.
7064
7065
7d37aa8e
LS		 7066=head1 LIMITED SUPPORT FOR CASCADING STYLE SHEETS
7067
7068CGI.pm has limited support for HTML3's cascading style sheets (css).
7069To incorporate a stylesheet into your document, pass the
7070start_html() method a B<-style> parameter. The value of this
2ed511ec
RGS		 7071parameter may be a scalar, in which case it is treated as the source
7072URL for the stylesheet, or it may be a hash reference. In the latter
7d37aa8e
LS		 7073case you should provide the hash with one or more of B<-src> or
7074B<-code>. B<-src> points to a URL where an externally-defined
7075stylesheet can be found. B<-code> points to a scalar value to be
3acbd4f5 7076incorporated into a <style> section. Style definitions in B<-code>
7d37aa8e
LS		 7077override similarly-named ones in B<-src>, hence the name "cascading."
7078
424ec8fa
GS		 7079You may also specify the type of the stylesheet by adding the optional
7080B<-type> parameter to the hash pointed to by B<-style>. If not
7081specified, the style defaults to 'text/css'.
7082
7d37aa8e
LS		 7083To refer to a style within the body of your document, add the
7084B<-class> parameter to any HTML element:
7085
7086 print h1({-class=>'Fancy'},'Welcome to the Party');
7087
7088Or define styles on the fly with the B<-style> parameter:
7089
7090 print h1({-style=>'Color: red;'},'Welcome to Hell');
7091
7092You may also use the new B<span()> element to apply a style to a
7093section of text:
7094
7095 print span({-style=>'Color: red;'},
7096 h1('Welcome to Hell'),
7097 "Where did that handbasket get to?"
7098 );
7099
7100Note that you must import the ":html3" definitions to have the
7101B<span()> method available. Here's a quick and dirty example of using
7102CSS's. See the CSS specification at
7103http://www.w3.org/pub/WWW/TR/Wd-css-1.html for more information.
7104
7105 use CGI qw/:standard :html3/;
7106
7107 #here's a stylesheet incorporated directly into the page
7108 $newStyle=<<END;
7109 <!--
7110 P.Tip {
7111 margin-right: 50pt;
7112 margin-left: 50pt;
7113 color: red;
7114 }
7115 P.Alert {
7116 font-size: 30pt;
7117 font-family: sans-serif;
7118 color: red;
7119 }
7120 -->
7121 END
7122 print header();
7123 print start_html( -title=>'CGI with Style',
7124 -style=>{-src=>'http://www.capricorn.com/style/st1.css',
7125 -code=>$newStyle}
7126 );
7127 print h1('CGI with Style'),
7128 p({-class=>'Tip'},
7129 "Better read the cascading style sheet spec before playing with this!"),
7130 span({-style=>'color: magenta'},
7131 "Look Mom, no hands!",
7132 p(),
7133 "Whooo wee!"
7134 );
7135 print end_html;
7136
13548fdf
RGS		 7137Pass an array reference to B<-code> or B<-src> in order to incorporate
7138multiple stylesheets into your document.
6b4ac661 7139
8f3ccfa2
JH		 7140Should you wish to incorporate a verbatim stylesheet that includes
7141arbitrary formatting in the header, you may pass a -verbatim tag to
7142the -style hash, as follows:
7143
8869a4b7
SP		 7144print start_html (-style => {-verbatim => '@import url("/server-common/css/'.$cssFile.'");',
7145 -src => '/server-common/css/core.css'});
8f3ccfa2
JH		 7146
7147
7148This will generate an HTML header that contains this:
7149
7150 <link rel="stylesheet" type="text/css" href="/server-common/css/core.css">
7151 <style type="text/css">
7152 @import url("/server-common/css/main.css");
7153 </style>
7154
1c87da1d
JH		 7155Any additional arguments passed in the -style value will be
7156incorporated into the <link> tag. For example:
7157
7158 start_html(-style=>{-src=>['/styles/print.css','/styles/layout.css'],
7159 -media => 'all'});
7160
7161This will give:
7162
7163 <link rel="stylesheet" type="text/css" href="/styles/print.css" media="all"/>
7164 <link rel="stylesheet" type="text/css" href="/styles/layout.css" media="all"/>
7165
7166<p>
7167
7168To make more complicated <link> tags, use the Link() function
7169and pass it to start_html() in the -head argument, as in:
7170
7171 @h = (Link({-rel=>'stylesheet',-type=>'text/css',-src=>'/ss/ss.css',-media=>'all'}),
7172 Link({-rel=>'stylesheet',-type=>'text/css',-src=>'/ss/fred.css',-media=>'paper'}));
7173 print start_html({-head=>\@h})
7174
0664a57d
SP		 7175To create primary and "alternate" stylesheet, use the B<-alternate> option:
7176
7177 start_html(-style=>{-src=>[
7178 {-src=>'/styles/print.css'},
7179 {-src=>'/styles/alt.css',-alternate=>1}
7180 ]
7181 });
7182
54310121 7183=head1 DEBUGGING
7184
3d1a2ec4
GS		 7185If you are running the script from the command line or in the perl
7186debugger, you can pass the script a list of keywords or
7187parameter=value pairs on the command line or from standard input (you
7188don't have to worry about tricking your script into reading from
7189environment variables). You can pass keywords like this:
54310121 7190
7191 your_script.pl keyword1 keyword2 keyword3
7192
7193or this:
7194
7195 your_script.pl keyword1+keyword2+keyword3
7196
7197or this:
7198
7199 your_script.pl name1=value1 name2=value2
7200
7201or this:
7202
7203 your_script.pl name1=value1&name2=value2
7204
3d1a2ec4
GS		 7205To turn off this feature, use the -no_debug pragma.
7206
7207To test the POST method, you may enable full debugging with the -debug
7208pragma. This will allow you to feed newline-delimited name=value
7209pairs to the script on standard input.
54310121 7210
7211When debugging, you can use quotes and backslashes to escape
7212characters in the familiar shell manner, letting you place
7213spaces and other funny characters in your parameter=value
7214pairs:
7215
7216 your_script.pl "name1='I am a long value'" "name2=two\ words"
7217
2ed511ec
RGS		 7218Finally, you can set the path info for the script by prefixing the first
7219name/value parameter with the path followed by a question mark (?):
7220
7221 your_script.pl /your/path/here?name1=value1&name2=value2
7222
54310121 7223=head2 DUMPING OUT ALL THE NAME/VALUE PAIRS
7224
3d1a2ec4 7225The Dump() method produces a string consisting of all the query's
54310121 7226name/value pairs formatted nicely as a nested list. This is useful
7227for debugging purposes:
7228
29ddc2a4 7229 print Dump
3cb6de81 7230
54310121 7231
7232Produces something that looks like:
7233
3acbd4f5
JH		 7234 <ul>
7235 <li>name1
7236 <ul>
7237 <li>value1
7238 <li>value2
7239 </ul>
7240 <li>name2
7241 <ul>
7242 <li>value1
7243 </ul>
7244 </ul>
54310121 7245
71f3e297
JH		 7246As a shortcut, you can interpolate the entire CGI object into a string
7247and it will be replaced with the a nice HTML dump shown above:
54310121 7248
7249 $query=new CGI;
3acbd4f5 7250 print "<h2>Current Values</h2> $query\n";
54310121 7251
7252=head1 FETCHING ENVIRONMENT VARIABLES
7253
7254Some of the more useful environment variables can be fetched
7255through this interface. The methods are as follows:
7256
7257=over 4
7258
71f3e297
JH		 7259=item B<Accept()>
7260
7261Return a list of MIME types that the remote browser accepts. If you
7262give this method a single argument corresponding to a MIME type, as in
29ddc2a4 7263Accept('text/html'), it will return a floating point value
71f3e297
JH		 7264corresponding to the browser's preference for this type from 0.0
7265(don't want) to 1.0. Glob types (e.g. text/*) in the browser's accept
7266list are handled correctly.
54310121 7267
71f3e297
JH		 7268Note that the capitalization changed between version 2.43 and 2.44 in
7269order to avoid conflict with Perl's accept() function.
54310121 7270
7271=item B<raw_cookie()>
7272
424ec8fa 7273Returns the HTTP_COOKIE variable, an HTTP extension implemented by
71f3e297
JH		 7274Netscape browsers version 1.1 and higher, and all versions of Internet
7275Explorer. Cookies have a special format, and this method call just
7276returns the raw form (?cookie dough). See cookie() for ways of
7277setting and retrieving cooked cookies.
424ec8fa
GS		 7278
7279Called with no parameters, raw_cookie() returns the packed cookie
7280structure. You can separate it into individual cookies by splitting
7281on the character sequence "; ". Called with the name of a cookie,
7282retrieves the B<unescaped> form of the cookie. You can use the
7283regular cookie() method to get the names, or use the raw_fetch()
7284method from the CGI::Cookie module.
54310121 7285
7286=item B<user_agent()>
7287
7288Returns the HTTP_USER_AGENT variable. If you give
7289this method a single argument, it will attempt to
7290pattern match on it, allowing you to do something
29ddc2a4 7291like user_agent(netscape);
54310121 7292
7293=item B<path_info()>
7294
7295Returns additional path information from the script URL.
6b4ac661 7296E.G. fetching /cgi-bin/your_script/additional/stuff will result in
29ddc2a4 7297path_info() returning "/additional/stuff".
54310121 7298
7299NOTE: The Microsoft Internet Information Server
7300is broken with respect to additional path information. If
7301you use the Perl DLL library, the IIS server will attempt to
7302execute the additional path information as a Perl script.
7303If you use the ordinary file associations mapping, the
7304path information will be present in the environment,
7305but incorrect. The best thing to do is to avoid using additional
7306path information in CGI scripts destined for use with IIS.
7307
7308=item B<path_translated()>
7309
7310As per path_info() but returns the additional
7311path information translated into a physical path, e.g.
7312"/usr/local/etc/httpd/htdocs/additional/stuff".
7313
7314The Microsoft IIS is broken with respect to the translated
7315path as well.
7316
7317=item B<remote_host()>
7318
7319Returns either the remote host name or IP address.
7320if the former is unavailable.
7321
7322=item B<script_name()>
7323Return the script name as a partial URL, for self-refering
7324scripts.
7325
7326=item B<referer()>
7327
7328Return the URL of the page the browser was viewing
7329prior to fetching your script. Not available for all
7330browsers.
7331
7332=item B<auth_type ()>
7333
7334Return the authorization/verification method in use for this
7335script, if any.
7336
7337=item B<server_name ()>
7338
7339Returns the name of the server, usually the machine's host
7340name.
7341
7342=item B<virtual_host ()>
7343
7344When using virtual hosts, returns the name of the host that
7345the browser attempted to contact
7346
03b9648d
JH		 7347=item B<server_port ()>
7348
7349Return the port that the server is listening on.
7350
2ed511ec
RGS		 7351=item B<virtual_port ()>
7352
7353Like server_port() except that it takes virtual hosts into account.
7354Use this when running with virtual hosts.
7355
54310121 7356=item B<server_software ()>
7357
7358Returns the server software and version number.
7359
7360=item B<remote_user ()>
7361
7362Return the authorization/verification name used for user
7363verification, if this script is protected.
7364
7365=item B<user_name ()>
7366
71f3e297
JH		 7367Attempt to obtain the remote user's name, using a variety of different
7368techniques. This only works with older browsers such as Mosaic.
7369Newer browsers do not report the user name for privacy reasons!
54310121 7370
7371=item B<request_method()>
7372
7373Returns the method used to access your script, usually
7374one of 'POST', 'GET' or 'HEAD'.
7375
3538e1d5
GS		 7376=item B<content_type()>
7377
7378Returns the content_type of data submitted in a POST, generally
7379multipart/form-data or application/x-www-form-urlencoded
7380
7381=item B<http()>
7382
7383Called with no arguments returns the list of HTTP environment
7384variables, including such things as HTTP_USER_AGENT,
7385HTTP_ACCEPT_LANGUAGE, and HTTP_ACCEPT_CHARSET, corresponding to the
7386like-named HTTP header fields in the request. Called with the name of
7387an HTTP header field, returns its value. Capitalization and the use
7388of hyphens versus underscores are not significant.
7389
7390For example, all three of these examples are equivalent:
7391
29ddc2a4
RGS		 7392 $requested_language = http('Accept-language');
7393 $requested_language = http('Accept_language');
7394 $requested_language = http('HTTP_ACCEPT_LANGUAGE');
3538e1d5
GS		 7395
7396=item B<https()>
7397
7398The same as I<http()>, but operates on the HTTPS environment variables
7399present when the SSL protocol is in effect. Can be used to determine
7400whether SSL is turned on.
7401
54310121 7402=back
7403
424ec8fa 7404=head1 USING NPH SCRIPTS
54310121 7405
424ec8fa
GS		 7406NPH, or "no-parsed-header", scripts bypass the server completely by
7407sending the complete HTTP header directly to the browser. This has
7408slight performance benefits, but is of most use for taking advantage
7409of HTTP extensions that are not directly supported by your server,
7410such as server push and PICS headers.
54310121 7411
424ec8fa
GS		 7412Servers use a variety of conventions for designating CGI scripts as
7413NPH. Many Unix servers look at the beginning of the script's name for
7414the prefix "nph-". The Macintosh WebSTAR server and Microsoft's
7415Internet Information Server, in contrast, try to decide whether a
7416program is an NPH script by examining the first line of script output.
54310121 7417
54310121 7418
424ec8fa
GS		 7419CGI.pm supports NPH scripts with a special NPH mode. When in this
7420mode, CGI.pm will output the necessary extra header information when
7421the header() and redirect() methods are
7422called.
54310121 7423
69c89ae7
JH		 7424The Microsoft Internet Information Server requires NPH mode. As of
7425version 2.30, CGI.pm will automatically detect when the script is
7426running under IIS and put itself into this mode. You do not need to
7427do this manually, although it won't hurt anything if you do. However,
7428note that if you have applied Service Pack 6, much of the
7429functionality of NPH scripts, including the ability to redirect while
7430setting a cookie, b<do not work at all> on IIS without a special patch
7431from Microsoft. See
7432http://support.microsoft.com/support/kb/articles/Q280/3/41.ASP:
7433Non-Parsed Headers Stripped From CGI Applications That Have nph-
7434Prefix in Name.
54310121 7435
424ec8fa 7436=over 4
54310121 7437
424ec8fa 7438=item In the B<use> statement
54310121 7439
424ec8fa
GS		 7440Simply add the "-nph" pragmato the list of symbols to be imported into
7441your script:
54310121 7442
424ec8fa 7443 use CGI qw(:standard -nph)
54310121 7444
424ec8fa 7445=item By calling the B<nph()> method:
54310121 7446
424ec8fa 7447Call B<nph()> with a non-zero parameter at any point after using CGI.pm in your program.
54310121 7448
424ec8fa 7449 CGI->nph(1)
54310121 7450
551e1d92
RB		 7451=item By using B<-nph> parameters
7452
7453in the B<header()> and B<redirect()> statements:
54310121 7454
29ddc2a4 7455 print header(-nph=>1);
54310121 7456
424ec8fa 7457=back
54310121 7458
424ec8fa
GS		 7459=head1 Server Push
7460
ba056755 7461CGI.pm provides four simple functions for producing multipart
424ec8fa
GS		 7462documents of the type needed to implement server push. These
7463functions were graciously provided by Ed Jordan <ed@fidalgo.net>. To
7464import these into your namespace, you must import the ":push" set.
7465You are also advised to put the script into NPH mode and to set $| to
74661 to avoid buffering problems.
7467
7468Here is a simple script that demonstrates server push:
7469
7470 #!/usr/local/bin/perl
7471 use CGI qw/:push -nph/;
7472 $| = 1;
ba056755
JH		 7473 print multipart_init(-boundary=>'----here we go!');
7474 foreach (0 .. 4) {
424ec8fa 7475 print multipart_start(-type=>'text/plain'),
ba056755
JH		 7476 "The current time is ",scalar(localtime),"\n";
7477 if ($_ < 4) {
7478 print multipart_end;
7479 } else {
7480 print multipart_final;
7481 }
424ec8fa
GS		 7482 sleep 1;
7483 }
54310121 7484
424ec8fa 7485This script initializes server push by calling B<multipart_init()>.
ba056755
JH		 7486It then enters a loop in which it begins a new multipart section by
7487calling B<multipart_start()>, prints the current local time,
424ec8fa 7488and ends a multipart section with B<multipart_end()>. It then sleeps
ba056755
JH		 7489a second, and begins again. On the final iteration, it ends the
7490multipart section with B<multipart_final()> rather than with
7491B<multipart_end()>.
54310121 7492
424ec8fa 7493=over 4
54310121 7494
424ec8fa 7495=item multipart_init()
3cb6de81 7496
424ec8fa 7497 multipart_init(-boundary=>$boundary);
54310121 7498
424ec8fa
GS		 7499Initialize the multipart system. The -boundary argument specifies
7500what MIME boundary string to use to separate parts of the document.
7501If not provided, CGI.pm chooses a reasonable boundary for you.
54310121 7502
424ec8fa 7503=item multipart_start()
54310121 7504
424ec8fa 7505 multipart_start(-type=>$type)
54310121 7506
424ec8fa
GS		 7507Start a new part of the multipart document using the specified MIME
7508type. If not specified, text/html is assumed.
54310121 7509
424ec8fa 7510=item multipart_end()
54310121 7511
424ec8fa 7512 multipart_end()
54310121 7513
424ec8fa 7514End a part. You must remember to call multipart_end() once for each
ba056755
JH		 7515multipart_start(), except at the end of the last part of the multipart
7516document when multipart_final() should be called instead of multipart_end().
7517
7518=item multipart_final()
7519
7520 multipart_final()
7521
7522End all parts. You should call multipart_final() rather than
7523multipart_end() at the end of the last part of the multipart document.
54310121 7524
424ec8fa 7525=back
54310121 7526
424ec8fa
GS		 7527Users interested in server push applications should also have a look
7528at the CGI::Push module.
54310121 7529
ba056755
JH		 7530Only Netscape Navigator supports server push. Internet Explorer
7531browsers do not.
7532
424ec8fa 7533=head1 Avoiding Denial of Service Attacks
54310121 7534
424ec8fa
GS		 7535A potential problem with CGI.pm is that, by default, it attempts to
7536process form POSTings no matter how large they are. A wily hacker
7537could attack your site by sending a CGI script a huge POST of many
7538megabytes. CGI.pm will attempt to read the entire POST into a
7539variable, growing hugely in size until it runs out of memory. While
7540the script attempts to allocate the memory the system may slow down
7541dramatically. This is a form of denial of service attack.
54310121 7542
424ec8fa
GS		 7543Another possible attack is for the remote user to force CGI.pm to
7544accept a huge file upload. CGI.pm will accept the upload and store it
7545in a temporary directory even if your script doesn't expect to receive
7546an uploaded file. CGI.pm will delete the file automatically when it
7547terminates, but in the meantime the remote user may have filled up the
7548server's disk space, causing problems for other programs.
54310121 7549
424ec8fa
GS		 7550The best way to avoid denial of service attacks is to limit the amount
7551of memory, CPU time and disk space that CGI scripts can use. Some Web
7552servers come with built-in facilities to accomplish this. In other
7553cases, you can use the shell I<limit> or I<ulimit>
7554commands to put ceilings on CGI resource usage.
54310121 7555
54310121 7556
424ec8fa
GS		 7557CGI.pm also has some simple built-in protections against denial of
7558service attacks, but you must activate them before you can use them.
7559These take the form of two global variables in the CGI name space:
54310121 7560
424ec8fa 7561=over 4
54310121 7562
424ec8fa 7563=item B<$CGI::POST_MAX>
54310121 7564
424ec8fa
GS		 7565If set to a non-negative integer, this variable puts a ceiling
7566on the size of POSTings, in bytes. If CGI.pm detects a POST
7567that is greater than the ceiling, it will immediately exit with an error
7568message. This value will affect both ordinary POSTs and
7569multipart POSTs, meaning that it limits the maximum size of file
7570uploads as well. You should set this to a reasonably high
7571value, such as 1 megabyte.
54310121 7572
424ec8fa 7573=item B<$CGI::DISABLE_UPLOADS>
54310121 7574
424ec8fa
GS		 7575If set to a non-zero value, this will disable file uploads
7576completely. Other fill-out form values will work as usual.
54310121 7577
7578=back
7579
424ec8fa 7580You can use these variables in either of two ways.
54310121 7581
424ec8fa 7582=over 4
54310121 7583
424ec8fa 7584=item B<1. On a script-by-script basis>
54310121 7585
424ec8fa 7586Set the variable at the top of the script, right after the "use" statement:
54310121 7587
424ec8fa
GS		 7588 use CGI qw/:standard/;
7589 use CGI::Carp 'fatalsToBrowser';
7590 $CGI::POST_MAX=1024 * 100; # max 100K posts
7591 $CGI::DISABLE_UPLOADS = 1; # no uploads
54310121 7592
424ec8fa 7593=item B<2. Globally for all scripts>
54310121 7594
424ec8fa
GS		 7595Open up CGI.pm, find the definitions for $POST_MAX and
7596$DISABLE_UPLOADS, and set them to the desired values. You'll
7597find them towards the top of the file in a subroutine named
7598initialize_globals().
54310121 7599
424ec8fa 7600=back
54310121 7601
3538e1d5
GS		 7602An attempt to send a POST larger than $POST_MAX bytes will cause
7603I<param()> to return an empty CGI parameter list. You can test for
7604this event by checking I<cgi_error()>, either after you create the CGI
7605object or, if you are using the function-oriented interface, call
7606<param()> for the first time. If the POST was intercepted, then
7607cgi_error() will return the message "413 POST too large".
7608
7609This error message is actually defined by the HTTP protocol, and is
7610designed to be returned to the browser as the CGI script's status
7611 code. For example:
7612
7613 $uploaded_file = param('upload');
7614 if (!$uploaded_file && cgi_error()) {
7615 print header(-status=>cgi_error());
7616 exit 0;
7617 }
7618
7619However it isn't clear that any browser currently knows what to do
7620with this status code. It might be better just to create an
7621HTML page that warns the user of the problem.
54310121 7622
424ec8fa 7623=head1 COMPATIBILITY WITH CGI-LIB.PL
54310121 7624
3538e1d5
GS		 7625To make it easier to port existing programs that use cgi-lib.pl the
7626compatibility routine "ReadParse" is provided. Porting is simple:
54310121 7627
424ec8fa
GS		 7628OLD VERSION
7629 require "cgi-lib.pl";
7630 &ReadParse;
7631 print "The value of the antique is $in{antique}.\n";
54310121 7632
424ec8fa
GS		 7633NEW VERSION
7634 use CGI;
5158e96b 7635 CGI::ReadParse();
424ec8fa 7636 print "The value of the antique is $in{antique}.\n";
54310121 7637
424ec8fa
GS		 7638CGI.pm's ReadParse() routine creates a tied variable named %in,
7639which can be accessed to obtain the query variables. Like
7640ReadParse, you can also provide your own variable. Infrequently
7641used features of ReadParse, such as the creation of @in and $in
7642variables, are not supported.
54310121 7643
424ec8fa
GS		 7644Once you use ReadParse, you can retrieve the query object itself
7645this way:
54310121 7646
424ec8fa 7647 $q = $in{CGI};
29ddc2a4 7648 print textfield(-name=>'wow',
424ec8fa 7649 -value=>'does this really work?');
54310121 7650
424ec8fa
GS		 7651This allows you to start using the more interesting features
7652of CGI.pm without rewriting your old scripts from scratch.
54310121 7653
7654=head1 AUTHOR INFORMATION
7655
71f3e297
JH		 7656Copyright 1995-1998, Lincoln D. Stein. All rights reserved.
7657
7658This library is free software; you can redistribute it and/or modify
7659it under the same terms as Perl itself.
54310121 7660
71f3e297
JH		 7661Address bug reports and comments to: lstein@cshl.org. When sending
7662bug reports, please provide the version of CGI.pm, the version of
7663Perl, the name and version of your Web server, and the name and
7664version of the operating system you are using. If the problem is even
7665remotely browser dependent, please provide information about the
7666affected browers as well.
54310121 7667
7668=head1 CREDITS
7669
7670Thanks very much to:
7671
7672=over 4
7673
7674=item Matt Heffron (heffron@falstaff.css.beckman.com)
7675
7676=item James Taylor (james.taylor@srs.gov)
7677
7678=item Scott Anguish <sanguish@digifix.com>
7679
7680=item Mike Jewell (mlj3u@virginia.edu)
7681
7682=item Timothy Shimmin (tes@kbs.citri.edu.au)
7683
7684=item Joergen Haegg (jh@axis.se)
7685
71f3e297 7686=item Laurent Delfosse (delfosse@delfosse.com)
54310121 7687
7688=item Richard Resnick (applepi1@aol.com)
7689
7690=item Craig Bishop (csb@barwonwater.vic.gov.au)
7691
7692=item Tony Curtis (tc@vcpc.univie.ac.at)
7693
7694=item Tim Bunce (Tim.Bunce@ig.co.uk)
7695
7696=item Tom Christiansen (tchrist@convex.com)
7697
7698=item Andreas Koenig (k@franz.ww.TU-Berlin.DE)
7699
7700=item Tim MacKenzie (Tim.MacKenzie@fulcrum.com.au)
7701
7702=item Kevin B. Hendricks (kbhend@dogwood.tyler.wm.edu)
7703
7704=item Stephen Dahmen (joyfire@inxpress.net)
7705
7706=item Ed Jordan (ed@fidalgo.net)
7707
7708=item David Alan Pisoni (david@cnation.com)
7709
424ec8fa
GS		 7710=item Doug MacEachern (dougm@opengroup.org)
7711
7712=item Robin Houston (robin@oneworld.org)
7713
54310121 7714=item ...and many many more...
7715
7716for suggestions and bug fixes.
7717
7718=back
7719
7720=head1 A COMPLETE EXAMPLE OF A SIMPLE FORM-BASED SCRIPT
7721
7722
7723 #!/usr/local/bin/perl
3cb6de81 7724
29ddc2a4 7725 use CGI ':standard';
3cb6de81 7726
29ddc2a4
RGS		 7727 print header;
7728 print start_html("Example CGI.pm Form");
3acbd4f5 7729 print "<h1> Example CGI.pm Form</h1>\n";
29ddc2a4
RGS		 7730 print_prompt();
7731 do_work();
7732 print_tail();
7733 print end_html;
3cb6de81 7734
54310121 7735 sub print_prompt {
29ddc2a4 7736 print start_form;
3acbd4f5 7737 print "<em>What's your name?</em><br>";
29ddc2a4
RGS		 7738 print textfield('name');
7739 print checkbox('Not my real name');
3cb6de81 7740
3acbd4f5 7741 print "<p><em>Where can you find English Sparrows?</em><br>";
29ddc2a4 7742 print checkbox_group(
54310121 7743 -name=>'Sparrow locations',
7744 -values=>[England,France,Spain,Asia,Hoboken],
7745 -linebreak=>'yes',
7746 -defaults=>[England,Asia]);
3cb6de81 7747
3acbd4f5 7748 print "<p><em>How far can they fly?</em><br>",
29ddc2a4 7749 radio_group(
54310121 7750 -name=>'how far',
7751 -values=>['10 ft','1 mile','10 miles','real far'],
7752 -default=>'1 mile');
3cb6de81 7753
3acbd4f5 7754 print "<p><em>What's your favorite color?</em> ";
29ddc2a4 7755 print popup_menu(-name=>'Color',
54310121 7756 -values=>['black','brown','red','yellow'],
7757 -default=>'red');
3cb6de81 7758
29ddc2a4 7759 print hidden('Reference','Monty Python and the Holy Grail');
3cb6de81 7760
3acbd4f5 7761 print "<p><em>What have you got there?</em><br>";
29ddc2a4 7762 print scrolling_list(
54310121 7763 -name=>'possessions',
7764 -values=>['A Coconut','A Grail','An Icon',
7765 'A Sword','A Ticket'],
7766 -size=>5,
7767 -multiple=>'true');
3cb6de81 7768
3acbd4f5 7769 print "<p><em>Any parting comments?</em><br>";
29ddc2a4 7770 print textarea(-name=>'Comments',
54310121 7771 -rows=>10,
7772 -columns=>50);
3cb6de81 7773
29ddc2a4
RGS		 7774 print "<p>",reset;
7775 print submit('Action','Shout');
7776 print submit('Action','Scream');
7777 print endform;
3acbd4f5 7778 print "<hr>\n";
54310121 7779 }
3cb6de81 7780
54310121 7781 sub do_work {
54310121 7782 my(@values,$key);
7783
3acbd4f5 7784 print "<h2>Here are the current settings in this form</h2>";
54310121 7785
29ddc2a4 7786 foreach $key (param) {
3acbd4f5 7787 print "<strong>$key</strong> -> ";
29ddc2a4 7788 @values = param($key);
3acbd4f5 7789 print join(", ",@values),"<br>\n";
54310121 7790 }
7791 }
3cb6de81 7792
54310121 7793 sub print_tail {
7794 print <<END;
3acbd4f5
JH		 7795 <hr>
7796 <address>Lincoln D. Stein</address><br>
7797 <a href="/">Home Page</a>
54310121 7798 END
7799 }
7800
7801=head1 BUGS
7802
188ba755 7803Please report them.
54310121 7804
7805=head1 SEE ALSO
7806
b2d0d414 7807L<CGI::Carp>, L<CGI::Fast>, L<CGI::Pretty>
54310121 7808
7809=cut
7810
Unnamed repository; edit this file 'description' to name the repository.