This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
oops, backout bogus change#3545
[perl5.git] / lib / CGI.pm
CommitLineData
54310121 1package CGI;
424ec8fa 2require 5.004;
54310121 3
4# See the bottom of this file for the POD documentation. Search for the
5# string '=head'.
6
7# You can run this file through either pod2man or pod2html to produce pretty
8# documentation in manual or html file format (these utilities are part of the
9# Perl 5 distribution).
10
424ec8fa 11# Copyright 1995-1998 Lincoln D. Stein. All rights reserved.
54310121 12# It may be used and modified freely, but I do request that this copyright
13# notice remain attached to the file. You may modify this module as you
14# wish, but if you redistribute a modified version, please attach a note
15# listing the modifications you have made.
16
17# The most recent version and complete docs are available at:
71f3e297 18# http://stein.cshl.org/WWW/software/CGI/
54310121 19
71f3e297
JH		 20$CGI::revision = '$Id: CGI.pm,v 1.5 1998/12/06 10:19:48 lstein Exp $';
21$CGI::VERSION='2.46';
54310121 22
23# HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
24# UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
25# $TempFile::TMPDIRECTORY = '/usr/tmp';
26
424ec8fa
GS		 27# >>>>> Here are some globals that you might want to adjust <<<<<<
28sub initialize_globals {
29 # Set this to 1 to enable copious autoloader debugging messages
30 $AUTOLOAD_DEBUG = 0;
31
32 # Change this to the preferred DTD to print in start_html()
33 # or use default_dtd('text of DTD to use');
34 $DEFAULT_DTD = '-//IETF//DTD HTML//EN';
35
36 # Set this to 1 to enable NPH scripts
37 # or:
38 # 1) use CGI qw(-nph)
39 # 2) $CGI::nph(1)
40 # 3) print header(-nph=>1)
41 $NPH = 0;
42
43 # Set this to 1 to disable debugging from the
44 # command line
45 $NO_DEBUG = 0;
46
47 # Set this to 1 to make the temporary files created
48 # during file uploads safe from prying eyes
49 # or do...
50 # 1) use CGI qw(:private_tempfiles)
51 # 2) $CGI::private_tempfiles(1);
52 $PRIVATE_TEMPFILES = 0;
53
54 # Set this to a positive value to limit the size of a POSTing
55 # to a certain number of bytes:
56 $POST_MAX = -1;
57
58 # Change this to 1 to disable uploads entirely:
59 $DISABLE_UPLOADS = 0;
60
71f3e297
JH		 61 # Change this to 1 to suppress redundant HTTP headers
62 $HEADERS_ONCE = 0;
63
64 # separate the name=value pairs by semicolons rather than ampersands
65 $USE_PARAM_SEMICOLONS = 0;
66
424ec8fa
GS		 67 # Other globals that you shouldn't worry about.
68 undef $Q;
69 $BEEN_THERE = 0;
70 undef @QUERY_PARAM;
71 undef %EXPORT;
72
73 # prevent complaints by mod_perl
74 1;
75}
76
54310121 77# ------------------ START OF THE LIBRARY ------------
78
424ec8fa
GS		 79# make mod_perlhappy
80initialize_globals();
81
54310121 82# FIGURE OUT THE OS WE'RE RUNNING UNDER
83# Some systems support the $^O variable. If not
84# available then require() the Config library
85unless ($OS) {
86 unless ($OS = $^O) {
87 require Config;
88 $OS = $Config::Config{'osname'};
89 }
90}
91if ($OS=~/Win/i) {
92 $OS = 'WINDOWS';
93} elsif ($OS=~/vms/i) {
94 $OS = 'VMS';
424ec8fa 95} elsif ($OS=~/^MacOS$/i) {
54310121 96 $OS = 'MACINTOSH';
97} elsif ($OS=~/os2/i) {
98 $OS = 'OS2';
99} else {
100 $OS = 'UNIX';
101}
102
103# Some OS logic. Binary mode enabled on DOS, NT and VMS
104$needs_binmode = $OS=~/^(WINDOWS|VMS|OS2)/;
105
106# This is the default class for the CGI object to use when all else fails.
107$DefaultClass = 'CGI' unless defined $CGI::DefaultClass;
424ec8fa 108
54310121 109# This is where to look for autoloaded routines.
110$AutoloadClass = $DefaultClass unless defined $CGI::AutoloadClass;
111
112# The path separator is a slash, backslash or semicolon, depending
113# on the paltform.
114$SL = {
424ec8fa 115 UNIX=>'/', OS2=>'\\', WINDOWS=>'\\', MACINTOSH=>':', VMS=>'/'
54310121 116 }->{$OS};
117
424ec8fa 118# This no longer seems to be necessary
54310121 119# Turn on NPH scripts by default when running under IIS server!
424ec8fa
GS		 120# $NPH++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/;
121$IIS++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/;
54310121 122
123# Turn on special checking for Doug MacEachern's modperl
71f3e297
JH		 124if (exists $ENV{'GATEWAY_INTERFACE'}
125 &&
126 ($MOD_PERL = $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-Perl/))
424ec8fa 127{
54310121 128 $| = 1;
424ec8fa
GS		 129 require Apache;
130}
131# Turn on special checking for ActiveState's PerlEx
132$PERLEX++ if defined($ENV{'GATEWAY_INTERFACE'}) && $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-PerlEx/;
133
134# Define the CRLF sequence. I can't use a simple "\r\n" because the meaning
135# of "\n" is different on different OS's (sometimes it generates CRLF, sometimes LF
136# and sometimes CR). The most popular VMS web server
137# doesn't accept CRLF -- instead it wants a LR. EBCDIC machines don't
138# use ASCII, so \015\012 means something different. I find this all
139# really annoying.
140$EBCDIC = "\t" ne "\011";
141if ($OS eq 'VMS') {
142 $CRLF = "\n";
143} elsif ($EBCDIC) {
144 $CRLF= "\r\n";
145} else {
146 $CRLF = "\015\012";
54310121 147}
148
54310121 149if ($needs_binmode) {
150 $CGI::DefaultClass->binmode(main::STDOUT);
151 $CGI::DefaultClass->binmode(main::STDIN);
152 $CGI::DefaultClass->binmode(main::STDERR);
153}
154
54310121 155%EXPORT_TAGS = (
424ec8fa
GS		 156 ':html2'=>['h1'..'h6',qw/p br hr ol ul li dl dt dd menu code var strong em
157 tt u i b blockquote pre img a address cite samp dfn html head
158 base body Link nextid title meta kbd start_html end_html
159 input Select option comment/],
71f3e297 160 ':html3'=>[qw/div table caption th td TR Tr sup Sub strike applet Param
424ec8fa
GS		 161 embed basefont style span layer ilayer font frameset frame script small big/],
162 ':netscape'=>[qw/blink fontsize center/],
163 ':form'=>[qw/textfield textarea filefield password_field hidden checkbox checkbox_group
164 submit reset defaults radio_group popup_menu button autoEscape
165 scrolling_list image_button start_form end_form startform endform
71f3e297
JH		 166 start_multipart_form end_multipart_form isindex tmpFileName uploadInfo URL_ENCODED MULTIPART/],
167 ':cgi'=>[qw/param path_info path_translated url self_url script_name cookie Dump
168 raw_cookie request_method query_string Accept user_agent remote_host
424ec8fa
GS		 169 remote_addr referer server_name server_software server_port server_protocol
170 virtual_host remote_ident auth_type http use_named_parameters
171 save_parameters restore_parameters param_fetch
172 remote_user user_name header redirect import_names put Delete Delete_all url_param/],
173 ':ssl' => [qw/https/],
71f3e297 174 ':imagemap' => [qw/Area Map/],
424ec8fa
GS		 175 ':cgi-lib' => [qw/ReadParse PrintHeader HtmlTop HtmlBot SplitParam/],
176 ':html' => [qw/:html2 :html3 :netscape/],
177 ':standard' => [qw/:html2 :html3 :form :cgi/],
178 ':push' => [qw/multipart_init multipart_start multipart_end/],
179 ':all' => [qw/:html2 :html3 :netscape :form :cgi :internal/]
180 );
54310121 181
182# to import symbols into caller
183sub import {
184 my $self = shift;
424ec8fa
GS		 185
186# This causes modules to clash.
187# undef %EXPORT_OK;
188# undef %EXPORT;
189
190 $self->_setup_symbols(@_);
54310121 191 my ($callpack, $callfile, $callline) = caller;
424ec8fa 192
54310121 193 # To allow overriding, search through the packages
194 # Till we find one in which the correct subroutine is defined.
195 my @packages = ($self,@{"$self\:\:ISA"});
196 foreach $sym (keys %EXPORT) {
197 my $pck;
198 my $def = ${"$self\:\:AutoloadClass"} || $DefaultClass;
199 foreach $pck (@packages) {
200 if (defined(&{"$pck\:\:$sym"})) {
201 $def = $pck;
202 last;
203 }
204 }
205 *{"${callpack}::$sym"} = \&{"$def\:\:$sym"};
206 }
207}
208
424ec8fa
GS		 209sub compile {
210 my $pack = shift;
211 $pack->_setup_symbols('-compile',@_);
212}
213
54310121 214sub expand_tags {
215 my($tag) = @_;
71f3e297 216 return ("start_$1","end_$1") if $tag=~/^(?:\*|start_|end_)(.+)/;
54310121 217 my(@r);
218 return ($tag) unless $EXPORT_TAGS{$tag};
219 foreach (@{$EXPORT_TAGS{$tag}}) {
220 push(@r,&expand_tags($_));
221 }
222 return @r;
223}
224
225#### Method: new
226# The new routine. This will check the current environment
227# for an existing query string, and initialize itself, if so.
228####
229sub new {
230 my($class,$initializer) = @_;
231 my $self = {};
232 bless $self,ref $class || $class || $DefaultClass;
424ec8fa
GS		 233 if ($MOD_PERL) {
234 Apache->request->register_cleanup(\&CGI::_reset_globals);
235 undef $NPH;
236 }
237 $self->_reset_globals if $PERLEX;
54310121 238 $self->init($initializer);
239 return $self;
240}
241
242# We provide a DESTROY method so that the autoloader
243# doesn't bother trying to find it.
244sub DESTROY { }
245
246#### Method: param
247# Returns the value(s)of a named parameter.
248# If invoked in a list context, returns the
249# entire list. Otherwise returns the first
250# member of the list.
251# If name is not provided, return a list of all
252# the known parameters names available.
253# If more than one argument is provided, the
254# second and subsequent arguments are used to
255# set the value of the parameter.
256####
257sub param {
258 my($self,@p) = self_or_default(@_);
259 return $self->all_parameters unless @p;
260 my($name,$value,@other);
261
262 # For compatibility between old calling style and use_named_parameters() style,
263 # we have to special case for a single parameter present.
264 if (@p > 1) {
265 ($name,$value,@other) = $self->rearrange([NAME,[DEFAULT,VALUE,VALUES]],@p);
266 my(@values);
267
268 if (substr($p[0],0,1) eq '-' || $self->use_named_parameters) {
269 @values = defined($value) ? (ref($value) && ref($value) eq 'ARRAY' ? @{$value} : $value) : ();
270 } else {
271 foreach ($value,@other) {
272 push(@values,$_) if defined($_);
273 }
274 }
275 # If values is provided, then we set it.
276 if (@values) {
277 $self->add_parameter($name);
278 $self->{$name}=[@values];
279 }
280 } else {
281 $name = $p[0];
282 }
283
71f3e297 284 return unless defined($name) && $self->{$name};
54310121 285 return wantarray ? @{$self->{$name}} : $self->{$name}->[0];
286}
287
54310121 288sub self_or_default {
424ec8fa 289 return @_ if defined($_[0]) && (!ref($_[0])) &&($_[0] eq 'CGI');
54310121 290 unless (defined($_[0]) &&
424ec8fa
GS		 291 (ref($_[0]) eq 'CGI' || UNIVERSAL::isa($_[0],'CGI')) # slightly optimized for common case
292 ) {
54310121 293 $Q = $CGI::DefaultClass->new unless defined($Q);
294 unshift(@_,$Q);
295 }
296 return @_;
297}
298
54310121 299sub self_or_CGI {
300 local $^W=0; # prevent a warning
301 if (defined($_[0]) &&
302 (substr(ref($_[0]),0,3) eq 'CGI'
424ec8fa 303 || UNIVERSAL::isa($_[0],'CGI'))) {
54310121 304 return @_;
305 } else {
306 return ($DefaultClass,@_);
307 }
308}
309
54310121 310########################################
311# THESE METHODS ARE MORE OR LESS PRIVATE
312# GO TO THE __DATA__ SECTION TO SEE MORE
313# PUBLIC METHODS
314########################################
315
316# Initialize the query object from the environment.
317# If a parameter list is found, this object will be set
318# to an associative array in which parameter names are keys
319# and the values are stored as lists
320# If a keyword list is found, this method creates a bogus
321# parameter list with the single parameter 'keywords'.
322
323sub init {
324 my($self,$initializer) = @_;
424ec8fa 325 my($query_string,$meth,$content_length,$fh,@lines) = ('','','','');
71f3e297 326 local($/) = "\n";
54310121 327
328 # if we get called more than once, we want to initialize
329 # ourselves from the original query (which may be gone
330 # if it was read from STDIN originally.)
331 if (defined(@QUERY_PARAM) && !defined($initializer)) {
54310121 332 foreach (@QUERY_PARAM) {
333 $self->param('-name'=>$_,'-value'=>$QUERY_PARAM{$_});
334 }
335 return;
336 }
337
338 $meth=$ENV{'REQUEST_METHOD'} if defined($ENV{'REQUEST_METHOD'});
424ec8fa
GS		 339 $content_length = defined($ENV{'CONTENT_LENGTH'}) ? $ENV{'CONTENT_LENGTH'} : 0;
340 die "Client attempted to POST $content_length bytes, but POSTs are limited to $POST_MAX"
341 if ($POST_MAX > 0) && ($content_length > $POST_MAX);
342 $fh = to_filehandle($initializer) if $initializer;
54310121 343
54310121 344 METHOD: {
54310121 345
424ec8fa
GS		 346 # Process multipart postings, but only if the initializer is
347 # not defined.
348 if ($meth eq 'POST'
349 && defined($ENV{'CONTENT_TYPE'})
350 && $ENV{'CONTENT_TYPE'}=~m|^multipart/form-data|
351 && !defined($initializer)
352 ) {
71f3e297 353 my($boundary) = $ENV{'CONTENT_TYPE'} =~ /boundary=\"?([^\";,]+)\"?/;
424ec8fa
GS		 354 $self->read_multipart($boundary,$content_length);
355 last METHOD;
356 }
357
358 # If initializer is defined, then read parameters
359 # from it.
360 if (defined($initializer)) {
361 if (UNIVERSAL::isa($initializer,'CGI')) {
362 $query_string = $initializer->query_string;
363 last METHOD;
364 }
54310121 365 if (ref($initializer) && ref($initializer) eq 'HASH') {
366 foreach (keys %$initializer) {
367 $self->param('-name'=>$_,'-value'=>$initializer->{$_});
368 }
369 last METHOD;
370 }
371
424ec8fa
GS		 372 if (defined($fh) && ($fh ne '')) {
373 while (<$fh>) {
54310121 374 chomp;
375 last if /^=/;
376 push(@lines,$_);
377 }
378 # massage back into standard format
379 if ("@lines" =~ /=/) {
380 $query_string=join("&",@lines);
381 } else {
382 $query_string=join("+",@lines);
383 }
384 last METHOD;
385 }
424ec8fa
GS		 386
387 # last chance -- treat it as a string
388 $initializer = $$initializer if ref($initializer) eq 'SCALAR';
54310121 389 $query_string = $initializer;
424ec8fa 390
54310121 391 last METHOD;
392 }
54310121 393
424ec8fa
GS		 394 # If method is GET or HEAD, fetch the query from
395 # the environment.
396 if ($meth=~/^(GET|HEAD)$/) {
397 $query_string = $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
398 last METHOD;
399 }
54310121 400
424ec8fa
GS		 401 if ($meth eq 'POST') {
402 $self->read_from_client(\*STDIN,\$query_string,$content_length,0)
403 if $content_length > 0;
54310121 404 # Some people want to have their cake and eat it too!
405 # Uncomment this line to have the contents of the query string
406 # APPENDED to the POST data.
424ec8fa 407 # $query_string .= (length($query_string) ? '&' : '') . $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
54310121 408 last METHOD;
409 }
424ec8fa
GS		 410
411 # If $meth is not of GET, POST or HEAD, assume we're being debugged offline.
54310121 412 # Check the command line and then the standard input for data.
413 # We use the shellwords package in order to behave the way that
414 # UN*X programmers expect.
424ec8fa 415 $query_string = read_from_cmdline() unless $NO_DEBUG;
54310121 416 }
424ec8fa 417
54310121 418 # We now have the query string in hand. We do slightly
419 # different things for keyword lists and parameter lists.
424ec8fa 420 if ($query_string ne '') {
54310121 421 if ($query_string =~ /=/) {
422 $self->parse_params($query_string);
423 } else {
424 $self->add_parameter('keywords');
425 $self->{'keywords'} = [$self->parse_keywordlist($query_string)];
426 }
427 }
428
429 # Special case. Erase everything if there is a field named
430 # .defaults.
431 if ($self->param('.defaults')) {
432 undef %{$self};
433 }
434
435 # Associative array containing our defined fieldnames
436 $self->{'.fieldnames'} = {};
437 foreach ($self->param('.cgifields')) {
438 $self->{'.fieldnames'}->{$_}++;
439 }
440
441 # Clear out our default submission button flag if present
442 $self->delete('.submit');
443 $self->delete('.cgifields');
444 $self->save_request unless $initializer;
54310121 445}
446
54310121 447# FUNCTIONS TO OVERRIDE:
54310121 448# Turn a string into a filehandle
449sub to_filehandle {
424ec8fa
GS		 450 my $thingy = shift;
451 return undef unless $thingy;
452 return $thingy if UNIVERSAL::isa($thingy,'GLOB');
453 return $thingy if UNIVERSAL::isa($thingy,'FileHandle');
454 if (!ref($thingy)) {
455 my $caller = 1;
456 while (my $package = caller($caller++)) {
457 my($tmp) = $thingy=~/[\':]/ ? $thingy : "$package\:\:$thingy";
458 return $tmp if defined(fileno($tmp));
459 }
54310121 460 }
424ec8fa 461 return undef;
54310121 462}
463
464# send output to the browser
465sub put {
466 my($self,@p) = self_or_default(@_);
467 $self->print(@p);
468}
469
470# print to standard output (for overriding in mod_perl)
471sub print {
472 shift;
473 CORE::print(@_);
474}
475
476# unescape URL-encoded data
477sub unescape {
424ec8fa
GS		 478 shift() if ref($_[0]);
479 my $todecode = shift;
480 return undef unless defined($todecode);
54310121 481 $todecode =~ tr/+/ /; # pluses become spaces
482 $todecode =~ s/%([0-9a-fA-F]{2})/pack("c",hex($1))/ge;
483 return $todecode;
484}
485
486# URL-encode data
487sub escape {
424ec8fa
GS		 488 shift() if ref($_[0]) || $_[0] eq $DefaultClass;
489 my $toencode = shift;
490 return undef unless defined($toencode);
491 $toencode=~s/([^a-zA-Z0-9_.-])/uc sprintf("%%%02x",ord($1))/eg;
54310121 492 return $toencode;
493}
494
495sub save_request {
496 my($self) = @_;
497 # We're going to play with the package globals now so that if we get called
498 # again, we initialize ourselves in exactly the same way. This allows
499 # us to have several of these objects.
500 @QUERY_PARAM = $self->param; # save list of parameters
501 foreach (@QUERY_PARAM) {
502 $QUERY_PARAM{$_}=$self->{$_};
503 }
504}
505
54310121 506sub parse_params {
507 my($self,$tosplit) = @_;
71f3e297 508 my(@pairs) = split(/[&;]/,$tosplit);
54310121 509 my($param,$value);
510 foreach (@pairs) {
424ec8fa
GS		 511 ($param,$value) = split('=',$_,2);
512 $param = unescape($param);
513 $value = unescape($value);
54310121 514 $self->add_parameter($param);
515 push (@{$self->{$param}},$value);
516 }
517}
518
519sub add_parameter {
520 my($self,$param)=@_;
521 push (@{$self->{'.parameters'}},$param)
522 unless defined($self->{$param});
523}
524
525sub all_parameters {
526 my $self = shift;
527 return () unless defined($self) && $self->{'.parameters'};
528 return () unless @{$self->{'.parameters'}};
529 return @{$self->{'.parameters'}};
530}
531
424ec8fa
GS		 532# put a filehandle into binary mode (DOS)
533sub binmode {
534 CORE::binmode($_[1]);
535}
536
537sub _make_tag_func {
71f3e297
JH		 538 my ($self,$tagname) = @_;
539 my $func = qq#
424ec8fa 540 sub $tagname {
424ec8fa
GS		 541 shift if \$_[0] &&
542 (!ref(\$_[0]) && \$_[0] eq \$CGI::DefaultClass) ||
543 (ref(\$_[0]) &&
544 (substr(ref(\$_[0]),0,3) eq 'CGI' ||
545 UNIVERSAL::isa(\$_[0],'CGI')));
546
547 my(\$attr) = '';
548 if (ref(\$_[0]) && ref(\$_[0]) eq 'HASH') {
549 my(\@attr) = make_attributes( '',shift() );
550 \$attr = " \@attr" if \@attr;
551 }
71f3e297
JH		 552 #;
553 if ($tagname=~/start_(\w+)/i) {
554 $func .= qq! return "<\U$1\E\$attr>";} !;
555 } elsif ($tagname=~/end_(\w+)/i) {
556 $func .= qq! return "<\U/$1\E>"; } !;
557 } else {
558 $func .= qq#
424ec8fa
GS		 559 my(\$tag,\$untag) = ("\U<$tagname\E\$attr>","\U</$tagname>\E");
560 return \$tag unless \@_;
561 my \@result = map { "\$tag\$_\$untag" } (ref(\$_[0]) eq 'ARRAY') ? \@{\$_[0]} : "\@_";
562 return "\@result";
71f3e297
JH		 563 }#;
564 }
565return $func;
54310121 566}
567
568sub AUTOLOAD {
569 print STDERR "CGI::AUTOLOAD for $AUTOLOAD\n" if $CGI::AUTOLOAD_DEBUG;
424ec8fa
GS		 570 my $func = &_compile;
571 goto &$func;
54310121 572}
573
574# PRIVATE SUBROUTINE
575# Smart rearrangement of parameters to allow named parameter
576# calling. We do the rearangement if:
577# 1. The first parameter begins with a -
578# 2. The use_named_parameters() method returns true
579sub rearrange {
580 my($self,$order,@param) = @_;
581 return () unless @param;
54310121 582
424ec8fa
GS		 583 if (ref($param[0]) eq 'HASH') {
584 @param = %{$param[0]};
585 } else {
586 return @param
587 unless (defined($param[0]) && substr($param[0],0,1) eq '-')
588 || $self->use_named_parameters;
54310121 589 }
424ec8fa
GS		 590
591 # map parameters into positional indices
592 my ($i,%pos);
593 $i = 0;
594 foreach (@$order) {
595 foreach (ref($_) eq 'ARRAY' ? @$_ : $_) { $pos{$_} = $i; }
596 $i++;
597 }
598
599 my (@result,%leftover);
600 $#result = $#$order; # preextend
601 while (@param) {
602 my $key = uc(shift(@param));
603 $key =~ s/^\-//;
604 if (exists $pos{$key}) {
605 $result[$pos{$key}] = shift(@param);
54310121 606 } else {
424ec8fa
GS		 607 $leftover{$key} = shift(@param);
608 }
609 }
610
611 push (@result,$self->make_attributes(\%leftover)) if %leftover;
612 @result;
613}
614
615sub _compile {
616 my($func) = $AUTOLOAD;
617 my($pack,$func_name);
618 {
619 local($1,$2); # this fixes an obscure variable suicide problem.
620 $func=~/(.+)::([^:]+)$/;
621 ($pack,$func_name) = ($1,$2);
622 $pack=~s/::SUPER$//; # fix another obscure problem
623 $pack = ${"$pack\:\:AutoloadClass"} || $CGI::DefaultClass
624 unless defined(${"$pack\:\:AUTOLOADED_ROUTINES"});
625
626 my($sub) = \%{"$pack\:\:SUBS"};
627 unless (%$sub) {
628 my($auto) = \${"$pack\:\:AUTOLOADED_ROUTINES"};
629 eval "package $pack; $$auto";
630 die $@ if $@;
631 $$auto = ''; # Free the unneeded storage (but don't undef it!!!)
632 }
633 my($code) = $sub->{$func_name};
634
635 $code = "sub $AUTOLOAD { }" if (!$code and $func_name eq 'DESTROY');
636 if (!$code) {
71f3e297 637 (my $base = $func_name) =~ s/^(start_|end_)//i;
424ec8fa
GS		 638 if ($EXPORT{':any'} ||
639 $EXPORT{'-any'} ||
71f3e297 640 $EXPORT{$base} ||
424ec8fa 641 (%EXPORT_OK || grep(++$EXPORT_OK{$_},&expand_tags(':html')))
71f3e297
JH		 642 && $EXPORT_OK{$base}) {
643 $code = $CGI::DefaultClass->_make_tag_func($func_name);
424ec8fa
GS		 644 }
645 }
646 die "Undefined subroutine $AUTOLOAD\n" unless $code;
647 eval "package $pack; $code";
648 if ($@) {
649 $@ =~ s/ at .*\n//;
650 die $@;
651 }
652 }
653 delete($sub->{$func_name}); #free storage
654 return "$pack\:\:$func_name";
655}
656
657sub _reset_globals { initialize_globals(); }
658
659sub _setup_symbols {
660 my $self = shift;
661 my $compile = 0;
662 foreach (@_) {
71f3e297
JH		 663 $HEADERS_ONCE++, next if /^[:-]unique_headers$/;
664 $NPH++, next if /^[:-]nph$/;
665 $NO_DEBUG++, next if /^[:-]no_?[Dd]ebug$/;
666 $USE_PARAM_SEMICOLONS++, next if /^[:-]newstyle_urls$/;
667 $PRIVATE_TEMPFILES++, next if /^[:-]private_tempfiles$/;
668 $EXPORT{$_}++, next if /^[:-]any$/;
669 $compile++, next if /^[:-]compile$/;
424ec8fa 670
71f3e297 671 # This is probably extremely evil code -- to be deleted some day.
424ec8fa
GS		 672 if (/^[-]autoload$/) {
673 my($pkg) = caller(1);
674 *{"${pkg}::AUTOLOAD"} = sub {
675 my($routine) = $AUTOLOAD;
676 $routine =~ s/^.*::/CGI::/;
677 &$routine;
678 };
679 next;
680 }
681
682 foreach (&expand_tags($_)) {
683 tr/a-zA-Z0-9_//cd; # don't allow weird function names
684 $EXPORT{$_}++;
54310121 685 }
54310121 686 }
424ec8fa 687 _compile_all(keys %EXPORT) if $compile;
54310121 688}
689
690###############################################################################
691################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
692###############################################################################
693$AUTOLOADED_ROUTINES = ''; # get rid of -w warning
694$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
695
696%SUBS = (
697
698'URL_ENCODED'=> <<'END_OF_FUNC',
699sub URL_ENCODED { 'application/x-www-form-urlencoded'; }
700END_OF_FUNC
701
702'MULTIPART' => <<'END_OF_FUNC',
703sub MULTIPART { 'multipart/form-data'; }
704END_OF_FUNC
705
424ec8fa
GS		 706'SERVER_PUSH' => <<'END_OF_FUNC',
707sub SERVER_PUSH { 'multipart/x-mixed-replace; boundary="' . shift() . '"'; }
708END_OF_FUNC
709
710'use_named_parameters' => <<'END_OF_FUNC',
711#### Method: use_named_parameters
712# Force CGI.pm to use named parameter-style method calls
713# rather than positional parameters. The same effect
714# will happen automatically if the first parameter
715# begins with a -.
716sub use_named_parameters {
717 my($self,$use_named) = self_or_default(@_);
718 return $self->{'.named'} unless defined ($use_named);
719
720 # stupidity to avoid annoying warnings
721 return $self->{'.named'}=$use_named;
722}
723END_OF_FUNC
724
725'new_MultipartBuffer' => <<'END_OF_FUNC',
726# Create a new multipart buffer
727sub new_MultipartBuffer {
728 my($self,$boundary,$length,$filehandle) = @_;
729 return MultipartBuffer->new($self,$boundary,$length,$filehandle);
730}
731END_OF_FUNC
732
733'read_from_client' => <<'END_OF_FUNC',
734# Read data from a file handle
735sub read_from_client {
736 my($self, $fh, $buff, $len, $offset) = @_;
737 local $^W=0; # prevent a warning
738 return undef unless defined($fh);
739 return read($fh, $$buff, $len, $offset);
740}
741END_OF_FUNC
742
743'delete' => <<'END_OF_FUNC',
744#### Method: delete
745# Deletes the named parameter entirely.
746####
747sub delete {
748 my($self,$name) = self_or_default(@_);
749 delete $self->{$name};
750 delete $self->{'.fieldnames'}->{$name};
751 @{$self->{'.parameters'}}=grep($_ ne $name,$self->param());
752 return wantarray ? () : undef;
753}
754END_OF_FUNC
755
756#### Method: import_names
757# Import all parameters into the given namespace.
758# Assumes namespace 'Q' if not specified
759####
760'import_names' => <<'END_OF_FUNC',
761sub import_names {
762 my($self,$namespace,$delete) = self_or_default(@_);
763 $namespace = 'Q' unless defined($namespace);
764 die "Can't import names into \"main\"\n" if \%{"${namespace}::"} == \%::;
765 if ($delete || $MOD_PERL) {
766 # can anyone find an easier way to do this?
767 foreach (keys %{"${namespace}::"}) {
768 local *symbol = "${namespace}::${_}";
769 undef $symbol;
770 undef @symbol;
771 undef %symbol;
54310121 772 }
424ec8fa
GS		 773 }
774 my($param,@value,$var);
775 foreach $param ($self->param) {
776 # protect against silly names
777 ($var = $param)=~tr/a-zA-Z0-9_/_/c;
778 $var =~ s/^(?=\d)/_/;
779 local *symbol = "${namespace}::$var";
780 @value = $self->param($param);
781 @symbol = @value;
782 $symbol = $value[0];
54310121 783 }
784}
785END_OF_FUNC
786
787#### Method: keywords
788# Keywords acts a bit differently. Calling it in a list context
789# returns the list of keywords.
790# Calling it in a scalar context gives you the size of the list.
791####
792'keywords' => <<'END_OF_FUNC',
793sub keywords {
794 my($self,@values) = self_or_default(@_);
795 # If values is provided, then we set it.
424ec8fa
GS		 796 $self->{'keywords'}=[@values] if defined(@values);
797 my(@result) = defined($self->{'keywords'}) ? @{$self->{'keywords'}} : ();
54310121 798 @result;
799}
800END_OF_FUNC
801
802# These are some tie() interfaces for compatibility
803# with Steve Brenner's cgi-lib.pl routines
804'ReadParse' => <<'END_OF_FUNC',
805sub ReadParse {
806 local(*in);
807 if (@_) {
808 *in = $_[0];
809 } else {
810 my $pkg = caller();
811 *in=*{"${pkg}::in"};
812 }
813 tie(%in,CGI);
424ec8fa 814 return scalar(keys %in);
54310121 815}
816END_OF_FUNC
817
818'PrintHeader' => <<'END_OF_FUNC',
819sub PrintHeader {
820 my($self) = self_or_default(@_);
821 return $self->header();
822}
823END_OF_FUNC
824
825'HtmlTop' => <<'END_OF_FUNC',
826sub HtmlTop {
827 my($self,@p) = self_or_default(@_);
828 return $self->start_html(@p);
829}
830END_OF_FUNC
831
832'HtmlBot' => <<'END_OF_FUNC',
833sub HtmlBot {
834 my($self,@p) = self_or_default(@_);
835 return $self->end_html(@p);
836}
837END_OF_FUNC
838
839'SplitParam' => <<'END_OF_FUNC',
840sub SplitParam {
841 my ($param) = @_;
842 my (@params) = split ("\0", $param);
843 return (wantarray ? @params : $params[0]);
844}
845END_OF_FUNC
846
847'MethGet' => <<'END_OF_FUNC',
848sub MethGet {
849 return request_method() eq 'GET';
850}
851END_OF_FUNC
852
853'MethPost' => <<'END_OF_FUNC',
854sub MethPost {
855 return request_method() eq 'POST';
856}
857END_OF_FUNC
858
859'TIEHASH' => <<'END_OF_FUNC',
860sub TIEHASH {
424ec8fa 861 return $Q || new CGI;
54310121 862}
863END_OF_FUNC
864
865'STORE' => <<'END_OF_FUNC',
866sub STORE {
867 $_[0]->param($_[1],split("\0",$_[2]));
868}
869END_OF_FUNC
870
871'FETCH' => <<'END_OF_FUNC',
872sub FETCH {
873 return $_[0] if $_[1] eq 'CGI';
874 return undef unless defined $_[0]->param($_[1]);
875 return join("\0",$_[0]->param($_[1]));
876}
877END_OF_FUNC
878
879'FIRSTKEY' => <<'END_OF_FUNC',
880sub FIRSTKEY {
881 $_[0]->{'.iterator'}=0;
882 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++];
883}
884END_OF_FUNC
885
886'NEXTKEY' => <<'END_OF_FUNC',
887sub NEXTKEY {
888 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++];
889}
890END_OF_FUNC
891
892'EXISTS' => <<'END_OF_FUNC',
893sub EXISTS {
894 exists $_[0]->{$_[1]};
895}
896END_OF_FUNC
897
898'DELETE' => <<'END_OF_FUNC',
899sub DELETE {
900 $_[0]->delete($_[1]);
901}
902END_OF_FUNC
903
904'CLEAR' => <<'END_OF_FUNC',
905sub CLEAR {
906 %{$_[0]}=();
907}
908####
909END_OF_FUNC
910
911####
912# Append a new value to an existing query
913####
914'append' => <<'EOF',
915sub append {
916 my($self,@p) = @_;
917 my($name,$value) = $self->rearrange([NAME,[VALUE,VALUES]],@p);
918 my(@values) = defined($value) ? (ref($value) ? @{$value} : $value) : ();
919 if (@values) {
920 $self->add_parameter($name);
921 push(@{$self->{$name}},@values);
922 }
923 return $self->param($name);
924}
925EOF
926
927#### Method: delete_all
928# Delete all parameters
929####
930'delete_all' => <<'EOF',
931sub delete_all {
932 my($self) = self_or_default(@_);
933 undef %{$self};
934}
935EOF
936
424ec8fa
GS		 937'Delete' => <<'EOF',
938sub Delete {
939 my($self,@p) = self_or_default(@_);
940 $self->delete(@p);
941}
942EOF
943
944'Delete_all' => <<'EOF',
945sub Delete_all {
946 my($self,@p) = self_or_default(@_);
947 $self->delete_all(@p);
948}
949EOF
950
54310121 951#### Method: autoescape
952# If you want to turn off the autoescaping features,
953# call this method with undef as the argument
954'autoEscape' => <<'END_OF_FUNC',
955sub autoEscape {
956 my($self,$escape) = self_or_default(@_);
957 $self->{'dontescape'}=!$escape;
958}
959END_OF_FUNC
960
961
962#### Method: version
963# Return the current version
964####
965'version' => <<'END_OF_FUNC',
966sub version {
967 return $VERSION;
968}
969END_OF_FUNC
970
971'make_attributes' => <<'END_OF_FUNC',
972sub make_attributes {
973 my($self,$attr) = @_;
974 return () unless $attr && ref($attr) && ref($attr) eq 'HASH';
975 my(@att);
976 foreach (keys %{$attr}) {
977 my($key) = $_;
978 $key=~s/^\-//; # get rid of initial - if present
424ec8fa
GS		 979 $key=~tr/a-z_/A-Z-/; # parameters are upper case, use dashes
980 push(@att,defined($attr->{$_}) ? qq/$key="$attr->{$_}"/ : qq/$key/);
54310121 981 }
982 return @att;
983}
984END_OF_FUNC
985
424ec8fa
GS		 986#### Method: url_param
987# Return a parameter in the QUERY_STRING, regardless of
988# whether this was a POST or a GET
989####
990'url_param' => <<'END_OF_FUNC',
991sub url_param {
992 my ($self,@p) = self_or_default(@_);
993 my $name = shift(@p);
994 return undef unless exists($ENV{QUERY_STRING});
995 unless (exists($self->{'.url_param'})) {
996 $self->{'.url_param'}={}; # empty hash
997 if ($ENV{QUERY_STRING} =~ /=/) {
71f3e297 998 my(@pairs) = split(/[&;]/,$ENV{QUERY_STRING});
424ec8fa
GS		 999 my($param,$value);
1000 foreach (@pairs) {
1001 ($param,$value) = split('=',$_,2);
1002 $param = unescape($param);
1003 $value = unescape($value);
1004 push(@{$self->{'.url_param'}->{$param}},$value);
1005 }
1006 } else {
1007 $self->{'.url_param'}->{'keywords'} = [$self->parse_keywordlist($ENV{QUERY_STRING})];
1008 }
1009 }
1010 return keys %{$self->{'.url_param'}} unless defined($name);
1011 return () unless $self->{'.url_param'}->{$name};
1012 return wantarray ? @{$self->{'.url_param'}->{$name}}
1013 : $self->{'.url_param'}->{$name}->[0];
1014}
1015END_OF_FUNC
1016
54310121 1017#### Method: dump
1018# Returns a string in which all the known parameter/value
1019# pairs are represented as nested lists, mainly for the purposes
1020# of debugging.
1021####
1022'dump' => <<'END_OF_FUNC',
1023sub dump {
1024 my($self) = self_or_default(@_);
1025 my($param,$value,@result);
1026 return '<UL></UL>' unless $self->param;
1027 push(@result,"<UL>");
1028 foreach $param ($self->param) {
1029 my($name)=$self->escapeHTML($param);
1030 push(@result,"<LI><STRONG>$param</STRONG>");
1031 push(@result,"<UL>");
1032 foreach $value ($self->param($param)) {
1033 $value = $self->escapeHTML($value);
1034 push(@result,"<LI>$value");
1035 }
1036 push(@result,"</UL>");
1037 }
1038 push(@result,"</UL>\n");
1039 return join("\n",@result);
1040}
1041END_OF_FUNC
1042
424ec8fa
GS		 1043#### Method as_string
1044#
1045# synonym for "dump"
1046####
1047'as_string' => <<'END_OF_FUNC',
1048sub as_string {
1049 &dump(@_);
1050}
1051END_OF_FUNC
1052
1053#### Method: save
1054# Write values out to a filehandle in such a way that they can
1055# be reinitialized by the filehandle form of the new() method
54310121 1056####
1057'save' => <<'END_OF_FUNC',
1058sub save {
1059 my($self,$filehandle) = self_or_default(@_);
54310121 1060 $filehandle = to_filehandle($filehandle);
424ec8fa
GS		 1061 my($param);
1062 local($,) = ''; # set print field separator back to a sane value
71f3e297 1063 local($\) = ''; # set output line separator to a sane value
54310121 1064 foreach $param ($self->param) {
424ec8fa 1065 my($escaped_param) = escape($param);
54310121 1066 my($value);
1067 foreach $value ($self->param($param)) {
1068 print $filehandle "$escaped_param=",escape($value),"\n";
1069 }
1070 }
1071 print $filehandle "=\n"; # end of record
1072}
1073END_OF_FUNC
1074
1075
424ec8fa
GS		 1076#### Method: save_parameters
1077# An alias for save() that is a better name for exportation.
1078# Only intended to be used with the function (non-OO) interface.
1079####
1080'save_parameters' => <<'END_OF_FUNC',
1081sub save_parameters {
1082 my $fh = shift;
1083 return save(to_filehandle($fh));
1084}
1085END_OF_FUNC
1086
1087#### Method: restore_parameters
1088# A way to restore CGI parameters from an initializer.
1089# Only intended to be used with the function (non-OO) interface.
1090####
1091'restore_parameters' => <<'END_OF_FUNC',
1092sub restore_parameters {
1093 $Q = $CGI::DefaultClass->new(@_);
1094}
1095END_OF_FUNC
1096
1097#### Method: multipart_init
1098# Return a Content-Type: style header for server-push
1099# This has to be NPH, and it is advisable to set $| = 1
1100#
1101# Many thanks to Ed Jordan <ed@fidalgo.net> for this
1102# contribution
1103####
1104'multipart_init' => <<'END_OF_FUNC',
1105sub multipart_init {
1106 my($self,@p) = self_or_default(@_);
1107 my($boundary,@other) = $self->rearrange([BOUNDARY],@p);
1108 $boundary = $boundary || '------- =_aaaaaaaaaa0';
1109 $self->{'separator'} = "\n--$boundary\n";
1110 $type = SERVER_PUSH($boundary);
1111 return $self->header(
1112 -nph => 1,
1113 -type => $type,
1114 (map { split "=", $_, 2 } @other),
1115 ) . $self->multipart_end;
1116}
1117END_OF_FUNC
1118
1119
1120#### Method: multipart_start
1121# Return a Content-Type: style header for server-push, start of section
1122#
1123# Many thanks to Ed Jordan <ed@fidalgo.net> for this
1124# contribution
1125####
1126'multipart_start' => <<'END_OF_FUNC',
1127sub multipart_start {
1128 my($self,@p) = self_or_default(@_);
1129 my($type,@other) = $self->rearrange([TYPE],@p);
1130 $type = $type || 'text/html';
1131 return $self->header(
1132 -type => $type,
1133 (map { split "=", $_, 2 } @other),
1134 );
1135}
1136END_OF_FUNC
1137
1138
1139#### Method: multipart_end
1140# Return a Content-Type: style header for server-push, end of section
1141#
1142# Many thanks to Ed Jordan <ed@fidalgo.net> for this
1143# contribution
1144####
1145'multipart_end' => <<'END_OF_FUNC',
1146sub multipart_end {
1147 my($self,@p) = self_or_default(@_);
1148 return $self->{'separator'};
1149}
1150END_OF_FUNC
1151
1152
54310121 1153#### Method: header
1154# Return a Content-Type: style header
1155#
1156####
1157'header' => <<'END_OF_FUNC',
1158sub header {
1159 my($self,@p) = self_or_default(@_);
1160 my(@header);
1161
71f3e297
JH		 1162 return undef if $self->{'.header_printed'}++ and $HEADERS_ONCE;
1163
54310121 1164 my($type,$status,$cookie,$target,$expires,$nph,@other) =
71f3e297
JH		 1165 $self->rearrange([['TYPE','CONTENT_TYPE','CONTENT-TYPE'],
1166 STATUS,[COOKIE,COOKIES],TARGET,EXPIRES,NPH],@p);
54310121 1167
424ec8fa 1168 $nph ||= $NPH;
54310121 1169 # rearrange() was designed for the HTML portion, so we
1170 # need to fix it up a little.
1171 foreach (@other) {
71f3e297 1172 next unless my($header,$value) = /([^\s=]+)=\"?(.+?)\"?$/;
424ec8fa 1173 ($_ = $header) =~ s/^(\w)(.*)/$1 . lc ($2) . ": $value"/e;
54310121 1174 }
1175
71f3e297 1176 $type ||= 'text/html' unless defined($type);
54310121 1177
424ec8fa
GS		 1178 # Maybe future compatibility. Maybe not.
1179 my $protocol = $ENV{SERVER_PROTOCOL} || 'HTTP/1.0';
1180 push(@header,$protocol . ' ' . ($status || '200 OK')) if $nph;
1181
54310121 1182 push(@header,"Status: $status") if $status;
424ec8fa 1183 push(@header,"Window-Target: $target") if $target;
54310121 1184 # push all the cookies -- there may be several
1185 if ($cookie) {
424ec8fa 1186 my(@cookie) = ref($cookie) && ref($cookie) eq 'ARRAY' ? @{$cookie} : $cookie;
54310121 1187 foreach (@cookie) {
71f3e297
JH		 1188 my $cs = UNIVERSAL::isa($_,'CGI::Cookie') ? $_->as_string : $_;
1189 push(@header,"Set-Cookie: $cs") if $cs ne '';
54310121 1190 }
1191 }
1192 # if the user indicates an expiration time, then we need
1193 # both an Expires and a Date header (so that the browser is
1194 # uses OUR clock)
424ec8fa 1195 push(@header,"Expires: " . expires($expires,'http'))
7d37aa8e 1196 if $expires;
424ec8fa 1197 push(@header,"Date: " . expires(0,'http')) if $expires || $cookie;
54310121 1198 push(@header,"Pragma: no-cache") if $self->cache();
1199 push(@header,@other);
71f3e297 1200 push(@header,"Content-Type: $type") if $type ne '';
54310121 1201
424ec8fa
GS		 1202 my $header = join($CRLF,@header)."${CRLF}${CRLF}";
1203 if ($MOD_PERL and not $nph) {
1204 my $r = Apache->request;
1205 $r->send_cgi_header($header);
1206 return '';
1207 }
1208 return $header;
54310121 1209}
1210END_OF_FUNC
1211
1212
1213#### Method: cache
1214# Control whether header() will produce the no-cache
1215# Pragma directive.
1216####
1217'cache' => <<'END_OF_FUNC',
1218sub cache {
1219 my($self,$new_value) = self_or_default(@_);
1220 $new_value = '' unless $new_value;
1221 if ($new_value ne '') {
1222 $self->{'cache'} = $new_value;
1223 }
1224 return $self->{'cache'};
1225}
1226END_OF_FUNC
1227
1228
1229#### Method: redirect
1230# Return a Location: style header
1231#
1232####
1233'redirect' => <<'END_OF_FUNC',
1234sub redirect {
1235 my($self,@p) = self_or_default(@_);
424ec8fa 1236 my($url,$target,$cookie,$nph,@other) = $self->rearrange([[LOCATION,URI,URL],TARGET,COOKIE,NPH],@p);
54310121 1237 $url = $url || $self->self_url;
1238 my(@o);
424ec8fa
GS		 1239 foreach (@other) { tr/\"//d; push(@o,split("=",$_,2)); }
1240 unshift(@o,
1241 '-Status'=>'302 Moved',
54310121 1242 '-Location'=>$url,
424ec8fa
GS		 1243 '-nph'=>$nph);
1244 unshift(@o,'-Target'=>$target) if $target;
1245 unshift(@o,'-Cookie'=>$cookie) if $cookie;
71f3e297 1246 unshift(@o,'-Type'=>'');
54310121 1247 return $self->header(@o);
1248}
1249END_OF_FUNC
1250
1251
1252#### Method: start_html
1253# Canned HTML header
1254#
1255# Parameters:
1256# $title -> (optional) The title for this HTML document (-title)
1257# $author -> (optional) e-mail address of the author (-author)
1258# $base -> (optional) if set to true, will enter the BASE address of this document
1259# for resolving relative references (-base)
1260# $xbase -> (optional) alternative base at some remote location (-xbase)
1261# $target -> (optional) target window to load all links into (-target)
1262# $script -> (option) Javascript code (-script)
47e3cabd 1263# $no_script -> (option) Javascript <noscript> tag (-noscript)
54310121 1264# $meta -> (optional) Meta information tags
7d37aa8e
LS		 1265# $head -> (optional) any other elements you'd like to incorporate into the <HEAD> tag
1266# (a scalar or array ref)
1267# $style -> (optional) reference to an external style sheet
54310121 1268# @other -> (optional) any other named parameters you'd like to incorporate into
1269# the <BODY> tag.
1270####
1271'start_html' => <<'END_OF_FUNC',
1272sub start_html {
1273 my($self,@p) = &self_or_default(@_);
424ec8fa
GS		 1274 my($title,$author,$base,$xbase,$script,$noscript,$target,$meta,$head,$style,$dtd,@other) =
1275 $self->rearrange([TITLE,AUTHOR,BASE,XBASE,SCRIPT,NOSCRIPT,TARGET,META,HEAD,STYLE,DTD],@p);
54310121 1276
1277 # strangely enough, the title needs to be escaped as HTML
1278 # while the author needs to be escaped as a URL
1279 $title = $self->escapeHTML($title || 'Untitled Document');
424ec8fa 1280 $author = $self->escape($author);
54310121 1281 my(@result);
424ec8fa
GS		 1282 $dtd = $DEFAULT_DTD unless $dtd && $dtd =~ m|^-//|;
1283 push(@result,qq(<!DOCTYPE HTML PUBLIC "$dtd">)) if $dtd;
54310121 1284 push(@result,"<HTML><HEAD><TITLE>$title</TITLE>");
424ec8fa 1285 push(@result,"<LINK REV=MADE HREF=\"mailto:$author\">") if defined $author;
54310121 1286
1287 if ($base || $xbase || $target) {
424ec8fa 1288 my $href = $xbase || $self->url('-path'=>1);
54310121 1289 my $t = $target ? qq/ TARGET="$target"/ : '';
1290 push(@result,qq/<BASE HREF="$href"$t>/);
1291 }
1292
1293 if ($meta && ref($meta) && (ref($meta) eq 'HASH')) {
1294 foreach (keys %$meta) { push(@result,qq(<META NAME="$_" CONTENT="$meta->{$_}">)); }
1295 }
7d37aa8e
LS		 1296
1297 push(@result,ref($head) ? @$head : $head) if $head;
1298
424ec8fa
GS		 1299 # handle the infrequently-used -style and -script parameters
1300 push(@result,$self->_style($style)) if defined $style;
1301 push(@result,$self->_script($script)) if defined $script;
1302
1303 # handle -noscript parameter
1304 push(@result,<<END) if $noscript;
1305<NOSCRIPT>
1306$noscript
1307</NOSCRIPT>
1308END
1309 ;
1310 my($other) = @other ? " @other" : '';
1311 push(@result,"</HEAD><BODY$other>");
1312 return join("\n",@result);
1313}
1314END_OF_FUNC
1315
1316### Method: _style
1317# internal method for generating a CSS style section
1318####
1319'_style' => <<'END_OF_FUNC',
1320sub _style {
1321 my ($self,$style) = @_;
1322 my (@result);
1323 my $type = 'text/css';
1324 if (ref($style)) {
1325 my($src,$code,$stype,@other) =
1326 $self->rearrange([SRC,CODE,TYPE],
1327 '-foo'=>'bar', # a trick to allow the '-' to be omitted
1328 ref($style) eq 'ARRAY' ? @$style : %$style);
1329 $type = $stype if $stype;
1330 push(@result,qq/<LINK REL="stylesheet" HREF="$src">/) if $src;
1331 push(@result,style({'type'=>$type},"<!--\n$code\n-->")) if $code;
1332 } else {
1333 push(@result,style({'type'=>$type},"<!--\n$style\n-->"));
7d37aa8e 1334 }
424ec8fa
GS		 1335 @result;
1336}
1337END_OF_FUNC
1338
7d37aa8e 1339
424ec8fa
GS		 1340'_script' => <<'END_OF_FUNC',
1341sub _script {
1342 my ($self,$script) = @_;
1343 my (@result);
1344 my (@scripts) = ref($script) eq 'ARRAY' ? @$script : ($script);
1345 foreach $script (@scripts) {
7d37aa8e
LS		 1346 my($src,$code,$language);
1347 if (ref($script)) { # script is a hash
1348 ($src,$code,$language) =
1349 $self->rearrange([SRC,CODE,LANGUAGE],
1350 '-foo'=>'bar', # a trick to allow the '-' to be omitted
1351 ref($style) eq 'ARRAY' ? @$script : %$script);
424ec8fa 1352
7d37aa8e
LS		 1353 } else {
1354 ($src,$code,$language) = ('',$script,'JavaScript');
1355 }
1356 my(@satts);
1357 push(@satts,'src'=>$src) if $src;
1358 push(@satts,'language'=>$language || 'JavaScript');
1359 $code = "<!-- Hide script\n$code\n// End script hiding -->"
1360 if $code && $language=~/javascript/i;
1361 $code = "<!-- Hide script\n$code\n\# End script hiding -->"
1362 if $code && $language=~/perl/i;
1363 push(@result,script({@satts},$code));
1364 }
424ec8fa 1365 @result;
54310121 1366}
1367END_OF_FUNC
1368
54310121 1369#### Method: end_html
1370# End an HTML document.
1371# Trivial method for completeness. Just returns "</BODY>"
1372####
1373'end_html' => <<'END_OF_FUNC',
1374sub end_html {
1375 return "</BODY></HTML>";
1376}
1377END_OF_FUNC
1378
1379
1380################################
1381# METHODS USED IN BUILDING FORMS
1382################################
1383
1384#### Method: isindex
1385# Just prints out the isindex tag.
1386# Parameters:
1387# $action -> optional URL of script to run
1388# Returns:
1389# A string containing a <ISINDEX> tag
1390'isindex' => <<'END_OF_FUNC',
1391sub isindex {
1392 my($self,@p) = self_or_default(@_);
1393 my($action,@other) = $self->rearrange([ACTION],@p);
1394 $action = qq/ACTION="$action"/ if $action;
1395 my($other) = @other ? " @other" : '';
1396 return "<ISINDEX $action$other>";
1397}
1398END_OF_FUNC
1399
1400
1401#### Method: startform
1402# Start a form
1403# Parameters:
1404# $method -> optional submission method to use (GET or POST)
1405# $action -> optional URL of script to run
1406# $enctype ->encoding to use (URL_ENCODED or MULTIPART)
1407'startform' => <<'END_OF_FUNC',
1408sub startform {
1409 my($self,@p) = self_or_default(@_);
1410
1411 my($method,$action,$enctype,@other) =
1412 $self->rearrange([METHOD,ACTION,ENCTYPE],@p);
1413
1414 $method = $method || 'POST';
1415 $enctype = $enctype || &URL_ENCODED;
1416 $action = $action ? qq/ACTION="$action"/ : $method eq 'GET' ?
1417 'ACTION="'.$self->script_name.'"' : '';
1418 my($other) = @other ? " @other" : '';
1419 $self->{'.parametersToAdd'}={};
1420 return qq/<FORM METHOD="$method" $action ENCTYPE="$enctype"$other>\n/;
1421}
1422END_OF_FUNC
1423
1424
1425#### Method: start_form
1426# synonym for startform
1427'start_form' => <<'END_OF_FUNC',
1428sub start_form {
1429 &startform;
1430}
1431END_OF_FUNC
1432
71f3e297
JH		 1433'end_multipart_form' => <<'END_OF_FUNC',
1434sub end_multipart_form {
1435 &endform;
1436}
1437END_OF_FUNC
54310121 1438
1439#### Method: start_multipart_form
1440# synonym for startform
1441'start_multipart_form' => <<'END_OF_FUNC',
1442sub start_multipart_form {
1443 my($self,@p) = self_or_default(@_);
1444 if ($self->use_named_parameters ||
1445 (defined($param[0]) && substr($param[0],0,1) eq '-')) {
1446 my(%p) = @p;
1447 $p{'-enctype'}=&MULTIPART;
1448 return $self->startform(%p);
1449 } else {
1450 my($method,$action,@other) =
1451 $self->rearrange([METHOD,ACTION],@p);
1452 return $self->startform($method,$action,&MULTIPART,@other);
1453 }
1454}
1455END_OF_FUNC
1456
1457
1458#### Method: endform
1459# End a form
1460'endform' => <<'END_OF_FUNC',
1461sub endform {
1462 my($self,@p) = self_or_default(@_);
1463 return ($self->get_fields,"</FORM>");
1464}
1465END_OF_FUNC
1466
1467
1468#### Method: end_form
1469# synonym for endform
1470'end_form' => <<'END_OF_FUNC',
1471sub end_form {
1472 &endform;
1473}
1474END_OF_FUNC
1475
1476
424ec8fa
GS		 1477'_textfield' => <<'END_OF_FUNC',
1478sub _textfield {
1479 my($self,$tag,@p) = self_or_default(@_);
1480 my($name,$default,$size,$maxlength,$override,@other) =
1481 $self->rearrange([NAME,[DEFAULT,VALUE],SIZE,MAXLENGTH,[OVERRIDE,FORCE]],@p);
1482
1483 my $current = $override ? $default :
1484 (defined($self->param($name)) ? $self->param($name) : $default);
1485
1486 $current = defined($current) ? $self->escapeHTML($current) : '';
1487 $name = defined($name) ? $self->escapeHTML($name) : '';
1488 my($s) = defined($size) ? qq/ SIZE=$size/ : '';
1489 my($m) = defined($maxlength) ? qq/ MAXLENGTH=$maxlength/ : '';
71f3e297
JH		 1490 my($other) = @other ? " @other" : '';
1491 # this entered at cristy's request to fix problems with file upload fields
1492 # and WebTV -- not sure it won't break stuff
1493 my($value) = $current ne '' ? qq(VALUE="$current") : '';
1494 return qq/<INPUT TYPE="$tag" NAME="$name" $value$s$m$other>/;
424ec8fa
GS		 1495}
1496END_OF_FUNC
1497
54310121 1498#### Method: textfield
1499# Parameters:
1500# $name -> Name of the text field
1501# $default -> Optional default value of the field if not
1502# already defined.
1503# $size -> Optional width of field in characaters.
1504# $maxlength -> Optional maximum number of characters.
1505# Returns:
1506# A string containing a <INPUT TYPE="text"> field
1507#
1508'textfield' => <<'END_OF_FUNC',
1509sub textfield {
1510 my($self,@p) = self_or_default(@_);
424ec8fa 1511 $self->_textfield('text',@p);
54310121 1512}
1513END_OF_FUNC
1514
1515
1516#### Method: filefield
1517# Parameters:
1518# $name -> Name of the file upload field
1519# $size -> Optional width of field in characaters.
1520# $maxlength -> Optional maximum number of characters.
1521# Returns:
1522# A string containing a <INPUT TYPE="text"> field
1523#
1524'filefield' => <<'END_OF_FUNC',
1525sub filefield {
1526 my($self,@p) = self_or_default(@_);
424ec8fa 1527 $self->_textfield('file',@p);
54310121 1528}
1529END_OF_FUNC
1530
1531
1532#### Method: password
1533# Create a "secret password" entry field
1534# Parameters:
1535# $name -> Name of the field
1536# $default -> Optional default value of the field if not
1537# already defined.
1538# $size -> Optional width of field in characters.
1539# $maxlength -> Optional maximum characters that can be entered.
1540# Returns:
1541# A string containing a <INPUT TYPE="password"> field
1542#
1543'password_field' => <<'END_OF_FUNC',
1544sub password_field {
1545 my ($self,@p) = self_or_default(@_);
424ec8fa 1546 $self->_textfield('password',@p);
54310121 1547}
1548END_OF_FUNC
1549
54310121 1550#### Method: textarea
1551# Parameters:
1552# $name -> Name of the text field
1553# $default -> Optional default value of the field if not
1554# already defined.
1555# $rows -> Optional number of rows in text area
1556# $columns -> Optional number of columns in text area
1557# Returns:
1558# A string containing a <TEXTAREA></TEXTAREA> tag
1559#
1560'textarea' => <<'END_OF_FUNC',
1561sub textarea {
1562 my($self,@p) = self_or_default(@_);
1563
1564 my($name,$default,$rows,$cols,$override,@other) =
1565 $self->rearrange([NAME,[DEFAULT,VALUE],ROWS,[COLS,COLUMNS],[OVERRIDE,FORCE]],@p);
1566
1567 my($current)= $override ? $default :
1568 (defined($self->param($name)) ? $self->param($name) : $default);
1569
1570 $name = defined($name) ? $self->escapeHTML($name) : '';
1571 $current = defined($current) ? $self->escapeHTML($current) : '';
1572 my($r) = $rows ? " ROWS=$rows" : '';
1573 my($c) = $cols ? " COLS=$cols" : '';
1574 my($other) = @other ? " @other" : '';
1575 return qq{<TEXTAREA NAME="$name"$r$c$other>$current</TEXTAREA>};
1576}
1577END_OF_FUNC
1578
1579
1580#### Method: button
1581# Create a javascript button.
1582# Parameters:
1583# $name -> (optional) Name for the button. (-name)
1584# $value -> (optional) Value of the button when selected (and visible name) (-value)
1585# $onclick -> (optional) Text of the JavaScript to run when the button is
1586# clicked.
1587# Returns:
1588# A string containing a <INPUT TYPE="button"> tag
1589####
1590'button' => <<'END_OF_FUNC',
1591sub button {
1592 my($self,@p) = self_or_default(@_);
1593
1594 my($label,$value,$script,@other) = $self->rearrange([NAME,[VALUE,LABEL],
1595 [ONCLICK,SCRIPT]],@p);
1596
1597 $label=$self->escapeHTML($label);
1598 $value=$self->escapeHTML($value);
1599 $script=$self->escapeHTML($script);
1600
1601 my($name) = '';
1602 $name = qq/ NAME="$label"/ if $label;
1603 $value = $value || $label;
1604 my($val) = '';
1605 $val = qq/ VALUE="$value"/ if $value;
1606 $script = qq/ ONCLICK="$script"/ if $script;
1607 my($other) = @other ? " @other" : '';
1608 return qq/<INPUT TYPE="button"$name$val$script$other>/;
1609}
1610END_OF_FUNC
1611
1612
1613#### Method: submit
1614# Create a "submit query" button.
1615# Parameters:
1616# $name -> (optional) Name for the button.
1617# $value -> (optional) Value of the button when selected (also doubles as label).
1618# $label -> (optional) Label printed on the button(also doubles as the value).
1619# Returns:
1620# A string containing a <INPUT TYPE="submit"> tag
1621####
1622'submit' => <<'END_OF_FUNC',
1623sub submit {
1624 my($self,@p) = self_or_default(@_);
1625
1626 my($label,$value,@other) = $self->rearrange([NAME,[VALUE,LABEL]],@p);
1627
1628 $label=$self->escapeHTML($label);
1629 $value=$self->escapeHTML($value);
1630
1631 my($name) = ' NAME=".submit"';
424ec8fa
GS		 1632 $name = qq/ NAME="$label"/ if defined($label);
1633 $value = defined($value) ? $value : $label;
54310121 1634 my($val) = '';
1635 $val = qq/ VALUE="$value"/ if defined($value);
1636 my($other) = @other ? " @other" : '';
1637 return qq/<INPUT TYPE="submit"$name$val$other>/;
1638}
1639END_OF_FUNC
1640
1641
1642#### Method: reset
1643# Create a "reset" button.
1644# Parameters:
1645# $name -> (optional) Name for the button.
1646# Returns:
1647# A string containing a <INPUT TYPE="reset"> tag
1648####
1649'reset' => <<'END_OF_FUNC',
1650sub reset {
1651 my($self,@p) = self_or_default(@_);
1652 my($label,@other) = $self->rearrange([NAME],@p);
1653 $label=$self->escapeHTML($label);
1654 my($value) = defined($label) ? qq/ VALUE="$label"/ : '';
1655 my($other) = @other ? " @other" : '';
1656 return qq/<INPUT TYPE="reset"$value$other>/;
1657}
1658END_OF_FUNC
1659
1660
1661#### Method: defaults
1662# Create a "defaults" button.
1663# Parameters:
1664# $name -> (optional) Name for the button.
1665# Returns:
1666# A string containing a <INPUT TYPE="submit" NAME=".defaults"> tag
1667#
1668# Note: this button has a special meaning to the initialization script,
1669# and tells it to ERASE the current query string so that your defaults
1670# are used again!
1671####
1672'defaults' => <<'END_OF_FUNC',
1673sub defaults {
1674 my($self,@p) = self_or_default(@_);
1675
1676 my($label,@other) = $self->rearrange([[NAME,VALUE]],@p);
1677
1678 $label=$self->escapeHTML($label);
1679 $label = $label || "Defaults";
1680 my($value) = qq/ VALUE="$label"/;
1681 my($other) = @other ? " @other" : '';
1682 return qq/<INPUT TYPE="submit" NAME=".defaults"$value$other>/;
1683}
1684END_OF_FUNC
1685
1686
424ec8fa
GS		 1687#### Method: comment
1688# Create an HTML <!-- comment -->
1689# Parameters: a string
1690'comment' => <<'END_OF_FUNC',
1691sub comment {
1692 my($self,@p) = self_or_CGI(@_);
1693 return "<!-- @p -->";
1694}
1695END_OF_FUNC
1696
54310121 1697#### Method: checkbox
1698# Create a checkbox that is not logically linked to any others.
1699# The field value is "on" when the button is checked.
1700# Parameters:
1701# $name -> Name of the checkbox
1702# $checked -> (optional) turned on by default if true
1703# $value -> (optional) value of the checkbox, 'on' by default
1704# $label -> (optional) a user-readable label printed next to the box.
1705# Otherwise the checkbox name is used.
1706# Returns:
1707# A string containing a <INPUT TYPE="checkbox"> field
1708####
1709'checkbox' => <<'END_OF_FUNC',
1710sub checkbox {
1711 my($self,@p) = self_or_default(@_);
1712
1713 my($name,$checked,$value,$label,$override,@other) =
1714 $self->rearrange([NAME,[CHECKED,SELECTED,ON],VALUE,LABEL,[OVERRIDE,FORCE]],@p);
1715
424ec8fa
GS		 1716 $value = defined $value ? $value : 'on';
1717
1718 if (!$override && ($self->{'.fieldnames'}->{$name} ||
1719 defined $self->param($name))) {
1720 $checked = grep($_ eq $value,$self->param($name)) ? ' CHECKED' : '';
54310121 1721 } else {
1722 $checked = $checked ? ' CHECKED' : '';
54310121 1723 }
1724 my($the_label) = defined $label ? $label : $name;
1725 $name = $self->escapeHTML($name);
1726 $value = $self->escapeHTML($value);
1727 $the_label = $self->escapeHTML($the_label);
1728 my($other) = @other ? " @other" : '';
1729 $self->register_parameter($name);
1730 return <<END;
1731<INPUT TYPE="checkbox" NAME="$name" VALUE="$value"$checked$other>$the_label
1732END
1733}
1734END_OF_FUNC
1735
1736
1737#### Method: checkbox_group
1738# Create a list of logically-linked checkboxes.
1739# Parameters:
1740# $name -> Common name for all the check boxes
1741# $values -> A pointer to a regular array containing the
1742# values for each checkbox in the group.
1743# $defaults -> (optional)
1744# 1. If a pointer to a regular array of checkbox values,
1745# then this will be used to decide which
1746# checkboxes to turn on by default.
1747# 2. If a scalar, will be assumed to hold the
1748# value of a single checkbox in the group to turn on.
1749# $linebreak -> (optional) Set to true to place linebreaks
1750# between the buttons.
1751# $labels -> (optional)
1752# A pointer to an associative array of labels to print next to each checkbox
1753# in the form $label{'value'}="Long explanatory label".
1754# Otherwise the provided values are used as the labels.
1755# Returns:
1756# An ARRAY containing a series of <INPUT TYPE="checkbox"> fields
1757####
1758'checkbox_group' => <<'END_OF_FUNC',
1759sub checkbox_group {
1760 my($self,@p) = self_or_default(@_);
1761
1762 my($name,$values,$defaults,$linebreak,$labels,$rows,$columns,
1763 $rowheaders,$colheaders,$override,$nolabels,@other) =
1764 $self->rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT],
1765 LINEBREAK,LABELS,ROWS,[COLUMNS,COLS],
1766 ROWHEADERS,COLHEADERS,
1767 [OVERRIDE,FORCE],NOLABELS],@p);
1768
1769 my($checked,$break,$result,$label);
1770
1771 my(%checked) = $self->previous_or_default($name,$defaults,$override);
1772
1773 $break = $linebreak ? "<BR>" : '';
1774 $name=$self->escapeHTML($name);
1775
1776 # Create the elements
424ec8fa
GS		 1777 my(@elements,@values);
1778
1779 @values = $self->_set_values_and_labels($values,\$labels,$name);
1780
54310121 1781 my($other) = @other ? " @other" : '';
1782 foreach (@values) {
1783 $checked = $checked{$_} ? ' CHECKED' : '';
1784 $label = '';
1785 unless (defined($nolabels) && $nolabels) {
1786 $label = $_;
424ec8fa 1787 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
54310121 1788 $label = $self->escapeHTML($label);
1789 }
1790 $_ = $self->escapeHTML($_);
424ec8fa 1791 push(@elements,qq/<INPUT TYPE="checkbox" NAME="$name" VALUE="$_"$checked$other>${label}${break}/);
54310121 1792 }
1793 $self->register_parameter($name);
424ec8fa
GS		 1794 return wantarray ? @elements : join(' ',@elements)
1795 unless defined($columns) || defined($rows);
54310121 1796 return _tableize($rows,$columns,$rowheaders,$colheaders,@elements);
1797}
1798END_OF_FUNC
1799
54310121 1800# Escape HTML -- used internally
1801'escapeHTML' => <<'END_OF_FUNC',
1802sub escapeHTML {
1803 my($self,$toencode) = @_;
424ec8fa 1804 $toencode = $self unless ref($self);
54310121 1805 return undef unless defined($toencode);
424ec8fa
GS		 1806 return $toencode if ref($self) && $self->{'dontescape'};
1807
54310121 1808 $toencode=~s/&/&amp;/g;
1809 $toencode=~s/\"/&quot;/g;
1810 $toencode=~s/>/&gt;/g;
1811 $toencode=~s/</&lt;/g;
1812 return $toencode;
1813}
1814END_OF_FUNC
1815
424ec8fa
GS		 1816# unescape HTML -- used internally
1817'unescapeHTML' => <<'END_OF_FUNC',
1818sub unescapeHTML {
1819 my $string = ref($_[0]) ? $_[1] : $_[0];
1820 return undef unless defined($string);
71f3e297
JH		 1821 # thanks to Randal Schwartz for the correct solution to this one
1822 $string=~ s[&(.*?);]{
1823 local $_ = $1;
1824 /^amp$/i ? "&" :
1825 /^quot$/i ? '"' :
1826 /^gt$/i ? ">" :
1827 /^lt$/i ? "<" :
1828 /^#(\d+)$/ ? chr($1) :
1829 /^#x([0-9a-f]+)$/i ? chr(hex($1)) :
1830 $_
1831 }gex;
424ec8fa
GS		 1832 return $string;
1833}
1834END_OF_FUNC
54310121 1835
1836# Internal procedure - don't use
1837'_tableize' => <<'END_OF_FUNC',
1838sub _tableize {
1839 my($rows,$columns,$rowheaders,$colheaders,@elements) = @_;
1840 my($result);
1841
424ec8fa
GS		 1842 if (defined($columns)) {
1843 $rows = int(0.99 + @elements/$columns) unless defined($rows);
1844 }
1845 if (defined($rows)) {
1846 $columns = int(0.99 + @elements/$rows) unless defined($columns);
1847 }
1848
54310121 1849 # rearrange into a pretty table
1850 $result = "<TABLE>";
1851 my($row,$column);
424ec8fa
GS		 1852 unshift(@$colheaders,'') if defined(@$colheaders) && defined(@$rowheaders);
1853 $result .= "<TR>" if defined(@{$colheaders});
54310121 1854 foreach (@{$colheaders}) {
1855 $result .= "<TH>$_</TH>";
1856 }
1857 for ($row=0;$row<$rows;$row++) {
1858 $result .= "<TR>";
424ec8fa 1859 $result .= "<TH>$rowheaders->[$row]</TH>" if defined(@$rowheaders);
54310121 1860 for ($column=0;$column<$columns;$column++) {
424ec8fa
GS		 1861 $result .= "<TD>" . $elements[$column*$rows + $row] . "</TD>"
1862 if defined($elements[$column*$rows + $row]);
54310121 1863 }
1864 $result .= "</TR>";
1865 }
1866 $result .= "</TABLE>";
1867 return $result;
1868}
1869END_OF_FUNC
1870
1871
1872#### Method: radio_group
1873# Create a list of logically-linked radio buttons.
1874# Parameters:
1875# $name -> Common name for all the buttons.
1876# $values -> A pointer to a regular array containing the
1877# values for each button in the group.
1878# $default -> (optional) Value of the button to turn on by default. Pass '-'
1879# to turn _nothing_ on.
1880# $linebreak -> (optional) Set to true to place linebreaks
1881# between the buttons.
1882# $labels -> (optional)
1883# A pointer to an associative array of labels to print next to each checkbox
1884# in the form $label{'value'}="Long explanatory label".
1885# Otherwise the provided values are used as the labels.
1886# Returns:
1887# An ARRAY containing a series of <INPUT TYPE="radio"> fields
1888####
1889'radio_group' => <<'END_OF_FUNC',
1890sub radio_group {
1891 my($self,@p) = self_or_default(@_);
1892
1893 my($name,$values,$default,$linebreak,$labels,
1894 $rows,$columns,$rowheaders,$colheaders,$override,$nolabels,@other) =
1895 $self->rearrange([NAME,[VALUES,VALUE],DEFAULT,LINEBREAK,LABELS,
1896 ROWS,[COLUMNS,COLS],
1897 ROWHEADERS,COLHEADERS,
1898 [OVERRIDE,FORCE],NOLABELS],@p);
1899 my($result,$checked);
1900
1901 if (!$override && defined($self->param($name))) {
1902 $checked = $self->param($name);
1903 } else {
1904 $checked = $default;
1905 }
424ec8fa 1906 my(@elements,@values);
424ec8fa
GS		 1907 @values = $self->_set_values_and_labels($values,\$labels,$name);
1908
71f3e297
JH		 1909 # If no check array is specified, check the first by default
1910 $checked = $values[0] unless defined($checked) && $checked ne '';
1911 $name=$self->escapeHTML($name);
1912
54310121 1913 my($other) = @other ? " @other" : '';
1914 foreach (@values) {
1915 my($checkit) = $checked eq $_ ? ' CHECKED' : '';
1916 my($break) = $linebreak ? '<BR>' : '';
1917 my($label)='';
1918 unless (defined($nolabels) && $nolabels) {
1919 $label = $_;
424ec8fa 1920 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
54310121 1921 $label = $self->escapeHTML($label);
1922 }
1923 $_=$self->escapeHTML($_);
424ec8fa 1924 push(@elements,qq/<INPUT TYPE="radio" NAME="$name" VALUE="$_"$checkit$other>${label}${break}/);
54310121 1925 }
1926 $self->register_parameter($name);
424ec8fa
GS		 1927 return wantarray ? @elements : join(' ',@elements)
1928 unless defined($columns) || defined($rows);
54310121 1929 return _tableize($rows,$columns,$rowheaders,$colheaders,@elements);
1930}
1931END_OF_FUNC
1932
1933
1934#### Method: popup_menu
1935# Create a popup menu.
1936# Parameters:
1937# $name -> Name for all the menu
1938# $values -> A pointer to a regular array containing the
1939# text of each menu item.
1940# $default -> (optional) Default item to display
1941# $labels -> (optional)
1942# A pointer to an associative array of labels to print next to each checkbox
1943# in the form $label{'value'}="Long explanatory label".
1944# Otherwise the provided values are used as the labels.
1945# Returns:
1946# A string containing the definition of a popup menu.
1947####
1948'popup_menu' => <<'END_OF_FUNC',
1949sub popup_menu {
1950 my($self,@p) = self_or_default(@_);
1951
1952 my($name,$values,$default,$labels,$override,@other) =
1953 $self->rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LABELS,[OVERRIDE,FORCE]],@p);
1954 my($result,$selected);
1955
1956 if (!$override && defined($self->param($name))) {
1957 $selected = $self->param($name);
1958 } else {
1959 $selected = $default;
1960 }
1961 $name=$self->escapeHTML($name);
1962 my($other) = @other ? " @other" : '';
1963
424ec8fa
GS		 1964 my(@values);
1965 @values = $self->_set_values_and_labels($values,\$labels,$name);
1966
54310121 1967 $result = qq/<SELECT NAME="$name"$other>\n/;
1968 foreach (@values) {
1969 my($selectit) = defined($selected) ? ($selected eq $_ ? 'SELECTED' : '' ) : '';
1970 my($label) = $_;
424ec8fa 1971 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
54310121 1972 my($value) = $self->escapeHTML($_);
1973 $label=$self->escapeHTML($label);
1974 $result .= "<OPTION $selectit VALUE=\"$value\">$label\n";
1975 }
1976
1977 $result .= "</SELECT>\n";
1978 return $result;
1979}
1980END_OF_FUNC
1981
1982
1983#### Method: scrolling_list
1984# Create a scrolling list.
1985# Parameters:
1986# $name -> name for the list
1987# $values -> A pointer to a regular array containing the
1988# values for each option line in the list.
1989# $defaults -> (optional)
1990# 1. If a pointer to a regular array of options,
1991# then this will be used to decide which
1992# lines to turn on by default.
1993# 2. Otherwise holds the value of the single line to turn on.
1994# $size -> (optional) Size of the list.
1995# $multiple -> (optional) If set, allow multiple selections.
1996# $labels -> (optional)
1997# A pointer to an associative array of labels to print next to each checkbox
1998# in the form $label{'value'}="Long explanatory label".
1999# Otherwise the provided values are used as the labels.
2000# Returns:
2001# A string containing the definition of a scrolling list.
2002####
2003'scrolling_list' => <<'END_OF_FUNC',
2004sub scrolling_list {
2005 my($self,@p) = self_or_default(@_);
2006 my($name,$values,$defaults,$size,$multiple,$labels,$override,@other)
2007 = $self->rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT],
2008 SIZE,MULTIPLE,LABELS,[OVERRIDE,FORCE]],@p);
2009
424ec8fa
GS		 2010 my($result,@values);
2011 @values = $self->_set_values_and_labels($values,\$labels,$name);
2012
54310121 2013 $size = $size || scalar(@values);
2014
2015 my(%selected) = $self->previous_or_default($name,$defaults,$override);
2016 my($is_multiple) = $multiple ? ' MULTIPLE' : '';
2017 my($has_size) = $size ? " SIZE=$size" : '';
2018 my($other) = @other ? " @other" : '';
2019
2020 $name=$self->escapeHTML($name);
2021 $result = qq/<SELECT NAME="$name"$has_size$is_multiple$other>\n/;
2022 foreach (@values) {
2023 my($selectit) = $selected{$_} ? 'SELECTED' : '';
2024 my($label) = $_;
424ec8fa 2025 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
54310121 2026 $label=$self->escapeHTML($label);
2027 my($value)=$self->escapeHTML($_);
2028 $result .= "<OPTION $selectit VALUE=\"$value\">$label\n";
2029 }
2030 $result .= "</SELECT>\n";
2031 $self->register_parameter($name);
2032 return $result;
2033}
2034END_OF_FUNC
2035
2036
2037#### Method: hidden
2038# Parameters:
2039# $name -> Name of the hidden field
2040# @default -> (optional) Initial values of field (may be an array)
2041# or
2042# $default->[initial values of field]
2043# Returns:
2044# A string containing a <INPUT TYPE="hidden" NAME="name" VALUE="value">
2045####
2046'hidden' => <<'END_OF_FUNC',
2047sub hidden {
2048 my($self,@p) = self_or_default(@_);
2049
2050 # this is the one place where we departed from our standard
2051 # calling scheme, so we have to special-case (darn)
2052 my(@result,@value);
2053 my($name,$default,$override,@other) =
2054 $self->rearrange([NAME,[DEFAULT,VALUE,VALUES],[OVERRIDE,FORCE]],@p);
2055
2056 my $do_override = 0;
424ec8fa 2057 if ( ref($p[0]) || substr($p[0],0,1) eq '-' || $self->use_named_parameters ) {
54310121 2058 @value = ref($default) ? @{$default} : $default;
2059 $do_override = $override;
2060 } else {
2061 foreach ($default,$override,@other) {
2062 push(@value,$_) if defined($_);
2063 }
2064 }
2065
2066 # use previous values if override is not set
2067 my @prev = $self->param($name);
2068 @value = @prev if !$do_override && @prev;
2069
2070 $name=$self->escapeHTML($name);
2071 foreach (@value) {
2072 $_=$self->escapeHTML($_);
2073 push(@result,qq/<INPUT TYPE="hidden" NAME="$name" VALUE="$_">/);
2074 }
2075 return wantarray ? @result : join('',@result);
2076}
2077END_OF_FUNC
2078
2079
2080#### Method: image_button
2081# Parameters:
2082# $name -> Name of the button
2083# $src -> URL of the image source
2084# $align -> Alignment style (TOP, BOTTOM or MIDDLE)
2085# Returns:
2086# A string containing a <INPUT TYPE="image" NAME="name" SRC="url" ALIGN="alignment">
2087####
2088'image_button' => <<'END_OF_FUNC',
2089sub image_button {
2090 my($self,@p) = self_or_default(@_);
2091
2092 my($name,$src,$alignment,@other) =
2093 $self->rearrange([NAME,SRC,ALIGN],@p);
2094
2095 my($align) = $alignment ? " ALIGN=\U$alignment" : '';
2096 my($other) = @other ? " @other" : '';
2097 $name=$self->escapeHTML($name);
2098 return qq/<INPUT TYPE="image" NAME="$name" SRC="$src"$align$other>/;
2099}
2100END_OF_FUNC
2101
2102
2103#### Method: self_url
2104# Returns a URL containing the current script and all its
2105# param/value pairs arranged as a query. You can use this
2106# to create a link that, when selected, will reinvoke the
2107# script with all its state information preserved.
2108####
2109'self_url' => <<'END_OF_FUNC',
2110sub self_url {
424ec8fa
GS		 2111 my($self,@p) = self_or_default(@_);
2112 return $self->url('-path_info'=>1,'-query'=>1,'-full'=>1,@p);
54310121 2113}
2114END_OF_FUNC
2115
2116
2117# This is provided as a synonym to self_url() for people unfortunate
2118# enough to have incorporated it into their programs already!
2119'state' => <<'END_OF_FUNC',
2120sub state {
2121 &self_url;
2122}
2123END_OF_FUNC
2124
2125
2126#### Method: url
2127# Like self_url, but doesn't return the query string part of
2128# the URL.
2129####
2130'url' => <<'END_OF_FUNC',
2131sub url {
424ec8fa
GS		 2132 my($self,@p) = self_or_default(@_);
2133 my ($relative,$absolute,$full,$path_info,$query) =
2134 $self->rearrange(['RELATIVE','ABSOLUTE','FULL',['PATH','PATH_INFO'],['QUERY','QUERY_STRING']],@p);
2135 my $url;
2136 $full++ if !($relative || $absolute);
2137
2138 if ($full) {
2139 my $protocol = $self->protocol();
2140 $url = "$protocol://";
2141 my $vh = http('host');
2142 if ($vh) {
2143 $url .= $vh;
2144 } else {
2145 $url .= server_name();
2146 my $port = $self->server_port;
2147 $url .= ":" . $port
2148 unless (lc($protocol) eq 'http' && $port == 80)
2149 || (lc($protocol) eq 'https' && $port == 443);
2150 }
2151 $url .= $self->script_name;
2152 } elsif ($relative) {
2153 ($url) = $self->script_name =~ m!([^/]+)$!;
2154 } elsif ($absolute) {
2155 $url = $self->script_name;
2156 }
2157 $url .= $self->path_info if $path_info and $self->path_info;
2158 $url .= "?" . $self->query_string if $query and $self->query_string;
2159 return $url;
54310121 2160}
2161
2162END_OF_FUNC
2163
2164#### Method: cookie
2165# Set or read a cookie from the specified name.
2166# Cookie can then be passed to header().
2167# Usual rules apply to the stickiness of -value.
2168# Parameters:
2169# -name -> name for this cookie (optional)
2170# -value -> value of this cookie (scalar, array or hash)
2171# -path -> paths for which this cookie is valid (optional)
2172# -domain -> internet domain in which this cookie is valid (optional)
2173# -secure -> if true, cookie only passed through secure channel (optional)
7d37aa8e 2174# -expires -> expiry date in format Wdy, DD-Mon-YYYY HH:MM:SS GMT (optional)
54310121 2175####
2176'cookie' => <<'END_OF_FUNC',
54310121 2177sub cookie {
2178 my($self,@p) = self_or_default(@_);
2179 my($name,$value,$path,$domain,$secure,$expires) =
2180 $self->rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES],@p);
2181
424ec8fa 2182 require CGI::Cookie;
54310121 2183
2184 # if no value is supplied, then we retrieve the
2185 # value of the cookie, if any. For efficiency, we cache the parsed
424ec8fa
GS		 2186 # cookies in our state variables.
2187 unless ( defined($value) ) {
2188 $self->{'.cookies'} = CGI::Cookie->fetch
2189 unless $self->{'.cookies'};
54310121 2190
2191 # If no name is supplied, then retrieve the names of all our cookies.
2192 return () unless $self->{'.cookies'};
424ec8fa
GS		 2193 return keys %{$self->{'.cookies'}} unless $name;
2194 return () unless $self->{'.cookies'}->{$name};
2195 return $self->{'.cookies'}->{$name}->value if defined($name) && $name ne '';
54310121 2196 }
54310121 2197
424ec8fa
GS		 2198 # If we get here, we're creating a new cookie
2199 return undef unless $name; # this is an error
54310121 2200
424ec8fa
GS		 2201 my @param;
2202 push(@param,'-name'=>$name);
2203 push(@param,'-value'=>$value);
2204 push(@param,'-domain'=>$domain) if $domain;
2205 push(@param,'-path'=>$path) if $path;
2206 push(@param,'-expires'=>$expires) if $expires;
2207 push(@param,'-secure'=>$secure) if $secure;
54310121 2208
424ec8fa 2209 return new CGI::Cookie(@param);
54310121 2210}
2211END_OF_FUNC
2212
7d37aa8e
LS		 2213# This internal routine creates an expires time exactly some number of
2214# hours from the current time. It incorporates modifications from
424ec8fa 2215# Mark Fisher.
7d37aa8e
LS		 2216'expire_calc' => <<'END_OF_FUNC',
2217sub expire_calc {
54310121 2218 my($time) = @_;
54310121 2219 my(%mult) = ('s'=>1,
7d37aa8e
LS		 2220 'm'=>60,
2221 'h'=>60*60,
2222 'd'=>60*60*24,
2223 'M'=>60*60*24*30,
2224 'y'=>60*60*24*365);
54310121 2225 # format for time can be in any of the forms...
2226 # "now" -- expire immediately
2227 # "+180s" -- in 180 seconds
2228 # "+2m" -- in 2 minutes
2229 # "+12h" -- in 12 hours
2230 # "+1d" -- in 1 day
2231 # "+3M" -- in 3 months
2232 # "+2y" -- in 2 years
2233 # "-3m" -- 3 minutes ago(!)
2234 # If you don't supply one of these forms, we assume you are
2235 # specifying the date yourself
2236 my($offset);
424ec8fa 2237 if (!$time || (lc($time) eq 'now')) {
7d37aa8e 2238 $offset = 0;
424ec8fa 2239 } elsif ($time=~/^([+-]?(?:\d+|\d*\.\d*))([mhdMy]?)/) {
7d37aa8e 2240 $offset = ($mult{$2} || 1)*$1;
54310121 2241 } else {
7d37aa8e 2242 return $time;
54310121 2243 }
7d37aa8e 2244 return (time+$offset);
54310121 2245}
2246END_OF_FUNC
2247
7d37aa8e
LS		 2248# This internal routine creates date strings suitable for use in
2249# cookies and HTTP headers. (They differ, unfortunately.)
2250# Thanks to Fisher Mark for this.
424ec8fa
GS		 2251'expires' => <<'END_OF_FUNC',
2252sub expires {
7d37aa8e 2253 my($time,$format) = @_;
424ec8fa
GS		 2254 $format ||= 'http';
2255
7d37aa8e
LS		 2256 my(@MON)=qw/Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec/;
2257 my(@WDAY) = qw/Sun Mon Tue Wed Thu Fri Sat/;
2258
2259 # pass through preformatted dates for the sake of expire_calc()
424ec8fa
GS		 2260 $time = expire_calc($time);
2261 return $time unless $time =~ /^\d+$/;
7d37aa8e
LS		 2262
2263 # make HTTP/cookie date string from GMT'ed time
2264 # (cookies use '-' as date separator, HTTP uses ' ')
2265 my($sc) = ' ';
2266 $sc = '-' if $format eq "cookie";
2267 my($sec,$min,$hour,$mday,$mon,$year,$wday) = gmtime($time);
2268 $year += 1900;
2269 return sprintf("%s, %02d$sc%s$sc%04d %02d:%02d:%02d GMT",
2270 $WDAY[$wday],$mday,$MON[$mon],$year,$hour,$min,$sec);
2271}
2272END_OF_FUNC
54310121 2273
424ec8fa
GS		 2274'parse_keywordlist' => <<'END_OF_FUNC',
2275sub parse_keywordlist {
2276 my($self,$tosplit) = @_;
2277 $tosplit = unescape($tosplit); # unescape the keywords
2278 $tosplit=~tr/+/ /; # pluses to spaces
2279 my(@keywords) = split(/\s+/,$tosplit);
2280 return @keywords;
2281}
2282END_OF_FUNC
2283
2284'param_fetch' => <<'END_OF_FUNC',
2285sub param_fetch {
2286 my($self,@p) = self_or_default(@_);
2287 my($name) = $self->rearrange([NAME],@p);
2288 unless (exists($self->{$name})) {
2289 $self->add_parameter($name);
2290 $self->{$name} = [];
2291 }
2292
2293 return $self->{$name};
2294}
2295END_OF_FUNC
2296
54310121 2297###############################################
2298# OTHER INFORMATION PROVIDED BY THE ENVIRONMENT
2299###############################################
2300
2301#### Method: path_info
2302# Return the extra virtual path information provided
2303# after the URL (if any)
2304####
2305'path_info' => <<'END_OF_FUNC',
2306sub path_info {
424ec8fa
GS		 2307 my ($self,$info) = self_or_default(@_);
2308 if (defined($info)) {
2309 $info = "/$info" if $info ne '' && substr($info,0,1) ne '/';
2310 $self->{'.path_info'} = $info;
2311 } elsif (! defined($self->{'.path_info'}) ) {
2312 $self->{'.path_info'} = defined($ENV{'PATH_INFO'}) ?
2313 $ENV{'PATH_INFO'} : '';
2314
2315 # hack to fix broken path info in IIS
2316 $self->{'.path_info'} =~ s/^\Q$ENV{'SCRIPT_NAME'}\E// if $IIS;
2317
2318 }
2319 return $self->{'.path_info'};
54310121 2320}
2321END_OF_FUNC
2322
2323
2324#### Method: request_method
2325# Returns 'POST', 'GET', 'PUT' or 'HEAD'
2326####
2327'request_method' => <<'END_OF_FUNC',
2328sub request_method {
2329 return $ENV{'REQUEST_METHOD'};
2330}
2331END_OF_FUNC
2332
2333#### Method: path_translated
2334# Return the physical path information provided
2335# by the URL (if any)
2336####
2337'path_translated' => <<'END_OF_FUNC',
2338sub path_translated {
2339 return $ENV{'PATH_TRANSLATED'};
2340}
2341END_OF_FUNC
2342
2343
2344#### Method: query_string
2345# Synthesize a query string from our current
2346# parameters
2347####
2348'query_string' => <<'END_OF_FUNC',
2349sub query_string {
2350 my($self) = self_or_default(@_);
2351 my($param,$value,@pairs);
2352 foreach $param ($self->param) {
424ec8fa 2353 my($eparam) = escape($param);
54310121 2354 foreach $value ($self->param($param)) {
424ec8fa 2355 $value = escape($value);
54310121 2356 push(@pairs,"$eparam=$value");
2357 }
2358 }
71f3e297 2359 return join($USE_PARAM_SEMICOLONS ? ';' : '&',@pairs);
54310121 2360}
2361END_OF_FUNC
2362
2363
2364#### Method: accept
2365# Without parameters, returns an array of the
2366# MIME types the browser accepts.
2367# With a single parameter equal to a MIME
2368# type, will return undef if the browser won't
2369# accept it, 1 if the browser accepts it but
2370# doesn't give a preference, or a floating point
2371# value between 0.0 and 1.0 if the browser
2372# declares a quantitative score for it.
2373# This handles MIME type globs correctly.
2374####
71f3e297
JH		 2375'Accept' => <<'END_OF_FUNC',
2376sub Accept {
54310121 2377 my($self,$search) = self_or_CGI(@_);
2378 my(%prefs,$type,$pref,$pat);
2379
2380 my(@accept) = split(',',$self->http('accept'));
2381
2382 foreach (@accept) {
2383 ($pref) = /q=(\d\.\d+|\d+)/;
2384 ($type) = m#(\S+/[^;]+)#;
2385 next unless $type;
2386 $prefs{$type}=$pref || 1;
2387 }
2388
2389 return keys %prefs unless $search;
2390
2391 # if a search type is provided, we may need to
2392 # perform a pattern matching operation.
2393 # The MIME types use a glob mechanism, which
2394 # is easily translated into a perl pattern match
2395
2396 # First return the preference for directly supported
2397 # types:
2398 return $prefs{$search} if $prefs{$search};
2399
2400 # Didn't get it, so try pattern matching.
2401 foreach (keys %prefs) {
2402 next unless /\*/; # not a pattern match
2403 ($pat = $_) =~ s/([^\w*])/\\$1/g; # escape meta characters
2404 $pat =~ s/\*/.*/g; # turn it into a pattern
2405 return $prefs{$_} if $search=~/$pat/;
2406 }
2407}
2408END_OF_FUNC
2409
2410
2411#### Method: user_agent
2412# If called with no parameters, returns the user agent.
2413# If called with one parameter, does a pattern match (case
2414# insensitive) on the user agent.
2415####
2416'user_agent' => <<'END_OF_FUNC',
2417sub user_agent {
2418 my($self,$match)=self_or_CGI(@_);
2419 return $self->http('user_agent') unless $match;
2420 return $self->http('user_agent') =~ /$match/i;
2421}
2422END_OF_FUNC
2423
2424
424ec8fa
GS		 2425#### Method: raw_cookie
2426# Returns the magic cookies for the session.
2427# The cookies are not parsed or altered in any way, i.e.
2428# cookies are returned exactly as given in the HTTP
2429# headers. If a cookie name is given, only that cookie's
2430# value is returned, otherwise the entire raw cookie
2431# is returned.
54310121 2432####
2433'raw_cookie' => <<'END_OF_FUNC',
2434sub raw_cookie {
424ec8fa
GS		 2435 my($self,$key) = self_or_CGI(@_);
2436
2437 require CGI::Cookie;
2438
2439 if (defined($key)) {
2440 $self->{'.raw_cookies'} = CGI::Cookie->raw_fetch
2441 unless $self->{'.raw_cookies'};
2442
2443 return () unless $self->{'.raw_cookies'};
2444 return () unless $self->{'.raw_cookies'}->{$key};
2445 return $self->{'.raw_cookies'}->{$key};
2446 }
54310121 2447 return $self->http('cookie') || $ENV{'COOKIE'} || '';
2448}
2449END_OF_FUNC
2450
2451#### Method: virtual_host
2452# Return the name of the virtual_host, which
2453# is not always the same as the server
2454######
2455'virtual_host' => <<'END_OF_FUNC',
2456sub virtual_host {
424ec8fa
GS		 2457 my $vh = http('host') || server_name();
2458 $vh =~ s/:\d+$//; # get rid of port number
2459 return $vh;
54310121 2460}
2461END_OF_FUNC
2462
2463#### Method: remote_host
2464# Return the name of the remote host, or its IP
2465# address if unavailable. If this variable isn't
2466# defined, it returns "localhost" for debugging
2467# purposes.
2468####
2469'remote_host' => <<'END_OF_FUNC',
2470sub remote_host {
2471 return $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'}
2472 || 'localhost';
2473}
2474END_OF_FUNC
2475
2476
2477#### Method: remote_addr
2478# Return the IP addr of the remote host.
2479####
2480'remote_addr' => <<'END_OF_FUNC',
2481sub remote_addr {
2482 return $ENV{'REMOTE_ADDR'} || '127.0.0.1';
2483}
2484END_OF_FUNC
2485
2486
2487#### Method: script_name
2488# Return the partial URL to this script for
2489# self-referencing scripts. Also see
2490# self_url(), which returns a URL with all state information
2491# preserved.
2492####
2493'script_name' => <<'END_OF_FUNC',
2494sub script_name {
424ec8fa 2495 return $ENV{'SCRIPT_NAME'} if defined($ENV{'SCRIPT_NAME'});
54310121 2496 # These are for debugging
2497 return "/$0" unless $0=~/^\//;
2498 return $0;
2499}
2500END_OF_FUNC
2501
2502
2503#### Method: referer
2504# Return the HTTP_REFERER: useful for generating
2505# a GO BACK button.
2506####
2507'referer' => <<'END_OF_FUNC',
2508sub referer {
2509 my($self) = self_or_CGI(@_);
2510 return $self->http('referer');
2511}
2512END_OF_FUNC
2513
2514
2515#### Method: server_name
2516# Return the name of the server
2517####
2518'server_name' => <<'END_OF_FUNC',
2519sub server_name {
2520 return $ENV{'SERVER_NAME'} || 'localhost';
2521}
2522END_OF_FUNC
2523
2524#### Method: server_software
2525# Return the name of the server software
2526####
2527'server_software' => <<'END_OF_FUNC',
2528sub server_software {
2529 return $ENV{'SERVER_SOFTWARE'} || 'cmdline';
2530}
2531END_OF_FUNC
2532
2533#### Method: server_port
2534# Return the tcp/ip port the server is running on
2535####
2536'server_port' => <<'END_OF_FUNC',
2537sub server_port {
2538 return $ENV{'SERVER_PORT'} || 80; # for debugging
2539}
2540END_OF_FUNC
2541
2542#### Method: server_protocol
2543# Return the protocol (usually HTTP/1.0)
2544####
2545'server_protocol' => <<'END_OF_FUNC',
2546sub server_protocol {
2547 return $ENV{'SERVER_PROTOCOL'} || 'HTTP/1.0'; # for debugging
2548}
2549END_OF_FUNC
2550
2551#### Method: http
2552# Return the value of an HTTP variable, or
2553# the list of variables if none provided
2554####
2555'http' => <<'END_OF_FUNC',
2556sub http {
2557 my ($self,$parameter) = self_or_CGI(@_);
2558 return $ENV{$parameter} if $parameter=~/^HTTP/;
2559 return $ENV{"HTTP_\U$parameter\E"} if $parameter;
2560 my(@p);
2561 foreach (keys %ENV) {
2562 push(@p,$_) if /^HTTP/;
2563 }
2564 return @p;
2565}
2566END_OF_FUNC
2567
2568#### Method: https
2569# Return the value of HTTPS
2570####
2571'https' => <<'END_OF_FUNC',
2572sub https {
2573 local($^W)=0;
2574 my ($self,$parameter) = self_or_CGI(@_);
2575 return $ENV{HTTPS} unless $parameter;
2576 return $ENV{$parameter} if $parameter=~/^HTTPS/;
2577 return $ENV{"HTTPS_\U$parameter\E"} if $parameter;
2578 my(@p);
2579 foreach (keys %ENV) {
2580 push(@p,$_) if /^HTTPS/;
2581 }
2582 return @p;
2583}
2584END_OF_FUNC
2585
2586#### Method: protocol
2587# Return the protocol (http or https currently)
2588####
2589'protocol' => <<'END_OF_FUNC',
2590sub protocol {
2591 local($^W)=0;
2592 my $self = shift;
424ec8fa 2593 return 'https' if uc($self->https()) eq 'ON';
54310121 2594 return 'https' if $self->server_port == 443;
2595 my $prot = $self->server_protocol;
2596 my($protocol,$version) = split('/',$prot);
2597 return "\L$protocol\E";
2598}
2599END_OF_FUNC
2600
2601#### Method: remote_ident
2602# Return the identity of the remote user
2603# (but only if his host is running identd)
2604####
2605'remote_ident' => <<'END_OF_FUNC',
2606sub remote_ident {
2607 return $ENV{'REMOTE_IDENT'};
2608}
2609END_OF_FUNC
2610
2611
2612#### Method: auth_type
2613# Return the type of use verification/authorization in use, if any.
2614####
2615'auth_type' => <<'END_OF_FUNC',
2616sub auth_type {
2617 return $ENV{'AUTH_TYPE'};
2618}
2619END_OF_FUNC
2620
2621
2622#### Method: remote_user
2623# Return the authorization name used for user
2624# verification.
2625####
2626'remote_user' => <<'END_OF_FUNC',
2627sub remote_user {
2628 return $ENV{'REMOTE_USER'};
2629}
2630END_OF_FUNC
2631
2632
2633#### Method: user_name
2634# Try to return the remote user's name by hook or by
2635# crook
2636####
2637'user_name' => <<'END_OF_FUNC',
2638sub user_name {
2639 my ($self) = self_or_CGI(@_);
2640 return $self->http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'};
2641}
2642END_OF_FUNC
2643
2644#### Method: nph
2645# Set or return the NPH global flag
2646####
2647'nph' => <<'END_OF_FUNC',
2648sub nph {
2649 my ($self,$param) = self_or_CGI(@_);
7d37aa8e
LS		 2650 $CGI::NPH = $param if defined($param);
2651 return $CGI::NPH;
2652}
2653END_OF_FUNC
2654
2655#### Method: private_tempfiles
2656# Set or return the private_tempfiles global flag
2657####
2658'private_tempfiles' => <<'END_OF_FUNC',
2659sub private_tempfiles {
2660 my ($self,$param) = self_or_CGI(@_);
424ec8fa 2661 $CGI::PRIVATE_TEMPFILES = $param if defined($param);
7d37aa8e 2662 return $CGI::PRIVATE_TEMPFILES;
54310121 2663}
2664END_OF_FUNC
2665
424ec8fa
GS		 2666#### Method: default_dtd
2667# Set or return the default_dtd global
2668####
2669'default_dtd' => <<'END_OF_FUNC',
2670sub default_dtd {
2671 my ($self,$param) = self_or_CGI(@_);
2672 $CGI::DEFAULT_DTD = $param if defined($param);
2673 return $CGI::DEFAULT_DTD;
2674}
2675END_OF_FUNC
2676
54310121 2677# -------------- really private subroutines -----------------
2678'previous_or_default' => <<'END_OF_FUNC',
2679sub previous_or_default {
2680 my($self,$name,$defaults,$override) = @_;
2681 my(%selected);
2682
2683 if (!$override && ($self->{'.fieldnames'}->{$name} ||
2684 defined($self->param($name)) ) ) {
2685 grep($selected{$_}++,$self->param($name));
2686 } elsif (defined($defaults) && ref($defaults) &&
2687 (ref($defaults) eq 'ARRAY')) {
2688 grep($selected{$_}++,@{$defaults});
2689 } else {
2690 $selected{$defaults}++ if defined($defaults);
2691 }
2692
2693 return %selected;
2694}
2695END_OF_FUNC
2696
2697'register_parameter' => <<'END_OF_FUNC',
2698sub register_parameter {
2699 my($self,$param) = @_;
2700 $self->{'.parametersToAdd'}->{$param}++;
2701}
2702END_OF_FUNC
2703
2704'get_fields' => <<'END_OF_FUNC',
2705sub get_fields {
2706 my($self) = @_;
424ec8fa
GS		 2707 return $self->CGI::hidden('-name'=>'.cgifields',
2708 '-values'=>[keys %{$self->{'.parametersToAdd'}}],
2709 '-override'=>1);
54310121 2710}
2711END_OF_FUNC
2712
2713'read_from_cmdline' => <<'END_OF_FUNC',
2714sub read_from_cmdline {
54310121 2715 my($input,@words);
2716 my($query_string);
2717 if (@ARGV) {
424ec8fa 2718 @words = @ARGV;
54310121 2719 } else {
424ec8fa 2720 require "shellwords.pl";
54310121 2721 print STDERR "(offline mode: enter name=value pairs on standard input)\n";
424ec8fa 2722 chomp(@lines = <STDIN>); # remove newlines
54310121 2723 $input = join(" ",@lines);
424ec8fa
GS		 2724 @words = &shellwords($input);
2725 }
2726 foreach (@words) {
2727 s/\\=/%3D/g;
2728 s/\\&/%26/g;
54310121 2729 }
2730
54310121 2731 if ("@words"=~/=/) {
2732 $query_string = join('&',@words);
2733 } else {
2734 $query_string = join('+',@words);
2735 }
2736 return $query_string;
2737}
2738END_OF_FUNC
2739
2740#####
2741# subroutine: read_multipart
2742#
2743# Read multipart data and store it into our parameters.
2744# An interesting feature is that if any of the parts is a file, we
2745# create a temporary file and open up a filehandle on it so that the
2746# caller can read from it if necessary.
2747#####
2748'read_multipart' => <<'END_OF_FUNC',
2749sub read_multipart {
424ec8fa
GS		 2750 my($self,$boundary,$length,$filehandle) = @_;
2751 my($buffer) = $self->new_MultipartBuffer($boundary,$length,$filehandle);
54310121 2752 return unless $buffer;
2753 my(%header,$body);
424ec8fa 2754 my $filenumber = 0;
54310121 2755 while (!$buffer->eof) {
2756 %header = $buffer->readHeader;
47e3cabd 2757 die "Malformed multipart POST\n" unless %header;
54310121 2758
424ec8fa 2759 my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]*)"?/;
54310121 2760
424ec8fa
GS		 2761 # Bug: Netscape doesn't escape quotation marks in file names!!!
2762 my($filename) = $header{'Content-Disposition'}=~/ filename="?([^\";]*)"?/;
54310121 2763
2764 # add this parameter to our list
2765 $self->add_parameter($param);
2766
2767 # If no filename specified, then just read the data and assign it
2768 # to our parameter list.
2769 unless ($filename) {
2770 my($value) = $buffer->readBody;
2771 push(@{$self->{$param}},$value);
2772 next;
2773 }
2774
424ec8fa
GS		 2775 my ($tmpfile,$tmp,$filehandle);
2776 UPLOADS: {
2777 # If we get here, then we are dealing with a potentially large
2778 # uploaded form. Save the data to a temporary file, then open
2779 # the file for reading.
54310121 2780
424ec8fa
GS		 2781 # skip the file if uploads disabled
2782 if ($DISABLE_UPLOADS) {
2783 while (defined($data = $buffer->read)) { }
2784 last UPLOADS;
2785 }
7d37aa8e 2786
424ec8fa
GS		 2787 $tmpfile = new TempFile;
2788 $tmp = $tmpfile->as_string;
2789
2790 $filehandle = Fh->new($filename,$tmp,$PRIVATE_TEMPFILES);
54310121 2791
424ec8fa
GS		 2792 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;
2793 chmod 0600,$tmp; # only the owner can tamper with it
2794
2795 my ($data);
71f3e297 2796 local($\) = '';
424ec8fa
GS		 2797 while (defined($data = $buffer->read)) {
2798 print $filehandle $data;
2799 }
2800
2801 # back up to beginning of file
2802 seek($filehandle,0,0);
2803 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;
2804
2805 # Save some information about the uploaded file where we can get
2806 # at it later.
2807 $self->{'.tmpfiles'}->{$filename}= {
2808 name => $tmpfile,
2809 info => {%header},
2810 };
2811 push(@{$self->{$param}},$filehandle);
2812 }
54310121 2813 }
2814}
2815END_OF_FUNC
2816
2817'tmpFileName' => <<'END_OF_FUNC',
2818sub tmpFileName {
2819 my($self,$filename) = self_or_default(@_);
7d37aa8e
LS		 2820 return $self->{'.tmpfiles'}->{$filename}->{name} ?
2821 $self->{'.tmpfiles'}->{$filename}->{name}->as_string
2822 : '';
54310121 2823}
2824END_OF_FUNC
2825
424ec8fa 2826'uploadInfo' => <<'END_OF_FUNC',
54310121 2827sub uploadInfo {
2828 my($self,$filename) = self_or_default(@_);
2829 return $self->{'.tmpfiles'}->{$filename}->{info};
2830}
2831END_OF_FUNC
2832
424ec8fa
GS		 2833# internal routine, don't use
2834'_set_values_and_labels' => <<'END_OF_FUNC',
2835sub _set_values_and_labels {
2836 my $self = shift;
2837 my ($v,$l,$n) = @_;
2838 $$l = $v if ref($v) eq 'HASH' && !ref($$l);
2839 return $self->param($n) if !defined($v);
2840 return $v if !ref($v);
2841 return ref($v) eq 'HASH' ? keys %$v : @$v;
2842}
2843END_OF_FUNC
2844
2845'_compile_all' => <<'END_OF_FUNC',
2846sub _compile_all {
2847 foreach (@_) {
2848 next if defined(&$_);
2849 $AUTOLOAD = "CGI::$_";
2850 _compile();
2851 }
2852}
2853END_OF_FUNC
2854
54310121 2855);
2856END_OF_AUTOLOAD
2857;
2858
424ec8fa
GS		 2859#########################################################
2860# Globals and stubs for other packages that we use.
2861#########################################################
2862
2863################### Fh -- lightweight filehandle ###############
2864package Fh;
2865use overload
2866 '""' => \&asString,
2867 'cmp' => \&compare,
2868 'fallback'=>1;
2869
2870$FH='fh00000';
2871
2872*Fh::AUTOLOAD = \&CGI::AUTOLOAD;
2873
2874$AUTOLOADED_ROUTINES = ''; # prevent -w error
2875$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
2876%SUBS = (
2877'asString' => <<'END_OF_FUNC',
2878sub asString {
2879 my $self = shift;
71f3e297
JH		 2880 # get rid of package name
2881 (my $i = $$self) =~ s/^\*(\w+::)+//;
424ec8fa
GS		 2882 $i =~ s/\\(.)/$1/g;
2883 return $i;
71f3e297
JH		 2884# BEGIN DEAD CODE
2885# This was an extremely clever patch that allowed "use strict refs".
2886# Unfortunately it relied on another bug that caused leaky file descriptors.
2887# The underlying bug has been fixed, so this no longer works. However
2888# "strict refs" still works for some reason.
2889# my $self = shift;
2890# return ${*{$self}{SCALAR}};
2891# END DEAD CODE
424ec8fa
GS		 2892}
2893END_OF_FUNC
2894
2895'compare' => <<'END_OF_FUNC',
2896sub compare {
2897 my $self = shift;
2898 my $value = shift;
2899 return "$self" cmp $value;
2900}
2901END_OF_FUNC
2902
2903'new' => <<'END_OF_FUNC',
2904sub new {
2905 my($pack,$name,$file,$delete) = @_;
2906 require Fcntl unless defined &Fcntl::O_RDWR;
2907 ++$FH;
71f3e297
JH		 2908 my $ref = \*{'Fh::' . quotemeta($name)};
2909 sysopen($ref,$file,Fcntl::O_RDWR()|Fcntl::O_CREAT()|Fcntl::O_EXCL())
424ec8fa
GS		 2910 || die "CGI open of $file: $!\n";
2911 unlink($file) if $delete;
71f3e297
JH		 2912 delete $Fh::{$FH};
2913 return bless $ref,$pack;
424ec8fa
GS		 2914}
2915END_OF_FUNC
2916
2917'DESTROY' => <<'END_OF_FUNC',
2918sub DESTROY {
2919 my $self = shift;
2920 close $self;
2921}
2922END_OF_FUNC
2923
2924);
2925END_OF_AUTOLOAD
2926
2927######################## MultipartBuffer ####################
54310121 2928package MultipartBuffer;
2929
2930# how many bytes to read at a time. We use
71f3e297
JH		 2931# a 4K buffer by default.
2932$INITIAL_FILLUNIT = 1024 * 4;
2933$TIMEOUT = 240*60; # 4 hour timeout for big files
2934$SPIN_LOOP_MAX = 2000; # bug fix for some Netscape servers
54310121 2935$CRLF=$CGI::CRLF;
2936
2937#reuse the autoload function
2938*MultipartBuffer::AUTOLOAD = \&CGI::AUTOLOAD;
2939
424ec8fa
GS		 2940# avoid autoloader warnings
2941sub DESTROY {}
2942
54310121 2943###############################################################################
2944################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
2945###############################################################################
2946$AUTOLOADED_ROUTINES = ''; # prevent -w error
2947$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
2948%SUBS = (
2949
2950'new' => <<'END_OF_FUNC',
2951sub new {
2952 my($package,$interface,$boundary,$length,$filehandle) = @_;
424ec8fa 2953 $FILLUNIT = $INITIAL_FILLUNIT;
54310121 2954 my $IN;
2955 if ($filehandle) {
2956 my($package) = caller;
2957 # force into caller's package if necessary
2958 $IN = $filehandle=~/[':]/ ? $filehandle : "$package\:\:$filehandle";
2959 }
2960 $IN = "main::STDIN" unless $IN;
2961
2962 $CGI::DefaultClass->binmode($IN) if $CGI::needs_binmode;
2963
2964 # If the user types garbage into the file upload field,
2965 # then Netscape passes NOTHING to the server (not good).
2966 # We may hang on this read in that case. So we implement
2967 # a read timeout. If nothing is ready to read
2968 # by then, we return.
2969
2970 # Netscape seems to be a little bit unreliable
2971 # about providing boundary strings.
2972 if ($boundary) {
2973
2974 # Under the MIME spec, the boundary consists of the
2975 # characters "--" PLUS the Boundary string
424ec8fa
GS		 2976
2977 # BUG: IE 3.01 on the Macintosh uses just the boundary -- not
71f3e297
JH		 2978 # the two extra hyphens. We do a special case here on the user-agent!!!!
2979 $boundary = "--$boundary" unless CGI::user_agent('MSIE 3\.0[12]; ?Mac');
424ec8fa 2980
54310121 2981 } else { # otherwise we find it ourselves
2982 my($old);
2983 ($old,$/) = ($/,$CRLF); # read a CRLF-delimited line
2984 $boundary = <$IN>; # BUG: This won't work correctly under mod_perl
2985 $length -= length($boundary);
2986 chomp($boundary); # remove the CRLF
2987 $/ = $old; # restore old line separator
2988 }
2989
2990 my $self = {LENGTH=>$length,
2991 BOUNDARY=>$boundary,
2992 IN=>$IN,
2993 INTERFACE=>$interface,
2994 BUFFER=>'',
2995 };
2996
2997 $FILLUNIT = length($boundary)
2998 if length($boundary) > $FILLUNIT;
2999
424ec8fa
GS		 3000 my $retval = bless $self,ref $package || $package;
3001
3002 # Read the preamble and the topmost (boundary) line plus the CRLF.
3003 while ($self->read(0)) { }
3004 die "Malformed multipart POST\n" if $self->eof;
3005
3006 return $retval;
54310121 3007}
3008END_OF_FUNC
3009
3010'readHeader' => <<'END_OF_FUNC',
3011sub readHeader {
3012 my($self) = @_;
3013 my($end);
3014 my($ok) = 0;
47e3cabd 3015 my($bad) = 0;
424ec8fa
GS		 3016
3017 if ($CGI::OS eq 'VMS') { # tssk, tssk: inconsistency alert!
3018 local($CRLF) = "\015\012";
3019 }
3020
54310121 3021 do {
3022 $self->fillBuffer($FILLUNIT);
3023 $ok++ if ($end = index($self->{BUFFER},"${CRLF}${CRLF}")) >= 0;
3024 $ok++ if $self->{BUFFER} eq '';
47e3cabd 3025 $bad++ if !$ok && $self->{LENGTH} <= 0;
424ec8fa
GS		 3026 # this was a bad idea
3027 # $FILLUNIT *= 2 if length($self->{BUFFER}) >= $FILLUNIT;
47e3cabd
LS		 3028 } until $ok || $bad;
3029 return () if $bad;
54310121 3030
3031 my($header) = substr($self->{BUFFER},0,$end+2);
3032 substr($self->{BUFFER},0,$end+4) = '';
3033 my %return;
424ec8fa
GS		 3034
3035
3036 # See RFC 2045 Appendix A and RFC 822 sections 3.4.8
3037 # (Folding Long Header Fields), 3.4.3 (Comments)
3038 # and 3.4.5 (Quoted-Strings).
3039
3040 my $token = '[-\w!\#$%&\'*+.^_\`|{}~]';
3041 $header=~s/$CRLF\s+/ /og; # merge continuation lines
3042 while ($header=~/($token+):\s+([^$CRLF]*)/mgox) {
3043 my ($field_name,$field_value) = ($1,$2); # avoid taintedness
3044 $field_name =~ s/\b(\w)/uc($1)/eg; #canonicalize
3045 $return{$field_name}=$field_value;
54310121 3046 }
3047 return %return;
3048}
3049END_OF_FUNC
3050
3051# This reads and returns the body as a single scalar value.
3052'readBody' => <<'END_OF_FUNC',
3053sub readBody {
3054 my($self) = @_;
3055 my($data);
3056 my($returnval)='';
3057 while (defined($data = $self->read)) {
3058 $returnval .= $data;
3059 }
3060 return $returnval;
3061}
3062END_OF_FUNC
3063
3064# This will read $bytes or until the boundary is hit, whichever happens
3065# first. After the boundary is hit, we return undef. The next read will
3066# skip over the boundary and begin reading again;
3067'read' => <<'END_OF_FUNC',
3068sub read {
3069 my($self,$bytes) = @_;
3070
3071 # default number of bytes to read
3072 $bytes = $bytes || $FILLUNIT;
3073
3074 # Fill up our internal buffer in such a way that the boundary
3075 # is never split between reads.
3076 $self->fillBuffer($bytes);
3077
3078 # Find the boundary in the buffer (it may not be there).
3079 my $start = index($self->{BUFFER},$self->{BOUNDARY});
47e3cabd
LS		 3080 # protect against malformed multipart POST operations
3081 die "Malformed multipart POST\n" unless ($start >= 0) || ($self->{LENGTH} > 0);
54310121 3082
3083 # If the boundary begins the data, then skip past it
3084 # and return undef. The +2 here is a fiendish plot to
3085 # remove the CR/LF pair at the end of the boundary.
3086 if ($start == 0) {
3087
3088 # clear us out completely if we've hit the last boundary.
3089 if (index($self->{BUFFER},"$self->{BOUNDARY}--")==0) {
3090 $self->{BUFFER}='';
3091 $self->{LENGTH}=0;
3092 return undef;
3093 }
3094
3095 # just remove the boundary.
3096 substr($self->{BUFFER},0,length($self->{BOUNDARY})+2)='';
3097 return undef;
3098 }
3099
3100 my $bytesToReturn;
3101 if ($start > 0) { # read up to the boundary
3102 $bytesToReturn = $start > $bytes ? $bytes : $start;
3103 } else { # read the requested number of bytes
3104 # leave enough bytes in the buffer to allow us to read
3105 # the boundary. Thanks to Kevin Hendrick for finding
3106 # this one.
3107 $bytesToReturn = $bytes - (length($self->{BOUNDARY})+1);
3108 }
3109
3110 my $returnval=substr($self->{BUFFER},0,$bytesToReturn);
3111 substr($self->{BUFFER},0,$bytesToReturn)='';
3112
3113 # If we hit the boundary, remove the CRLF from the end.
3114 return ($start > 0) ? substr($returnval,0,-2) : $returnval;
3115}
3116END_OF_FUNC
3117
3118
3119# This fills up our internal buffer in such a way that the
3120# boundary is never split between reads
3121'fillBuffer' => <<'END_OF_FUNC',
3122sub fillBuffer {
3123 my($self,$bytes) = @_;
3124 return unless $self->{LENGTH};
3125
3126 my($boundaryLength) = length($self->{BOUNDARY});
3127 my($bufferLength) = length($self->{BUFFER});
3128 my($bytesToRead) = $bytes - $bufferLength + $boundaryLength + 2;
3129 $bytesToRead = $self->{LENGTH} if $self->{LENGTH} < $bytesToRead;
3130
3131 # Try to read some data. We may hang here if the browser is screwed up.
3132 my $bytesRead = $self->{INTERFACE}->read_from_client($self->{IN},
3133 \$self->{BUFFER},
3134 $bytesToRead,
3135 $bufferLength);
71f3e297 3136 $self->{BUFFER} = '' unless defined $self->{BUFFER};
54310121 3137
47e3cabd 3138 # An apparent bug in the Apache server causes the read()
54310121 3139 # to return zero bytes repeatedly without blocking if the
3140 # remote user aborts during a file transfer. I don't know how
3141 # they manage this, but the workaround is to abort if we get
3142 # more than SPIN_LOOP_MAX consecutive zero reads.
3143 if ($bytesRead == 0) {
3144 die "CGI.pm: Server closed socket during multipart read (client aborted?).\n"
3145 if ($self->{ZERO_LOOP_COUNTER}++ >= $SPIN_LOOP_MAX);
3146 } else {
3147 $self->{ZERO_LOOP_COUNTER}=0;
3148 }
3149
3150 $self->{LENGTH} -= $bytesRead;
3151}
3152END_OF_FUNC
3153
3154
3155# Return true when we've finished reading
3156'eof' => <<'END_OF_FUNC'
3157sub eof {
3158 my($self) = @_;
3159 return 1 if (length($self->{BUFFER}) == 0)
3160 && ($self->{LENGTH} <= 0);
3161 undef;
3162}
3163END_OF_FUNC
3164
3165);
3166END_OF_AUTOLOAD
3167
3168####################################################################################
3169################################## TEMPORARY FILES #################################
3170####################################################################################
3171package TempFile;
3172
3173$SL = $CGI::SL;
424ec8fa
GS		 3174$MAC = $CGI::OS eq 'MACINTOSH';
3175my ($vol) = $MAC ? MacPerl::Volumes() =~ /:(.*)/ : "";
54310121 3176unless ($TMPDIRECTORY) {
424ec8fa 3177 @TEMP=("${SL}usr${SL}tmp","${SL}var${SL}tmp",
71f3e297 3178 "C:${SL}temp","${SL}tmp","${SL}temp","${vol}${SL}Temporary Items",
424ec8fa 3179 "${SL}WWW_ROOT");
54310121 3180 foreach (@TEMP) {
3181 do {$TMPDIRECTORY = $_; last} if -d $_ && -w _;
3182 }
3183}
3184
424ec8fa
GS		 3185$TMPDIRECTORY = $MAC ? "" : "." unless $TMPDIRECTORY;
3186$SEQUENCE=0;
3187$MAXTRIES = 5000;
54310121 3188
3189# cute feature, but overload implementation broke it
3190# %OVERLOAD = ('""'=>'as_string');
3191*TempFile::AUTOLOAD = \&CGI::AUTOLOAD;
3192
3193###############################################################################
3194################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
3195###############################################################################
3196$AUTOLOADED_ROUTINES = ''; # prevent -w error
3197$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3198%SUBS = (
3199
3200'new' => <<'END_OF_FUNC',
3201sub new {
3202 my($package) = @_;
424ec8fa
GS		 3203 my $directory;
3204 my $i;
3205 for ($i = 0; $i < $MAXTRIES; $i++) {
3206 $directory = sprintf("${TMPDIRECTORY}${SL}CGItemp%d%04d",${$},++$SEQUENCE);
3207 last if ! -f $directory;
3208 }
54310121 3209 return bless \$directory;
3210}
3211END_OF_FUNC
3212
3213'DESTROY' => <<'END_OF_FUNC',
3214sub DESTROY {
3215 my($self) = @_;
3216 unlink $$self; # get rid of the file
3217}
3218END_OF_FUNC
3219
3220'as_string' => <<'END_OF_FUNC'
3221sub as_string {
3222 my($self) = @_;
3223 return $$self;
3224}
3225END_OF_FUNC
3226
3227);
3228END_OF_AUTOLOAD
3229
3230package CGI;
3231
3232# We get a whole bunch of warnings about "possibly uninitialized variables"
3233# when running with the -w switch. Touch them all once to get rid of the
3234# warnings. This is ugly and I hate it.
3235if ($^W) {
3236 $CGI::CGI = '';
3237 $CGI::CGI=<<EOF;
3238 $CGI::VERSION;
3239 $MultipartBuffer::SPIN_LOOP_MAX;
3240 $MultipartBuffer::CRLF;
3241 $MultipartBuffer::TIMEOUT;
424ec8fa 3242 $MultipartBuffer::INITIAL_FILLUNIT;
54310121 3243 $TempFile::SEQUENCE;
3244EOF
3245 ;
3246}
3247
424ec8fa 32481;
54310121 3249
3250__END__
3251
3252=head1 NAME
3253
3254CGI - Simple Common Gateway Interface Class
3255
dc848c6f 3256=head1 SYNOPSIS
3257
424ec8fa
GS		 3258 # CGI script that creates a fill-out form
3259 # and echoes back its values.
3260
3261 use CGI qw/:standard/;
3262 print header,
3263 start_html('A Simple Example'),
3264 h1('A Simple Example'),
3265 start_form,
3266 "What's your name? ",textfield('name'),p,
3267 "What's the combination?", p,
3268 checkbox_group(-name=>'words',
3269 -values=>['eenie','meenie','minie','moe'],
3270 -defaults=>['eenie','minie']), p,
3271 "What's your favorite color? ",
3272 popup_menu(-name=>'color',
3273 -values=>['red','green','blue','chartreuse']),p,
3274 submit,
3275 end_form,
3276 hr;
3277
3278 if (param()) {
3279 print "Your name is",em(param('name')),p,
3280 "The keywords are: ",em(join(", ",param('words'))),p,
3281 "Your favorite color is ",em(param('color')),
3282 hr;
3283 }
dc848c6f 3284
54310121 3285=head1 ABSTRACT
3286
424ec8fa
GS		 3287This perl library uses perl5 objects to make it easy to create Web
3288fill-out forms and parse their contents. This package defines CGI
3289objects, entities that contain the values of the current query string
3290and other state variables. Using a CGI object's methods, you can
3291examine keywords and parameters passed to your script, and create
3292forms whose initial values are taken from the current query (thereby
3293preserving state information). The module provides shortcut functions
3294that produce boilerplate HTML, reducing typing and coding errors. It
3295also provides functionality for some of the more advanced features of
3296CGI scripting, including support for file uploads, cookies, cascading
3297style sheets, server push, and frames.
3298
3299CGI.pm also provides a simple function-oriented programming style for
3300those who don't need its object-oriented features.
54310121 3301
3302The current version of CGI.pm is available at
3303
3304 http://www.genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html
3305 ftp://ftp-genome.wi.mit.edu/pub/software/WWW/
3306
424ec8fa 3307=head1 DESCRIPTION
47e3cabd 3308
424ec8fa
GS		 3309=head2 PROGRAMMING STYLE
3310
3311There are two styles of programming with CGI.pm, an object-oriented
3312style and a function-oriented style. In the object-oriented style you
3313create one or more CGI objects and then use object methods to create
3314the various elements of the page. Each CGI object starts out with the
3315list of named parameters that were passed to your CGI script by the
3316server. You can modify the objects, save them to a file or database
3317and recreate them. Because each object corresponds to the "state" of
3318the CGI script, and because each object's parameter list is
3319independent of the others, this allows you to save the state of the
3320script and restore it later.
3321
f610777f 3322For example, using the object oriented style, here is how you create
424ec8fa
GS		 3323a simple "Hello World" HTML page:
3324
71f3e297 3325 #!/usr/local/bin/perl
424ec8fa
GS		 3326 use CGI; # load CGI routines
3327 $q = new CGI; # create new CGI object
3328 print $q->header, # create the HTTP header
3329 $q->start_html('hello world'), # start the HTML
3330 $q->h1('hello world'), # level 1 header
3331 $q->end_html; # end the HTML
3332
3333In the function-oriented style, there is one default CGI object that
3334you rarely deal with directly. Instead you just call functions to
3335retrieve CGI parameters, create HTML tags, manage cookies, and so
3336on. This provides you with a cleaner programming interface, but
3337limits you to using one CGI object at a time. The following example
3338prints the same page, but uses the function-oriented interface.
3339The main differences are that we now need to import a set of functions
3340into our name space (usually the "standard" functions), and we don't
3341need to create the CGI object.
3342
71f3e297 3343 #!/usr/local/bin/perl
424ec8fa
GS		 3344 use CGI qw/:standard/; # load standard CGI routines
3345 print header, # create the HTTP header
3346 start_html('hello world'), # start the HTML
3347 h1('hello world'), # level 1 header
3348 end_html; # end the HTML
3349
3350The examples in this document mainly use the object-oriented style.
3351See HOW TO IMPORT FUNCTIONS for important information on
3352function-oriented programming in CGI.pm
3353
3354=head2 CALLING CGI.PM ROUTINES
3355
3356Most CGI.pm routines accept several arguments, sometimes as many as 20
3357optional ones! To simplify this interface, all routines use a named
3358argument calling style that looks like this:
3359
3360 print $q->header(-type=>'image/gif',-expires=>'+3d');
3361
3362Each argument name is preceded by a dash. Neither case nor order
3363matters in the argument list. -type, -Type, and -TYPE are all
3364acceptable. In fact, only the first argument needs to begin with a
3365dash. If a dash is present in the first argument, CGI.pm assumes
3366dashes for the subsequent ones.
3367
f610777f 3368You don't have to use the hyphen at all if you don't want to. After
424ec8fa
GS		 3369creating a CGI object, call the B<use_named_parameters()> method with
3370a nonzero value. This will tell CGI.pm that you intend to use named
3371parameters exclusively:
54310121 3372
424ec8fa
GS		 3373 $query = new CGI;
3374 $query->use_named_parameters(1);
3375 $field = $query->radio_group('name'=>'OS',
3376 'values'=>['Unix','Windows','Macintosh'],
3377 'default'=>'Unix');
54310121 3378
424ec8fa
GS		 3379Several routines are commonly called with just one argument. In the
3380case of these routines you can provide the single argument without an
3381argument name. header() happens to be one of these routines. In this
3382case, the single argument is the document type.
3383
3384 print $q->header('text/html');
3385
3386Other such routines are documented below.
3387
3388Sometimes named arguments expect a scalar, sometimes a reference to an
3389array, and sometimes a reference to a hash. Often, you can pass any
3390type of argument and the routine will do whatever is most appropriate.
3391For example, the param() routine is used to set a CGI parameter to a
3392single or a multi-valued value. The two cases are shown below:
3393
3394 $q->param(-name=>'veggie',-value=>'tomato');
3395 $q->param(-name=>'veggie',-value=>'[tomato','tomahto','potato','potahto']);
3396
3397A large number of routines in CGI.pm actually aren't specifically
3398defined in the module, but are generated automatically as needed.
3399These are the "HTML shortcuts," routines that generate HTML tags for
3400use in dynamically-generated pages. HTML tags have both attributes
3401(the attribute="value" pairs within the tag itself) and contents (the
3402part between the opening and closing pairs.) To distinguish between
3403attributes and contents, CGI.pm uses the convention of passing HTML
3404attributes as a hash reference as the first argument, and the
3405contents, if any, as any subsequent arguments. It works out like
3406this:
3407
3408 Code Generated HTML
3409 ---- --------------
3410 h1() <H1>
3411 h1('some','contents'); <H1>some contents</H1>
3412 h1({-align=>left}); <H1 ALIGN="LEFT">
3413 h1({-align=>left},'contents'); <H1 ALIGN="LEFT">contents</H1>
3414
3415HTML tags are described in more detail later.
3416
3417Many newcomers to CGI.pm are puzzled by the difference between the
3418calling conventions for the HTML shortcuts, which require curly braces
3419around the HTML tag attributes, and the calling conventions for other
3420routines, which manage to generate attributes without the curly
3421brackets. Don't be confused. As a convenience the curly braces are
3422optional in all but the HTML shortcuts. If you like, you can use
3423curly braces when calling any routine that takes named arguments. For
3424example:
3425
3426 print $q->header( {-type=>'image/gif',-expires=>'+3d'} );
3427
3428If you use the B<-w> switch, you will be warned that some CGI.pm argument
3429names conflict with built-in Perl functions. The most frequent of
3430these is the -values argument, used to create multi-valued menus,
3431radio button clusters and the like. To get around this warning, you
3432have several choices:
54310121 3433
424ec8fa 3434=over 4
54310121 3435
424ec8fa
GS		 3436=item 1. Use another name for the argument, if one is available. For
3437example, -value is an alias for -values.
54310121 3438
424ec8fa 3439=item 2. Change the capitalization, e.g. -Values
54310121 3440
424ec8fa 3441=item 3. Put quotes around the argument name, e.g. '-values'
54310121 3442
424ec8fa 3443=back
54310121 3444
424ec8fa
GS		 3445Many routines will do something useful with a named argument that it
3446doesn't recognize. For example, you can produce non-standard HTTP
3447header fields by providing them as named arguments:
54310121 3448
424ec8fa
GS		 3449 print $q->header(-type => 'text/html',
3450 -cost => 'Three smackers',
3451 -annoyance_level => 'high',
3452 -complaints_to => 'bit bucket');
54310121 3453
424ec8fa
GS		 3454This will produce the following nonstandard HTTP header:
3455
3456 HTTP/1.0 200 OK
3457 Cost: Three smackers
3458 Annoyance-level: high
3459 Complaints-to: bit bucket
3460 Content-type: text/html
3461
3462Notice the way that underscores are translated automatically into
3463hyphens. HTML-generating routines perform a different type of
3464translation.
3465
3466This feature allows you to keep up with the rapidly changing HTTP and
3467HTML "standards".
54310121 3468
424ec8fa 3469=head2 CREATING A NEW QUERY OBJECT (OBJECT-ORIENTED STYLE):
54310121 3470
3471 $query = new CGI;
3472
3473This will parse the input (from both POST and GET methods) and store
3474it into a perl5 object called $query.
3475
3476=head2 CREATING A NEW QUERY OBJECT FROM AN INPUT FILE
3477
3478 $query = new CGI(INPUTFILE);
3479
424ec8fa
GS		 3480If you provide a file handle to the new() method, it will read
3481parameters from the file (or STDIN, or whatever). The file can be in
3482any of the forms describing below under debugging (i.e. a series of
3483newline delimited TAG=VALUE pairs will work). Conveniently, this type
3484of file is created by the save() method (see below). Multiple records
3485can be saved and restored.
54310121 3486
3487Perl purists will be pleased to know that this syntax accepts
3488references to file handles, or even references to filehandle globs,
3489which is the "official" way to pass a filehandle:
3490
3491 $query = new CGI(\*STDIN);
3492
424ec8fa
GS		 3493You can also initialize the CGI object with a FileHandle or IO::File
3494object.
3495
3496If you are using the function-oriented interface and want to
3497initialize CGI state from a file handle, the way to do this is with
3498B<restore_parameters()>. This will (re)initialize the
3499default CGI object from the indicated file handle.
3500
3501 open (IN,"test.in") || die;
3502 restore_parameters(IN);
3503 close IN;
3504
54310121 3505You can also initialize the query object from an associative array
3506reference:
3507
3508 $query = new CGI( {'dinosaur'=>'barney',
3509 'song'=>'I love you',
3510 'friends'=>[qw/Jessica George Nancy/]}
3511 );
3512
3513or from a properly formatted, URL-escaped query string:
3514
3515 $query = new CGI('dinosaur=barney&color=purple');
3516
424ec8fa
GS		 3517or from a previously existing CGI object (currently this clones the
3518parameter list, but none of the other object-specific fields, such as
3519autoescaping):
3520
3521 $old_query = new CGI;
3522 $new_query = new CGI($old_query);
3523
54310121 3524To create an empty query, initialize it from an empty string or hash:
3525
424ec8fa
GS		 3526 $empty_query = new CGI("");
3527
3528 -or-
3529
3530 $empty_query = new CGI({});
54310121 3531
3532=head2 FETCHING A LIST OF KEYWORDS FROM THE QUERY:
3533
3534 @keywords = $query->keywords
3535
3536If the script was invoked as the result of an <ISINDEX> search, the
3537parsed keywords can be obtained as an array using the keywords() method.
3538
3539=head2 FETCHING THE NAMES OF ALL THE PARAMETERS PASSED TO YOUR SCRIPT:
3540
3541 @names = $query->param
3542
3543If the script was invoked with a parameter list
3544(e.g. "name1=value1&name2=value2&name3=value3"), the param()
3545method will return the parameter names as a list. If the
3546script was invoked as an <ISINDEX> script, there will be a
3547single parameter named 'keywords'.
3548
3549NOTE: As of version 1.5, the array of parameter names returned will
3550be in the same order as they were submitted by the browser.
3551Usually this order is the same as the order in which the
3552parameters are defined in the form (however, this isn't part
3553of the spec, and so isn't guaranteed).
3554
3555=head2 FETCHING THE VALUE OR VALUES OF A SINGLE NAMED PARAMETER:
3556
3557 @values = $query->param('foo');
3558
3559 -or-
3560
3561 $value = $query->param('foo');
3562
3563Pass the param() method a single argument to fetch the value of the
3564named parameter. If the parameter is multivalued (e.g. from multiple
3565selections in a scrolling list), you can ask to receive an array. Otherwise
3566the method will return a single value.
3567
3568=head2 SETTING THE VALUE(S) OF A NAMED PARAMETER:
3569
3570 $query->param('foo','an','array','of','values');
3571
3572This sets the value for the named parameter 'foo' to an array of
3573values. This is one way to change the value of a field AFTER
3574the script has been invoked once before. (Another way is with
3575the -override parameter accepted by all methods that generate
3576form elements.)
3577
3578param() also recognizes a named parameter style of calling described
3579in more detail later:
3580
3581 $query->param(-name=>'foo',-values=>['an','array','of','values']);
3582
3583 -or-
3584
3585 $query->param(-name=>'foo',-value=>'the value');
3586
3587=head2 APPENDING ADDITIONAL VALUES TO A NAMED PARAMETER:
3588
424ec8fa 3589 $query->append(-name=>'foo',-values=>['yet','more','values']);
54310121 3590
3591This adds a value or list of values to the named parameter. The
3592values are appended to the end of the parameter if it already exists.
3593Otherwise the parameter is created. Note that this method only
3594recognizes the named argument calling syntax.
3595
3596=head2 IMPORTING ALL PARAMETERS INTO A NAMESPACE:
3597
3598 $query->import_names('R');
3599
3600This creates a series of variables in the 'R' namespace. For example,
3601$R::foo, @R:foo. For keyword lists, a variable @R::keywords will appear.
3602If no namespace is given, this method will assume 'Q'.
3603WARNING: don't import anything into 'main'; this is a major security
3604risk!!!!
3605
3606In older versions, this method was called B<import()>. As of version 2.20,
3607this name has been removed completely to avoid conflict with the built-in
3608Perl module B<import> operator.
3609
3610=head2 DELETING A PARAMETER COMPLETELY:
3611
3612 $query->delete('foo');
3613
3614This completely clears a parameter. It sometimes useful for
3615resetting parameters that you don't want passed down between
3616script invocations.
3617
424ec8fa
GS		 3618If you are using the function call interface, use "Delete()" instead
3619to avoid conflicts with Perl's built-in delete operator.
3620
54310121 3621=head2 DELETING ALL PARAMETERS:
3622
424ec8fa 3623 $query->delete_all();
54310121 3624
3625This clears the CGI object completely. It might be useful to ensure
3626that all the defaults are taken when you create a fill-out form.
3627
424ec8fa
GS		 3628Use Delete_all() instead if you are using the function call interface.
3629
3630=head2 DIRECT ACCESS TO THE PARAMETER LIST:
3631
3632 $q->param_fetch('address')->[1] = '1313 Mockingbird Lane';
3633 unshift @{$q->param_fetch(-name=>'address')},'George Munster';
3634
3635If you need access to the parameter list in a way that isn't covered
3636by the methods above, you can obtain a direct reference to it by
3637calling the B<param_fetch()> method with the name of the . This
3638will return an array reference to the named parameters, which you then
3639can manipulate in any way you like.
3640
3641You can also use a named argument style using the B<-name> argument.
3642
3643=head2 SAVING THE STATE OF THE SCRIPT TO A FILE:
54310121 3644
3645 $query->save(FILEHANDLE)
3646
3647This will write the current state of the form to the provided
3648filehandle. You can read it back in by providing a filehandle
3649to the new() method. Note that the filehandle can be a file, a pipe,
3650or whatever!
3651
3652The format of the saved file is:
3653
3654 NAME1=VALUE1
3655 NAME1=VALUE1'
3656 NAME2=VALUE2
3657 NAME3=VALUE3
3658 =
3659
3660Both name and value are URL escaped. Multi-valued CGI parameters are
3661represented as repeated names. A session record is delimited by a
3662single = symbol. You can write out multiple records and read them
3663back in with several calls to B<new>. You can do this across several
3664sessions by opening the file in append mode, allowing you to create
3665primitive guest books, or to keep a history of users' queries. Here's
3666a short example of creating multiple session records:
3667
3668 use CGI;
3669
3670 open (OUT,">>test.out") || die;
3671 $records = 5;
3672 foreach (0..$records) {
3673 my $q = new CGI;
3674 $q->param(-name=>'counter',-value=>$_);
3675 $q->save(OUT);
3676 }
3677 close OUT;
3678
3679 # reopen for reading
3680 open (IN,"test.out") || die;
3681 while (!eof(IN)) {
3682 my $q = new CGI(IN);
3683 print $q->param('counter'),"\n";
3684 }
3685
3686The file format used for save/restore is identical to that used by the
3687Whitehead Genome Center's data exchange format "Boulderio", and can be
3688manipulated and even databased using Boulderio utilities. See
3689
3690 http://www.genome.wi.mit.edu/genome_software/other/boulder.html
3691
3692for further details.
3693
424ec8fa
GS		 3694If you wish to use this method from the function-oriented (non-OO)
3695interface, the exported name for this method is B<save_parameters()>.
54310121 3696
424ec8fa 3697=head2 USING THE FUNCTION-ORIENTED INTERFACE
54310121 3698
424ec8fa
GS		 3699To use the function-oriented interface, you must specify which CGI.pm
3700routines or sets of routines to import into your script's namespace.
3701There is a small overhead associated with this importation, but it
3702isn't much.
54310121 3703
424ec8fa 3704 use CGI <list of methods>;
54310121 3705
424ec8fa
GS		 3706The listed methods will be imported into the current package; you can
3707call them directly without creating a CGI object first. This example
3708shows how to import the B<param()> and B<header()>
3709methods, and then use them directly:
54310121 3710
424ec8fa
GS		 3711 use CGI 'param','header';
3712 print header('text/plain');
3713 $zipcode = param('zipcode');
54310121 3714
424ec8fa 3715More frequently, you'll import common sets of functions by referring
f610777f 3716to the groups by name. All function sets are preceded with a ":"
424ec8fa 3717character as in ":html3" (for tags defined in the HTML 3 standard).
54310121 3718
424ec8fa 3719Here is a list of the function sets you can import:
54310121 3720
424ec8fa 3721=over 4
54310121 3722
424ec8fa 3723=item B<:cgi>
54310121 3724
424ec8fa
GS		 3725Import all CGI-handling methods, such as B<param()>, B<path_info()>
3726and the like.
54310121 3727
424ec8fa 3728=item B<:form>
54310121 3729
424ec8fa 3730Import all fill-out form generating methods, such as B<textfield()>.
54310121 3731
424ec8fa 3732=item B<:html2>
54310121 3733
424ec8fa 3734Import all methods that generate HTML 2.0 standard elements.
54310121 3735
424ec8fa 3736=item B<:html3>
54310121 3737
424ec8fa
GS		 3738Import all methods that generate HTML 3.0 proposed elements (such as
3739<table>, <super> and <sub>).
54310121 3740
424ec8fa 3741=item B<:netscape>
54310121 3742
424ec8fa 3743Import all methods that generate Netscape-specific HTML extensions.
54310121 3744
424ec8fa 3745=item B<:html>
54310121 3746
424ec8fa
GS		 3747Import all HTML-generating shortcuts (i.e. 'html2' + 'html3' +
3748'netscape')...
54310121 3749
424ec8fa 3750=item B<:standard>
54310121 3751
424ec8fa 3752Import "standard" features, 'html2', 'html3', 'form' and 'cgi'.
54310121 3753
424ec8fa 3754=item B<:all>
54310121 3755
424ec8fa
GS		 3756Import all the available methods. For the full list, see the CGI.pm
3757code, where the variable %TAGS is defined.
3758
3759=back
3760
3761If you import a function name that is not part of CGI.pm, the module
3762will treat it as a new HTML tag and generate the appropriate
3763subroutine. You can then use it like any other HTML tag. This is to
3764provide for the rapidly-evolving HTML "standard." For example, say
3765Microsoft comes out with a new tag called <GRADIENT> (which causes the
3766user's desktop to be flooded with a rotating gradient fill until his
3767machine reboots). You don't need to wait for a new version of CGI.pm
d23a249d 3768to start using it immediately:
424ec8fa
GS		 3769
3770 use CGI qw/:standard :html3 gradient/;
3771 print gradient({-start=>'red',-end=>'blue'});
3772
3773Note that in the interests of execution speed CGI.pm does B<not> use
3774the standard L<Exporter> syntax for specifying load symbols. This may
3775change in the future.
3776
3777If you import any of the state-maintaining CGI or form-generating
3778methods, a default CGI object will be created and initialized
3779automatically the first time you use any of the methods that require
3780one to be present. This includes B<param()>, B<textfield()>,
3781B<submit()> and the like. (If you need direct access to the CGI
3782object, you can find it in the global variable B<$CGI::Q>). By
3783importing CGI.pm methods, you can create visually elegant scripts:
3784
3785 use CGI qw/:standard/;
3786 print
3787 header,
3788 start_html('Simple Script'),
3789 h1('Simple Script'),
3790 start_form,
3791 "What's your name? ",textfield('name'),p,
3792 "What's the combination?",
3793 checkbox_group(-name=>'words',
3794 -values=>['eenie','meenie','minie','moe'],
3795 -defaults=>['eenie','moe']),p,
3796 "What's your favorite color?",
3797 popup_menu(-name=>'color',
3798 -values=>['red','green','blue','chartreuse']),p,
3799 submit,
3800 end_form,
3801 hr,"\n";
3802
3803 if (param) {
3804 print
3805 "Your name is ",em(param('name')),p,
3806 "The keywords are: ",em(join(", ",param('words'))),p,
3807 "Your favorite color is ",em(param('color')),".\n";
3808 }
3809 print end_html;
3810
3811=head2 PRAGMAS
3812
3813In addition to the function sets, there are a number of pragmas that
3814you can import. Pragmas, which are always preceded by a hyphen,
3815change the way that CGI.pm functions in various ways. Pragmas,
3816function sets, and individual functions can all be imported in the
3817same use() line. For example, the following use statement imports the
3818standard set of functions and disables debugging mode (pragma
3819-no_debug):
3820
3821 use CGI qw/:standard -no_debug/;
3822
3823The current list of pragmas is as follows:
3824
3825=over 4
3826
3827=item -any
3828
3829When you I<use CGI -any>, then any method that the query object
3830doesn't recognize will be interpreted as a new HTML tag. This allows
3831you to support the next I<ad hoc> Netscape or Microsoft HTML
3832extension. This lets you go wild with new and unsupported tags:
3833
3834 use CGI qw(-any);
3835 $q=new CGI;
3836 print $q->gradient({speed=>'fast',start=>'red',end=>'blue'});
3837
3838Since using <cite>any</cite> causes any mistyped method name
3839to be interpreted as an HTML tag, use it with care or not at
3840all.
54310121 3841
424ec8fa 3842=item -compile
54310121 3843
424ec8fa
GS		 3844This causes the indicated autoloaded methods to be compiled up front,
3845rather than deferred to later. This is useful for scripts that run
3846for an extended period of time under FastCGI or mod_perl, and for
3847those destined to be crunched by Malcom Beattie's Perl compiler. Use
f610777f 3848it in conjunction with the methods or method families you plan to use.
424ec8fa
GS		 3849
3850 use CGI qw(-compile :standard :html3);
3851
3852or even
3853
3854 use CGI qw(-compile :all);
3855
3856Note that using the -compile pragma in this way will always have
3857the effect of importing the compiled functions into the current
3858namespace. If you want to compile without importing use the
3859compile() method instead (see below).
3860
3861=item -nph
3862
3863This makes CGI.pm produce a header appropriate for an NPH (no
3864parsed header) script. You may need to do other things as well
3865to tell the server that the script is NPH. See the discussion
3866of NPH scripts below.
3867
71f3e297
JH		 3868=item -newstyle_urls
3869
3870Separate the name=value pairs in CGI parameter query strings with
3871semicolons rather than ampersands. For example:
3872
3873 ?name=fred;age=24;favorite_color=3
3874
3875Semicolon-delimited query strings are always accepted, but will not be
3876emitted by self_url() and query_string() unless the -newstyle_urls
3877pragma is specified.
3878
424ec8fa
GS		 3879=item -autoload
3880
3881This overrides the autoloader so that any function in your program
3882that is not recognized is referred to CGI.pm for possible evaluation.
3883This allows you to use all the CGI.pm functions without adding them to
3884your symbol table, which is of concern for mod_perl users who are
3885worried about memory consumption. I<Warning:> when
3886I<-autoload> is in effect, you cannot use "poetry mode"
3887(functions without the parenthesis). Use I<hr()> rather
3888than I<hr>, or add something like I<use subs qw/hr p header/>
3889to the top of your script.
3890
3891=item -no_debug
3892
3893This turns off the command-line processing features. If you want to
3894run a CGI.pm script from the command line to produce HTML, and you
3895don't want it pausing to request CGI parameters from standard input or
3896the command line, then use this pragma:
3897
3898 use CGI qw(-no_debug :standard);
3899
3900If you'd like to process the command-line parameters but not standard
3901input, this should work:
3902
3903 use CGI qw(-no_debug :standard);
3904 restore_parameters(join('&',@ARGV));
3905
3906See the section on debugging for more details.
3907
3908=item -private_tempfiles
3909
3910CGI.pm can process uploaded file. Ordinarily it spools the
3911uploaded file to a temporary directory, then deletes the file
3912when done. However, this opens the risk of eavesdropping as
3913described in the file upload section.
3914Another CGI script author could peek at this data during the
3915upload, even if it is confidential information. On Unix systems,
3916the -private_tempfiles pragma will cause the temporary file to be unlinked as soon
3917as it is opened and before any data is written into it,
3918eliminating the risk of eavesdropping.
71f3e297
JH		 3919
3920=back
3921
3922=head2 SPECIAL FORMS FOR IMPORTING HTML-TAG FUNCTIONS
3923
3924Many of the methods generate HTML tags. As described below, tag
3925functions automatically generate both the opening and closing tags.
3926For example:
3927
3928 print h1('Level 1 Header');
3929
3930produces
3931
3932 <H1>Level 1 Header</H1>
3933
3934There will be some times when you want to produce the start and end
3935tags yourself. In this case, you can use the form start_I<tag_name>
3936and end_I<tag_name>, as in:
3937
3938 print start_h1,'Level 1 Header',end_h1;
3939
3940With a few exceptions (described below), start_I<tag_name> and
3941end_I<tag_name> functions are not generated automatically when you
3942I<use CGI>. However, you can specify the tags you want to generate
3943I<start/end> functions for by putting an asterisk in front of their
3944name, or, alternatively, requesting either "start_I<tag_name>" or
3945"end_I<tag_name>" in the import list.
3946
3947Example:
3948
3949 use CGI qw/:standard *table start_ul/;
3950
3951In this example, the following functions are generated in addition to
3952the standard ones:
3953
3954=over 4
3955
3956=item 1. start_table() (generates a <TABLE> tag)
3957
3958=item 2. end_table() (generates a </TABLE> tag)
3959
3960=item 3. start_ul() (generates a <UL> tag)
3961
3962=item 4. end_ul() (generates a </UL> tag)
3963
424ec8fa
GS		 3964=back
3965
3966=head1 GENERATING DYNAMIC DOCUMENTS
3967
3968Most of CGI.pm's functions deal with creating documents on the fly.
3969Generally you will produce the HTTP header first, followed by the
3970document itself. CGI.pm provides functions for generating HTTP
3971headers of various types as well as for generating HTML. For creating
3972GIF images, see the GD.pm module.
3973
3974Each of these functions produces a fragment of HTML or HTTP which you
3975can print out directly so that it displays in the browser window,
3976append to a string, or save to a file for later use.
3977
3978=head2 CREATING A STANDARD HTTP HEADER:
3979
3980Normally the first thing you will do in any CGI script is print out an
3981HTTP header. This tells the browser what type of document to expect,
3982and gives other optional information, such as the language, expiration
3983date, and whether to cache the document. The header can also be
3984manipulated for special purposes, such as server push and pay per view
3985pages.
54310121 3986
3987 print $query->header;
3988
3989 -or-
3990
3991 print $query->header('image/gif');
3992
3993 -or-
3994
3995 print $query->header('text/html','204 No response');
3996
3997 -or-
3998
3999 print $query->header(-type=>'image/gif',
4000 -nph=>1,
4001 -status=>'402 Payment required',
4002 -expires=>'+3d',
4003 -cookie=>$cookie,
4004 -Cost=>'$2.00');
4005
4006header() returns the Content-type: header. You can provide your own
4007MIME type if you choose, otherwise it defaults to text/html. An
4008optional second parameter specifies the status code and a human-readable
4009message. For example, you can specify 204, "No response" to create a
424ec8fa 4010script that tells the browser to do nothing at all.
54310121 4011
4012The last example shows the named argument style for passing arguments
4013to the CGI methods using named parameters. Recognized parameters are
424ec8fa 4014B<-type>, B<-status>, B<-expires>, and B<-cookie>. Any other named
54310121 4015parameters will be stripped of their initial hyphens and turned into
4016header fields, allowing you to specify any HTTP header you desire.
424ec8fa
GS		 4017Internal underscores will be turned into hyphens:
4018
4019 print $query->header(-Content_length=>3002);
54310121 4020
4021Most browsers will not cache the output from CGI scripts. Every time
4022the browser reloads the page, the script is invoked anew. You can
4023change this behavior with the B<-expires> parameter. When you specify
4024an absolute or relative expiration interval with this parameter, some
4025browsers and proxy servers will cache the script's output until the
4026indicated expiration date. The following forms are all valid for the
4027-expires field:
4028
4029 +30s 30 seconds from now
4030 +10m ten minutes from now
4031 +1h one hour from now
4032 -1d yesterday (i.e. "ASAP!")
4033 now immediately
4034 +3M in three months
4035 +10y in ten years time
424ec8fa 4036 Thursday, 25-Apr-1999 00:40:33 GMT at the indicated time & date
54310121 4037
4038The B<-cookie> parameter generates a header that tells the browser to provide
4039a "magic cookie" during all subsequent transactions with your script.
4040Netscape cookies have a special format that includes interesting attributes
4041such as expiration time. Use the cookie() method to create and retrieve
4042session cookies.
4043
4044The B<-nph> parameter, if set to a true value, will issue the correct
4045headers to work with a NPH (no-parse-header) script. This is important
4046to use with certain servers, such as Microsoft Internet Explorer, which
4047expect all their scripts to be NPH.
4048
424ec8fa 4049=head2 GENERATING A REDIRECTION HEADER
54310121 4050
4051 print $query->redirect('http://somewhere.else/in/movie/land');
4052
424ec8fa
GS		 4053Sometimes you don't want to produce a document yourself, but simply
4054redirect the browser elsewhere, perhaps choosing a URL based on the
4055time of day or the identity of the user.
4056
4057The redirect() function redirects the browser to a different URL. If
4058you use redirection like this, you should B<not> print out a header as
4059well. As of version 2.0, we produce both the unofficial Location:
4060header and the official URI: header. This should satisfy most servers
4061and browsers.
54310121 4062
4063One hint I can offer is that relative links may not work correctly
7a2e2cd6 4064when you generate a redirection to another document on your site.
54310121 4065This is due to a well-intentioned optimization that some servers use.
4066The solution to this is to use the full URL (including the http: part)
4067of the document you are redirecting to.
4068
424ec8fa 4069You can also use named arguments:
54310121 4070
4071 print $query->redirect(-uri=>'http://somewhere.else/in/movie/land',
4072 -nph=>1);
4073
4074The B<-nph> parameter, if set to a true value, will issue the correct
4075headers to work with a NPH (no-parse-header) script. This is important
4076to use with certain servers, such as Microsoft Internet Explorer, which
4077expect all their scripts to be NPH.
4078
424ec8fa 4079=head2 CREATING THE HTML DOCUMENT HEADER
54310121 4080
4081 print $query->start_html(-title=>'Secrets of the Pyramids',
4082 -author=>'fred@capricorn.org',
4083 -base=>'true',
4084 -target=>'_blank',
4085 -meta=>{'keywords'=>'pharaoh secret mummy',
4086 'copyright'=>'copyright 1996 King Tut'},
7d37aa8e 4087 -style=>{'src'=>'/styles/style1.css'},
54310121 4088 -BGCOLOR=>'blue');
4089
424ec8fa
GS		 4090After creating the HTTP header, most CGI scripts will start writing
4091out an HTML document. The start_html() routine creates the top of the
4092page, along with a lot of optional information that controls the
4093page's appearance and behavior.
54310121 4094
424ec8fa
GS		 4095This method returns a canned HTML header and the opening <BODY> tag.
4096All parameters are optional. In the named parameter form, recognized
4097parameters are -title, -author, -base, -xbase and -target (see below
4098for the explanation). Any additional parameters you provide, such as
4099the Netscape unofficial BGCOLOR attribute, are added to the <BODY>
4100tag. Additional parameters must be proceeded by a hyphen.
54310121 4101
4102The argument B<-xbase> allows you to provide an HREF for the <BASE> tag
4103different from the current location, as in
4104
4105 -xbase=>"http://home.mcom.com/"
4106
4107All relative links will be interpreted relative to this tag.
4108
4109The argument B<-target> allows you to provide a default target frame
4110for all the links and fill-out forms on the page. See the Netscape
4111documentation on frames for details of how to manipulate this.
4112
4113 -target=>"answer_window"
4114
4115All relative links will be interpreted relative to this tag.
4116You add arbitrary meta information to the header with the B<-meta>
4117argument. This argument expects a reference to an associative array
4118containing name/value pairs of meta information. These will be turned
4119into a series of header <META> tags that look something like this:
4120
424ec8fa
GS		 4121 <META NAME="keywords" CONTENT="pharaoh secret mummy">
4122 <META NAME="description" CONTENT="copyright 1996 King Tut">
4123
4124There is no support for the HTTP-EQUIV type of <META> tag. This is
4125because you can modify the HTTP header directly with the B<header()>
4126method. For example, if you want to send the Refresh: header, do it
4127in the header() method:
4128
4129 print $q->header(-Refresh=>'10; URL=http://www.capricorn.com');
4130
4131The B<-style> tag is used to incorporate cascading stylesheets into
4132your code. See the section on CASCADING STYLESHEETS for more information.
4133
4134You can place other arbitrary HTML elements to the <HEAD> section with the
4135B<-head> tag. For example, to place the rarely-used <LINK> element in the
4136head section, use this:
4137
4138 print $q->start_html(-head=>Link({-rel=>'next',
4139 -href=>'http://www.capricorn.com/s2.html'}));
4140
4141To incorporate multiple HTML elements into the <HEAD> section, just pass an
4142array reference:
4143
4144 print $q->start_html(-head=>[
4145 Link({-rel=>'next',
4146 -href=>'http://www.capricorn.com/s2.html'}),
4147 Link({-rel=>'previous',
4148 -href=>'http://www.capricorn.com/s1.html'})
4149 ]
4150 );
4151
4152JAVASCRIPTING: The B<-script>, B<-noScript>, B<-onLoad>,
4153B<-onMouseOver>, B<-onMouseOut> and B<-onUnload> parameters are used
4154to add Netscape JavaScript calls to your pages. B<-script> should
4155point to a block of text containing JavaScript function definitions.
4156This block will be placed within a <SCRIPT> block inside the HTML (not
4157HTTP) header. The block is placed in the header in order to give your
4158page a fighting chance of having all its JavaScript functions in place
4159even if the user presses the stop button before the page has loaded
4160completely. CGI.pm attempts to format the script in such a way that
4161JavaScript-naive browsers will not choke on the code: unfortunately
4162there are some browsers, such as Chimera for Unix, that get confused
4163by it nevertheless.
4164
4165The B<-onLoad> and B<-onUnload> parameters point to fragments of JavaScript
4166code to execute when the page is respectively opened and closed by the
4167browser. Usually these parameters are calls to functions defined in the
4168B<-script> field:
4169
4170 $query = new CGI;
4171 print $query->header;
4172 $JSCRIPT=<<END;
4173 // Ask a silly question
4174 function riddle_me_this() {
4175 var r = prompt("What walks on four legs in the morning, " +
4176 "two legs in the afternoon, " +
4177 "and three legs in the evening?");
4178 response(r);
4179 }
4180 // Get a silly answer
4181 function response(answer) {
4182 if (answer == "man")
4183 alert("Right you are!");
4184 else
4185 alert("Wrong! Guess again.");
4186 }
4187 END
4188 print $query->start_html(-title=>'The Riddle of the Sphinx',
4189 -script=>$JSCRIPT);
4190
4191Use the B<-noScript> parameter to pass some HTML text that will be displayed on
4192browsers that do not have JavaScript (or browsers where JavaScript is turned
4193off).
4194
4195Netscape 3.0 recognizes several attributes of the <SCRIPT> tag,
4196including LANGUAGE and SRC. The latter is particularly interesting,
4197as it allows you to keep the JavaScript code in a file or CGI script
4198rather than cluttering up each page with the source. To use these
4199attributes pass a HASH reference in the B<-script> parameter containing
4200one or more of -language, -src, or -code:
4201
4202 print $q->start_html(-title=>'The Riddle of the Sphinx',
4203 -script=>{-language=>'JAVASCRIPT',
4204 -src=>'/javascript/sphinx.js'}
4205 );
4206
4207 print $q->(-title=>'The Riddle of the Sphinx',
4208 -script=>{-language=>'PERLSCRIPT'},
4209 -code=>'print "hello world!\n;"'
4210 );
4211
4212
4213A final feature allows you to incorporate multiple <SCRIPT> sections into the
4214header. Just pass the list of script sections as an array reference.
4215this allows you to specify different source files for different dialects
4216of JavaScript. Example:
4217
71f3e297
JH		 4218 print $q-&gt;start_html(-title=&gt;'The Riddle of the Sphinx',
4219 -script=&gt;[
4220 { -language =&gt; 'JavaScript1.0',
4221 -src =&gt; '/javascript/utilities10.js'
424ec8fa 4222 },
71f3e297
JH		 4223 { -language =&gt; 'JavaScript1.1',
4224 -src =&gt; '/javascript/utilities11.js'
424ec8fa 4225 },
71f3e297
JH		 4226 { -language =&gt; 'JavaScript1.2',
4227 -src =&gt; '/javascript/utilities12.js'
424ec8fa 4228 },
71f3e297
JH		 4229 { -language =&gt; 'JavaScript28.2',
4230 -src =&gt; '/javascript/utilities219.js'
424ec8fa
GS		 4231 }
4232 ]
4233 );
4234 </pre>
4235
4236If this looks a bit extreme, take my advice and stick with straight CGI scripting.
4237
4238See
4239
4240 http://home.netscape.com/eng/mozilla/2.0/handbook/javascript/
4241
4242for more information about JavaScript.
4243
4244The old-style positional parameters are as follows:
4245
4246=over 4
4247
4248=item B<Parameters:>
4249
4250=item 1.
4251
4252The title
4253
4254=item 2.
4255
4256The author's e-mail address (will create a <LINK REV="MADE"> tag if present
4257
4258=item 3.
4259
4260A 'true' flag if you want to include a <BASE> tag in the header. This
4261helps resolve relative addresses to absolute ones when the document is moved,
4262but makes the document hierarchy non-portable. Use with care!
4263
4264=item 4, 5, 6...
4265
4266Any other parameters you want to include in the <BODY> tag. This is a good
4267place to put Netscape extensions, such as colors and wallpaper patterns.
4268
4269=back
4270
4271=head2 ENDING THE HTML DOCUMENT:
4272
4273 print $query->end_html
4274
4275This ends an HTML document by printing the </BODY></HTML> tags.
4276
4277=head2 CREATING A SELF-REFERENCING URL THAT PRESERVES STATE INFORMATION:
4278
4279 $myself = $query->self_url;
4280 print "<A HREF=$myself>I'm talking to myself.</A>";
4281
4282self_url() will return a URL, that, when selected, will reinvoke
4283this script with all its state information intact. This is most
4284useful when you want to jump around within the document using
4285internal anchors but you don't want to disrupt the current contents
4286of the form(s). Something like this will do the trick.
4287
4288 $myself = $query->self_url;
4289 print "<A HREF=$myself#table1>See table 1</A>";
4290 print "<A HREF=$myself#table2>See table 2</A>";
4291 print "<A HREF=$myself#yourself>See for yourself</A>";
4292
4293If you want more control over what's returned, using the B<url()>
4294method instead.
4295
4296You can also retrieve the unprocessed query string with query_string():
4297
4298 $the_string = $query->query_string;
4299
4300=head2 OBTAINING THE SCRIPT'S URL
4301
4302 $full_url = $query->url();
4303 $full_url = $query->url(-full=>1); #alternative syntax
4304 $relative_url = $query->url(-relative=>1);
4305 $absolute_url = $query->url(-absolute=>1);
4306 $url_with_path = $query->url(-path_info=>1);
4307 $url_with_path_and_query = $query->url(-path_info=>1,-query=>1);
4308
4309B<url()> returns the script's URL in a variety of formats. Called
4310without any arguments, it returns the full form of the URL, including
4311host name and port number
4312
4313 http://your.host.com/path/to/script.cgi
4314
4315You can modify this format with the following named arguments:
4316
4317=over 4
4318
4319=item B<-absolute>
4320
4321If true, produce an absolute URL, e.g.
4322
4323 /path/to/script.cgi
4324
4325=item B<-relative>
4326
4327Produce a relative URL. This is useful if you want to reinvoke your
4328script with different parameters. For example:
4329
4330 script.cgi
4331
4332=item B<-full>
4333
4334Produce the full URL, exactly as if called without any arguments.
4335This overrides the -relative and -absolute arguments.
4336
4337=item B<-path> (B<-path_info>)
4338
4339Append the additional path information to the URL. This can be
4340combined with B<-full>, B<-absolute> or B<-relative>. B<-path_info>
4341is provided as a synonym.
4342
4343=item B<-query> (B<-query_string>)
4344
4345Append the query string to the URL. This can be combined with
4346B<-full>, B<-absolute> or B<-relative>. B<-query_string> is provided
4347as a synonym.
4348
4349=back
4350
71f3e297
JH		 4351=head2 MIXING POST AND URL PARAMETERS
4352
4353 $color = $query-&gt;url_param('color');
4354
4355It is possible for a script to receive CGI parameters in the URL as
4356well as in the fill-out form by creating a form that POSTs to a URL
4357containing a query string (a "?" mark followed by arguments). The
4358B<param()> method will always return the contents of the POSTed
4359fill-out form, ignoring the URL's query string. To retrieve URL
4360parameters, call the B<url_param()> method. Use it in the same way as
4361B<param()>. The main difference is that it allows you to read the
4362parameters, but not set them.
4363
4364
4365Under no circumstances will the contents of the URL query string
4366interfere with similarly-named CGI parameters in POSTed forms. If you
4367try to mix a URL query string with a form submitted with the GET
4368method, the results will not be what you expect.
4369
424ec8fa
GS		 4370=head1 CREATING STANDARD HTML ELEMENTS:
4371
4372CGI.pm defines general HTML shortcut methods for most, if not all of
4373the HTML 3 and HTML 4 tags. HTML shortcuts are named after a single
4374HTML element and return a fragment of HTML text that you can then
4375print or manipulate as you like. Each shortcut returns a fragment of
4376HTML code that you can append to a string, save to a file, or, most
4377commonly, print out so that it displays in the browser window.
4378
4379This example shows how to use the HTML methods:
4380
4381 $q = new CGI;
4382 print $q->blockquote(
4383 "Many years ago on the island of",
4384 $q->a({href=>"http://crete.org/"},"Crete"),
71f3e297 4385 "there lived a minotaur named",
424ec8fa
GS		 4386 $q->strong("Fred."),
4387 ),
4388 $q->hr;
4389
4390This results in the following HTML code (extra newlines have been
4391added for readability):
4392
4393 <blockquote>
4394 Many years ago on the island of
4395 <a HREF="http://crete.org/">Crete</a> there lived
4396 a minotaur named <strong>Fred.</strong>
4397 </blockquote>
4398 <hr>
4399
4400If you find the syntax for calling the HTML shortcuts awkward, you can
4401import them into your namespace and dispense with the object syntax
4402completely (see the next section for more details):
4403
4404 use CGI ':standard';
4405 print blockquote(
4406 "Many years ago on the island of",
4407 a({href=>"http://crete.org/"},"Crete"),
4408 "there lived a minotaur named",
4409 strong("Fred."),
4410 ),
4411 hr;
54310121 4412
424ec8fa 4413=head2 PROVIDING ARGUMENTS TO HTML SHORTCUTS
7d37aa8e 4414
424ec8fa
GS		 4415The HTML methods will accept zero, one or multiple arguments. If you
4416provide no arguments, you get a single tag:
7d37aa8e 4417
424ec8fa 4418 print hr; # <HR>
7d37aa8e 4419
424ec8fa
GS		 4420If you provide one or more string arguments, they are concatenated
4421together with spaces and placed between opening and closing tags:
7d37aa8e 4422
424ec8fa 4423 print h1("Chapter","1"); # <H1>Chapter 1</H1>"
7d37aa8e 4424
424ec8fa
GS		 4425If the first argument is an associative array reference, then the keys
4426and values of the associative array become the HTML tag's attributes:
7d37aa8e 4427
424ec8fa
GS		 4428 print a({-href=>'fred.html',-target=>'_new'},
4429 "Open a new frame");
7d37aa8e 4430
424ec8fa
GS		 4431 <A HREF="fred.html",TARGET="_new">Open a new frame</A>
4432
4433You may dispense with the dashes in front of the attribute names if
4434you prefer:
54310121 4435
424ec8fa 4436 print img {src=>'fred.gif',align=>'LEFT'};
54310121 4437
424ec8fa 4438 <IMG ALIGN="LEFT" SRC="fred.gif">
54310121 4439
424ec8fa
GS		 4440Sometimes an HTML tag attribute has no argument. For example, ordered
4441lists can be marked as COMPACT. The syntax for this is an argument that
4442that points to an undef string:
54310121 4443
424ec8fa 4444 print ol({compact=>undef},li('one'),li('two'),li('three'));
47e3cabd 4445
424ec8fa
GS		 4446Prior to CGI.pm version 2.41, providing an empty ('') string as an
4447attribute argument was the same as providing undef. However, this has
f610777f 4448changed in order to accommodate those who want to create tags of the form
424ec8fa
GS		 4449<IMG ALT="">. The difference is shown in these two pieces of code:
4450
4451 CODE RESULT
4452 img({alt=>undef}) <IMG ALT>
4453 img({alt=>''}) <IMT ALT="">
7d37aa8e 4454
424ec8fa 4455=head2 THE DISTRIBUTIVE PROPERTY OF HTML SHORTCUTS
7d37aa8e 4456
424ec8fa
GS		 4457One of the cool features of the HTML shortcuts is that they are
4458distributive. If you give them an argument consisting of a
4459B<reference> to a list, the tag will be distributed across each
4460element of the list. For example, here's one way to make an ordered
4461list:
7d37aa8e 4462
424ec8fa
GS		 4463 print ul(
4464 li({-type=>'disc'},['Sneezy','Doc','Sleepy','Happy']);
4465 );
7d37aa8e 4466
424ec8fa 4467This example will result in HTML output that looks like this:
54310121 4468
424ec8fa
GS		 4469 <UL>
4470 <LI TYPE="disc">Sneezy</LI>
4471 <LI TYPE="disc">Doc</LI>
4472 <LI TYPE="disc">Sleepy</LI>
4473 <LI TYPE="disc">Happy</LI>
4474 </UL>
54310121 4475
424ec8fa 4476This is extremely useful for creating tables. For example:
54310121 4477
424ec8fa
GS		 4478 print table({-border=>undef},
4479 caption('When Should You Eat Your Vegetables?'),
4480 Tr({-align=>CENTER,-valign=>TOP},
4481 [
4482 th(['Vegetable', 'Breakfast','Lunch','Dinner']),
4483 td(['Tomatoes' , 'no', 'yes', 'yes']),
4484 td(['Broccoli' , 'no', 'no', 'yes']),
4485 td(['Onions' , 'yes','yes', 'yes'])
4486 ]
4487 )
4488 );
54310121 4489
424ec8fa 4490=head2 HTML SHORTCUTS AND LIST INTERPOLATION
54310121 4491
424ec8fa 4492Consider this bit of code:
54310121 4493
424ec8fa 4494 print blockquote(em('Hi'),'mom!'));
54310121 4495
424ec8fa 4496It will ordinarily return the string that you probably expect, namely:
54310121 4497
424ec8fa 4498 <BLOCKQUOTE><EM>Hi</EM> mom!</BLOCKQUOTE>
54310121 4499
424ec8fa
GS		 4500Note the space between the element "Hi" and the element "mom!".
4501CGI.pm puts the extra space there using array interpolation, which is
4502controlled by the magic $" variable. Sometimes this extra space is
4503not what you want, for example, when you are trying to align a series
4504of images. In this case, you can simply change the value of $" to an
4505empty string.
54310121 4506
424ec8fa
GS		 4507 {
4508 local($") = '';
4509 print blockquote(em('Hi'),'mom!'));
4510 }
54310121 4511
424ec8fa
GS		 4512I suggest you put the code in a block as shown here. Otherwise the
4513change to $" will affect all subsequent code until you explicitly
4514reset it.
54310121 4515
424ec8fa 4516=head2 NON-STANDARD HTML SHORTCUTS
54310121 4517
424ec8fa
GS		 4518A few HTML tags don't follow the standard pattern for various
4519reasons.
54310121 4520
424ec8fa
GS		 4521B<comment()> generates an HTML comment (<!-- comment -->). Call it
4522like
54310121 4523
424ec8fa 4524 print comment('here is my comment');
54310121 4525
424ec8fa
GS		 4526Because of conflicts with built-in Perl functions, the following functions
4527begin with initial caps:
54310121 4528
424ec8fa
GS		 4529 Select
4530 Tr
4531 Link
4532 Delete
71f3e297
JH		 4533 Accept
4534 Sub
54310121 4535
424ec8fa
GS		 4536In addition, start_html(), end_html(), start_form(), end_form(),
4537start_multipart_form() and all the fill-out form tags are special.
4538See their respective sections.
4539
71f3e297
JH		 4540=head2 PRETTY-PRINTING HTML
4541
4542By default, all the HTML produced by these functions comes out as one
4543long line without carriage returns or indentation. This is yuck, but
4544it does reduce the size of the documents by 10-20%. To get
4545pretty-printed output, please use L<CGI::Pretty>, a subclass
4546contributed by Brian Paulsen.
4547
424ec8fa 4548=head1 CREATING FILL-OUT FORMS:
54310121 4549
4550I<General note> The various form-creating methods all return strings
4551to the caller, containing the tag or tags that will create the requested
4552form element. You are responsible for actually printing out these strings.
4553It's set up this way so that you can place formatting tags
4554around the form elements.
4555
4556I<Another note> The default values that you specify for the forms are only
4557used the B<first> time the script is invoked (when there is no query
4558string). On subsequent invocations of the script (when there is a query
4559string), the former values are used even if they are blank.
4560
4561If you want to change the value of a field from its previous value, you have two
4562choices:
4563
4564(1) call the param() method to set it.
4565
4566(2) use the -override (alias -force) parameter (a new feature in version 2.15).
4567This forces the default value to be used, regardless of the previous value:
4568
4569 print $query->textfield(-name=>'field_name',
4570 -default=>'starting value',
4571 -override=>1,
4572 -size=>50,
4573 -maxlength=>80);
4574
4575I<Yet another note> By default, the text and labels of form elements are
4576escaped according to HTML rules. This means that you can safely use
4577"<CLICK ME>" as the label for a button. However, it also interferes with
4578your ability to incorporate special HTML character sequences, such as &Aacute;,
4579into your fields. If you wish to turn off automatic escaping, call the
4580autoEscape() method with a false value immediately after creating the CGI object:
4581
4582 $query = new CGI;
4583 $query->autoEscape(undef);
4584
4585
4586=head2 CREATING AN ISINDEX TAG
4587
4588 print $query->isindex(-action=>$action);
4589
4590 -or-
4591
4592 print $query->isindex($action);
4593
4594Prints out an <ISINDEX> tag. Not very exciting. The parameter
4595-action specifies the URL of the script to process the query. The
4596default is to process the query with the current script.
4597
4598=head2 STARTING AND ENDING A FORM
4599
4600 print $query->startform(-method=>$method,
4601 -action=>$action,
71f3e297 4602 -enctype=>$encoding);
54310121 4603 <... various form stuff ...>
4604 print $query->endform;
4605
4606 -or-
4607
4608 print $query->startform($method,$action,$encoding);
4609 <... various form stuff ...>
4610 print $query->endform;
4611
4612startform() will return a <FORM> tag with the optional method,
4613action and form encoding that you specify. The defaults are:
4614
4615 method: POST
4616 action: this script
71f3e297 4617 enctype: application/x-www-form-urlencoded
54310121 4618
4619endform() returns the closing </FORM> tag.
4620
71f3e297 4621Startform()'s enctype argument tells the browser how to package the various
54310121 4622fields of the form before sending the form to the server. Two
4623values are possible:
4624
4625=over 4
4626
4627=item B<application/x-www-form-urlencoded>
4628
4629This is the older type of encoding used by all browsers prior to
4630Netscape 2.0. It is compatible with many CGI scripts and is
4631suitable for short fields containing text data. For your
4632convenience, CGI.pm stores the name of this encoding
4633type in B<$CGI::URL_ENCODED>.
4634
4635=item B<multipart/form-data>
4636
4637This is the newer type of encoding introduced by Netscape 2.0.
4638It is suitable for forms that contain very large fields or that
4639are intended for transferring binary data. Most importantly,
4640it enables the "file upload" feature of Netscape 2.0 forms. For
4641your convenience, CGI.pm stores the name of this encoding type
424ec8fa 4642in B<&CGI::MULTIPART>
54310121 4643
4644Forms that use this type of encoding are not easily interpreted
4645by CGI scripts unless they use CGI.pm or another library designed
4646to handle them.
4647
4648=back
4649
4650For compatibility, the startform() method uses the older form of
4651encoding by default. If you want to use the newer form of encoding
4652by default, you can call B<start_multipart_form()> instead of
4653B<startform()>.
4654
4655JAVASCRIPTING: The B<-name> and B<-onSubmit> parameters are provided
4656for use with JavaScript. The -name parameter gives the
4657form a name so that it can be identified and manipulated by
4658JavaScript functions. -onSubmit should point to a JavaScript
4659function that will be executed just before the form is submitted to your
4660server. You can use this opportunity to check the contents of the form
4661for consistency and completeness. If you find something wrong, you
4662can put up an alert box or maybe fix things up yourself. You can
4663abort the submission by returning false from this function.
4664
4665Usually the bulk of JavaScript functions are defined in a <SCRIPT>
4666block in the HTML header and -onSubmit points to one of these function
4667call. See start_html() for details.
4668
4669=head2 CREATING A TEXT FIELD
4670
4671 print $query->textfield(-name=>'field_name',
4672 -default=>'starting value',
4673 -size=>50,
4674 -maxlength=>80);
4675 -or-
4676
4677 print $query->textfield('field_name','starting value',50,80);
4678
4679textfield() will return a text input field.
4680
4681=over 4
4682
4683=item B<Parameters>
4684
4685=item 1.
4686
4687The first parameter is the required name for the field (-name).
4688
4689=item 2.
4690
4691The optional second parameter is the default starting value for the field
4692contents (-default).
4693
4694=item 3.
4695
4696The optional third parameter is the size of the field in
4697 characters (-size).
4698
4699=item 4.
4700
4701The optional fourth parameter is the maximum number of characters the
4702 field will accept (-maxlength).
4703
4704=back
4705
4706As with all these methods, the field will be initialized with its
4707previous contents from earlier invocations of the script.
4708When the form is processed, the value of the text field can be
4709retrieved with:
4710
4711 $value = $query->param('foo');
4712
4713If you want to reset it from its initial value after the script has been
4714called once, you can do so like this:
4715
4716 $query->param('foo',"I'm taking over this value!");
4717
4718NEW AS OF VERSION 2.15: If you don't want the field to take on its previous
4719value, you can force its current value by using the -override (alias -force)
4720parameter:
4721
4722 print $query->textfield(-name=>'field_name',
4723 -default=>'starting value',
4724 -override=>1,
4725 -size=>50,
4726 -maxlength=>80);
4727
424ec8fa
GS		 4728JAVASCRIPTING: You can also provide B<-onChange>, B<-onFocus>,
4729B<-onBlur>, B<-onMouseOver>, B<-onMouseOut> and B<-onSelect>
4730parameters to register JavaScript event handlers. The onChange
4731handler will be called whenever the user changes the contents of the
4732text field. You can do text validation if you like. onFocus and
4733onBlur are called respectively when the insertion point moves into and
4734out of the text field. onSelect is called when the user changes the
4735portion of the text that is selected.
54310121 4736
4737=head2 CREATING A BIG TEXT FIELD
4738
4739 print $query->textarea(-name=>'foo',
4740 -default=>'starting value',
4741 -rows=>10,
4742 -columns=>50);
4743
4744 -or
4745
4746 print $query->textarea('foo','starting value',10,50);
4747
4748textarea() is just like textfield, but it allows you to specify
4749rows and columns for a multiline text entry box. You can provide
4750a starting value for the field, which can be long and contain
4751multiple lines.
4752
424ec8fa
GS		 4753JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur> ,
4754B<-onMouseOver>, B<-onMouseOut>, and B<-onSelect> parameters are
4755recognized. See textfield().
54310121 4756
4757=head2 CREATING A PASSWORD FIELD
4758
4759 print $query->password_field(-name=>'secret',
4760 -value=>'starting value',
4761 -size=>50,
4762 -maxlength=>80);
4763 -or-
4764
4765 print $query->password_field('secret','starting value',50,80);
4766
4767password_field() is identical to textfield(), except that its contents
4768will be starred out on the web page.
4769
424ec8fa
GS		 4770JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur>,
4771B<-onMouseOver>, B<-onMouseOut> and B<-onSelect> parameters are
4772recognized. See textfield().
54310121 4773
4774=head2 CREATING A FILE UPLOAD FIELD
4775
4776 print $query->filefield(-name=>'uploaded_file',
4777 -default=>'starting value',
4778 -size=>50,
4779 -maxlength=>80);
4780 -or-
4781
4782 print $query->filefield('uploaded_file','starting value',50,80);
4783
4784filefield() will return a file upload field for Netscape 2.0 browsers.
4785In order to take full advantage of this I<you must use the new
4786multipart encoding scheme> for the form. You can do this either
4787by calling B<startform()> with an encoding type of B<$CGI::MULTIPART>,
4788or by calling the new method B<start_multipart_form()> instead of
4789vanilla B<startform()>.
4790
4791=over 4
4792
4793=item B<Parameters>
4794
4795=item 1.
4796
4797The first parameter is the required name for the field (-name).
4798
4799=item 2.
4800
4801The optional second parameter is the starting value for the field contents
4802to be used as the default file name (-default).
4803
71f3e297
JH		 4804For security reasons, browsers don't pay any attention to this field,
4805and so the starting value will always be blank. Worse, the field
4806loses its "sticky" behavior and forgets its previous contents. The
4807starting value field is called for in the HTML specification, however,
4808and possibly some browser will eventually provide support for it.
54310121 4809
4810=item 3.
4811
4812The optional third parameter is the size of the field in
4813characters (-size).
4814
4815=item 4.
4816
4817The optional fourth parameter is the maximum number of characters the
4818field will accept (-maxlength).
4819
4820=back
4821
4822When the form is processed, you can retrieve the entered filename
4823by calling param().
4824
4825 $filename = $query->param('uploaded_file');
4826
424ec8fa
GS		 4827In Netscape Navigator 2.0, the filename that gets returned is the full
4828local filename on the B<remote user's> machine. If the remote user is
4829on a Unix machine, the filename will follow Unix conventions:
54310121 4830
4831 /path/to/the/file
4832
4833On an MS-DOS/Windows and OS/2 machines, the filename will follow DOS conventions:
4834
4835 C:\PATH\TO\THE\FILE.MSW
4836
4837On a Macintosh machine, the filename will follow Mac conventions:
4838
4839 HD 40:Desktop Folder:Sort Through:Reminders
4840
4841The filename returned is also a file handle. You can read the contents
4842of the file using standard Perl file reading calls:
4843
4844 # Read a text file and print it out
4845 while (<$filename>) {
4846 print;
4847 }
4848
4849 # Copy a binary file to somewhere safe
4850 open (OUTFILE,">>/usr/local/web/users/feedback");
4851 while ($bytesread=read($filename,$buffer,1024)) {
4852 print OUTFILE $buffer;
4853 }
4854
4855When a file is uploaded the browser usually sends along some
4856information along with it in the format of headers. The information
4857usually includes the MIME content type. Future browsers may send
4858other information as well (such as modification date and size). To
4859retrieve this information, call uploadInfo(). It returns a reference to
4860an associative array containing all the document headers.
4861
4862 $filename = $query->param('uploaded_file');
4863 $type = $query->uploadInfo($filename)->{'Content-Type'};
4864 unless ($type eq 'text/html') {
4865 die "HTML FILES ONLY!";
4866 }
4867
4868If you are using a machine that recognizes "text" and "binary" data
4869modes, be sure to understand when and how to use them (see the Camel book).
4870Otherwise you may find that binary files are corrupted during file uploads.
4871
424ec8fa
GS		 4872JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur>,
4873B<-onMouseOver>, B<-onMouseOut> and B<-onSelect> parameters are
4874recognized. See textfield() for details.
54310121 4875
4876=head2 CREATING A POPUP MENU
4877
4878 print $query->popup_menu('menu_name',
4879 ['eenie','meenie','minie'],
4880 'meenie');
4881
4882 -or-
4883
4884 %labels = ('eenie'=>'your first choice',
4885 'meenie'=>'your second choice',
4886 'minie'=>'your third choice');
4887 print $query->popup_menu('menu_name',
4888 ['eenie','meenie','minie'],
4889 'meenie',\%labels);
4890
4891 -or (named parameter style)-
4892
4893 print $query->popup_menu(-name=>'menu_name',
4894 -values=>['eenie','meenie','minie'],
4895 -default=>'meenie',
4896 -labels=>\%labels);
4897
4898popup_menu() creates a menu.
4899
4900=over 4
4901
4902=item 1.
4903
4904The required first argument is the menu's name (-name).
4905
4906=item 2.
4907
4908The required second argument (-values) is an array B<reference>
4909containing the list of menu items in the menu. You can pass the
4910method an anonymous array, as shown in the example, or a reference to
4911a named array, such as "\@foo".
4912
4913=item 3.
4914
4915The optional third parameter (-default) is the name of the default
4916menu choice. If not specified, the first item will be the default.
4917The values of the previous choice will be maintained across queries.
4918
4919=item 4.
4920
4921The optional fourth parameter (-labels) is provided for people who
4922want to use different values for the user-visible label inside the
4923popup menu nd the value returned to your script. It's a pointer to an
4924associative array relating menu values to user-visible labels. If you
4925leave this parameter blank, the menu values will be displayed by
4926default. (You can also leave a label undefined if you want to).
4927
4928=back
4929
4930When the form is processed, the selected value of the popup menu can
4931be retrieved using:
4932
4933 $popup_menu_value = $query->param('menu_name');
4934
4935JAVASCRIPTING: popup_menu() recognizes the following event handlers:
424ec8fa
GS		 4936B<-onChange>, B<-onFocus>, B<-onMouseOver>, B<-onMouseOut>, and
4937B<-onBlur>. See the textfield() section for details on when these
4938handlers are called.
54310121 4939
4940=head2 CREATING A SCROLLING LIST
4941
4942 print $query->scrolling_list('list_name',
4943 ['eenie','meenie','minie','moe'],
4944 ['eenie','moe'],5,'true');
4945 -or-
4946
4947 print $query->scrolling_list('list_name',
4948 ['eenie','meenie','minie','moe'],
4949 ['eenie','moe'],5,'true',
4950 \%labels);
4951
4952 -or-
4953
4954 print $query->scrolling_list(-name=>'list_name',
4955 -values=>['eenie','meenie','minie','moe'],
4956 -default=>['eenie','moe'],
4957 -size=>5,
4958 -multiple=>'true',
4959 -labels=>\%labels);
4960
4961scrolling_list() creates a scrolling list.
4962
4963=over 4
4964
4965=item B<Parameters:>
4966
4967=item 1.
4968
4969The first and second arguments are the list name (-name) and values
4970(-values). As in the popup menu, the second argument should be an
4971array reference.
4972
4973=item 2.
4974
4975The optional third argument (-default) can be either a reference to a
4976list containing the values to be selected by default, or can be a
4977single value to select. If this argument is missing or undefined,
4978then nothing is selected when the list first appears. In the named
4979parameter version, you can use the synonym "-defaults" for this
4980parameter.
4981
4982=item 3.
4983
4984The optional fourth argument is the size of the list (-size).
4985
4986=item 4.
4987
4988The optional fifth argument can be set to true to allow multiple
4989simultaneous selections (-multiple). Otherwise only one selection
4990will be allowed at a time.
4991
4992=item 5.
4993
4994The optional sixth argument is a pointer to an associative array
4995containing long user-visible labels for the list items (-labels).
4996If not provided, the values will be displayed.
4997
4998When this form is processed, all selected list items will be returned as
4999a list under the parameter name 'list_name'. The values of the
5000selected items can be retrieved with:
5001
5002 @selected = $query->param('list_name');
5003
5004=back
5005
424ec8fa
GS		 5006JAVASCRIPTING: scrolling_list() recognizes the following event
5007handlers: B<-onChange>, B<-onFocus>, B<-onMouseOver>, B<-onMouseOut>
5008and B<-onBlur>. See textfield() for the description of when these
5009handlers are called.
54310121 5010
5011=head2 CREATING A GROUP OF RELATED CHECKBOXES
5012
5013 print $query->checkbox_group(-name=>'group_name',
5014 -values=>['eenie','meenie','minie','moe'],
5015 -default=>['eenie','moe'],
5016 -linebreak=>'true',
5017 -labels=>\%labels);
5018
5019 print $query->checkbox_group('group_name',
5020 ['eenie','meenie','minie','moe'],
5021 ['eenie','moe'],'true',\%labels);
5022
5023 HTML3-COMPATIBLE BROWSERS ONLY:
5024
5025 print $query->checkbox_group(-name=>'group_name',
5026 -values=>['eenie','meenie','minie','moe'],
5027 -rows=2,-columns=>2);
5028
5029
5030checkbox_group() creates a list of checkboxes that are related
5031by the same name.
5032
5033=over 4
5034
5035=item B<Parameters:>
5036
5037=item 1.
5038
5039The first and second arguments are the checkbox name and values,
5040respectively (-name and -values). As in the popup menu, the second
5041argument should be an array reference. These values are used for the
5042user-readable labels printed next to the checkboxes as well as for the
5043values passed to your script in the query string.
5044
5045=item 2.
5046
5047The optional third argument (-default) can be either a reference to a
5048list containing the values to be checked by default, or can be a
5049single value to checked. If this argument is missing or undefined,
5050then nothing is selected when the list first appears.
5051
5052=item 3.
5053
5054The optional fourth argument (-linebreak) can be set to true to place
5055line breaks between the checkboxes so that they appear as a vertical
5056list. Otherwise, they will be strung together on a horizontal line.
5057
5058=item 4.
5059
5060The optional fifth argument is a pointer to an associative array
7a2e2cd6 5061relating the checkbox values to the user-visible labels that will
54310121 5062be printed next to them (-labels). If not provided, the values will
5063be used as the default.
5064
5065=item 5.
5066
424ec8fa
GS		 5067B<HTML3-compatible browsers> (such as Netscape) can take advantage of
5068the optional parameters B<-rows>, and B<-columns>. These parameters
5069cause checkbox_group() to return an HTML3 compatible table containing
5070the checkbox group formatted with the specified number of rows and
5071columns. You can provide just the -columns parameter if you wish;
5072checkbox_group will calculate the correct number of rows for you.
54310121 5073
5074To include row and column headings in the returned table, you
424ec8fa 5075can use the B<-rowheaders> and B<-colheaders> parameters. Both
54310121 5076of these accept a pointer to an array of headings to use.
5077The headings are just decorative. They don't reorganize the
5078interpretation of the checkboxes -- they're still a single named
5079unit.
5080
5081=back
5082
5083When the form is processed, all checked boxes will be returned as
5084a list under the parameter name 'group_name'. The values of the
5085"on" checkboxes can be retrieved with:
5086
5087 @turned_on = $query->param('group_name');
5088
5089The value returned by checkbox_group() is actually an array of button
5090elements. You can capture them and use them within tables, lists,
5091or in other creative ways:
5092
5093 @h = $query->checkbox_group(-name=>'group_name',-values=>\@values);
5094 &use_in_creative_way(@h);
5095
5096JAVASCRIPTING: checkbox_group() recognizes the B<-onClick>
5097parameter. This specifies a JavaScript code fragment or
5098function call to be executed every time the user clicks on
5099any of the buttons in the group. You can retrieve the identity
5100of the particular button clicked on using the "this" variable.
5101
5102=head2 CREATING A STANDALONE CHECKBOX
5103
5104 print $query->checkbox(-name=>'checkbox_name',
5105 -checked=>'checked',
5106 -value=>'ON',
5107 -label=>'CLICK ME');
5108
5109 -or-
5110
5111 print $query->checkbox('checkbox_name','checked','ON','CLICK ME');
5112
5113checkbox() is used to create an isolated checkbox that isn't logically
5114related to any others.
5115
5116=over 4
5117
5118=item B<Parameters:>
5119
5120=item 1.
5121
5122The first parameter is the required name for the checkbox (-name). It
5123will also be used for the user-readable label printed next to the
5124checkbox.
5125
5126=item 2.
5127
5128The optional second parameter (-checked) specifies that the checkbox
5129is turned on by default. Synonyms are -selected and -on.
5130
5131=item 3.
5132
5133The optional third parameter (-value) specifies the value of the
5134checkbox when it is checked. If not provided, the word "on" is
5135assumed.
5136
5137=item 4.
5138
5139The optional fourth parameter (-label) is the user-readable label to
5140be attached to the checkbox. If not provided, the checkbox name is
5141used.
5142
5143=back
5144
5145The value of the checkbox can be retrieved using:
5146
5147 $turned_on = $query->param('checkbox_name');
5148
5149JAVASCRIPTING: checkbox() recognizes the B<-onClick>
5150parameter. See checkbox_group() for further details.
5151
5152=head2 CREATING A RADIO BUTTON GROUP
5153
5154 print $query->radio_group(-name=>'group_name',
5155 -values=>['eenie','meenie','minie'],
5156 -default=>'meenie',
5157 -linebreak=>'true',
5158 -labels=>\%labels);
5159
5160 -or-
5161
5162 print $query->radio_group('group_name',['eenie','meenie','minie'],
5163 'meenie','true',\%labels);
5164
5165
5166 HTML3-COMPATIBLE BROWSERS ONLY:
5167
5168 print $query->radio_group(-name=>'group_name',
5169 -values=>['eenie','meenie','minie','moe'],
5170 -rows=2,-columns=>2);
5171
5172radio_group() creates a set of logically-related radio buttons
5173(turning one member of the group on turns the others off)
5174
5175=over 4
5176
5177=item B<Parameters:>
5178
5179=item 1.
5180
5181The first argument is the name of the group and is required (-name).
5182
5183=item 2.
5184
5185The second argument (-values) is the list of values for the radio
5186buttons. The values and the labels that appear on the page are
5187identical. Pass an array I<reference> in the second argument, either
5188using an anonymous array, as shown, or by referencing a named array as
5189in "\@foo".
5190
5191=item 3.
5192
5193The optional third parameter (-default) is the name of the default
5194button to turn on. If not specified, the first item will be the
5195default. You can provide a nonexistent button name, such as "-" to
5196start up with no buttons selected.
5197
5198=item 4.
5199
5200The optional fourth parameter (-linebreak) can be set to 'true' to put
5201line breaks between the buttons, creating a vertical list.
5202
5203=item 5.
5204
5205The optional fifth parameter (-labels) is a pointer to an associative
5206array relating the radio button values to user-visible labels to be
5207used in the display. If not provided, the values themselves are
5208displayed.
5209
5210=item 6.
5211
5212B<HTML3-compatible browsers> (such as Netscape) can take advantage
5213of the optional
5214parameters B<-rows>, and B<-columns>. These parameters cause
5215radio_group() to return an HTML3 compatible table containing
5216the radio group formatted with the specified number of rows
5217and columns. You can provide just the -columns parameter if you
5218wish; radio_group will calculate the correct number of rows
5219for you.
5220
5221To include row and column headings in the returned table, you
5222can use the B<-rowheader> and B<-colheader> parameters. Both
5223of these accept a pointer to an array of headings to use.
5224The headings are just decorative. They don't reorganize the
f610777f 5225interpretation of the radio buttons -- they're still a single named
54310121 5226unit.
5227
5228=back
5229
5230When the form is processed, the selected radio button can
5231be retrieved using:
5232
5233 $which_radio_button = $query->param('group_name');
5234
5235The value returned by radio_group() is actually an array of button
5236elements. You can capture them and use them within tables, lists,
5237or in other creative ways:
5238
5239 @h = $query->radio_group(-name=>'group_name',-values=>\@values);
5240 &use_in_creative_way(@h);
5241
5242=head2 CREATING A SUBMIT BUTTON
5243
5244 print $query->submit(-name=>'button_name',
5245 -value=>'value');
5246
5247 -or-
5248
5249 print $query->submit('button_name','value');
5250
5251submit() will create the query submission button. Every form
5252should have one of these.
5253
5254=over 4
5255
5256=item B<Parameters:>
5257
5258=item 1.
5259
5260The first argument (-name) is optional. You can give the button a
5261name if you have several submission buttons in your form and you want
5262to distinguish between them. The name will also be used as the
5263user-visible label. Be aware that a few older browsers don't deal with this correctly and
5264B<never> send back a value from a button.
5265
5266=item 2.
5267
5268The second argument (-value) is also optional. This gives the button
5269a value that will be passed to your script in the query string.
5270
5271=back
5272
5273You can figure out which button was pressed by using different
5274values for each one:
5275
5276 $which_one = $query->param('button_name');
5277
5278JAVASCRIPTING: radio_group() recognizes the B<-onClick>
5279parameter. See checkbox_group() for further details.
5280
5281=head2 CREATING A RESET BUTTON
5282
5283 print $query->reset
5284
5285reset() creates the "reset" button. Note that it restores the
5286form to its value from the last time the script was called,
5287NOT necessarily to the defaults.
5288
71f3e297
JH		 5289Note that this conflicts with the Perl reset() built-in. Use
5290CORE::reset() to get the original reset function.
5291
54310121 5292=head2 CREATING A DEFAULT BUTTON
5293
5294 print $query->defaults('button_label')
5295
5296defaults() creates a button that, when invoked, will cause the
5297form to be completely reset to its defaults, wiping out all the
5298changes the user ever made.
5299
5300=head2 CREATING A HIDDEN FIELD
5301
5302 print $query->hidden(-name=>'hidden_name',
5303 -default=>['value1','value2'...]);
5304
5305 -or-
5306
5307 print $query->hidden('hidden_name','value1','value2'...);
5308
5309hidden() produces a text field that can't be seen by the user. It
5310is useful for passing state variable information from one invocation
5311of the script to the next.
5312
5313=over 4
5314
5315=item B<Parameters:>
5316
5317=item 1.
5318
5319The first argument is required and specifies the name of this
5320field (-name).
5321
5322=item 2.
5323
5324The second argument is also required and specifies its value
5325(-default). In the named parameter style of calling, you can provide
5326a single value here or a reference to a whole list
5327
5328=back
5329
5330Fetch the value of a hidden field this way:
5331
5332 $hidden_value = $query->param('hidden_name');
5333
5334Note, that just like all the other form elements, the value of a
5335hidden field is "sticky". If you want to replace a hidden field with
5336some other values after the script has been called once you'll have to
5337do it manually:
5338
5339 $query->param('hidden_name','new','values','here');
5340
5341=head2 CREATING A CLICKABLE IMAGE BUTTON
5342
5343 print $query->image_button(-name=>'button_name',
5344 -src=>'/source/URL',
5345 -align=>'MIDDLE');
5346
5347 -or-
5348
5349 print $query->image_button('button_name','/source/URL','MIDDLE');
5350
5351image_button() produces a clickable image. When it's clicked on the
5352position of the click is returned to your script as "button_name.x"
5353and "button_name.y", where "button_name" is the name you've assigned
5354to it.
5355
5356JAVASCRIPTING: image_button() recognizes the B<-onClick>
5357parameter. See checkbox_group() for further details.
5358
5359=over 4
5360
5361=item B<Parameters:>
5362
5363=item 1.
5364
5365The first argument (-name) is required and specifies the name of this
5366field.
5367
5368=item 2.
5369
5370The second argument (-src) is also required and specifies the URL
5371
5372=item 3.
5373The third option (-align, optional) is an alignment type, and may be
5374TOP, BOTTOM or MIDDLE
5375
5376=back
5377
5378Fetch the value of the button this way:
5379 $x = $query->param('button_name.x');
5380 $y = $query->param('button_name.y');
5381
5382=head2 CREATING A JAVASCRIPT ACTION BUTTON
5383
5384 print $query->button(-name=>'button_name',
5385 -value=>'user visible label',
5386 -onClick=>"do_something()");
5387
5388 -or-
5389
5390 print $query->button('button_name',"do_something()");
5391
5392button() produces a button that is compatible with Netscape 2.0's
5393JavaScript. When it's pressed the fragment of JavaScript code
5394pointed to by the B<-onClick> parameter will be executed. On
5395non-Netscape browsers this form element will probably not even
5396display.
5397
71f3e297 5398=head1 HTTP COOKIES
54310121 5399
71f3e297
JH		 5400Netscape browsers versions 1.1 and higher, and all versions of
5401Internet Explorer, support a so-called "cookie" designed to help
5402maintain state within a browser session. CGI.pm has several methods
5403that support cookies.
54310121 5404
5405A cookie is a name=value pair much like the named parameters in a CGI
5406query string. CGI scripts create one or more cookies and send
5407them to the browser in the HTTP header. The browser maintains a list
5408of cookies that belong to a particular Web server, and returns them
5409to the CGI script during subsequent interactions.
5410
5411In addition to the required name=value pair, each cookie has several
5412optional attributes:
5413
5414=over 4
5415
5416=item 1. an expiration time
5417
5418This is a time/date string (in a special GMT format) that indicates
5419when a cookie expires. The cookie will be saved and returned to your
5420script until this expiration date is reached if the user exits
71f3e297
JH		 5421the browser and restarts it. If an expiration date isn't specified, the cookie
5422will remain active until the user quits the browser.
54310121 5423
5424=item 2. a domain
5425
5426This is a partial or complete domain name for which the cookie is
5427valid. The browser will return the cookie to any host that matches
5428the partial domain name. For example, if you specify a domain name
71f3e297 5429of ".capricorn.com", then the browser will return the cookie to
54310121 5430Web servers running on any of the machines "www.capricorn.com",
5431"www2.capricorn.com", "feckless.capricorn.com", etc. Domain names
5432must contain at least two periods to prevent attempts to match
5433on top level domains like ".edu". If no domain is specified, then
5434the browser will only return the cookie to servers on the host the
5435cookie originated from.
5436
5437=item 3. a path
5438
5439If you provide a cookie path attribute, the browser will check it
5440against your script's URL before returning the cookie. For example,
5441if you specify the path "/cgi-bin", then the cookie will be returned
5442to each of the scripts "/cgi-bin/tally.pl", "/cgi-bin/order.pl",
5443and "/cgi-bin/customer_service/complain.pl", but not to the script
5444"/cgi-private/site_admin.pl". By default, path is set to "/", which
5445causes the cookie to be sent to any CGI script on your site.
5446
5447=item 4. a "secure" flag
5448
5449If the "secure" attribute is set, the cookie will only be sent to your
5450script if the CGI request is occurring on a secure channel, such as SSL.
5451
5452=back
5453
71f3e297 5454The interface to HTTP cookies is the B<cookie()> method:
54310121 5455
5456 $cookie = $query->cookie(-name=>'sessionID',
5457 -value=>'xyzzy',
5458 -expires=>'+1h',
5459 -path=>'/cgi-bin/database',
5460 -domain=>'.capricorn.org',
5461 -secure=>1);
5462 print $query->header(-cookie=>$cookie);
5463
5464B<cookie()> creates a new cookie. Its parameters include:
5465
5466=over 4
5467
5468=item B<-name>
5469
5470The name of the cookie (required). This can be any string at all.
71f3e297 5471Although browsers limit their cookie names to non-whitespace
54310121 5472alphanumeric characters, CGI.pm removes this restriction by escaping
5473and unescaping cookies behind the scenes.
5474
5475=item B<-value>
5476
5477The value of the cookie. This can be any scalar value,
5478array reference, or even associative array reference. For example,
5479you can store an entire associative array into a cookie this way:
5480
5481 $cookie=$query->cookie(-name=>'family information',
5482 -value=>\%childrens_ages);
5483
5484=item B<-path>
5485
5486The optional partial path for which this cookie will be valid, as described
5487above.
5488
5489=item B<-domain>
5490
5491The optional partial domain for which this cookie will be valid, as described
5492above.
5493
5494=item B<-expires>
5495
5496The optional expiration date for this cookie. The format is as described
5497in the section on the B<header()> method:
5498
5499 "+1h" one hour from now
5500
5501=item B<-secure>
5502
5503If set to true, this cookie will only be used within a secure
5504SSL session.
5505
5506=back
5507
5508The cookie created by cookie() must be incorporated into the HTTP
5509header within the string returned by the header() method:
5510
5511 print $query->header(-cookie=>$my_cookie);
5512
5513To create multiple cookies, give header() an array reference:
5514
5515 $cookie1 = $query->cookie(-name=>'riddle_name',
5516 -value=>"The Sphynx's Question");
5517 $cookie2 = $query->cookie(-name=>'answers',
5518 -value=>\%answers);
5519 print $query->header(-cookie=>[$cookie1,$cookie2]);
5520
5521To retrieve a cookie, request it by name by calling cookie()
5522method without the B<-value> parameter:
5523
5524 use CGI;
5525 $query = new CGI;
5526 %answers = $query->cookie(-name=>'answers');
5527 # $query->cookie('answers') will work too!
5528
5529The cookie and CGI namespaces are separate. If you have a parameter
5530named 'answers' and a cookie named 'answers', the values retrieved by
5531param() and cookie() are independent of each other. However, it's
5532simple to turn a CGI parameter into a cookie, and vice-versa:
5533
5534 # turn a CGI parameter into a cookie
5535 $c=$q->cookie(-name=>'answers',-value=>[$q->param('answers')]);
5536 # vice-versa
5537 $q->param(-name=>'answers',-value=>[$q->cookie('answers')]);
5538
5539See the B<cookie.cgi> example script for some ideas on how to use
5540cookies effectively.
5541
71f3e297 5542=head1 WORKING WITH FRAMES
54310121 5543
71f3e297
JH		 5544It's possible for CGI.pm scripts to write into several browser panels
5545and windows using the HTML 4 frame mechanism. There are three
5546techniques for defining new frames programmatically:
54310121 5547
5548=over 4
5549
5550=item 1. Create a <Frameset> document
5551
5552After writing out the HTTP header, instead of creating a standard
5553HTML document using the start_html() call, create a <FRAMESET>
5554document that defines the frames on the page. Specify your script(s)
5555(with appropriate parameters) as the SRC for each of the frames.
5556
5557There is no specific support for creating <FRAMESET> sections
5558in CGI.pm, but the HTML is very simple to write. See the frame
5559documentation in Netscape's home pages for details
5560
5561 http://home.netscape.com/assist/net_sites/frames.html
5562
5563=item 2. Specify the destination for the document in the HTTP header
5564
5565You may provide a B<-target> parameter to the header() method:
5566
5567 print $q->header(-target=>'ResultsWindow');
5568
71f3e297
JH		 5569This will tell the browser to load the output of your script into the
5570frame named "ResultsWindow". If a frame of that name doesn't already
5571exist, the browser will pop up a new window and load your script's
5572document into that. There are a number of magic names that you can
5573use for targets. See the frame documents on Netscape's home pages for
5574details.
54310121 5575
5576=item 3. Specify the destination for the document in the <FORM> tag
5577
5578You can specify the frame to load in the FORM tag itself. With
5579CGI.pm it looks like this:
5580
5581 print $q->startform(-target=>'ResultsWindow');
5582
5583When your script is reinvoked by the form, its output will be loaded
5584into the frame named "ResultsWindow". If one doesn't already exist
5585a new window will be created.
5586
5587=back
5588
5589The script "frameset.cgi" in the examples directory shows one way to
5590create pages in which the fill-out form and the response live in
5591side-by-side frames.
5592
7d37aa8e
LS		 5593=head1 LIMITED SUPPORT FOR CASCADING STYLE SHEETS
5594
5595CGI.pm has limited support for HTML3's cascading style sheets (css).
5596To incorporate a stylesheet into your document, pass the
5597start_html() method a B<-style> parameter. The value of this
5598parameter may be a scalar, in which case it is incorporated directly
5599into a <STYLE> section, or it may be a hash reference. In the latter
5600case you should provide the hash with one or more of B<-src> or
5601B<-code>. B<-src> points to a URL where an externally-defined
5602stylesheet can be found. B<-code> points to a scalar value to be
5603incorporated into a <STYLE> section. Style definitions in B<-code>
5604override similarly-named ones in B<-src>, hence the name "cascading."
5605
424ec8fa
GS		 5606You may also specify the type of the stylesheet by adding the optional
5607B<-type> parameter to the hash pointed to by B<-style>. If not
5608specified, the style defaults to 'text/css'.
5609
7d37aa8e
LS		 5610To refer to a style within the body of your document, add the
5611B<-class> parameter to any HTML element:
5612
5613 print h1({-class=>'Fancy'},'Welcome to the Party');
5614
5615Or define styles on the fly with the B<-style> parameter:
5616
5617 print h1({-style=>'Color: red;'},'Welcome to Hell');
5618
5619You may also use the new B<span()> element to apply a style to a
5620section of text:
5621
5622 print span({-style=>'Color: red;'},
5623 h1('Welcome to Hell'),
5624 "Where did that handbasket get to?"
5625 );
5626
5627Note that you must import the ":html3" definitions to have the
5628B<span()> method available. Here's a quick and dirty example of using
5629CSS's. See the CSS specification at
5630http://www.w3.org/pub/WWW/TR/Wd-css-1.html for more information.
5631
5632 use CGI qw/:standard :html3/;
5633
5634 #here's a stylesheet incorporated directly into the page
5635 $newStyle=<<END;
5636 <!--
5637 P.Tip {
5638 margin-right: 50pt;
5639 margin-left: 50pt;
5640 color: red;
5641 }
5642 P.Alert {
5643 font-size: 30pt;
5644 font-family: sans-serif;
5645 color: red;
5646 }
5647 -->
5648 END
5649 print header();
5650 print start_html( -title=>'CGI with Style',
5651 -style=>{-src=>'http://www.capricorn.com/style/st1.css',
5652 -code=>$newStyle}
5653 );
5654 print h1('CGI with Style'),
5655 p({-class=>'Tip'},
5656 "Better read the cascading style sheet spec before playing with this!"),
5657 span({-style=>'color: magenta'},
5658 "Look Mom, no hands!",
5659 p(),
5660 "Whooo wee!"
5661 );
5662 print end_html;
5663
54310121 5664=head1 DEBUGGING
5665
5666If you are running the script
5667from the command line or in the perl debugger, you can pass the script
5668a list of keywords or parameter=value pairs on the command line or
5669from standard input (you don't have to worry about tricking your
5670script into reading from environment variables).
5671You can pass keywords like this:
5672
5673 your_script.pl keyword1 keyword2 keyword3
5674
5675or this:
5676
5677 your_script.pl keyword1+keyword2+keyword3
5678
5679or this:
5680
5681 your_script.pl name1=value1 name2=value2
5682
5683or this:
5684
5685 your_script.pl name1=value1&name2=value2
5686
5687or even as newline-delimited parameters on standard input.
5688
5689When debugging, you can use quotes and backslashes to escape
5690characters in the familiar shell manner, letting you place
5691spaces and other funny characters in your parameter=value
5692pairs:
5693
5694 your_script.pl "name1='I am a long value'" "name2=two\ words"
5695
5696=head2 DUMPING OUT ALL THE NAME/VALUE PAIRS
5697
5698The dump() method produces a string consisting of all the query's
5699name/value pairs formatted nicely as a nested list. This is useful
5700for debugging purposes:
5701
5702 print $query->dump
5703
5704
5705Produces something that looks like:
5706
5707 <UL>
5708 <LI>name1
5709 <UL>
5710 <LI>value1
5711 <LI>value2
5712 </UL>
5713 <LI>name2
5714 <UL>
5715 <LI>value1
5716 </UL>
5717 </UL>
5718
71f3e297
JH		 5719As a shortcut, you can interpolate the entire CGI object into a string
5720and it will be replaced with the a nice HTML dump shown above:
54310121 5721
5722 $query=new CGI;
5723 print "<H2>Current Values</H2> $query\n";
5724
5725=head1 FETCHING ENVIRONMENT VARIABLES
5726
5727Some of the more useful environment variables can be fetched
5728through this interface. The methods are as follows:
5729
5730=over 4
5731
71f3e297
JH		 5732=item B<Accept()>
5733
5734Return a list of MIME types that the remote browser accepts. If you
5735give this method a single argument corresponding to a MIME type, as in
5736$query->Accept('text/html'), it will return a floating point value
5737corresponding to the browser's preference for this type from 0.0
5738(don't want) to 1.0. Glob types (e.g. text/*) in the browser's accept
5739list are handled correctly.
54310121 5740
71f3e297
JH		 5741Note that the capitalization changed between version 2.43 and 2.44 in
5742order to avoid conflict with Perl's accept() function.
54310121 5743
5744=item B<raw_cookie()>
5745
424ec8fa 5746Returns the HTTP_COOKIE variable, an HTTP extension implemented by
71f3e297
JH		 5747Netscape browsers version 1.1 and higher, and all versions of Internet
5748Explorer. Cookies have a special format, and this method call just
5749returns the raw form (?cookie dough). See cookie() for ways of
5750setting and retrieving cooked cookies.
424ec8fa
GS		 5751
5752Called with no parameters, raw_cookie() returns the packed cookie
5753structure. You can separate it into individual cookies by splitting
5754on the character sequence "; ". Called with the name of a cookie,
5755retrieves the B<unescaped> form of the cookie. You can use the
5756regular cookie() method to get the names, or use the raw_fetch()
5757method from the CGI::Cookie module.
54310121 5758
5759=item B<user_agent()>
5760
5761Returns the HTTP_USER_AGENT variable. If you give
5762this method a single argument, it will attempt to
5763pattern match on it, allowing you to do something
5764like $query->user_agent(netscape);
5765
5766=item B<path_info()>
5767
5768Returns additional path information from the script URL.
5769E.G. fetching /cgi-bin/your_script/additional/stuff will
5770result in $query->path_info() returning
5771"additional/stuff".
5772
5773NOTE: The Microsoft Internet Information Server
5774is broken with respect to additional path information. If
5775you use the Perl DLL library, the IIS server will attempt to
5776execute the additional path information as a Perl script.
5777If you use the ordinary file associations mapping, the
5778path information will be present in the environment,
5779but incorrect. The best thing to do is to avoid using additional
5780path information in CGI scripts destined for use with IIS.
5781
5782=item B<path_translated()>
5783
5784As per path_info() but returns the additional
5785path information translated into a physical path, e.g.
5786"/usr/local/etc/httpd/htdocs/additional/stuff".
5787
5788The Microsoft IIS is broken with respect to the translated
5789path as well.
5790
5791=item B<remote_host()>
5792
5793Returns either the remote host name or IP address.
5794if the former is unavailable.
5795
5796=item B<script_name()>
5797Return the script name as a partial URL, for self-refering
5798scripts.
5799
5800=item B<referer()>
5801
5802Return the URL of the page the browser was viewing
5803prior to fetching your script. Not available for all
5804browsers.
5805
5806=item B<auth_type ()>
5807
5808Return the authorization/verification method in use for this
5809script, if any.
5810
5811=item B<server_name ()>
5812
5813Returns the name of the server, usually the machine's host
5814name.
5815
5816=item B<virtual_host ()>
5817
5818When using virtual hosts, returns the name of the host that
5819the browser attempted to contact
5820
5821=item B<server_software ()>
5822
5823Returns the server software and version number.
5824
5825=item B<remote_user ()>
5826
5827Return the authorization/verification name used for user
5828verification, if this script is protected.
5829
5830=item B<user_name ()>
5831
71f3e297
JH		 5832Attempt to obtain the remote user's name, using a variety of different
5833techniques. This only works with older browsers such as Mosaic.
5834Newer browsers do not report the user name for privacy reasons!
54310121 5835
5836=item B<request_method()>
5837
5838Returns the method used to access your script, usually
5839one of 'POST', 'GET' or 'HEAD'.
5840
5841=back
5842
424ec8fa 5843=head1 USING NPH SCRIPTS
54310121 5844
424ec8fa
GS		 5845NPH, or "no-parsed-header", scripts bypass the server completely by
5846sending the complete HTTP header directly to the browser. This has
5847slight performance benefits, but is of most use for taking advantage
5848of HTTP extensions that are not directly supported by your server,
5849such as server push and PICS headers.
54310121 5850
424ec8fa
GS		 5851Servers use a variety of conventions for designating CGI scripts as
5852NPH. Many Unix servers look at the beginning of the script's name for
5853the prefix "nph-". The Macintosh WebSTAR server and Microsoft's
5854Internet Information Server, in contrast, try to decide whether a
5855program is an NPH script by examining the first line of script output.
54310121 5856
54310121 5857
424ec8fa
GS		 5858CGI.pm supports NPH scripts with a special NPH mode. When in this
5859mode, CGI.pm will output the necessary extra header information when
5860the header() and redirect() methods are
5861called.
54310121 5862
424ec8fa
GS		 5863The Microsoft Internet Information Server requires NPH mode. As of version
58642.30, CGI.pm will automatically detect when the script is running under IIS
5865and put itself into this mode. You do not need to do this manually, although
5866it won't hurt anything if you do.
54310121 5867
424ec8fa 5868There are a number of ways to put CGI.pm into NPH mode:
54310121 5869
424ec8fa 5870=over 4
54310121 5871
424ec8fa 5872=item In the B<use> statement
54310121 5873
424ec8fa
GS		 5874Simply add the "-nph" pragmato the list of symbols to be imported into
5875your script:
54310121 5876
424ec8fa 5877 use CGI qw(:standard -nph)
54310121 5878
424ec8fa 5879=item By calling the B<nph()> method:
54310121 5880
424ec8fa 5881Call B<nph()> with a non-zero parameter at any point after using CGI.pm in your program.
54310121 5882
424ec8fa 5883 CGI->nph(1)
54310121 5884
424ec8fa 5885=item By using B<-nph> parameters in the B<header()> and B<redirect()> statements:
54310121 5886
424ec8fa 5887 print $q->header(-nph=>1);
54310121 5888
424ec8fa 5889=back
54310121 5890
424ec8fa
GS		 5891=head1 Server Push
5892
5893CGI.pm provides three simple functions for producing multipart
5894documents of the type needed to implement server push. These
5895functions were graciously provided by Ed Jordan <ed@fidalgo.net>. To
5896import these into your namespace, you must import the ":push" set.
5897You are also advised to put the script into NPH mode and to set $| to
58981 to avoid buffering problems.
5899
5900Here is a simple script that demonstrates server push:
5901
5902 #!/usr/local/bin/perl
5903 use CGI qw/:push -nph/;
5904 $| = 1;
5905 print multipart_init(-boundary=>'----------------here we go!');
5906 while (1) {
5907 print multipart_start(-type=>'text/plain'),
5908 "The current time is ",scalar(localtime),"\n",
5909 multipart_end;
5910 sleep 1;
5911 }
54310121 5912
424ec8fa
GS		 5913This script initializes server push by calling B<multipart_init()>.
5914It then enters an infinite loop in which it begins a new multipart
5915section by calling B<multipart_start()>, prints the current local time,
5916and ends a multipart section with B<multipart_end()>. It then sleeps
5917a second, and begins again.
54310121 5918
424ec8fa 5919=over 4
54310121 5920
424ec8fa
GS		 5921=item multipart_init()
5922
5923 multipart_init(-boundary=>$boundary);
54310121 5924
424ec8fa
GS		 5925Initialize the multipart system. The -boundary argument specifies
5926what MIME boundary string to use to separate parts of the document.
5927If not provided, CGI.pm chooses a reasonable boundary for you.
54310121 5928
424ec8fa 5929=item multipart_start()
54310121 5930
424ec8fa 5931 multipart_start(-type=>$type)
54310121 5932
424ec8fa
GS		 5933Start a new part of the multipart document using the specified MIME
5934type. If not specified, text/html is assumed.
54310121 5935
424ec8fa 5936=item multipart_end()
54310121 5937
424ec8fa 5938 multipart_end()
54310121 5939
424ec8fa
GS		 5940End a part. You must remember to call multipart_end() once for each
5941multipart_start().
54310121 5942
424ec8fa 5943=back
54310121 5944
424ec8fa
GS		 5945Users interested in server push applications should also have a look
5946at the CGI::Push module.
54310121 5947
424ec8fa 5948=head1 Avoiding Denial of Service Attacks
54310121 5949
424ec8fa
GS		 5950A potential problem with CGI.pm is that, by default, it attempts to
5951process form POSTings no matter how large they are. A wily hacker
5952could attack your site by sending a CGI script a huge POST of many
5953megabytes. CGI.pm will attempt to read the entire POST into a
5954variable, growing hugely in size until it runs out of memory. While
5955the script attempts to allocate the memory the system may slow down
5956dramatically. This is a form of denial of service attack.
54310121 5957
424ec8fa
GS		 5958Another possible attack is for the remote user to force CGI.pm to
5959accept a huge file upload. CGI.pm will accept the upload and store it
5960in a temporary directory even if your script doesn't expect to receive
5961an uploaded file. CGI.pm will delete the file automatically when it
5962terminates, but in the meantime the remote user may have filled up the
5963server's disk space, causing problems for other programs.
54310121 5964
424ec8fa
GS		 5965The best way to avoid denial of service attacks is to limit the amount
5966of memory, CPU time and disk space that CGI scripts can use. Some Web
5967servers come with built-in facilities to accomplish this. In other
5968cases, you can use the shell I<limit> or I<ulimit>
5969commands to put ceilings on CGI resource usage.
54310121 5970
54310121 5971
424ec8fa
GS		 5972CGI.pm also has some simple built-in protections against denial of
5973service attacks, but you must activate them before you can use them.
5974These take the form of two global variables in the CGI name space:
54310121 5975
424ec8fa 5976=over 4
54310121 5977
424ec8fa 5978=item B<$CGI::POST_MAX>
54310121 5979
424ec8fa
GS		 5980If set to a non-negative integer, this variable puts a ceiling
5981on the size of POSTings, in bytes. If CGI.pm detects a POST
5982that is greater than the ceiling, it will immediately exit with an error
5983message. This value will affect both ordinary POSTs and
5984multipart POSTs, meaning that it limits the maximum size of file
5985uploads as well. You should set this to a reasonably high
5986value, such as 1 megabyte.
54310121 5987
424ec8fa 5988=item B<$CGI::DISABLE_UPLOADS>
54310121 5989
424ec8fa
GS		 5990If set to a non-zero value, this will disable file uploads
5991completely. Other fill-out form values will work as usual.
54310121 5992
5993=back
5994
424ec8fa 5995You can use these variables in either of two ways.
54310121 5996
424ec8fa 5997=over 4
54310121 5998
424ec8fa 5999=item B<1. On a script-by-script basis>
54310121 6000
424ec8fa 6001Set the variable at the top of the script, right after the "use" statement:
54310121 6002
424ec8fa
GS		 6003 use CGI qw/:standard/;
6004 use CGI::Carp 'fatalsToBrowser';
6005 $CGI::POST_MAX=1024 * 100; # max 100K posts
6006 $CGI::DISABLE_UPLOADS = 1; # no uploads
54310121 6007
424ec8fa 6008=item B<2. Globally for all scripts>
54310121 6009
424ec8fa
GS		 6010Open up CGI.pm, find the definitions for $POST_MAX and
6011$DISABLE_UPLOADS, and set them to the desired values. You'll
6012find them towards the top of the file in a subroutine named
6013initialize_globals().
54310121 6014
424ec8fa 6015=back
54310121 6016
424ec8fa
GS		 6017Since an attempt to send a POST larger than $POST_MAX bytes
6018will cause a fatal error, you might want to use CGI::Carp to echo the
6019fatal error message to the browser window as shown in the example
6020above. Otherwise the remote user will see only a generic "Internal
6021Server" error message. See the L<CGI::Carp> manual page for more
6022details.
54310121 6023
424ec8fa 6024=head1 COMPATIBILITY WITH CGI-LIB.PL
54310121 6025
424ec8fa
GS		 6026To make it easier to port existing programs that use cgi-lib.pl
6027the compatibility routine "ReadParse" is provided. Porting is
6028simple:
54310121 6029
424ec8fa
GS		 6030OLD VERSION
6031 require "cgi-lib.pl";
6032 &ReadParse;
6033 print "The value of the antique is $in{antique}.\n";
54310121 6034
424ec8fa
GS		 6035NEW VERSION
6036 use CGI;
6037 CGI::ReadParse
6038 print "The value of the antique is $in{antique}.\n";
54310121 6039
424ec8fa
GS		 6040CGI.pm's ReadParse() routine creates a tied variable named %in,
6041which can be accessed to obtain the query variables. Like
6042ReadParse, you can also provide your own variable. Infrequently
6043used features of ReadParse, such as the creation of @in and $in
6044variables, are not supported.
54310121 6045
424ec8fa
GS		 6046Once you use ReadParse, you can retrieve the query object itself
6047this way:
54310121 6048
424ec8fa
GS		 6049 $q = $in{CGI};
6050 print $q->textfield(-name=>'wow',
6051 -value=>'does this really work?');
54310121 6052
424ec8fa
GS		 6053This allows you to start using the more interesting features
6054of CGI.pm without rewriting your old scripts from scratch.
54310121 6055
6056=head1 AUTHOR INFORMATION
6057
71f3e297
JH		 6058Copyright 1995-1998, Lincoln D. Stein. All rights reserved.
6059
6060This library is free software; you can redistribute it and/or modify
6061it under the same terms as Perl itself.
54310121 6062
71f3e297
JH		 6063Address bug reports and comments to: lstein@cshl.org. When sending
6064bug reports, please provide the version of CGI.pm, the version of
6065Perl, the name and version of your Web server, and the name and
6066version of the operating system you are using. If the problem is even
6067remotely browser dependent, please provide information about the
6068affected browers as well.
54310121 6069
6070=head1 CREDITS
6071
6072Thanks very much to:
6073
6074=over 4
6075
6076=item Matt Heffron (heffron@falstaff.css.beckman.com)
6077
6078=item James Taylor (james.taylor@srs.gov)
6079
6080=item Scott Anguish <sanguish@digifix.com>
6081
6082=item Mike Jewell (mlj3u@virginia.edu)
6083
6084=item Timothy Shimmin (tes@kbs.citri.edu.au)
6085
6086=item Joergen Haegg (jh@axis.se)
6087
71f3e297 6088=item Laurent Delfosse (delfosse@delfosse.com)
54310121 6089
6090=item Richard Resnick (applepi1@aol.com)
6091
6092=item Craig Bishop (csb@barwonwater.vic.gov.au)
6093
6094=item Tony Curtis (tc@vcpc.univie.ac.at)
6095
6096=item Tim Bunce (Tim.Bunce@ig.co.uk)
6097
6098=item Tom Christiansen (tchrist@convex.com)
6099
6100=item Andreas Koenig (k@franz.ww.TU-Berlin.DE)
6101
6102=item Tim MacKenzie (Tim.MacKenzie@fulcrum.com.au)
6103
6104=item Kevin B. Hendricks (kbhend@dogwood.tyler.wm.edu)
6105
6106=item Stephen Dahmen (joyfire@inxpress.net)
6107
6108=item Ed Jordan (ed@fidalgo.net)
6109
6110=item David Alan Pisoni (david@cnation.com)
6111
424ec8fa
GS		 6112=item Doug MacEachern (dougm@opengroup.org)
6113
6114=item Robin Houston (robin@oneworld.org)
6115
54310121 6116=item ...and many many more...
6117
6118for suggestions and bug fixes.
6119
6120=back
6121
6122=head1 A COMPLETE EXAMPLE OF A SIMPLE FORM-BASED SCRIPT
6123
6124
6125 #!/usr/local/bin/perl
6126
6127 use CGI;
6128
6129 $query = new CGI;
6130
6131 print $query->header;
6132 print $query->start_html("Example CGI.pm Form");
6133 print "<H1> Example CGI.pm Form</H1>\n";
6134 &print_prompt($query);
6135 &do_work($query);
6136 &print_tail;
6137 print $query->end_html;
6138
6139 sub print_prompt {
6140 my($query) = @_;
6141
6142 print $query->startform;
6143 print "<EM>What's your name?</EM><BR>";
6144 print $query->textfield('name');
6145 print $query->checkbox('Not my real name');
6146
6147 print "<P><EM>Where can you find English Sparrows?</EM><BR>";
6148 print $query->checkbox_group(
6149 -name=>'Sparrow locations',
6150 -values=>[England,France,Spain,Asia,Hoboken],
6151 -linebreak=>'yes',
6152 -defaults=>[England,Asia]);
6153
6154 print "<P><EM>How far can they fly?</EM><BR>",
6155 $query->radio_group(
6156 -name=>'how far',
6157 -values=>['10 ft','1 mile','10 miles','real far'],
6158 -default=>'1 mile');
6159
6160 print "<P><EM>What's your favorite color?</EM> ";
6161 print $query->popup_menu(-name=>'Color',
6162 -values=>['black','brown','red','yellow'],
6163 -default=>'red');
6164
6165 print $query->hidden('Reference','Monty Python and the Holy Grail');
6166
6167 print "<P><EM>What have you got there?</EM><BR>";
6168 print $query->scrolling_list(
6169 -name=>'possessions',
6170 -values=>['A Coconut','A Grail','An Icon',
6171 'A Sword','A Ticket'],
6172 -size=>5,
6173 -multiple=>'true');
6174
6175 print "<P><EM>Any parting comments?</EM><BR>";
6176 print $query->textarea(-name=>'Comments',
6177 -rows=>10,
6178 -columns=>50);
6179
71f3e297 6180 print "<P>",$query->Reset;
54310121 6181 print $query->submit('Action','Shout');
6182 print $query->submit('Action','Scream');
6183 print $query->endform;
6184 print "<HR>\n";
6185 }
6186
6187 sub do_work {
6188 my($query) = @_;
6189 my(@values,$key);
6190
6191 print "<H2>Here are the current settings in this form</H2>";
6192
6193 foreach $key ($query->param) {
6194 print "<STRONG>$key</STRONG> -> ";
6195 @values = $query->param($key);
6196 print join(", ",@values),"<BR>\n";
6197 }
6198 }
6199
6200 sub print_tail {
6201 print <<END;
6202 <HR>
6203 <ADDRESS>Lincoln D. Stein</ADDRESS><BR>
6204 <A HREF="/">Home Page</A>
6205 END
6206 }
6207
6208=head1 BUGS
6209
6210This module has grown large and monolithic. Furthermore it's doing many
6211things, such as handling URLs, parsing CGI input, writing HTML, etc., that
6212are also done in the LWP modules. It should be discarded in favor of
6213the CGI::* modules, but somehow I continue to work on it.
6214
6215Note that the code is truly contorted in order to avoid spurious
6216warnings when programs are run with the B<-w> switch.
6217
6218=head1 SEE ALSO
6219
6220L<CGI::Carp>, L<URI::URL>, L<CGI::Request>, L<CGI::MiniSvr>,
71f3e297
JH		 6221L<CGI::Base>, L<CGI::Form>, L<CGI::Push>, L<CGI::Fast>,
6222L<CGI::Pretty>
54310121 6223
6224=cut
6225
Unnamed repository; edit this file 'description' to name the repository.