This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Symbian port: add Series 90 support
[perl5.git] / lib / CGI.pm
CommitLineData
54310121 1package CGI;
424ec8fa 2require 5.004;
ba056755 3use Carp 'croak';
54310121 4
5# See the bottom of this file for the POD documentation. Search for the
6# string '=head'.
7
8# You can run this file through either pod2man or pod2html to produce pretty
9# documentation in manual or html file format (these utilities are part of the
10# Perl 5 distribution).
11
424ec8fa 12# Copyright 1995-1998 Lincoln D. Stein. All rights reserved.
54310121 13# It may be used and modified freely, but I do request that this copyright
14# notice remain attached to the file. You may modify this module as you
15# wish, but if you redistribute a modified version, please attach a note
16# listing the modifications you have made.
17
18# The most recent version and complete docs are available at:
71f3e297 19# http://stein.cshl.org/WWW/software/CGI/
54310121 20
0664a57d
SP		 21$CGI::revision = '$Id: CGI.pm,v 1.221 2006/09/28 17:04:10 lstein Exp $';
22$CGI::VERSION='3.25';
54310121 23
24# HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
25# UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
ac734d8b 26# $CGITempFile::TMPDIRECTORY = '/usr/tmp';
2ed511ec 27use CGI::Util qw(rearrange make_attributes unescape escape expires ebcdic2ascii ascii2ebcdic);
54310121 28
3acbd4f5
JH		 29#use constant XHTML_DTD => ['-//W3C//DTD XHTML Basic 1.0//EN',
30# 'http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd'];
31
32use constant XHTML_DTD => ['-//W3C//DTD XHTML 1.0 Transitional//EN',
33 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'];
6b4ac661 34
8f3ccfa2
JH		 35{
36 local $^W = 0;
37 $TAINTED = substr("$0$^X",0,0);
38}
188ba755 39
8f3ccfa2 40$MOD_PERL = 0; # no mod_perl by default
13548fdf 41@SAVED_SYMBOLS = ();
8f3ccfa2 42
adb86593 43
424ec8fa
GS		 44# >>>>> Here are some globals that you might want to adjust <<<<<<
45sub initialize_globals {
46 # Set this to 1 to enable copious autoloader debugging messages
47 $AUTOLOAD_DEBUG = 0;
2371fea9 48
6b4ac661
JH		 49 # Set this to 1 to generate XTML-compatible output
50 $XHTML = 1;
424ec8fa
GS		 51
52 # Change this to the preferred DTD to print in start_html()
53 # or use default_dtd('text of DTD to use');
3d1a2ec4
GS		 54 $DEFAULT_DTD = [ '-//W3C//DTD HTML 4.01 Transitional//EN',
55 'http://www.w3.org/TR/html4/loose.dtd' ] ;
56
57 # Set this to 1 to enable NOSTICKY scripts
58 # or:
59 # 1) use CGI qw(-nosticky)
60 # 2) $CGI::nosticky(1)
61 $NOSTICKY = 0;
424ec8fa
GS		 62
63 # Set this to 1 to enable NPH scripts
64 # or:
65 # 1) use CGI qw(-nph)
3d1a2ec4 66 # 2) CGI::nph(1)
424ec8fa
GS		 67 # 3) print header(-nph=>1)
68 $NPH = 0;
69
3d1a2ec4
GS		 70 # Set this to 1 to enable debugging from @ARGV
71 # Set to 2 to enable debugging from STDIN
72 $DEBUG = 1;
424ec8fa
GS		 73
74 # Set this to 1 to make the temporary files created
75 # during file uploads safe from prying eyes
76 # or do...
77 # 1) use CGI qw(:private_tempfiles)
3d1a2ec4 78 # 2) CGI::private_tempfiles(1);
424ec8fa
GS		 79 $PRIVATE_TEMPFILES = 0;
80
0a9bdad4
SP		 81 # Set this to 1 to generate automatic tab indexes
82 $TABINDEX = 0;
83
8f3ccfa2
JH		 84 # Set this to 1 to cause files uploaded in multipart documents
85 # to be closed, instead of caching the file handle
86 # or:
87 # 1) use CGI qw(:close_upload_files)
88 # 2) $CGI::close_upload_files(1);
89 # Uploads with many files run out of file handles.
90 # Also, for performance, since the file is already on disk,
91 # it can just be renamed, instead of read and written.
92 $CLOSE_UPLOAD_FILES = 0;
93
424ec8fa
GS		 94 # Set this to a positive value to limit the size of a POSTing
95 # to a certain number of bytes:
96 $POST_MAX = -1;
97
98 # Change this to 1 to disable uploads entirely:
99 $DISABLE_UPLOADS = 0;
100
3538e1d5
GS		 101 # Automatically determined -- don't change
102 $EBCDIC = 0;
103
71f3e297
JH		 104 # Change this to 1 to suppress redundant HTTP headers
105 $HEADERS_ONCE = 0;
106
107 # separate the name=value pairs by semicolons rather than ampersands
3d1a2ec4 108 $USE_PARAM_SEMICOLONS = 1;
71f3e297 109
2371fea9
JH		 110 # Do not include undefined params parsed from query string
111 # use CGI qw(-no_undef_params);
112 $NO_UNDEF_PARAMS = 0;
199d4a26 113
424ec8fa
GS		 114 # Other globals that you shouldn't worry about.
115 undef $Q;
116 $BEEN_THERE = 0;
13548fdf 117 $DTD_PUBLIC_IDENTIFIER = "";
424ec8fa
GS		 118 undef @QUERY_PARAM;
119 undef %EXPORT;
d45d855d
JH		 120 undef $QUERY_CHARSET;
121 undef %QUERY_FIELDNAMES;
424ec8fa
GS		 122
123 # prevent complaints by mod_perl
124 1;
125}
126
54310121 127# ------------------ START OF THE LIBRARY ------------
128
13548fdf
RGS		 129*end_form = \&endform;
130
424ec8fa
GS		 131# make mod_perlhappy
132initialize_globals();
133
54310121 134# FIGURE OUT THE OS WE'RE RUNNING UNDER
135# Some systems support the $^O variable. If not
136# available then require() the Config library
137unless ($OS) {
138 unless ($OS = $^O) {
139 require Config;
140 $OS = $Config::Config{'osname'};
141 }
142}
ac1855b3 143if ($OS =~ /^MSWin/i) {
3538e1d5 144 $OS = 'WINDOWS';
ac1855b3 145} elsif ($OS =~ /^VMS/i) {
3538e1d5 146 $OS = 'VMS';
ac1855b3 147} elsif ($OS =~ /^dos/i) {
3538e1d5 148 $OS = 'DOS';
ac1855b3 149} elsif ($OS =~ /^MacOS/i) {
54310121 150 $OS = 'MACINTOSH';
ac1855b3 151} elsif ($OS =~ /^os2/i) {
54310121 152 $OS = 'OS2';
ac1855b3 153} elsif ($OS =~ /^epoc/i) {
fa6a1c44 154 $OS = 'EPOC';
188ba755
JH		 155} elsif ($OS =~ /^cygwin/i) {
156 $OS = 'CYGWIN';
54310121 157} else {
158 $OS = 'UNIX';
159}
160
161# Some OS logic. Binary mode enabled on DOS, NT and VMS
188ba755 162$needs_binmode = $OS=~/^(WINDOWS|DOS|OS2|MSWin|CYGWIN)/;
54310121 163
164# This is the default class for the CGI object to use when all else fails.
165$DefaultClass = 'CGI' unless defined $CGI::DefaultClass;
424ec8fa 166
54310121 167# This is where to look for autoloaded routines.
168$AutoloadClass = $DefaultClass unless defined $CGI::AutoloadClass;
169
170# The path separator is a slash, backslash or semicolon, depending
171# on the paltform.
172$SL = {
8f3ccfa2
JH		 173 UNIX => '/', OS2 => '\\', EPOC => '/', CYGWIN => '/',
174 WINDOWS => '\\', DOS => '\\', MACINTOSH => ':', VMS => '/'
54310121 175 }->{$OS};
176
424ec8fa 177# This no longer seems to be necessary
54310121 178# Turn on NPH scripts by default when running under IIS server!
424ec8fa
GS		 179# $NPH++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/;
180$IIS++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/;
54310121 181
182# Turn on special checking for Doug MacEachern's modperl
8f3ccfa2 183if (exists $ENV{MOD_PERL}) {
8f3ccfa2
JH		 184 # mod_perl handlers may run system() on scripts using CGI.pm;
185 # Make sure so we don't get fooled by inherited $ENV{MOD_PERL}
70194bd6 186 if (exists $ENV{MOD_PERL_API_VERSION} && $ENV{MOD_PERL_API_VERSION} == 2) {
741ff09d
RGS		 187 $MOD_PERL = 2;
188 require Apache2::Response;
189 require Apache2::RequestRec;
190 require Apache2::RequestUtil;
70194bd6 191 require Apache2::RequestIO;
741ff09d
RGS		 192 require APR::Pool;
193 } else {
194 $MOD_PERL = 1;
195 require Apache;
188ba755 196 }
8f3ccfa2 197}
188ba755 198
424ec8fa
GS		 199# Turn on special checking for ActiveState's PerlEx
200$PERLEX++ if defined($ENV{'GATEWAY_INTERFACE'}) && $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-PerlEx/;
201
202# Define the CRLF sequence. I can't use a simple "\r\n" because the meaning
203# of "\n" is different on different OS's (sometimes it generates CRLF, sometimes LF
204# and sometimes CR). The most popular VMS web server
205# doesn't accept CRLF -- instead it wants a LR. EBCDIC machines don't
206# use ASCII, so \015\012 means something different. I find this all
207# really annoying.
208$EBCDIC = "\t" ne "\011";
209if ($OS eq 'VMS') {
3538e1d5 210 $CRLF = "\n";
424ec8fa 211} elsif ($EBCDIC) {
3538e1d5 212 $CRLF= "\r\n";
424ec8fa 213} else {
3538e1d5
GS		 214 $CRLF = "\015\012";
215}
216
54310121 217if ($needs_binmode) {
2ed511ec
RGS		 218 $CGI::DefaultClass->binmode(\*main::STDOUT);
219 $CGI::DefaultClass->binmode(\*main::STDIN);
220 $CGI::DefaultClass->binmode(\*main::STDERR);
54310121 221}
222
54310121 223%EXPORT_TAGS = (
424ec8fa
GS		 224 ':html2'=>['h1'..'h6',qw/p br hr ol ul li dl dt dd menu code var strong em
225 tt u i b blockquote pre img a address cite samp dfn html head
226 base body Link nextid title meta kbd start_html end_html
3d1a2ec4 227 input Select option comment charset escapeHTML/],
71f3e297 228 ':html3'=>[qw/div table caption th td TR Tr sup Sub strike applet Param
1c87da1d 229 embed basefont style span layer ilayer font frameset frame script small big Area Map/],
3acbd4f5
JH		 230 ':html4'=>[qw/abbr acronym bdo col colgroup del fieldset iframe
231 ins label legend noframes noscript object optgroup Q
232 thead tbody tfoot/],
424ec8fa
GS		 233 ':netscape'=>[qw/blink fontsize center/],
234 ':form'=>[qw/textfield textarea filefield password_field hidden checkbox checkbox_group
235 submit reset defaults radio_group popup_menu button autoEscape
236 scrolling_list image_button start_form end_form startform endform
71f3e297 237 start_multipart_form end_multipart_form isindex tmpFileName uploadInfo URL_ENCODED MULTIPART/],
7dc108d1
SP		 238 ':cgi'=>[qw/param upload path_info path_translated request_uri url self_url script_name
239 cookie Dump
3538e1d5 240 raw_cookie request_method query_string Accept user_agent remote_host content_type
2ed511ec
RGS		 241 remote_addr referer server_name server_software server_port server_protocol virtual_port
242 virtual_host remote_ident auth_type http append
424ec8fa 243 save_parameters restore_parameters param_fetch
3538e1d5
GS		 244 remote_user user_name header redirect import_names put
245 Delete Delete_all url_param cgi_error/],
424ec8fa 246 ':ssl' => [qw/https/],
3538e1d5 247 ':cgi-lib' => [qw/ReadParse PrintHeader HtmlTop HtmlBot SplitParam Vars/],
3acbd4f5
JH		 248 ':html' => [qw/:html2 :html3 :html4 :netscape/],
249 ':standard' => [qw/:html2 :html3 :html4 :form :cgi/],
ba056755 250 ':push' => [qw/multipart_init multipart_start multipart_end multipart_final/],
3acbd4f5 251 ':all' => [qw/:html2 :html3 :netscape :form :cgi :internal :html4/]
424ec8fa 252 );
54310121 253
29ddc2a4
RGS		 254# Custom 'can' method for both autoloaded and non-autoloaded subroutines.
255# Author: Cees Hek <cees@sitesuite.com.au>
256
257sub can {
258 my($class, $method) = @_;
259
260 # See if UNIVERSAL::can finds it.
261
262 if (my $func = $class -> SUPER::can($method) ){
263 return $func;
264 }
265
266 # Try to compile the function.
267
268 eval {
269 # _compile looks at $AUTOLOAD for the function name.
270
271 local $AUTOLOAD = join "::", $class, $method;
272 &_compile;
273 };
274
275 # Now that the function is loaded (if it exists)
276 # just use UNIVERSAL::can again to do the work.
277
278 return $class -> SUPER::can($method);
279}
280
54310121 281# to import symbols into caller
282sub import {
283 my $self = shift;
424ec8fa 284
188ba755 285 # This causes modules to clash.
b2d0d414
JH		 286 undef %EXPORT_OK;
287 undef %EXPORT;
424ec8fa
GS		 288
289 $self->_setup_symbols(@_);
54310121 290 my ($callpack, $callfile, $callline) = caller;
424ec8fa 291
54310121 292 # To allow overriding, search through the packages
293 # Till we find one in which the correct subroutine is defined.
294 my @packages = ($self,@{"$self\:\:ISA"});
295 foreach $sym (keys %EXPORT) {
296 my $pck;
297 my $def = ${"$self\:\:AutoloadClass"} || $DefaultClass;
298 foreach $pck (@packages) {
299 if (defined(&{"$pck\:\:$sym"})) {
300 $def = $pck;
301 last;
302 }
303 }
304 *{"${callpack}::$sym"} = \&{"$def\:\:$sym"};
305 }
306}
307
424ec8fa
GS		 308sub compile {
309 my $pack = shift;
310 $pack->_setup_symbols('-compile',@_);
311}
312
54310121 313sub expand_tags {
314 my($tag) = @_;
71f3e297 315 return ("start_$1","end_$1") if $tag=~/^(?:\*|start_|end_)(.+)/;
54310121 316 my(@r);
317 return ($tag) unless $EXPORT_TAGS{$tag};
318 foreach (@{$EXPORT_TAGS{$tag}}) {
319 push(@r,&expand_tags($_));
320 }
321 return @r;
322}
323
324#### Method: new
325# The new routine. This will check the current environment
326# for an existing query string, and initialize itself, if so.
327####
328sub new {
8f3ccfa2
JH		 329 my($class,@initializer) = @_;
330 my $self = {};
2ed511ec 331
8f3ccfa2 332 bless $self,ref $class || $class || $DefaultClass;
cb3b230c
SP		 333
334 # always use a tempfile
335 $self->{'use_tempfile'} = 1;
336
8f3ccfa2
JH		 337 if (ref($initializer[0])
338 && (UNIVERSAL::isa($initializer[0],'Apache')
339 ||
741ff09d 340 UNIVERSAL::isa($initializer[0],'Apache2::RequestRec')
8f3ccfa2
JH		 341 )) {
342 $self->r(shift @initializer);
343 }
efc8e943
NC		 344 if (ref($initializer[0])
345 && (UNIVERSAL::isa($initializer[0],'CODE'))) {
346 $self->upload_hook(shift @initializer, shift @initializer);
cb3b230c 347 $self->{'use_tempfile'} = shift @initializer if (@initializer > 0);
efc8e943 348 }
8f3ccfa2 349 if ($MOD_PERL) {
8f3ccfa2 350 if ($MOD_PERL == 1) {
741ff09d
RGS		 351 $self->r(Apache->request) unless $self->r;
352 my $r = $self->r;
8f3ccfa2
JH		 353 $r->register_cleanup(\&CGI::_reset_globals);
354 }
355 else {
356 # XXX: once we have the new API
357 # will do a real PerlOptions -SetupEnv check
741ff09d
RGS		 358 $self->r(Apache2::RequestUtil->request) unless $self->r;
359 my $r = $self->r;
8f3ccfa2
JH		 360 $r->subprocess_env unless exists $ENV{REQUEST_METHOD};
361 $r->pool->cleanup_register(\&CGI::_reset_globals);
424ec8fa 362 }
8f3ccfa2
JH		 363 undef $NPH;
364 }
365 $self->_reset_globals if $PERLEX;
366 $self->init(@initializer);
367 return $self;
54310121 368}
369
2ed511ec
RGS		 370# We provide a DESTROY method so that we can ensure that
371# temporary files are closed (via Fh->DESTROY) before they
372# are unlinked (via CGITempFile->DESTROY) because it is not
373# possible to unlink an open file on Win32. We explicitly
374# call DESTROY on each, rather than just undefing them and
375# letting Perl DESTROY them by garbage collection, in case the
376# user is still holding any reference to them as well.
377sub DESTROY {
378 my $self = shift;
0a9bdad4
SP		 379 if ($OS eq 'WINDOWS') {
380 foreach my $href (values %{$self->{'.tmpfiles'}}) {
381 $href->{hndl}->DESTROY if defined $href->{hndl};
382 $href->{name}->DESTROY if defined $href->{name};
383 }
2ed511ec
RGS		 384 }
385}
54310121 386
8f3ccfa2
JH		 387sub r {
388 my $self = shift;
389 my $r = $self->{'.r'};
390 $self->{'.r'} = shift if @_;
391 $r;
392}
393
2ed511ec 394sub upload_hook {
0a9bdad4
SP		 395 my $self;
396 if (ref $_[0] eq 'CODE') {
397 $CGI::Q = $self = $CGI::DefaultClass->new(@_);
398 } else {
399 $self = shift;
400 }
cb3b230c 401 my ($hook,$data,$use_tempfile) = @_;
2ed511ec
RGS		 402 $self->{'.upload_hook'} = $hook;
403 $self->{'.upload_data'} = $data;
cb3b230c 404 $self->{'use_tempfile'} = $use_tempfile if defined $use_tempfile;
2ed511ec
RGS		 405}
406
54310121 407#### Method: param
408# Returns the value(s)of a named parameter.
409# If invoked in a list context, returns the
410# entire list. Otherwise returns the first
411# member of the list.
412# If name is not provided, return a list of all
413# the known parameters names available.
414# If more than one argument is provided, the
415# second and subsequent arguments are used to
416# set the value of the parameter.
417####
418sub param {
419 my($self,@p) = self_or_default(@_);
420 return $self->all_parameters unless @p;
421 my($name,$value,@other);
422
423 # For compatibility between old calling style and use_named_parameters() style,
424 # we have to special case for a single parameter present.
425 if (@p > 1) {
3d1a2ec4 426 ($name,$value,@other) = rearrange([NAME,[DEFAULT,VALUE,VALUES]],@p);
54310121 427 my(@values);
428
3d1a2ec4 429 if (substr($p[0],0,1) eq '-') {
54310121 430 @values = defined($value) ? (ref($value) && ref($value) eq 'ARRAY' ? @{$value} : $value) : ();
431 } else {
432 foreach ($value,@other) {
433 push(@values,$_) if defined($_);
434 }
435 }
436 # If values is provided, then we set it.
fc786e8b 437 if (@values or defined $value) {
54310121 438 $self->add_parameter($name);
439 $self->{$name}=[@values];
440 }
441 } else {
442 $name = $p[0];
443 }
444
71f3e297 445 return unless defined($name) && $self->{$name};
fc786e8b
SP		 446
447 my $charset = $self->charset || '';
448 my $utf8 = $charset eq 'utf-8';
449 if ($utf8) {
450 eval "require Encode; 1;" if $utf8 && !Encode->can('decode'); # bring in these functions
451 return wantarray ? map {Encode::decode(utf8=>$_) } @{$self->{$name}}
452 : Encode::decode(utf8=>$self->{$name}->[0]);
453 } else {
454 return wantarray ? @{$self->{$name}} : $self->{$name}->[0];
455 }
54310121 456}
457
54310121 458sub self_or_default {
424ec8fa 459 return @_ if defined($_[0]) && (!ref($_[0])) &&($_[0] eq 'CGI');
54310121 460 unless (defined($_[0]) &&
424ec8fa
GS		 461 (ref($_[0]) eq 'CGI' || UNIVERSAL::isa($_[0],'CGI')) # slightly optimized for common case
462 ) {
54310121 463 $Q = $CGI::DefaultClass->new unless defined($Q);
464 unshift(@_,$Q);
465 }
3d1a2ec4 466 return wantarray ? @_ : $Q;
54310121 467}
468
54310121 469sub self_or_CGI {
470 local $^W=0; # prevent a warning
471 if (defined($_[0]) &&
472 (substr(ref($_[0]),0,3) eq 'CGI'
424ec8fa 473 || UNIVERSAL::isa($_[0],'CGI'))) {
54310121 474 return @_;
475 } else {
476 return ($DefaultClass,@_);
477 }
478}
479
54310121 480########################################
481# THESE METHODS ARE MORE OR LESS PRIVATE
482# GO TO THE __DATA__ SECTION TO SEE MORE
483# PUBLIC METHODS
484########################################
485
486# Initialize the query object from the environment.
487# If a parameter list is found, this object will be set
488# to an associative array in which parameter names are keys
489# and the values are stored as lists
490# If a keyword list is found, this method creates a bogus
491# parameter list with the single parameter 'keywords'.
492
493sub init {
8f3ccfa2
JH		 494 my $self = shift;
495 my($query_string,$meth,$content_length,$fh,@lines) = ('','','','');
496
497 my $initializer = shift; # for backward compatibility
498 local($/) = "\n";
499
500 # set autoescaping on by default
501 $self->{'escape'} = 1;
54310121 502
503 # if we get called more than once, we want to initialize
504 # ourselves from the original query (which may be gone
505 # if it was read from STDIN originally.)
d45d855d 506 if (defined(@QUERY_PARAM) && !defined($initializer)) {
54310121 507 foreach (@QUERY_PARAM) {
508 $self->param('-name'=>$_,'-value'=>$QUERY_PARAM{$_});
509 }
d45d855d
JH		 510 $self->charset($QUERY_CHARSET);
511 $self->{'.fieldnames'} = {%QUERY_FIELDNAMES};
54310121 512 return;
513 }
514
515 $meth=$ENV{'REQUEST_METHOD'} if defined($ENV{'REQUEST_METHOD'});
424ec8fa 516 $content_length = defined($ENV{'CONTENT_LENGTH'}) ? $ENV{'CONTENT_LENGTH'} : 0;
3538e1d5 517
424ec8fa 518 $fh = to_filehandle($initializer) if $initializer;
54310121 519
a3b3a725
JH		 520 # set charset to the safe ISO-8859-1
521 $self->charset('ISO-8859-1');
522
54310121 523 METHOD: {
54310121 524
3538e1d5
GS		 525 # avoid unreasonably large postings
526 if (($POST_MAX > 0) && ($content_length > $POST_MAX)) {
fc786e8b
SP		 527 #discard the post, unread
528 $self->cgi_error("413 Request entity too large");
529 last METHOD;
530 }
3538e1d5 531
424ec8fa
GS		 532 # Process multipart postings, but only if the initializer is
533 # not defined.
534 if ($meth eq 'POST'
535 && defined($ENV{'CONTENT_TYPE'})
536 && $ENV{'CONTENT_TYPE'}=~m|^multipart/form-data|
537 && !defined($initializer)
538 ) {
71f3e297 539 my($boundary) = $ENV{'CONTENT_TYPE'} =~ /boundary=\"?([^\";,]+)\"?/;
424ec8fa
GS		 540 $self->read_multipart($boundary,$content_length);
541 last METHOD;
542 }
543
544 # If initializer is defined, then read parameters
545 # from it.
546 if (defined($initializer)) {
547 if (UNIVERSAL::isa($initializer,'CGI')) {
548 $query_string = $initializer->query_string;
549 last METHOD;
550 }
54310121 551 if (ref($initializer) && ref($initializer) eq 'HASH') {
552 foreach (keys %$initializer) {
553 $self->param('-name'=>$_,'-value'=>$initializer->{$_});
554 }
555 last METHOD;
556 }
557
424ec8fa
GS		 558 if (defined($fh) && ($fh ne '')) {
559 while (<$fh>) {
54310121 560 chomp;
561 last if /^=/;
562 push(@lines,$_);
563 }
564 # massage back into standard format
565 if ("@lines" =~ /=/) {
566 $query_string=join("&",@lines);
567 } else {
568 $query_string=join("+",@lines);
569 }
570 last METHOD;
571 }
424ec8fa 572
2ed511ec
RGS		 573 if (defined($fh) && ($fh ne '')) {
574 while (<$fh>) {
575 chomp;
576 last if /^=/;
577 push(@lines,$_);
578 }
579 # massage back into standard format
580 if ("@lines" =~ /=/) {
581 $query_string=join("&",@lines);
582 } else {
583 $query_string=join("+",@lines);
584 }
585 last METHOD;
586 }
587
424ec8fa
GS		 588 # last chance -- treat it as a string
589 $initializer = $$initializer if ref($initializer) eq 'SCALAR';
54310121 590 $query_string = $initializer;
424ec8fa 591
54310121 592 last METHOD;
593 }
54310121 594
424ec8fa
GS		 595 # If method is GET or HEAD, fetch the query from
596 # the environment.
597 if ($meth=~/^(GET|HEAD)$/) {
3538e1d5 598 if ($MOD_PERL) {
8f3ccfa2 599 $query_string = $self->r->args;
3538e1d5
GS		 600 } else {
601 $query_string = $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
3d1a2ec4 602 $query_string ||= $ENV{'REDIRECT_QUERY_STRING'} if defined $ENV{'REDIRECT_QUERY_STRING'};
3538e1d5 603 }
424ec8fa
GS		 604 last METHOD;
605 }
54310121 606
424ec8fa 607 if ($meth eq 'POST') {
2ed511ec 608 $self->read_from_client(\$query_string,$content_length,0)
424ec8fa 609 if $content_length > 0;
54310121 610 # Some people want to have their cake and eat it too!
611 # Uncomment this line to have the contents of the query string
612 # APPENDED to the POST data.
424ec8fa 613 # $query_string .= (length($query_string) ? '&' : '') . $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
54310121 614 last METHOD;
615 }
424ec8fa
GS		 616
617 # If $meth is not of GET, POST or HEAD, assume we're being debugged offline.
54310121 618 # Check the command line and then the standard input for data.
619 # We use the shellwords package in order to behave the way that
620 # UN*X programmers expect.
2ed511ec
RGS		 621 if ($DEBUG)
622 {
623 my $cmdline_ret = read_from_cmdline();
624 $query_string = $cmdline_ret->{'query_string'};
625 if (defined($cmdline_ret->{'subpath'}))
626 {
627 $self->path_info($cmdline_ret->{'subpath'});
628 }
629 }
54310121 630 }
424ec8fa 631
8f3ccfa2
JH		 632# YL: Begin Change for XML handler 10/19/2001
633 if ($meth eq 'POST'
634 && defined($ENV{'CONTENT_TYPE'})
1c87da1d
JH		 635 && $ENV{'CONTENT_TYPE'} !~ m|^application/x-www-form-urlencoded|
636 && $ENV{'CONTENT_TYPE'} !~ m|^multipart/form-data| ) {
8f3ccfa2
JH		 637 my($param) = 'POSTDATA' ;
638 $self->add_parameter($param) ;
639 push (@{$self->{$param}},$query_string);
640 undef $query_string ;
641 }
642# YL: End Change for XML handler 10/19/2001
643
54310121 644 # We now have the query string in hand. We do slightly
645 # different things for keyword lists and parameter lists.
ba056755 646 if (defined $query_string && length $query_string) {
3d1a2ec4 647 if ($query_string =~ /[&=;]/) {
54310121 648 $self->parse_params($query_string);
649 } else {
650 $self->add_parameter('keywords');
651 $self->{'keywords'} = [$self->parse_keywordlist($query_string)];
652 }
653 }
654
655 # Special case. Erase everything if there is a field named
656 # .defaults.
657 if ($self->param('.defaults')) {
e70cb7eb 658 $self->delete_all();
54310121 659 }
660
661 # Associative array containing our defined fieldnames
662 $self->{'.fieldnames'} = {};
663 foreach ($self->param('.cgifields')) {
664 $self->{'.fieldnames'}->{$_}++;
665 }
666
667 # Clear out our default submission button flag if present
668 $self->delete('.submit');
669 $self->delete('.cgifields');
3d1a2ec4 670
8f3ccfa2 671 $self->save_request unless defined $initializer;
54310121 672}
673
54310121 674# FUNCTIONS TO OVERRIDE:
54310121 675# Turn a string into a filehandle
676sub to_filehandle {
424ec8fa
GS		 677 my $thingy = shift;
678 return undef unless $thingy;
679 return $thingy if UNIVERSAL::isa($thingy,'GLOB');
680 return $thingy if UNIVERSAL::isa($thingy,'FileHandle');
681 if (!ref($thingy)) {
682 my $caller = 1;
683 while (my $package = caller($caller++)) {
684 my($tmp) = $thingy=~/[\':]/ ? $thingy : "$package\:\:$thingy";
685 return $tmp if defined(fileno($tmp));
686 }
54310121 687 }
424ec8fa 688 return undef;
54310121 689}
690
691# send output to the browser
692sub put {
693 my($self,@p) = self_or_default(@_);
694 $self->print(@p);
695}
696
697# print to standard output (for overriding in mod_perl)
698sub print {
699 shift;
700 CORE::print(@_);
701}
702
3538e1d5
GS		 703# get/set last cgi_error
704sub cgi_error {
705 my ($self,$err) = self_or_default(@_);
706 $self->{'.cgi_error'} = $err if defined $err;
707 return $self->{'.cgi_error'};
708}
709
54310121 710sub save_request {
711 my($self) = @_;
712 # We're going to play with the package globals now so that if we get called
713 # again, we initialize ourselves in exactly the same way. This allows
714 # us to have several of these objects.
715 @QUERY_PARAM = $self->param; # save list of parameters
716 foreach (@QUERY_PARAM) {
3d1a2ec4
GS		 717 next unless defined $_;
718 $QUERY_PARAM{$_}=$self->{$_};
54310121 719 }
d45d855d
JH		 720 $QUERY_CHARSET = $self->charset;
721 %QUERY_FIELDNAMES = %{$self->{'.fieldnames'}};
54310121 722}
723
54310121 724sub parse_params {
725 my($self,$tosplit) = @_;
71f3e297 726 my(@pairs) = split(/[&;]/,$tosplit);
54310121 727 my($param,$value);
728 foreach (@pairs) {
424ec8fa 729 ($param,$value) = split('=',$_,2);
b2d0d414 730 next unless defined $param;
69c89ae7 731 next if $NO_UNDEF_PARAMS and not defined $value;
3d1a2ec4 732 $value = '' unless defined $value;
424ec8fa
GS		 733 $param = unescape($param);
734 $value = unescape($value);
54310121 735 $self->add_parameter($param);
736 push (@{$self->{$param}},$value);
737 }
738}
739
740sub add_parameter {
741 my($self,$param)=@_;
3d1a2ec4 742 return unless defined $param;
54310121 743 push (@{$self->{'.parameters'}},$param)
744 unless defined($self->{$param});
745}
746
747sub all_parameters {
748 my $self = shift;
749 return () unless defined($self) && $self->{'.parameters'};
750 return () unless @{$self->{'.parameters'}};
751 return @{$self->{'.parameters'}};
752}
753
424ec8fa
GS		 754# put a filehandle into binary mode (DOS)
755sub binmode {
2ed511ec 756 return unless defined($_[1]) && defined fileno($_[1]);
424ec8fa
GS		 757 CORE::binmode($_[1]);
758}
759
760sub _make_tag_func {
71f3e297 761 my ($self,$tagname) = @_;
3538e1d5 762 my $func = qq(
3d1a2ec4 763 sub $tagname {
8f3ccfa2
JH		 764 my (\$q,\$a,\@rest) = self_or_default(\@_);
765 my(\$attr) = '';
766 if (ref(\$a) && ref(\$a) eq 'HASH') {
767 my(\@attr) = make_attributes(\$a,\$q->{'escape'});
768 \$attr = " \@attr" if \@attr;
769 } else {
1c87da1d 770 unshift \@rest,\$a if defined \$a;
8f3ccfa2 771 }
3538e1d5 772 );
71f3e297 773 if ($tagname=~/start_(\w+)/i) {
6b4ac661 774 $func .= qq! return "<\L$1\E\$attr>";} !;
71f3e297 775 } elsif ($tagname=~/end_(\w+)/i) {
6b4ac661 776 $func .= qq! return "<\L/$1\E>"; } !;
71f3e297
JH		 777 } else {
778 $func .= qq#
1c87da1d 779 return \$XHTML ? "\L<$tagname\E\$attr />" : "\L<$tagname\E\$attr>" unless \@rest;
6b4ac661 780 my(\$tag,\$untag) = ("\L<$tagname\E\$attr>","\L</$tagname>\E");
3d1a2ec4 781 my \@result = map { "\$tag\$_\$untag" }
8f3ccfa2 782 (ref(\$rest[0]) eq 'ARRAY') ? \@{\$rest[0]} : "\@rest";
424ec8fa 783 return "\@result";
71f3e297
JH		 784 }#;
785 }
786return $func;
54310121 787}
788
789sub AUTOLOAD {
790 print STDERR "CGI::AUTOLOAD for $AUTOLOAD\n" if $CGI::AUTOLOAD_DEBUG;
424ec8fa
GS		 791 my $func = &_compile;
792 goto &$func;
54310121 793}
794
424ec8fa
GS		 795sub _compile {
796 my($func) = $AUTOLOAD;
797 my($pack,$func_name);
798 {
799 local($1,$2); # this fixes an obscure variable suicide problem.
800 $func=~/(.+)::([^:]+)$/;
801 ($pack,$func_name) = ($1,$2);
802 $pack=~s/::SUPER$//; # fix another obscure problem
803 $pack = ${"$pack\:\:AutoloadClass"} || $CGI::DefaultClass
804 unless defined(${"$pack\:\:AUTOLOADED_ROUTINES"});
805
806 my($sub) = \%{"$pack\:\:SUBS"};
807 unless (%$sub) {
808 my($auto) = \${"$pack\:\:AUTOLOADED_ROUTINES"};
29ddc2a4 809 local ($@,$!);
424ec8fa 810 eval "package $pack; $$auto";
ba056755 811 croak("$AUTOLOAD: $@") if $@;
424ec8fa
GS		 812 $$auto = ''; # Free the unneeded storage (but don't undef it!!!)
813 }
814 my($code) = $sub->{$func_name};
815
816 $code = "sub $AUTOLOAD { }" if (!$code and $func_name eq 'DESTROY');
817 if (!$code) {
71f3e297 818 (my $base = $func_name) =~ s/^(start_|end_)//i;
424ec8fa
GS		 819 if ($EXPORT{':any'} ||
820 $EXPORT{'-any'} ||
71f3e297 821 $EXPORT{$base} ||
424ec8fa 822 (%EXPORT_OK || grep(++$EXPORT_OK{$_},&expand_tags(':html')))
71f3e297
JH		 823 && $EXPORT_OK{$base}) {
824 $code = $CGI::DefaultClass->_make_tag_func($func_name);
424ec8fa
GS		 825 }
826 }
ba056755 827 croak("Undefined subroutine $AUTOLOAD\n") unless $code;
29ddc2a4 828 local ($@,$!);
424ec8fa
GS		 829 eval "package $pack; $code";
830 if ($@) {
831 $@ =~ s/ at .*\n//;
ba056755 832 croak("$AUTOLOAD: $@");
424ec8fa
GS		 833 }
834 }
3538e1d5 835 CORE::delete($sub->{$func_name}); #free storage
424ec8fa
GS		 836 return "$pack\:\:$func_name";
837}
838
3acbd4f5
JH		 839sub _selected {
840 my $self = shift;
841 my $value = shift;
842 return '' unless $value;
0a9bdad4 843 return $XHTML ? qq(selected="selected" ) : qq(selected );
3acbd4f5
JH		 844}
845
846sub _checked {
847 my $self = shift;
848 my $value = shift;
849 return '' unless $value;
0a9bdad4 850 return $XHTML ? qq(checked="checked" ) : qq(checked );
3acbd4f5
JH		 851}
852
424ec8fa
GS		 853sub _reset_globals { initialize_globals(); }
854
855sub _setup_symbols {
856 my $self = shift;
857 my $compile = 0;
b2d0d414
JH		 858
859 # to avoid reexporting unwanted variables
860 undef %EXPORT;
861
424ec8fa 862 foreach (@_) {
71f3e297
JH		 863 $HEADERS_ONCE++, next if /^[:-]unique_headers$/;
864 $NPH++, next if /^[:-]nph$/;
3d1a2ec4
GS		 865 $NOSTICKY++, next if /^[:-]nosticky$/;
866 $DEBUG=0, next if /^[:-]no_?[Dd]ebug$/;
867 $DEBUG=2, next if /^[:-][Dd]ebug$/;
71f3e297 868 $USE_PARAM_SEMICOLONS++, next if /^[:-]newstyle_urls$/;
6b4ac661
JH		 869 $XHTML++, next if /^[:-]xhtml$/;
870 $XHTML=0, next if /^[:-]no_?xhtml$/;
3d1a2ec4 871 $USE_PARAM_SEMICOLONS=0, next if /^[:-]oldstyle_urls$/;
71f3e297 872 $PRIVATE_TEMPFILES++, next if /^[:-]private_tempfiles$/;
0a9bdad4 873 $TABINDEX++, next if /^[:-]tabindex$/;
13548fdf 874 $CLOSE_UPLOAD_FILES++, next if /^[:-]close_upload_files$/;
71f3e297
JH		 875 $EXPORT{$_}++, next if /^[:-]any$/;
876 $compile++, next if /^[:-]compile$/;
199d4a26 877 $NO_UNDEF_PARAMS++, next if /^[:-]no_undef_params$/;
424ec8fa 878
71f3e297 879 # This is probably extremely evil code -- to be deleted some day.
424ec8fa
GS		 880 if (/^[-]autoload$/) {
881 my($pkg) = caller(1);
882 *{"${pkg}::AUTOLOAD"} = sub {
883 my($routine) = $AUTOLOAD;
884 $routine =~ s/^.*::/CGI::/;
885 &$routine;
886 };
887 next;
888 }
889
890 foreach (&expand_tags($_)) {
891 tr/a-zA-Z0-9_//cd; # don't allow weird function names
892 $EXPORT{$_}++;
54310121 893 }
54310121 894 }
424ec8fa 895 _compile_all(keys %EXPORT) if $compile;
188ba755 896 @SAVED_SYMBOLS = @_;
54310121 897}
898
3d1a2ec4
GS		 899sub charset {
900 my ($self,$charset) = self_or_default(@_);
901 $self->{'.charset'} = $charset if defined $charset;
902 $self->{'.charset'};
903}
904
29ddc2a4
RGS		 905sub element_id {
906 my ($self,$new_value) = self_or_default(@_);
907 $self->{'.elid'} = $new_value if defined $new_value;
908 sprintf('%010d',$self->{'.elid'}++);
909}
910
911sub element_tab {
912 my ($self,$new_value) = self_or_default(@_);
70194bd6 913 $self->{'.etab'} ||= 1;
29ddc2a4 914 $self->{'.etab'} = $new_value if defined $new_value;
0a9bdad4
SP		 915 my $tab = $self->{'.etab'}++;
916 return '' unless $TABINDEX or defined $new_value;
917 return qq(tabindex="$tab" );
29ddc2a4
RGS		 918}
919
54310121 920###############################################################################
921################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
922###############################################################################
923$AUTOLOADED_ROUTINES = ''; # get rid of -w warning
924$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
925
926%SUBS = (
927
928'URL_ENCODED'=> <<'END_OF_FUNC',
929sub URL_ENCODED { 'application/x-www-form-urlencoded'; }
930END_OF_FUNC
931
932'MULTIPART' => <<'END_OF_FUNC',
933sub MULTIPART { 'multipart/form-data'; }
934END_OF_FUNC
935
424ec8fa 936'SERVER_PUSH' => <<'END_OF_FUNC',
ba056755 937sub SERVER_PUSH { 'multipart/x-mixed-replace;boundary="' . shift() . '"'; }
424ec8fa
GS		 938END_OF_FUNC
939
424ec8fa
GS		 940'new_MultipartBuffer' => <<'END_OF_FUNC',
941# Create a new multipart buffer
942sub new_MultipartBuffer {
2ed511ec
RGS		 943 my($self,$boundary,$length) = @_;
944 return MultipartBuffer->new($self,$boundary,$length);
424ec8fa
GS		 945}
946END_OF_FUNC
947
948'read_from_client' => <<'END_OF_FUNC',
949# Read data from a file handle
950sub read_from_client {
2ed511ec 951 my($self, $buff, $len, $offset) = @_;
424ec8fa 952 local $^W=0; # prevent a warning
2ed511ec
RGS		 953 return $MOD_PERL
954 ? $self->r->read($$buff, $len, $offset)
955 : read(\*STDIN, $$buff, $len, $offset);
424ec8fa
GS		 956}
957END_OF_FUNC
958
959'delete' => <<'END_OF_FUNC',
960#### Method: delete
961# Deletes the named parameter entirely.
962####
963sub delete {
6b4ac661 964 my($self,@p) = self_or_default(@_);
1c87da1d
JH		 965 my(@names) = rearrange([NAME],@p);
966 my @to_delete = ref($names[0]) eq 'ARRAY' ? @$names[0] : @names;
8f3ccfa2
JH		 967 my %to_delete;
968 foreach my $name (@to_delete)
969 {
970 CORE::delete $self->{$name};
971 CORE::delete $self->{'.fieldnames'}->{$name};
972 $to_delete{$name}++;
188ba755 973 }
8f3ccfa2 974 @{$self->{'.parameters'}}=grep { !exists($to_delete{$_}) } $self->param();
13548fdf 975 return;
424ec8fa
GS		 976}
977END_OF_FUNC
978
979#### Method: import_names
980# Import all parameters into the given namespace.
981# Assumes namespace 'Q' if not specified
982####
983'import_names' => <<'END_OF_FUNC',
984sub import_names {
985 my($self,$namespace,$delete) = self_or_default(@_);
986 $namespace = 'Q' unless defined($namespace);
987 die "Can't import names into \"main\"\n" if \%{"${namespace}::"} == \%::;
3538e1d5 988 if ($delete || $MOD_PERL || exists $ENV{'FCGI_ROLE'}) {
424ec8fa
GS		 989 # can anyone find an easier way to do this?
990 foreach (keys %{"${namespace}::"}) {
991 local *symbol = "${namespace}::${_}";
992 undef $symbol;
993 undef @symbol;
994 undef %symbol;
54310121 995 }
424ec8fa
GS		 996 }
997 my($param,@value,$var);
998 foreach $param ($self->param) {
999 # protect against silly names
1000 ($var = $param)=~tr/a-zA-Z0-9_/_/c;
1001 $var =~ s/^(?=\d)/_/;
1002 local *symbol = "${namespace}::$var";
1003 @value = $self->param($param);
1004 @symbol = @value;
1005 $symbol = $value[0];
54310121 1006 }
1007}
1008END_OF_FUNC
1009
1010#### Method: keywords
1011# Keywords acts a bit differently. Calling it in a list context
1012# returns the list of keywords.
1013# Calling it in a scalar context gives you the size of the list.
1014####
1015'keywords' => <<'END_OF_FUNC',
1016sub keywords {
1017 my($self,@values) = self_or_default(@_);
1018 # If values is provided, then we set it.
475342a6 1019 $self->{'keywords'}=[@values] if @values;
424ec8fa 1020 my(@result) = defined($self->{'keywords'}) ? @{$self->{'keywords'}} : ();
54310121 1021 @result;
1022}
1023END_OF_FUNC
1024
1025# These are some tie() interfaces for compatibility
1026# with Steve Brenner's cgi-lib.pl routines
3538e1d5
GS		 1027'Vars' => <<'END_OF_FUNC',
1028sub Vars {
ffd2dff2 1029 my $q = shift;
3538e1d5 1030 my %in;
ffd2dff2 1031 tie(%in,CGI,$q);
3538e1d5
GS		 1032 return %in if wantarray;
1033 return \%in;
1034}
1035END_OF_FUNC
1036
1037# These are some tie() interfaces for compatibility
1038# with Steve Brenner's cgi-lib.pl routines
54310121 1039'ReadParse' => <<'END_OF_FUNC',
1040sub ReadParse {
1041 local(*in);
1042 if (@_) {
1043 *in = $_[0];
1044 } else {
1045 my $pkg = caller();
1046 *in=*{"${pkg}::in"};
1047 }
1048 tie(%in,CGI);
424ec8fa 1049 return scalar(keys %in);
54310121 1050}
1051END_OF_FUNC
1052
1053'PrintHeader' => <<'END_OF_FUNC',
1054sub PrintHeader {
1055 my($self) = self_or_default(@_);
1056 return $self->header();
1057}
1058END_OF_FUNC
1059
1060'HtmlTop' => <<'END_OF_FUNC',
1061sub HtmlTop {
1062 my($self,@p) = self_or_default(@_);
1063 return $self->start_html(@p);
1064}
1065END_OF_FUNC
1066
1067'HtmlBot' => <<'END_OF_FUNC',
1068sub HtmlBot {
1069 my($self,@p) = self_or_default(@_);
1070 return $self->end_html(@p);
1071}
1072END_OF_FUNC
1073
1074'SplitParam' => <<'END_OF_FUNC',
1075sub SplitParam {
1076 my ($param) = @_;
1077 my (@params) = split ("\0", $param);
1078 return (wantarray ? @params : $params[0]);
1079}
1080END_OF_FUNC
1081
1082'MethGet' => <<'END_OF_FUNC',
1083sub MethGet {
1084 return request_method() eq 'GET';
1085}
1086END_OF_FUNC
1087
1088'MethPost' => <<'END_OF_FUNC',
1089sub MethPost {
1090 return request_method() eq 'POST';
1091}
1092END_OF_FUNC
1093
1094'TIEHASH' => <<'END_OF_FUNC',
8f3ccfa2
JH		 1095sub TIEHASH {
1096 my $class = shift;
1097 my $arg = $_[0];
1098 if (ref($arg) && UNIVERSAL::isa($arg,'CGI')) {
1099 return $arg;
1100 }
1101 return $Q ||= $class->new(@_);
54310121 1102}
1103END_OF_FUNC
1104
1105'STORE' => <<'END_OF_FUNC',
1106sub STORE {
3d1a2ec4
GS		 1107 my $self = shift;
1108 my $tag = shift;
6b4ac661
JH		 1109 my $vals = shift;
1110 my @vals = index($vals,"\0")!=-1 ? split("\0",$vals) : $vals;
3d1a2ec4 1111 $self->param(-name=>$tag,-value=>\@vals);
54310121 1112}
1113END_OF_FUNC
1114
1115'FETCH' => <<'END_OF_FUNC',
1116sub FETCH {
1117 return $_[0] if $_[1] eq 'CGI';
1118 return undef unless defined $_[0]->param($_[1]);
1119 return join("\0",$_[0]->param($_[1]));
1120}
1121END_OF_FUNC
1122
1123'FIRSTKEY' => <<'END_OF_FUNC',
1124sub FIRSTKEY {
1125 $_[0]->{'.iterator'}=0;
1126 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++];
1127}
1128END_OF_FUNC
1129
1130'NEXTKEY' => <<'END_OF_FUNC',
1131sub NEXTKEY {
1132 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++];
1133}
1134END_OF_FUNC
1135
1136'EXISTS' => <<'END_OF_FUNC',
1137sub EXISTS {
1138 exists $_[0]->{$_[1]};
1139}
1140END_OF_FUNC
1141
1142'DELETE' => <<'END_OF_FUNC',
1143sub DELETE {
1144 $_[0]->delete($_[1]);
1145}
1146END_OF_FUNC
1147
1148'CLEAR' => <<'END_OF_FUNC',
1149sub CLEAR {
1150 %{$_[0]}=();
1151}
1152####
1153END_OF_FUNC
1154
1155####
1156# Append a new value to an existing query
1157####
1158'append' => <<'EOF',
1159sub append {
7dc108d1 1160 my($self,@p) = self_or_default(@_);
3d1a2ec4 1161 my($name,$value) = rearrange([NAME,[VALUE,VALUES]],@p);
54310121 1162 my(@values) = defined($value) ? (ref($value) ? @{$value} : $value) : ();
1163 if (@values) {
1164 $self->add_parameter($name);
1165 push(@{$self->{$name}},@values);
1166 }
1167 return $self->param($name);
1168}
1169EOF
1170
1171#### Method: delete_all
1172# Delete all parameters
1173####
1174'delete_all' => <<'EOF',
1175sub delete_all {
1176 my($self) = self_or_default(@_);
1c87da1d 1177 my @param = $self->param();
8f3ccfa2 1178 $self->delete(@param);
54310121 1179}
1180EOF
1181
424ec8fa
GS		 1182'Delete' => <<'EOF',
1183sub Delete {
1184 my($self,@p) = self_or_default(@_);
1185 $self->delete(@p);
1186}
1187EOF
1188
1189'Delete_all' => <<'EOF',
1190sub Delete_all {
1191 my($self,@p) = self_or_default(@_);
1192 $self->delete_all(@p);
1193}
1194EOF
1195
54310121 1196#### Method: autoescape
1197# If you want to turn off the autoescaping features,
1198# call this method with undef as the argument
1199'autoEscape' => <<'END_OF_FUNC',
1200sub autoEscape {
1201 my($self,$escape) = self_or_default(@_);
188ba755
JH		 1202 my $d = $self->{'escape'};
1203 $self->{'escape'} = $escape;
1204 $d;
54310121 1205}
1206END_OF_FUNC
1207
1208
1209#### Method: version
1210# Return the current version
1211####
1212'version' => <<'END_OF_FUNC',
1213sub version {
1214 return $VERSION;
1215}
1216END_OF_FUNC
1217
424ec8fa
GS		 1218#### Method: url_param
1219# Return a parameter in the QUERY_STRING, regardless of
1220# whether this was a POST or a GET
1221####
1222'url_param' => <<'END_OF_FUNC',
1223sub url_param {
1224 my ($self,@p) = self_or_default(@_);
1225 my $name = shift(@p);
1226 return undef unless exists($ENV{QUERY_STRING});
1227 unless (exists($self->{'.url_param'})) {
1228 $self->{'.url_param'}={}; # empty hash
1229 if ($ENV{QUERY_STRING} =~ /=/) {
71f3e297 1230 my(@pairs) = split(/[&;]/,$ENV{QUERY_STRING});
424ec8fa
GS		 1231 my($param,$value);
1232 foreach (@pairs) {
1233 ($param,$value) = split('=',$_,2);
1234 $param = unescape($param);
1235 $value = unescape($value);
1236 push(@{$self->{'.url_param'}->{$param}},$value);
1237 }
1238 } else {
1239 $self->{'.url_param'}->{'keywords'} = [$self->parse_keywordlist($ENV{QUERY_STRING})];
1240 }
1241 }
1242 return keys %{$self->{'.url_param'}} unless defined($name);
1243 return () unless $self->{'.url_param'}->{$name};
1244 return wantarray ? @{$self->{'.url_param'}->{$name}}
1245 : $self->{'.url_param'}->{$name}->[0];
1246}
1247END_OF_FUNC
1248
3d1a2ec4 1249#### Method: Dump
54310121 1250# Returns a string in which all the known parameter/value
1251# pairs are represented as nested lists, mainly for the purposes
1252# of debugging.
1253####
3d1a2ec4
GS		 1254'Dump' => <<'END_OF_FUNC',
1255sub Dump {
54310121 1256 my($self) = self_or_default(@_);
1257 my($param,$value,@result);
3acbd4f5
JH		 1258 return '<ul></ul>' unless $self->param;
1259 push(@result,"<ul>");
54310121 1260 foreach $param ($self->param) {
1261 my($name)=$self->escapeHTML($param);
1c87da1d 1262 push(@result,"<li><strong>$param</strong></li>");
3acbd4f5 1263 push(@result,"<ul>");
54310121 1264 foreach $value ($self->param($param)) {
1265 $value = $self->escapeHTML($value);
58129083 1266 $value =~ s/\n/<br \/>\n/g;
1c87da1d 1267 push(@result,"<li>$value</li>");
54310121 1268 }
3acbd4f5 1269 push(@result,"</ul>");
54310121 1270 }
3acbd4f5 1271 push(@result,"</ul>");
54310121 1272 return join("\n",@result);
1273}
1274END_OF_FUNC
1275
424ec8fa
GS		 1276#### Method as_string
1277#
1278# synonym for "dump"
1279####
1280'as_string' => <<'END_OF_FUNC',
1281sub as_string {
3d1a2ec4 1282 &Dump(@_);
424ec8fa
GS		 1283}
1284END_OF_FUNC
1285
1286#### Method: save
1287# Write values out to a filehandle in such a way that they can
1288# be reinitialized by the filehandle form of the new() method
54310121 1289####
1290'save' => <<'END_OF_FUNC',
1291sub save {
1292 my($self,$filehandle) = self_or_default(@_);
54310121 1293 $filehandle = to_filehandle($filehandle);
424ec8fa
GS		 1294 my($param);
1295 local($,) = ''; # set print field separator back to a sane value
71f3e297 1296 local($\) = ''; # set output line separator to a sane value
54310121 1297 foreach $param ($self->param) {
424ec8fa 1298 my($escaped_param) = escape($param);
54310121 1299 my($value);
1300 foreach $value ($self->param($param)) {
3538e1d5 1301 print $filehandle "$escaped_param=",escape("$value"),"\n";
54310121 1302 }
1303 }
d45d855d
JH		 1304 foreach (keys %{$self->{'.fieldnames'}}) {
1305 print $filehandle ".cgifields=",escape("$_"),"\n";
1306 }
54310121 1307 print $filehandle "=\n"; # end of record
1308}
1309END_OF_FUNC
1310
1311
424ec8fa
GS		 1312#### Method: save_parameters
1313# An alias for save() that is a better name for exportation.
1314# Only intended to be used with the function (non-OO) interface.
1315####
1316'save_parameters' => <<'END_OF_FUNC',
1317sub save_parameters {
1318 my $fh = shift;
1319 return save(to_filehandle($fh));
1320}
1321END_OF_FUNC
1322
1323#### Method: restore_parameters
1324# A way to restore CGI parameters from an initializer.
1325# Only intended to be used with the function (non-OO) interface.
1326####
1327'restore_parameters' => <<'END_OF_FUNC',
1328sub restore_parameters {
1329 $Q = $CGI::DefaultClass->new(@_);
1330}
1331END_OF_FUNC
1332
1333#### Method: multipart_init
1334# Return a Content-Type: style header for server-push
ba056755 1335# This has to be NPH on most web servers, and it is advisable to set $| = 1
424ec8fa
GS		 1336#
1337# Many thanks to Ed Jordan <ed@fidalgo.net> for this
ba056755 1338# contribution, updated by Andrew Benham (adsb@bigfoot.com)
424ec8fa
GS		 1339####
1340'multipart_init' => <<'END_OF_FUNC',
1341sub multipart_init {
1342 my($self,@p) = self_or_default(@_);
3d1a2ec4 1343 my($boundary,@other) = rearrange([BOUNDARY],@p);
424ec8fa 1344 $boundary = $boundary || '------- =_aaaaaaaaaa0';
ba056755
JH		 1345 $self->{'separator'} = "$CRLF--$boundary$CRLF";
1346 $self->{'final_separator'} = "$CRLF--$boundary--$CRLF";
424ec8fa
GS		 1347 $type = SERVER_PUSH($boundary);
1348 return $self->header(
13548fdf 1349 -nph => 0,
424ec8fa
GS		 1350 -type => $type,
1351 (map { split "=", $_, 2 } @other),
ba056755 1352 ) . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $self->multipart_end;
424ec8fa
GS		 1353}
1354END_OF_FUNC
1355
1356
1357#### Method: multipart_start
1358# Return a Content-Type: style header for server-push, start of section
1359#
1360# Many thanks to Ed Jordan <ed@fidalgo.net> for this
ba056755 1361# contribution, updated by Andrew Benham (adsb@bigfoot.com)
424ec8fa
GS		 1362####
1363'multipart_start' => <<'END_OF_FUNC',
1364sub multipart_start {
ba056755 1365 my(@header);
424ec8fa 1366 my($self,@p) = self_or_default(@_);
3d1a2ec4 1367 my($type,@other) = rearrange([TYPE],@p);
424ec8fa 1368 $type = $type || 'text/html';
ba056755
JH		 1369 push(@header,"Content-Type: $type");
1370
1371 # rearrange() was designed for the HTML portion, so we
1372 # need to fix it up a little.
1373 foreach (@other) {
8f3ccfa2
JH		 1374 # Don't use \s because of perl bug 21951
1375 next unless my($header,$value) = /([^ \r\n\t=]+)=\"?(.+?)\"?$/;
ba056755
JH		 1376 ($_ = $header) =~ s/^(\w)(.*)/$1 . lc ($2) . ': '.$self->unescapeHTML($value)/e;
1377 }
1378 push(@header,@other);
1379 my $header = join($CRLF,@header)."${CRLF}${CRLF}";
1380 return $header;
424ec8fa
GS		 1381}
1382END_OF_FUNC
1383
1384
1385#### Method: multipart_end
ba056755 1386# Return a MIME boundary separator for server-push, end of section
424ec8fa
GS		 1387#
1388# Many thanks to Ed Jordan <ed@fidalgo.net> for this
1389# contribution
1390####
1391'multipart_end' => <<'END_OF_FUNC',
1392sub multipart_end {
1393 my($self,@p) = self_or_default(@_);
1394 return $self->{'separator'};
1395}
1396END_OF_FUNC
1397
1398
ba056755
JH		 1399#### Method: multipart_final
1400# Return a MIME boundary separator for server-push, end of all sections
1401#
1402# Contributed by Andrew Benham (adsb@bigfoot.com)
1403####
1404'multipart_final' => <<'END_OF_FUNC',
1405sub multipart_final {
1406 my($self,@p) = self_or_default(@_);
1407 return $self->{'final_separator'} . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $CRLF;
1408}
1409END_OF_FUNC
1410
1411
54310121 1412#### Method: header
1413# Return a Content-Type: style header
1414#
1415####
1416'header' => <<'END_OF_FUNC',
1417sub header {
1418 my($self,@p) = self_or_default(@_);
1419 my(@header);
1420
2ed511ec 1421 return "" if $self->{'.header_printed'}++ and $HEADERS_ONCE;
71f3e297 1422
8f3ccfa2 1423 my($type,$status,$cookie,$target,$expires,$nph,$charset,$attachment,$p3p,@other) =
3d1a2ec4
GS		 1424 rearrange([['TYPE','CONTENT_TYPE','CONTENT-TYPE'],
1425 'STATUS',['COOKIE','COOKIES'],'TARGET',
6b4ac661 1426 'EXPIRES','NPH','CHARSET',
8f3ccfa2 1427 'ATTACHMENT','P3P'],@p);
3d1a2ec4
GS		 1428
1429 $nph ||= $NPH;
55b5d700
SP		 1430
1431 $type ||= 'text/html' unless defined($type);
1432
3d1a2ec4
GS		 1433 if (defined $charset) {
1434 $self->charset($charset);
1435 } else {
55b5d700 1436 $charset = $self->charset if $type =~ /^text\//;
3d1a2ec4 1437 }
cb3b230c 1438 $charset ||= '';
54310121 1439
1440 # rearrange() was designed for the HTML portion, so we
1441 # need to fix it up a little.
1442 foreach (@other) {
8f3ccfa2
JH		 1443 # Don't use \s because of perl bug 21951
1444 next unless my($header,$value) = /([^ \r\n\t=]+)=\"?(.+?)\"?$/;
1445 ($_ = $header) =~ s/^(\w)(.*)/"\u$1\L$2" . ': '.$self->unescapeHTML($value)/e;
54310121 1446 }
1447
cd755de4
JJ		 1448 $type .= "; charset=$charset"
1449 if $type ne ''
1450 and $type !~ /\bcharset\b/
1451 and defined $charset
1452 and $charset ne '';
54310121 1453
424ec8fa
GS		 1454 # Maybe future compatibility. Maybe not.
1455 my $protocol = $ENV{SERVER_PROTOCOL} || 'HTTP/1.0';
1456 push(@header,$protocol . ' ' . ($status || '200 OK')) if $nph;
ba056755 1457 push(@header,"Server: " . &server_software()) if $nph;
424ec8fa 1458
54310121 1459 push(@header,"Status: $status") if $status;
424ec8fa 1460 push(@header,"Window-Target: $target") if $target;
8f3ccfa2
JH		 1461 if ($p3p) {
1462 $p3p = join ' ',@$p3p if ref($p3p) eq 'ARRAY';
1463 push(@header,qq(P3P: policyref="/w3c/p3p.xml", CP="$p3p"));
1464 }
54310121 1465 # push all the cookies -- there may be several
1466 if ($cookie) {
424ec8fa 1467 my(@cookie) = ref($cookie) && ref($cookie) eq 'ARRAY' ? @{$cookie} : $cookie;
54310121 1468 foreach (@cookie) {
71f3e297
JH		 1469 my $cs = UNIVERSAL::isa($_,'CGI::Cookie') ? $_->as_string : $_;
1470 push(@header,"Set-Cookie: $cs") if $cs ne '';
54310121 1471 }
1472 }
1473 # if the user indicates an expiration time, then we need
1474 # both an Expires and a Date header (so that the browser is
1475 # uses OUR clock)
424ec8fa 1476 push(@header,"Expires: " . expires($expires,'http'))
7d37aa8e 1477 if $expires;
ba056755 1478 push(@header,"Date: " . expires(0,'http')) if $expires || $cookie || $nph;
54310121 1479 push(@header,"Pragma: no-cache") if $self->cache();
6b4ac661 1480 push(@header,"Content-Disposition: attachment; filename=\"$attachment\"") if $attachment;
69c89ae7 1481 push(@header,map {ucfirst $_} @other);
71f3e297 1482 push(@header,"Content-Type: $type") if $type ne '';
424ec8fa
GS		 1483 my $header = join($CRLF,@header)."${CRLF}${CRLF}";
1484 if ($MOD_PERL and not $nph) {
8f3ccfa2
JH		 1485 $self->r->send_cgi_header($header);
1486 return '';
424ec8fa
GS		 1487 }
1488 return $header;
54310121 1489}
1490END_OF_FUNC
1491
1492
1493#### Method: cache
1494# Control whether header() will produce the no-cache
1495# Pragma directive.
1496####
1497'cache' => <<'END_OF_FUNC',
1498sub cache {
1499 my($self,$new_value) = self_or_default(@_);
1500 $new_value = '' unless $new_value;
1501 if ($new_value ne '') {
1502 $self->{'cache'} = $new_value;
1503 }
1504 return $self->{'cache'};
1505}
1506END_OF_FUNC
1507
1508
1509#### Method: redirect
1510# Return a Location: style header
1511#
1512####
1513'redirect' => <<'END_OF_FUNC',
1514sub redirect {
1515 my($self,@p) = self_or_default(@_);
13548fdf
RGS		 1516 my($url,$target,$status,$cookie,$nph,@other) =
1517 rearrange([[LOCATION,URI,URL],TARGET,STATUS,['COOKIE','COOKIES'],NPH],@p);
55b5d700 1518 $status = '302 Found' unless defined $status;
6b4ac661 1519 $url ||= $self->self_url;
54310121 1520 my(@o);
424ec8fa
GS		 1521 foreach (@other) { tr/\"//d; push(@o,split("=",$_,2)); }
1522 unshift(@o,
13548fdf 1523 '-Status' => $status,
8f3ccfa2
JH		 1524 '-Location'=> $url,
1525 '-nph' => $nph);
424ec8fa 1526 unshift(@o,'-Target'=>$target) if $target;
71f3e297 1527 unshift(@o,'-Type'=>'');
8f3ccfa2
JH		 1528 my @unescaped;
1529 unshift(@unescaped,'-Cookie'=>$cookie) if $cookie;
1530 return $self->header((map {$self->unescapeHTML($_)} @o),@unescaped);
54310121 1531}
1532END_OF_FUNC
1533
1534
1535#### Method: start_html
1536# Canned HTML header
1537#
1538# Parameters:
1539# $title -> (optional) The title for this HTML document (-title)
1540# $author -> (optional) e-mail address of the author (-author)
1541# $base -> (optional) if set to true, will enter the BASE address of this document
1542# for resolving relative references (-base)
1543# $xbase -> (optional) alternative base at some remote location (-xbase)
1544# $target -> (optional) target window to load all links into (-target)
1545# $script -> (option) Javascript code (-script)
47e3cabd 1546# $no_script -> (option) Javascript <noscript> tag (-noscript)
54310121 1547# $meta -> (optional) Meta information tags
3acbd4f5 1548# $head -> (optional) any other elements you'd like to incorporate into the <head> tag
7d37aa8e
LS		 1549# (a scalar or array ref)
1550# $style -> (optional) reference to an external style sheet
54310121 1551# @other -> (optional) any other named parameters you'd like to incorporate into
3acbd4f5 1552# the <body> tag.
54310121 1553####
1554'start_html' => <<'END_OF_FUNC',
1555sub start_html {
1556 my($self,@p) = &self_or_default(@_);
ac734d8b 1557 my($title,$author,$base,$xbase,$script,$noscript,
29ddc2a4
RGS		 1558 $target,$meta,$head,$style,$dtd,$lang,$encoding,$declare_xml,@other) =
1559 rearrange([TITLE,AUTHOR,BASE,XBASE,SCRIPT,NOSCRIPT,TARGET,
1560 META,HEAD,STYLE,DTD,LANG,ENCODING,DECLARE_XML],@p);
1561
1562 $self->element_id(0);
1563 $self->element_tab(0);
ac734d8b 1564
55b5d700 1565 $encoding = lc($self->charset) unless defined $encoding;
54310121 1566
13548fdf 1567 # Need to sort out the DTD before it's okay to call escapeHTML().
ba056755 1568 my(@result,$xml_dtd);
3d1a2ec4 1569 if ($dtd) {
6b4ac661 1570 if (defined(ref($dtd)) and (ref($dtd) eq 'ARRAY')) {
3d1a2ec4
GS		 1571 $dtd = $DEFAULT_DTD unless $dtd->[0] =~ m|^-//|;
1572 } else {
1573 $dtd = $DEFAULT_DTD unless $dtd =~ m|^-//|;
1574 }
1575 } else {
6b4ac661 1576 $dtd = $XHTML ? XHTML_DTD : $DEFAULT_DTD;
3d1a2ec4 1577 }
ba056755
JH		 1578
1579 $xml_dtd++ if ref($dtd) eq 'ARRAY' && $dtd->[0] =~ /\bXHTML\b/i;
1580 $xml_dtd++ if ref($dtd) eq '' && $dtd =~ /\bXHTML\b/i;
29ddc2a4 1581 push @result,qq(<?xml version="1.0" encoding="$encoding"?>) if $xml_dtd && $declare_xml;
ba056755 1582
3d1a2ec4 1583 if (ref($dtd) && ref($dtd) eq 'ARRAY') {
b2d0d414 1584 push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd->[0]"\n\t "$dtd->[1]">));
13548fdf 1585 $DTD_PUBLIC_IDENTIFIER = $dtd->[0];
3d1a2ec4 1586 } else {
03b9648d 1587 push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd">));
13548fdf
RGS		 1588 $DTD_PUBLIC_IDENTIFIER = $dtd;
1589 }
1590
1591 # Now that we know whether we're using the HTML 3.2 DTD or not, it's okay to
1592 # call escapeHTML(). Strangely enough, the title needs to be escaped as
1593 # HTML while the author needs to be escaped as a URL.
1594 $title = $self->escapeHTML($title || 'Untitled Document');
1595 $author = $self->escape($author);
1596
1597 if ($DTD_PUBLIC_IDENTIFIER =~ /[^X]HTML (2\.0|3\.2)/i) {
1598 $lang = "" unless defined $lang;
1599 $XHTML = 0;
3d1a2ec4 1600 }
13548fdf
RGS		 1601 else {
1602 $lang = 'en-US' unless defined $lang;
1603 }
1604
29ddc2a4
RGS		 1605 my $lang_bits = $lang ne '' ? qq( lang="$lang" xml:lang="$lang") : '';
1606 my $meta_bits = qq(<meta http-equiv="Content-Type" content="text/html; charset=$encoding" />)
1607 if $XHTML && $encoding && !$declare_xml;
1608
1609 push(@result,$XHTML ? qq(<html xmlns="http://www.w3.org/1999/xhtml"$lang_bits>\n<head>\n<title>$title</title>)
1610 : ($lang ? qq(<html lang="$lang">) : "<html>")
8f3ccfa2 1611 . "<head><title>$title</title>");
6b4ac661
JH		 1612 if (defined $author) {
1613 push(@result,$XHTML ? "<link rev=\"made\" href=\"mailto:$author\" />"
29ddc2a4 1614 : "<link rev=\"made\" href=\"mailto:$author\">");
6b4ac661 1615 }
54310121 1616
1617 if ($base || $xbase || $target) {
424ec8fa 1618 my $href = $xbase || $self->url('-path'=>1);
6b4ac661
JH		 1619 my $t = $target ? qq/ target="$target"/ : '';
1620 push(@result,$XHTML ? qq(<base href="$href"$t />) : qq(<base href="$href"$t>));
54310121 1621 }
1622
1623 if ($meta && ref($meta) && (ref($meta) eq 'HASH')) {
6b4ac661
JH		 1624 foreach (keys %$meta) { push(@result,$XHTML ? qq(<meta name="$_" content="$meta->{$_}" />)
1625 : qq(<meta name="$_" content="$meta->{$_}">)); }
54310121 1626 }
7d37aa8e
LS		 1627
1628 push(@result,ref($head) ? @$head : $head) if $head;
1629
424ec8fa 1630 # handle the infrequently-used -style and -script parameters
13548fdf 1631 push(@result,$self->_style($style)) if defined $style;
424ec8fa 1632 push(@result,$self->_script($script)) if defined $script;
29ddc2a4 1633 push(@result,$meta_bits) if defined $meta_bits;
424ec8fa
GS		 1634
1635 # handle -noscript parameter
1636 push(@result,<<END) if $noscript;
6b4ac661 1637<noscript>
424ec8fa 1638$noscript
6b4ac661 1639</noscript>
424ec8fa
GS		 1640END
1641 ;
1642 my($other) = @other ? " @other" : '';
29ddc2a4 1643 push(@result,"</head>\n<body$other>\n");
424ec8fa
GS		 1644 return join("\n",@result);
1645}
1646END_OF_FUNC
1647
1648### Method: _style
1649# internal method for generating a CSS style section
1650####
1651'_style' => <<'END_OF_FUNC',
1652sub _style {
1653 my ($self,$style) = @_;
1654 my (@result);
1655 my $type = 'text/css';
0664a57d 1656 my $rel = 'stylesheet';
a3b3a725
JH		 1657
1658 my $cdata_start = $XHTML ? "\n<!--/* <![CDATA[ */" : "\n<!-- ";
1659 my $cdata_end = $XHTML ? "\n/* ]]> */-->\n" : " -->\n";
1660
13548fdf
RGS		 1661 my @s = ref($style) eq 'ARRAY' ? @$style : $style;
1662
1663 for my $s (@s) {
1664 if (ref($s)) {
0664a57d
SP		 1665 my($src,$code,$verbatim,$stype,$alternate,$foo,@other) =
1666 rearrange([qw(SRC CODE VERBATIM TYPE ALTERNATE FOO)],
13548fdf
RGS		 1667 ('-foo'=>'bar',
1668 ref($s) eq 'ARRAY' ? @$s : %$s));
1669 $type = $stype if $stype;
0664a57d 1670 $rel = 'alternate stylesheet' if $alternate;
13548fdf
RGS		 1671 my $other = @other ? join ' ',@other : '';
1672
1673 if (ref($src) eq "ARRAY") # Check to see if the $src variable is an array reference
1674 { # If it is, push a LINK tag for each one
1675 foreach $src (@$src)
1676 {
0664a57d
SP		 1677 push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>)
1678 : qq(<link rel="$rel" type="$type" href="$src"$other>)) if $src;
13548fdf 1679 }
6b4ac661 1680 }
13548fdf
RGS		 1681 else
1682 { # Otherwise, push the single -src, if it exists.
0664a57d
SP		 1683 push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>)
1684 : qq(<link rel="$rel" type="$type" href="$src"$other>)
13548fdf
RGS		 1685 ) if $src;
1686 }
1687 if ($verbatim) {
1688 my @v = ref($verbatim) eq 'ARRAY' ? @$verbatim : $verbatim;
1689 push(@result, "<style type=\"text/css\">\n$_\n</style>") foreach @v;
1690 }
1691 my @c = ref($code) eq 'ARRAY' ? @$code : $code if $code;
1692 push(@result,style({'type'=>$type},"$cdata_start\n$_\n$cdata_end")) foreach @c;
1693
1694 } else {
1695 my $src = $s;
0664a57d
SP		 1696 push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>)
1697 : qq(<link rel="$rel" type="$type" href="$src"$other>));
13548fdf 1698 }
7d37aa8e 1699 }
424ec8fa
GS		 1700 @result;
1701}
1702END_OF_FUNC
1703
424ec8fa
GS		 1704'_script' => <<'END_OF_FUNC',
1705sub _script {
1706 my ($self,$script) = @_;
1707 my (@result);
a3b3a725 1708
424ec8fa
GS		 1709 my (@scripts) = ref($script) eq 'ARRAY' ? @$script : ($script);
1710 foreach $script (@scripts) {
7d37aa8e
LS		 1711 my($src,$code,$language);
1712 if (ref($script)) { # script is a hash
3d1a2ec4
GS		 1713 ($src,$code,$language, $type) =
1714 rearrange([SRC,CODE,LANGUAGE,TYPE],
7d37aa8e 1715 '-foo'=>'bar', # a trick to allow the '-' to be omitted
3538e1d5 1716 ref($script) eq 'ARRAY' ? @$script : %$script);
3d1a2ec4
GS		 1717 # User may not have specified language
1718 $language ||= 'JavaScript';
1719 unless (defined $type) {
1720 $type = lc $language;
1721 # strip '1.2' from 'javascript1.2'
1722 $type =~ s/^(\D+).*$/text\/$1/;
1723 }
7d37aa8e 1724 } else {
3d1a2ec4 1725 ($src,$code,$language, $type) = ('',$script,'JavaScript', 'text/javascript');
7d37aa8e 1726 }
a3b3a725
JH		 1727
1728 my $comment = '//'; # javascript by default
1729 $comment = '#' if $type=~/perl|tcl/i;
1730 $comment = "'" if $type=~/vbscript/i;
1731
58129083
JH		 1732 my ($cdata_start,$cdata_end);
1733 if ($XHTML) {
1734 $cdata_start = "$comment<![CDATA[\n";
1735 $cdata_end .= "\n$comment]]>";
1736 } else {
1737 $cdata_start = "\n<!-- Hide script\n";
1738 $cdata_end = $comment;
1739 $cdata_end .= " End script hiding -->\n";
1740 }
1741 my(@satts);
1742 push(@satts,'src'=>$src) if $src;
1743 push(@satts,'language'=>$language) unless defined $type;
1744 push(@satts,'type'=>$type);
29ddc2a4
RGS		 1745 $code = $cdata_start . $code . $cdata_end if defined $code;
1746 push(@result,$self->script({@satts},$code || ''));
7d37aa8e 1747 }
424ec8fa 1748 @result;
54310121 1749}
1750END_OF_FUNC
1751
54310121 1752#### Method: end_html
1753# End an HTML document.
3acbd4f5 1754# Trivial method for completeness. Just returns "</body>"
54310121 1755####
1756'end_html' => <<'END_OF_FUNC',
1757sub end_html {
29ddc2a4 1758 return "\n</body>\n</html>";
54310121 1759}
1760END_OF_FUNC
1761
1762
1763################################
1764# METHODS USED IN BUILDING FORMS
1765################################
1766
1767#### Method: isindex
1768# Just prints out the isindex tag.
1769# Parameters:
1770# $action -> optional URL of script to run
1771# Returns:
188ba755 1772# A string containing a <isindex> tag
54310121 1773'isindex' => <<'END_OF_FUNC',
1774sub isindex {
1775 my($self,@p) = self_or_default(@_);
3d1a2ec4 1776 my($action,@other) = rearrange([ACTION],@p);
188ba755 1777 $action = qq/ action="$action"/ if $action;
54310121 1778 my($other) = @other ? " @other" : '';
188ba755 1779 return $XHTML ? "<isindex$action$other />" : "<isindex$action$other>";
54310121 1780}
1781END_OF_FUNC
1782
1783
1784#### Method: startform
1785# Start a form
1786# Parameters:
1787# $method -> optional submission method to use (GET or POST)
1788# $action -> optional URL of script to run
1789# $enctype ->encoding to use (URL_ENCODED or MULTIPART)
1790'startform' => <<'END_OF_FUNC',
1791sub startform {
1792 my($self,@p) = self_or_default(@_);
1793
1794 my($method,$action,$enctype,@other) =
3d1a2ec4 1795 rearrange([METHOD,ACTION,ENCTYPE],@p);
54310121 1796
13548fdf
RGS		 1797 $method = $self->escapeHTML(lc($method) || 'post');
1798 $enctype = $self->escapeHTML($enctype || &URL_ENCODED);
1799 if (defined $action) {
1800 $action = $self->escapeHTML($action);
1801 }
1802 else {
0664a57d 1803 $action = $self->escapeHTML($self->request_uri || $self->self_url);
03b9648d
JH		 1804 }
1805 $action = qq(action="$action");
54310121 1806 my($other) = @other ? " @other" : '';
1807 $self->{'.parametersToAdd'}={};
6b4ac661 1808 return qq/<form method="$method" $action enctype="$enctype"$other>\n/;
54310121 1809}
1810END_OF_FUNC
1811
1812
1813#### Method: start_form
1814# synonym for startform
1815'start_form' => <<'END_OF_FUNC',
1816sub start_form {
29ddc2a4 1817 $XHTML ? &start_multipart_form : &startform;
54310121 1818}
1819END_OF_FUNC
1820
71f3e297
JH		 1821'end_multipart_form' => <<'END_OF_FUNC',
1822sub end_multipart_form {
1823 &endform;
1824}
1825END_OF_FUNC
54310121 1826
1827#### Method: start_multipart_form
1828# synonym for startform
1829'start_multipart_form' => <<'END_OF_FUNC',
1830sub start_multipart_form {
1831 my($self,@p) = self_or_default(@_);
0a9bdad4 1832 if (defined($p[0]) && substr($p[0],0,1) eq '-') {
adb86593 1833 return $self->startform(-enctype=>&MULTIPART,@p);
54310121 1834 } else {
1835 my($method,$action,@other) =
3d1a2ec4 1836 rearrange([METHOD,ACTION],@p);
54310121 1837 return $self->startform($method,$action,&MULTIPART,@other);
1838 }
1839}
1840END_OF_FUNC
1841
1842
1843#### Method: endform
1844# End a form
1845'endform' => <<'END_OF_FUNC',
1846sub endform {
0a9bdad4 1847 my($self,@p) = self_or_default(@_);
3d1a2ec4 1848 if ( $NOSTICKY ) {
6b4ac661 1849 return wantarray ? ("</form>") : "\n</form>";
3d1a2ec4 1850 } else {
0a9bdad4
SP		 1851 if (my @fields = $self->get_fields) {
1852 return wantarray ? ("<div>",@fields,"</div>","</form>")
1853 : "<div>".(join '',@fields)."</div>\n</form>";
1854 } else {
1855 return "</form>";
1856 }
3d1a2ec4 1857 }
54310121 1858}
1859END_OF_FUNC
1860
1861
424ec8fa
GS		 1862'_textfield' => <<'END_OF_FUNC',
1863sub _textfield {
1864 my($self,$tag,@p) = self_or_default(@_);
29ddc2a4
RGS		 1865 my($name,$default,$size,$maxlength,$override,$tabindex,@other) =
1866 rearrange([NAME,[DEFAULT,VALUE,VALUES],SIZE,MAXLENGTH,[OVERRIDE,FORCE],TABINDEX],@p);
424ec8fa
GS		 1867
1868 my $current = $override ? $default :
1869 (defined($self->param($name)) ? $self->param($name) : $default);
1870
a3b3a725 1871 $current = defined($current) ? $self->escapeHTML($current,1) : '';
424ec8fa 1872 $name = defined($name) ? $self->escapeHTML($name) : '';
ba056755
JH		 1873 my($s) = defined($size) ? qq/ size="$size"/ : '';
1874 my($m) = defined($maxlength) ? qq/ maxlength="$maxlength"/ : '';
71f3e297
JH		 1875 my($other) = @other ? " @other" : '';
1876 # this entered at cristy's request to fix problems with file upload fields
1877 # and WebTV -- not sure it won't break stuff
6b4ac661 1878 my($value) = $current ne '' ? qq(value="$current") : '';
29ddc2a4 1879 $tabindex = $self->element_tab($tabindex);
0a9bdad4 1880 return $XHTML ? qq(<input type="$tag" name="$name" $tabindex$value$s$m$other />)
b2d0d414 1881 : qq(<input type="$tag" name="$name" $value$s$m$other>);
424ec8fa
GS		 1882}
1883END_OF_FUNC
1884
54310121 1885#### Method: textfield
1886# Parameters:
1887# $name -> Name of the text field
1888# $default -> Optional default value of the field if not
1889# already defined.
1890# $size -> Optional width of field in characaters.
1891# $maxlength -> Optional maximum number of characters.
1892# Returns:
188ba755 1893# A string containing a <input type="text"> field
54310121 1894#
1895'textfield' => <<'END_OF_FUNC',
1896sub textfield {
1897 my($self,@p) = self_or_default(@_);
424ec8fa 1898 $self->_textfield('text',@p);
54310121 1899}
1900END_OF_FUNC
1901
1902
1903#### Method: filefield
1904# Parameters:
1905# $name -> Name of the file upload field
1906# $size -> Optional width of field in characaters.
1907# $maxlength -> Optional maximum number of characters.
1908# Returns:
188ba755 1909# A string containing a <input type="file"> field
54310121 1910#
1911'filefield' => <<'END_OF_FUNC',
1912sub filefield {
1913 my($self,@p) = self_or_default(@_);
424ec8fa 1914 $self->_textfield('file',@p);
54310121 1915}
1916END_OF_FUNC
1917
1918
1919#### Method: password
1920# Create a "secret password" entry field
1921# Parameters:
1922# $name -> Name of the field
1923# $default -> Optional default value of the field if not
1924# already defined.
1925# $size -> Optional width of field in characters.
1926# $maxlength -> Optional maximum characters that can be entered.
1927# Returns:
188ba755 1928# A string containing a <input type="password"> field
54310121 1929#
1930'password_field' => <<'END_OF_FUNC',
1931sub password_field {
1932 my ($self,@p) = self_or_default(@_);
424ec8fa 1933 $self->_textfield('password',@p);
54310121 1934}
1935END_OF_FUNC
1936
54310121 1937#### Method: textarea
1938# Parameters:
1939# $name -> Name of the text field
1940# $default -> Optional default value of the field if not
1941# already defined.
1942# $rows -> Optional number of rows in text area
1943# $columns -> Optional number of columns in text area
1944# Returns:
3acbd4f5 1945# A string containing a <textarea></textarea> tag
54310121 1946#
1947'textarea' => <<'END_OF_FUNC',
1948sub textarea {
1949 my($self,@p) = self_or_default(@_);
29ddc2a4
RGS		 1950 my($name,$default,$rows,$cols,$override,$tabindex,@other) =
1951 rearrange([NAME,[DEFAULT,VALUE],ROWS,[COLS,COLUMNS],[OVERRIDE,FORCE],TABINDEX],@p);
54310121 1952
1953 my($current)= $override ? $default :
1954 (defined($self->param($name)) ? $self->param($name) : $default);
1955
1956 $name = defined($name) ? $self->escapeHTML($name) : '';
1957 $current = defined($current) ? $self->escapeHTML($current) : '';
3acbd4f5
JH		 1958 my($r) = $rows ? qq/ rows="$rows"/ : '';
1959 my($c) = $cols ? qq/ cols="$cols"/ : '';
54310121 1960 my($other) = @other ? " @other" : '';
29ddc2a4 1961 $tabindex = $self->element_tab($tabindex);
0a9bdad4 1962 return qq{<textarea name="$name" $tabindex$r$c$other>$current</textarea>};
54310121 1963}
1964END_OF_FUNC
1965
1966
1967#### Method: button
1968# Create a javascript button.
1969# Parameters:
1970# $name -> (optional) Name for the button. (-name)
1971# $value -> (optional) Value of the button when selected (and visible name) (-value)
1972# $onclick -> (optional) Text of the JavaScript to run when the button is
1973# clicked.
1974# Returns:
188ba755 1975# A string containing a <input type="button"> tag
54310121 1976####
1977'button' => <<'END_OF_FUNC',
1978sub button {
1979 my($self,@p) = self_or_default(@_);
1980
29ddc2a4
RGS		 1981 my($label,$value,$script,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL],
1982 [ONCLICK,SCRIPT],TABINDEX],@p);
54310121 1983
1984 $label=$self->escapeHTML($label);
a3b3a725 1985 $value=$self->escapeHTML($value,1);
54310121 1986 $script=$self->escapeHTML($script);
1987
1988 my($name) = '';
ba056755 1989 $name = qq/ name="$label"/ if $label;
54310121 1990 $value = $value || $label;
1991 my($val) = '';
6b4ac661
JH		 1992 $val = qq/ value="$value"/ if $value;
1993 $script = qq/ onclick="$script"/ if $script;
54310121 1994 my($other) = @other ? " @other" : '';
29ddc2a4 1995 $tabindex = $self->element_tab($tabindex);
0a9bdad4 1996 return $XHTML ? qq(<input type="button" $tabindex$name$val$script$other />)
b2d0d414 1997 : qq(<input type="button"$name$val$script$other>);
54310121 1998}
1999END_OF_FUNC
2000
2001
2002#### Method: submit
2003# Create a "submit query" button.
2004# Parameters:
2005# $name -> (optional) Name for the button.
2006# $value -> (optional) Value of the button when selected (also doubles as label).
2007# $label -> (optional) Label printed on the button(also doubles as the value).
2008# Returns:
188ba755 2009# A string containing a <input type="submit"> tag
54310121 2010####
2011'submit' => <<'END_OF_FUNC',
2012sub submit {
2013 my($self,@p) = self_or_default(@_);
2014
29ddc2a4 2015 my($label,$value,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL],TABINDEX],@p);
54310121 2016
2017 $label=$self->escapeHTML($label);
a3b3a725 2018 $value=$self->escapeHTML($value,1);
54310121 2019
0a9bdad4
SP		 2020 my $name = $NOSTICKY ? '' : 'name=".submit" ';
2021 $name = qq/name="$label" / if defined($label);
424ec8fa 2022 $value = defined($value) ? $value : $label;
8f3ccfa2 2023 my $val = '';
0a9bdad4 2024 $val = qq/value="$value" / if defined($value);
29ddc2a4 2025 $tabindex = $self->element_tab($tabindex);
0a9bdad4
SP		 2026 my($other) = @other ? "@other " : '';
2027 return $XHTML ? qq(<input type="submit" $tabindex$name$val$other/>)
2028 : qq(<input type="submit" $name$val$other>);
54310121 2029}
2030END_OF_FUNC
2031
2032
2033#### Method: reset
2034# Create a "reset" button.
2035# Parameters:
2036# $name -> (optional) Name for the button.
2037# Returns:
188ba755 2038# A string containing a <input type="reset"> tag
54310121 2039####
2040'reset' => <<'END_OF_FUNC',
2041sub reset {
2042 my($self,@p) = self_or_default(@_);
29ddc2a4 2043 my($label,$value,$tabindex,@other) = rearrange(['NAME',['VALUE','LABEL'],TABINDEX],@p);
54310121 2044 $label=$self->escapeHTML($label);
8f3ccfa2
JH		 2045 $value=$self->escapeHTML($value,1);
2046 my ($name) = ' name=".reset"';
2047 $name = qq/ name="$label"/ if defined($label);
2048 $value = defined($value) ? $value : $label;
2049 my($val) = '';
2050 $val = qq/ value="$value"/ if defined($value);
54310121 2051 my($other) = @other ? " @other" : '';
29ddc2a4 2052 $tabindex = $self->element_tab($tabindex);
0a9bdad4 2053 return $XHTML ? qq(<input type="reset" $tabindex$name$val$other />)
8f3ccfa2 2054 : qq(<input type="reset"$name$val$other>);
54310121 2055}
2056END_OF_FUNC
2057
2058
2059#### Method: defaults
2060# Create a "defaults" button.
2061# Parameters:
2062# $name -> (optional) Name for the button.
2063# Returns:
188ba755 2064# A string containing a <input type="submit" name=".defaults"> tag
54310121 2065#
2066# Note: this button has a special meaning to the initialization script,
2067# and tells it to ERASE the current query string so that your defaults
2068# are used again!
2069####
2070'defaults' => <<'END_OF_FUNC',
2071sub defaults {
2072 my($self,@p) = self_or_default(@_);
2073
29ddc2a4 2074 my($label,$tabindex,@other) = rearrange([[NAME,VALUE],TABINDEX],@p);
54310121 2075
a3b3a725 2076 $label=$self->escapeHTML($label,1);
54310121 2077 $label = $label || "Defaults";
6b4ac661 2078 my($value) = qq/ value="$label"/;
54310121 2079 my($other) = @other ? " @other" : '';
29ddc2a4 2080 $tabindex = $self->element_tab($tabindex);
0a9bdad4 2081 return $XHTML ? qq(<input type="submit" name=".defaults" $tabindex$value$other />)
6b4ac661 2082 : qq/<input type="submit" NAME=".defaults"$value$other>/;
54310121 2083}
2084END_OF_FUNC
2085
2086
424ec8fa
GS		 2087#### Method: comment
2088# Create an HTML <!-- comment -->
2089# Parameters: a string
2090'comment' => <<'END_OF_FUNC',
2091sub comment {
2092 my($self,@p) = self_or_CGI(@_);
2093 return "<!-- @p -->";
2094}
2095END_OF_FUNC
2096
54310121 2097#### Method: checkbox
2098# Create a checkbox that is not logically linked to any others.
2099# The field value is "on" when the button is checked.
2100# Parameters:
2101# $name -> Name of the checkbox
2102# $checked -> (optional) turned on by default if true
2103# $value -> (optional) value of the checkbox, 'on' by default
2104# $label -> (optional) a user-readable label printed next to the box.
2105# Otherwise the checkbox name is used.
2106# Returns:
188ba755 2107# A string containing a <input type="checkbox"> field
54310121 2108####
2109'checkbox' => <<'END_OF_FUNC',
2110sub checkbox {
2111 my($self,@p) = self_or_default(@_);
2112
29ddc2a4
RGS		 2113 my($name,$checked,$value,$label,$override,$tabindex,@other) =
2114 rearrange([NAME,[CHECKED,SELECTED,ON],VALUE,LABEL,[OVERRIDE,FORCE],TABINDEX],@p);
2115
424ec8fa
GS		 2116 $value = defined $value ? $value : 'on';
2117
2118 if (!$override && ($self->{'.fieldnames'}->{$name} ||
2119 defined $self->param($name))) {
3acbd4f5 2120 $checked = grep($_ eq $value,$self->param($name)) ? $self->_checked(1) : '';
54310121 2121 } else {
3acbd4f5 2122 $checked = $self->_checked($checked);
54310121 2123 }
2124 my($the_label) = defined $label ? $label : $name;
2125 $name = $self->escapeHTML($name);
a3b3a725 2126 $value = $self->escapeHTML($value,1);
54310121 2127 $the_label = $self->escapeHTML($the_label);
0a9bdad4 2128 my($other) = @other ? "@other " : '';
29ddc2a4 2129 $tabindex = $self->element_tab($tabindex);
54310121 2130 $self->register_parameter($name);
0a9bdad4 2131 return $XHTML ? CGI::label(qq{<input type="checkbox" name="$name" value="$value" $tabindex$checked$other/>$the_label})
6b4ac661 2132 : qq{<input type="checkbox" name="$name" value="$value"$checked$other>$the_label};
54310121 2133}
2134END_OF_FUNC
2135
2136
54310121 2137
54310121 2138# Escape HTML -- used internally
2139'escapeHTML' => <<'END_OF_FUNC',
2140sub escapeHTML {
ac734d8b
JH		 2141 # hack to work around earlier hacks
2142 push @_,$_[0] if @_==1 && $_[0] eq 'CGI';
a3b3a725 2143 my ($self,$toencode,$newlinestoo) = CGI::self_or_default(@_);
6b4ac661 2144 return undef unless defined($toencode);
188ba755 2145 return $toencode if ref($self) && !$self->{'escape'};
6b4ac661
JH		 2146 $toencode =~ s{&}{&amp;}gso;
2147 $toencode =~ s{<}{&lt;}gso;
2148 $toencode =~ s{>}{&gt;}gso;
13548fdf
RGS		 2149 if ($DTD_PUBLIC_IDENTIFIER =~ /[^X]HTML 3\.2/i) {
2150 # $quot; was accidentally omitted from the HTML 3.2 DTD -- see
2151 # <http://validator.w3.org/docs/errors.html#bad-entity> /
2152 # <http://lists.w3.org/Archives/Public/www-html/1997Mar/0003.html>.
2153 $toencode =~ s{"}{&#34;}gso;
2154 }
2155 else {
2156 $toencode =~ s{"}{&quot;}gso;
2157 }
a3b3a725
JH		 2158 my $latin = uc $self->{'.charset'} eq 'ISO-8859-1' ||
2159 uc $self->{'.charset'} eq 'WINDOWS-1252';
2160 if ($latin) { # bug in some browsers
ba056755 2161 $toencode =~ s{'}{&#39;}gso;
188ba755
JH		 2162 $toencode =~ s{\x8b}{&#8249;}gso;
2163 $toencode =~ s{\x9b}{&#8250;}gso;
a3b3a725
JH		 2164 if (defined $newlinestoo && $newlinestoo) {
2165 $toencode =~ s{\012}{&#10;}gso;
2166 $toencode =~ s{\015}{&#13;}gso;
2167 }
2168 }
6b4ac661 2169 return $toencode;
54310121 2170}
2171END_OF_FUNC
2172
424ec8fa
GS		 2173# unescape HTML -- used internally
2174'unescapeHTML' => <<'END_OF_FUNC',
2175sub unescapeHTML {
efc8e943
NC		 2176 # hack to work around earlier hacks
2177 push @_,$_[0] if @_==1 && $_[0] eq 'CGI';
6b4ac661 2178 my ($self,$string) = CGI::self_or_default(@_);
424ec8fa 2179 return undef unless defined($string);
a3b3a725
JH		 2180 my $latin = defined $self->{'.charset'} ? $self->{'.charset'} =~ /^(ISO-8859-1|WINDOWS-1252)$/i
2181 : 1;
71f3e297
JH		 2182 # thanks to Randal Schwartz for the correct solution to this one
2183 $string=~ s[&(.*?);]{
2184 local $_ = $1;
2185 /^amp$/i ? "&" :
2186 /^quot$/i ? '"' :
2187 /^gt$/i ? ">" :
2188 /^lt$/i ? "<" :
6b4ac661
JH		 2189 /^#(\d+)$/ && $latin ? chr($1) :
2190 /^#x([0-9a-f]+)$/i && $latin ? chr(hex($1)) :
71f3e297
JH		 2191 $_
2192 }gex;
424ec8fa
GS		 2193 return $string;
2194}
2195END_OF_FUNC
54310121 2196
2197# Internal procedure - don't use
2198'_tableize' => <<'END_OF_FUNC',
2199sub _tableize {
2200 my($rows,$columns,$rowheaders,$colheaders,@elements) = @_;
29ddc2a4
RGS		 2201 my @rowheaders = $rowheaders ? @$rowheaders : ();
2202 my @colheaders = $colheaders ? @$colheaders : ();
54310121 2203 my($result);
2204
424ec8fa
GS		 2205 if (defined($columns)) {
2206 $rows = int(0.99 + @elements/$columns) unless defined($rows);
2207 }
2208 if (defined($rows)) {
2209 $columns = int(0.99 + @elements/$rows) unless defined($columns);
2210 }
29ddc2a4 2211
54310121 2212 # rearrange into a pretty table
6b4ac661 2213 $result = "<table>";
54310121 2214 my($row,$column);
29ddc2a4
RGS		 2215 unshift(@colheaders,'') if @colheaders && @rowheaders;
2216 $result .= "<tr>" if @colheaders;
2217 foreach (@colheaders) {
6b4ac661 2218 $result .= "<th>$_</th>";
54310121 2219 }
2220 for ($row=0;$row<$rows;$row++) {
6b4ac661 2221 $result .= "<tr>";
29ddc2a4 2222 $result .= "<th>$rowheaders[$row]</th>" if @rowheaders;
54310121 2223 for ($column=0;$column<$columns;$column++) {
6b4ac661 2224 $result .= "<td>" . $elements[$column*$rows + $row] . "</td>"
424ec8fa 2225 if defined($elements[$column*$rows + $row]);
54310121 2226 }
6b4ac661 2227 $result .= "</tr>";
54310121 2228 }
6b4ac661 2229 $result .= "</table>";
54310121 2230 return $result;
2231}
2232END_OF_FUNC
2233
2234
2235#### Method: radio_group
2236# Create a list of logically-linked radio buttons.
2237# Parameters:
2238# $name -> Common name for all the buttons.
2239# $values -> A pointer to a regular array containing the
2240# values for each button in the group.
2241# $default -> (optional) Value of the button to turn on by default. Pass '-'
2242# to turn _nothing_ on.
2243# $linebreak -> (optional) Set to true to place linebreaks
2244# between the buttons.
2245# $labels -> (optional)
2246# A pointer to an associative array of labels to print next to each checkbox
2247# in the form $label{'value'}="Long explanatory label".
2248# Otherwise the provided values are used as the labels.
2249# Returns:
188ba755 2250# An ARRAY containing a series of <input type="radio"> fields
54310121 2251####
2252'radio_group' => <<'END_OF_FUNC',
2253sub radio_group {
2254 my($self,@p) = self_or_default(@_);
29ddc2a4
RGS		 2255 $self->_box_group('radio',@p);
2256}
2257END_OF_FUNC
2258
2259#### Method: checkbox_group
2260# Create a list of logically-linked checkboxes.
2261# Parameters:
2262# $name -> Common name for all the check boxes
2263# $values -> A pointer to a regular array containing the
2264# values for each checkbox in the group.
2265# $defaults -> (optional)
2266# 1. If a pointer to a regular array of checkbox values,
2267# then this will be used to decide which
2268# checkboxes to turn on by default.
2269# 2. If a scalar, will be assumed to hold the
2270# value of a single checkbox in the group to turn on.
2271# $linebreak -> (optional) Set to true to place linebreaks
2272# between the buttons.
2273# $labels -> (optional)
2274# A pointer to an associative array of labels to print next to each checkbox
2275# in the form $label{'value'}="Long explanatory label".
2276# Otherwise the provided values are used as the labels.
2277# Returns:
2278# An ARRAY containing a series of <input type="checkbox"> fields
2279####
2280
2281'checkbox_group' => <<'END_OF_FUNC',
2282sub checkbox_group {
2283 my($self,@p) = self_or_default(@_);
2284 $self->_box_group('checkbox',@p);
2285}
2286END_OF_FUNC
54310121 2287
29ddc2a4
RGS		 2288'_box_group' => <<'END_OF_FUNC',
2289sub _box_group {
2290 my $self = shift;
2291 my $box_type = shift;
2292
2293 my($name,$values,$defaults,$linebreak,$labels,$attributes,
2294 $rows,$columns,$rowheaders,$colheaders,
2295 $override,$nolabels,$tabindex,@other) =
2296 rearrange([ NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LINEBREAK,LABELS,ATTRIBUTES,
2297 ROWS,[COLUMNS,COLS],ROWHEADERS,COLHEADERS,
2298 [OVERRIDE,FORCE],NOLABELS,TABINDEX
2299 ],@_);
54310121 2300 my($result,$checked);
2301
29ddc2a4 2302
424ec8fa 2303 my(@elements,@values);
424ec8fa 2304 @values = $self->_set_values_and_labels($values,\$labels,$name);
29ddc2a4 2305 my %checked = $self->previous_or_default($name,$defaults,$override);
424ec8fa 2306
71f3e297 2307 # If no check array is specified, check the first by default
29ddc2a4
RGS		 2308 $checked{$values[0]}++ if $box_type eq 'radio' && !%checked;
2309
71f3e297
JH		 2310 $name=$self->escapeHTML($name);
2311
29ddc2a4 2312 my %tabs = ();
0a9bdad4 2313 if ($TABINDEX && $tabindex) {
29ddc2a4
RGS		 2314 if (!ref $tabindex) {
2315 $self->element_tab($tabindex);
2316 } elsif (ref $tabindex eq 'ARRAY') {
2317 %tabs = map {$_=>$self->element_tab} @$tabindex;
2318 } elsif (ref $tabindex eq 'HASH') {
2319 %tabs = %$tabindex;
2320 }
2321 }
2322 %tabs = map {$_=>$self->element_tab} @values unless %tabs;
2323
0a9bdad4 2324 my $other = @other ? "@other " : '';
29ddc2a4 2325 my $radio_checked;
54310121 2326 foreach (@values) {
29ddc2a4
RGS		 2327 my $checkit = $self->_checked($box_type eq 'radio' ? ($checked{$_} && !$radio_checked++)
2328 : $checked{$_});
6b4ac661
JH		 2329 my($break);
2330 if ($linebreak) {
ba056755 2331 $break = $XHTML ? "<br />" : "<br>";
6b4ac661
JH		 2332 }
2333 else {
ba056755 2334 $break = '';
6b4ac661 2335 }
54310121 2336 my($label)='';
2337 unless (defined($nolabels) && $nolabels) {
2338 $label = $_;
424ec8fa 2339 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
a3b3a725 2340 $label = $self->escapeHTML($label,1);
54310121 2341 }
29ddc2a4 2342 my $attribs = $self->_set_attributes($_, $attributes);
0a9bdad4 2343 my $tab = $tabs{$_};
54310121 2344 $_=$self->escapeHTML($_);
29ddc2a4
RGS		 2345 if ($XHTML) {
2346 push @elements,
2347 CGI::label(
0a9bdad4 2348 qq(<input type="$box_type" name="$name" value="$_" $checkit$other$tab$attribs/>$label)).${break};
29ddc2a4
RGS		 2349 } else {
2350 push(@elements,qq/<input type="$box_type" name="$name" value="$_"$checkit$other$tab$attribs>${label}${break}/);
2351 }
54310121 2352 }
2353 $self->register_parameter($name);
29ddc2a4 2354 return wantarray ? @elements : "@elements"
424ec8fa 2355 unless defined($columns) || defined($rows);
54310121 2356 return _tableize($rows,$columns,$rowheaders,$colheaders,@elements);
2357}
2358END_OF_FUNC
2359
2360
2361#### Method: popup_menu
2362# Create a popup menu.
2363# Parameters:
2364# $name -> Name for all the menu
2365# $values -> A pointer to a regular array containing the
2366# text of each menu item.
2367# $default -> (optional) Default item to display
2368# $labels -> (optional)
2369# A pointer to an associative array of labels to print next to each checkbox
2370# in the form $label{'value'}="Long explanatory label".
2371# Otherwise the provided values are used as the labels.
2372# Returns:
2373# A string containing the definition of a popup menu.
2374####
2375'popup_menu' => <<'END_OF_FUNC',
2376sub popup_menu {
2377 my($self,@p) = self_or_default(@_);
2378
29ddc2a4 2379 my($name,$values,$default,$labels,$attributes,$override,$tabindex,@other) =
188ba755 2380 rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LABELS,
29ddc2a4 2381 ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p);
54310121 2382 my($result,$selected);
2383
2384 if (!$override && defined($self->param($name))) {
2385 $selected = $self->param($name);
2386 } else {
2387 $selected = $default;
2388 }
2389 $name=$self->escapeHTML($name);
2390 my($other) = @other ? " @other" : '';
2391
424ec8fa
GS		 2392 my(@values);
2393 @values = $self->_set_values_and_labels($values,\$labels,$name);
29ddc2a4 2394 $tabindex = $self->element_tab($tabindex);
0a9bdad4 2395 $result = qq/<select name="$name" $tabindex$other>\n/;
54310121 2396 foreach (@values) {
188ba755
JH		 2397 if (/<optgroup/) {
2398 foreach (split(/\n/)) {
2399 my $selectit = $XHTML ? 'selected="selected"' : 'selected';
2400 s/(value="$selected")/$selectit $1/ if defined $selected;
2401 $result .= "$_\n";
2402 }
2403 }
2404 else {
cb3b230c
SP		 2405 my $attribs = $self->_set_attributes($_, $attributes);
2406 my($selectit) = defined($selected) ? $self->_selected($selected eq $_) : '';
2407 my($label) = $_;
2408 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
2409 my($value) = $self->escapeHTML($_);
2410 $label=$self->escapeHTML($label,1);
2411 $result .= "<option${attribs} ${selectit}value=\"$value\">$label</option>\n";
188ba755 2412 }
54310121 2413 }
2414
69c89ae7 2415 $result .= "</select>";
54310121 2416 return $result;
2417}
2418END_OF_FUNC
2419
2420
188ba755
JH		 2421#### Method: optgroup
2422# Create a optgroup.
2423# Parameters:
2424# $name -> Label for the group
2425# $values -> A pointer to a regular array containing the
2426# values for each option line in the group.
2427# $labels -> (optional)
2428# A pointer to an associative array of labels to print next to each item
2429# in the form $label{'value'}="Long explanatory label".
2430# Otherwise the provided values are used as the labels.
2431# $labeled -> (optional)
2432# A true value indicates the value should be used as the label attribute
2433# in the option elements.
2434# The label attribute specifies the option label presented to the user.
2435# This defaults to the content of the <option> element, but the label
2436# attribute allows authors to more easily use optgroup without sacrificing
2437# compatibility with browsers that do not support option groups.
2438# $novals -> (optional)
2439# A true value indicates to suppress the val attribute in the option elements
2440# Returns:
2441# A string containing the definition of an option group.
2442####
2443'optgroup' => <<'END_OF_FUNC',
2444sub optgroup {
2445 my($self,@p) = self_or_default(@_);
2446 my($name,$values,$attributes,$labeled,$noval,$labels,@other)
2447 = rearrange([NAME,[VALUES,VALUE],ATTRIBUTES,LABELED,NOVALS,LABELS],@p);
2448
2449 my($result,@values);
2450 @values = $self->_set_values_and_labels($values,\$labels,$name,$labeled,$novals);
2451 my($other) = @other ? " @other" : '';
2452
2453 $name=$self->escapeHTML($name);
2454 $result = qq/<optgroup label="$name"$other>\n/;
2455 foreach (@values) {
2456 if (/<optgroup/) {
2457 foreach (split(/\n/)) {
2458 my $selectit = $XHTML ? 'selected="selected"' : 'selected';
2459 s/(value="$selected")/$selectit $1/ if defined $selected;
2460 $result .= "$_\n";
2461 }
2462 }
2463 else {
2464 my $attribs = $self->_set_attributes($_, $attributes);
2465 my($label) = $_;
2466 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
2467 $label=$self->escapeHTML($label);
2468 my($value)=$self->escapeHTML($_,1);
2469 $result .= $labeled ? $novals ? "<option$attribs label=\"$value\">$label</option>\n"
2470 : "<option$attribs label=\"$value\" value=\"$value\">$label</option>\n"
2471 : $novals ? "<option$attribs>$label</option>\n"
2472 : "<option$attribs value=\"$value\">$label</option>\n";
2473 }
2474 }
2475 $result .= "</optgroup>";
2476 return $result;
2477}
2478END_OF_FUNC
2479
2480
54310121 2481#### Method: scrolling_list
2482# Create a scrolling list.
2483# Parameters:
2484# $name -> name for the list
2485# $values -> A pointer to a regular array containing the
2486# values for each option line in the list.
2487# $defaults -> (optional)
2488# 1. If a pointer to a regular array of options,
2489# then this will be used to decide which
2490# lines to turn on by default.
2491# 2. Otherwise holds the value of the single line to turn on.
2492# $size -> (optional) Size of the list.
2493# $multiple -> (optional) If set, allow multiple selections.
2494# $labels -> (optional)
2495# A pointer to an associative array of labels to print next to each checkbox
2496# in the form $label{'value'}="Long explanatory label".
2497# Otherwise the provided values are used as the labels.
2498# Returns:
2499# A string containing the definition of a scrolling list.
2500####
2501'scrolling_list' => <<'END_OF_FUNC',
2502sub scrolling_list {
2503 my($self,@p) = self_or_default(@_);
29ddc2a4 2504 my($name,$values,$defaults,$size,$multiple,$labels,$attributes,$override,$tabindex,@other)
3d1a2ec4 2505 = rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT],
29ddc2a4 2506 SIZE,MULTIPLE,LABELS,ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p);
54310121 2507
424ec8fa
GS		 2508 my($result,@values);
2509 @values = $self->_set_values_and_labels($values,\$labels,$name);
2510
54310121 2511 $size = $size || scalar(@values);
2512
2513 my(%selected) = $self->previous_or_default($name,$defaults,$override);
ac734d8b 2514 my($is_multiple) = $multiple ? qq/ multiple="multiple"/ : '';
6b4ac661 2515 my($has_size) = $size ? qq/ size="$size"/: '';
54310121 2516 my($other) = @other ? " @other" : '';
2517
2518 $name=$self->escapeHTML($name);
29ddc2a4 2519 $tabindex = $self->element_tab($tabindex);
0a9bdad4 2520 $result = qq/<select name="$name" $tabindex$has_size$is_multiple$other>\n/;
54310121 2521 foreach (@values) {
3acbd4f5 2522 my($selectit) = $self->_selected($selected{$_});
54310121 2523 my($label) = $_;
424ec8fa 2524 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
54310121 2525 $label=$self->escapeHTML($label);
a3b3a725 2526 my($value)=$self->escapeHTML($_,1);
188ba755 2527 my $attribs = $self->_set_attributes($_, $attributes);
1f426928 2528 $result .= "<option ${selectit}${attribs}value=\"$value\">$label</option>\n";
54310121 2529 }
69c89ae7 2530 $result .= "</select>";
54310121 2531 $self->register_parameter($name);
2532 return $result;
2533}
2534END_OF_FUNC
2535
2536
2537#### Method: hidden
2538# Parameters:
2539# $name -> Name of the hidden field
2540# @default -> (optional) Initial values of field (may be an array)
2541# or
2542# $default->[initial values of field]
2543# Returns:
188ba755 2544# A string containing a <input type="hidden" name="name" value="value">
54310121 2545####
2546'hidden' => <<'END_OF_FUNC',
2547sub hidden {
2548 my($self,@p) = self_or_default(@_);
2549
2550 # this is the one place where we departed from our standard
2551 # calling scheme, so we have to special-case (darn)
2552 my(@result,@value);
2553 my($name,$default,$override,@other) =
3d1a2ec4 2554 rearrange([NAME,[DEFAULT,VALUE,VALUES],[OVERRIDE,FORCE]],@p);
54310121 2555
2556 my $do_override = 0;
3d1a2ec4 2557 if ( ref($p[0]) || substr($p[0],0,1) eq '-') {
54310121 2558 @value = ref($default) ? @{$default} : $default;
2559 $do_override = $override;
2560 } else {
2561 foreach ($default,$override,@other) {
2562 push(@value,$_) if defined($_);
2563 }
2564 }
2565
2566 # use previous values if override is not set
2567 my @prev = $self->param($name);
2568 @value = @prev if !$do_override && @prev;
2569
2570 $name=$self->escapeHTML($name);
2571 foreach (@value) {
a3b3a725 2572 $_ = defined($_) ? $self->escapeHTML($_,1) : '';
13548fdf
RGS		 2573 push @result,$XHTML ? qq(<input type="hidden" name="$name" value="$_" @other />)
2574 : qq(<input type="hidden" name="$name" value="$_" @other>);
54310121 2575 }
2576 return wantarray ? @result : join('',@result);
2577}
2578END_OF_FUNC
2579
2580
2581#### Method: image_button
2582# Parameters:
2583# $name -> Name of the button
2584# $src -> URL of the image source
2585# $align -> Alignment style (TOP, BOTTOM or MIDDLE)
2586# Returns:
188ba755 2587# A string containing a <input type="image" name="name" src="url" align="alignment">
54310121 2588####
2589'image_button' => <<'END_OF_FUNC',
2590sub image_button {
2591 my($self,@p) = self_or_default(@_);
2592
2593 my($name,$src,$alignment,@other) =
3d1a2ec4 2594 rearrange([NAME,SRC,ALIGN],@p);
54310121 2595
0664a57d 2596 my($align) = $alignment ? " align=\L\"$alignment\"" : '';
54310121 2597 my($other) = @other ? " @other" : '';
2598 $name=$self->escapeHTML($name);
6b4ac661
JH		 2599 return $XHTML ? qq(<input type="image" name="$name" src="$src"$align$other />)
2600 : qq/<input type="image" name="$name" src="$src"$align$other>/;
54310121 2601}
2602END_OF_FUNC
2603
2604
2605#### Method: self_url
2606# Returns a URL containing the current script and all its
2607# param/value pairs arranged as a query. You can use this
2608# to create a link that, when selected, will reinvoke the
2609# script with all its state information preserved.
2610####
2611'self_url' => <<'END_OF_FUNC',
2612sub self_url {
424ec8fa
GS		 2613 my($self,@p) = self_or_default(@_);
2614 return $self->url('-path_info'=>1,'-query'=>1,'-full'=>1,@p);
54310121 2615}
2616END_OF_FUNC
2617
2618
2619# This is provided as a synonym to self_url() for people unfortunate
2620# enough to have incorporated it into their programs already!
2621'state' => <<'END_OF_FUNC',
2622sub state {
2623 &self_url;
2624}
2625END_OF_FUNC
2626
2627
2628#### Method: url
2629# Like self_url, but doesn't return the query string part of
2630# the URL.
2631####
2632'url' => <<'END_OF_FUNC',
2633sub url {
424ec8fa 2634 my($self,@p) = self_or_default(@_);
0a9bdad4
SP		 2635 my ($relative,$absolute,$full,$path_info,$query,$base,$rewrite) =
2636 rearrange(['RELATIVE','ABSOLUTE','FULL',['PATH','PATH_INFO'],['QUERY','QUERY_STRING'],'BASE','REWRITE'],@p);
2637 my $url = '';
2371fea9 2638 $full++ if $base || !($relative || $absolute);
0a9bdad4 2639 $rewrite++ unless defined $rewrite;
424ec8fa 2640
0a9bdad4
SP		 2641 my $path = $self->path_info;
2642 my $script_name = $self->script_name;
cb3b230c 2643 my $request_uri = unescape($self->request_uri) || '';
0a9bdad4
SP		 2644 my $query_str = $self->query_string;
2645
2646 my $rewrite_in_use = $request_uri && $request_uri !~ /^$script_name/;
2647 undef $path if $rewrite_in_use && $rewrite; # path not valid when rewriting active
2648
2649 my $uri = $rewrite && $request_uri ? $request_uri : $script_name;
edc47407 2650 $uri =~ s/\?.*$//; # remove query string
adb86593 2651 $uri =~ s/\Q$path\E$// if defined $path; # remove path
d45d855d 2652
424ec8fa
GS		 2653 if ($full) {
2654 my $protocol = $self->protocol();
2655 $url = "$protocol://";
13548fdf 2656 my $vh = http('x_forwarded_host') || http('host');
424ec8fa
GS		 2657 if ($vh) {
2658 $url .= $vh;
2659 } else {
2660 $url .= server_name();
2661 my $port = $self->server_port;
2662 $url .= ":" . $port
2ed511ec 2663 unless (lc($protocol) eq 'http' && $port == 80)
424ec8fa
GS		 2664 || (lc($protocol) eq 'https' && $port == 443);
2665 }
03b9648d 2666 return $url if $base;
0a9bdad4 2667 $url .= $uri;
424ec8fa 2668 } elsif ($relative) {
cb3b230c 2669 ($url) = $uri =~ m!([^/]+)$!;
424ec8fa 2670 } elsif ($absolute) {
0a9bdad4 2671 $url = $uri;
424ec8fa 2672 }
03b9648d 2673
0a9bdad4
SP		 2674 $url .= $path if $path_info and defined $path;
2675 $url .= "?$query_str" if $query and $query_str ne '';
2371fea9 2676 $url =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/sprintf("%%%02X",ord($1))/eg;
424ec8fa 2677 return $url;
54310121 2678}
2679
2680END_OF_FUNC
2681
2682#### Method: cookie
2683# Set or read a cookie from the specified name.
2684# Cookie can then be passed to header().
2685# Usual rules apply to the stickiness of -value.
2686# Parameters:
2687# -name -> name for this cookie (optional)
2688# -value -> value of this cookie (scalar, array or hash)
2689# -path -> paths for which this cookie is valid (optional)
2690# -domain -> internet domain in which this cookie is valid (optional)
2691# -secure -> if true, cookie only passed through secure channel (optional)
7d37aa8e 2692# -expires -> expiry date in format Wdy, DD-Mon-YYYY HH:MM:SS GMT (optional)
54310121 2693####
2694'cookie' => <<'END_OF_FUNC',
54310121 2695sub cookie {
2696 my($self,@p) = self_or_default(@_);
fc786e8b
SP		 2697 my($name,$value,$path,$domain,$secure,$expires,$httponly) =
2698 rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES,HTTPONLY],@p);
54310121 2699
424ec8fa 2700 require CGI::Cookie;
54310121 2701
2702 # if no value is supplied, then we retrieve the
2703 # value of the cookie, if any. For efficiency, we cache the parsed
424ec8fa
GS		 2704 # cookies in our state variables.
2705 unless ( defined($value) ) {
2706 $self->{'.cookies'} = CGI::Cookie->fetch
2707 unless $self->{'.cookies'};
54310121 2708
2709 # If no name is supplied, then retrieve the names of all our cookies.
2710 return () unless $self->{'.cookies'};
424ec8fa
GS		 2711 return keys %{$self->{'.cookies'}} unless $name;
2712 return () unless $self->{'.cookies'}->{$name};
2713 return $self->{'.cookies'}->{$name}->value if defined($name) && $name ne '';
54310121 2714 }
54310121 2715
424ec8fa 2716 # If we get here, we're creating a new cookie
ba056755 2717 return undef unless defined($name) && $name ne ''; # this is an error
54310121 2718
424ec8fa
GS		 2719 my @param;
2720 push(@param,'-name'=>$name);
2721 push(@param,'-value'=>$value);
2722 push(@param,'-domain'=>$domain) if $domain;
2723 push(@param,'-path'=>$path) if $path;
2724 push(@param,'-expires'=>$expires) if $expires;
2725 push(@param,'-secure'=>$secure) if $secure;
fc786e8b 2726 push(@param,'-httponly'=>$httponly) if $httponly;
54310121 2727
6b4ac661 2728 return new CGI::Cookie(@param);
54310121 2729}
2730END_OF_FUNC
2731
424ec8fa
GS		 2732'parse_keywordlist' => <<'END_OF_FUNC',
2733sub parse_keywordlist {
2734 my($self,$tosplit) = @_;
2735 $tosplit = unescape($tosplit); # unescape the keywords
2736 $tosplit=~tr/+/ /; # pluses to spaces
2737 my(@keywords) = split(/\s+/,$tosplit);
2738 return @keywords;
2739}
2740END_OF_FUNC
2741
2742'param_fetch' => <<'END_OF_FUNC',
2743sub param_fetch {
2744 my($self,@p) = self_or_default(@_);
3d1a2ec4 2745 my($name) = rearrange([NAME],@p);
424ec8fa
GS		 2746 unless (exists($self->{$name})) {
2747 $self->add_parameter($name);
2748 $self->{$name} = [];
2749 }
2750
2751 return $self->{$name};
2752}
2753END_OF_FUNC
2754
54310121 2755###############################################
2756# OTHER INFORMATION PROVIDED BY THE ENVIRONMENT
2757###############################################
2758
2759#### Method: path_info
2760# Return the extra virtual path information provided
2761# after the URL (if any)
2762####
2763'path_info' => <<'END_OF_FUNC',
2764sub path_info {
424ec8fa
GS		 2765 my ($self,$info) = self_or_default(@_);
2766 if (defined($info)) {
2767 $info = "/$info" if $info ne '' && substr($info,0,1) ne '/';
2768 $self->{'.path_info'} = $info;
2769 } elsif (! defined($self->{'.path_info'}) ) {
7dc108d1
SP		 2770 my (undef,$path_info) = $self->_name_and_path_from_env;
2771 $self->{'.path_info'} = $path_info || '';
424ec8fa
GS		 2772 }
2773 return $self->{'.path_info'};
54310121 2774}
2775END_OF_FUNC
2776
7dc108d1
SP		 2777# WE USE THIS TO COMPENSATE FOR A BUG IN APACHE 2 PRESENT AT LEAST UP THROUGH 2.0.54
2778'_name_and_path_from_env' => <<'END_OF_FUNC',
2779sub _name_and_path_from_env {
2780 my $self = shift;
2781 my $raw_script_name = $ENV{SCRIPT_NAME} || '';
2782 my $raw_path_info = $ENV{PATH_INFO} || '';
cb3b230c 2783 my $uri = unescape($self->request_uri) || '';
7dc108d1 2784
adb86593
SP		 2785 my $protected = quotemeta($raw_path_info);
2786 $raw_script_name =~ s/$protected$//;
0a9bdad4 2787
7dc108d1
SP		 2788 my @uri_double_slashes = $uri =~ m^(/{2,}?)^g;
2789 my @path_double_slashes = "$raw_script_name $raw_path_info" =~ m^(/{2,}?)^g;
2790
2791 my $apache_bug = @uri_double_slashes != @path_double_slashes;
2792 return ($raw_script_name,$raw_path_info) unless $apache_bug;
2793
cb3b230c 2794 my $path_info_search = quotemeta($raw_path_info);
7dc108d1
SP		 2795 $path_info_search =~ s!/!/+!g;
2796 if ($uri =~ m/^(.+)($path_info_search)/) {
2797 return ($1,$2);
2798 } else {
2799 return ($raw_script_name,$raw_path_info);
2800 }
2801}
2802END_OF_FUNC
2803
54310121 2804
2805#### Method: request_method
2806# Returns 'POST', 'GET', 'PUT' or 'HEAD'
2807####
2808'request_method' => <<'END_OF_FUNC',
2809sub request_method {
2810 return $ENV{'REQUEST_METHOD'};
2811}
2812END_OF_FUNC
2813
3538e1d5
GS		 2814#### Method: content_type
2815# Returns the content_type string
2816####
2817'content_type' => <<'END_OF_FUNC',
2818sub content_type {
2819 return $ENV{'CONTENT_TYPE'};
2820}
2821END_OF_FUNC
2822
54310121 2823#### Method: path_translated
2824# Return the physical path information provided
2825# by the URL (if any)
2826####
2827'path_translated' => <<'END_OF_FUNC',
2828sub path_translated {
2829 return $ENV{'PATH_TRANSLATED'};
2830}
2831END_OF_FUNC
2832
2833
7dc108d1
SP		 2834#### Method: request_uri
2835# Return the literal request URI
2836####
2837'request_uri' => <<'END_OF_FUNC',
2838sub request_uri {
2839 return $ENV{'REQUEST_URI'};
2840}
2841END_OF_FUNC
2842
2843
54310121 2844#### Method: query_string
2845# Synthesize a query string from our current
2846# parameters
2847####
2848'query_string' => <<'END_OF_FUNC',
2849sub query_string {
2850 my($self) = self_or_default(@_);
2851 my($param,$value,@pairs);
2852 foreach $param ($self->param) {
424ec8fa 2853 my($eparam) = escape($param);
54310121 2854 foreach $value ($self->param($param)) {
424ec8fa 2855 $value = escape($value);
3538e1d5 2856 next unless defined $value;
54310121 2857 push(@pairs,"$eparam=$value");
2858 }
2859 }
d45d855d
JH		 2860 foreach (keys %{$self->{'.fieldnames'}}) {
2861 push(@pairs,".cgifields=".escape("$_"));
2862 }
71f3e297 2863 return join($USE_PARAM_SEMICOLONS ? ';' : '&',@pairs);
54310121 2864}
2865END_OF_FUNC
2866
2867
2868#### Method: accept
2869# Without parameters, returns an array of the
2870# MIME types the browser accepts.
2871# With a single parameter equal to a MIME
2872# type, will return undef if the browser won't
2873# accept it, 1 if the browser accepts it but
2874# doesn't give a preference, or a floating point
2875# value between 0.0 and 1.0 if the browser
2876# declares a quantitative score for it.
2877# This handles MIME type globs correctly.
2878####
71f3e297
JH		 2879'Accept' => <<'END_OF_FUNC',
2880sub Accept {
54310121 2881 my($self,$search) = self_or_CGI(@_);
2882 my(%prefs,$type,$pref,$pat);
2883
2884 my(@accept) = split(',',$self->http('accept'));
2885
2886 foreach (@accept) {
2887 ($pref) = /q=(\d\.\d+|\d+)/;
2888 ($type) = m#(\S+/[^;]+)#;
2889 next unless $type;
2890 $prefs{$type}=$pref || 1;
2891 }
2892
2893 return keys %prefs unless $search;
2894
2895 # if a search type is provided, we may need to
2896 # perform a pattern matching operation.
2897 # The MIME types use a glob mechanism, which
2898 # is easily translated into a perl pattern match
2899
2900 # First return the preference for directly supported
2901 # types:
2902 return $prefs{$search} if $prefs{$search};
2903
2904 # Didn't get it, so try pattern matching.
2905 foreach (keys %prefs) {
2906 next unless /\*/; # not a pattern match
2907 ($pat = $_) =~ s/([^\w*])/\\$1/g; # escape meta characters
2908 $pat =~ s/\*/.*/g; # turn it into a pattern
2909 return $prefs{$_} if $search=~/$pat/;
2910 }
2911}
2912END_OF_FUNC
2913
2914
2915#### Method: user_agent
2916# If called with no parameters, returns the user agent.
2917# If called with one parameter, does a pattern match (case
2918# insensitive) on the user agent.
2919####
2920'user_agent' => <<'END_OF_FUNC',
2921sub user_agent {
2922 my($self,$match)=self_or_CGI(@_);
2923 return $self->http('user_agent') unless $match;
2924 return $self->http('user_agent') =~ /$match/i;
2925}
2926END_OF_FUNC
2927
2928
424ec8fa
GS		 2929#### Method: raw_cookie
2930# Returns the magic cookies for the session.
2931# The cookies are not parsed or altered in any way, i.e.
2932# cookies are returned exactly as given in the HTTP
2933# headers. If a cookie name is given, only that cookie's
2934# value is returned, otherwise the entire raw cookie
2935# is returned.
54310121 2936####
2937'raw_cookie' => <<'END_OF_FUNC',
2938sub raw_cookie {
424ec8fa
GS		 2939 my($self,$key) = self_or_CGI(@_);
2940
2941 require CGI::Cookie;
2942
2943 if (defined($key)) {
2944 $self->{'.raw_cookies'} = CGI::Cookie->raw_fetch
2945 unless $self->{'.raw_cookies'};
2946
2947 return () unless $self->{'.raw_cookies'};
2948 return () unless $self->{'.raw_cookies'}->{$key};
2949 return $self->{'.raw_cookies'}->{$key};
2950 }
54310121 2951 return $self->http('cookie') || $ENV{'COOKIE'} || '';
2952}
2953END_OF_FUNC
2954
2955#### Method: virtual_host
2956# Return the name of the virtual_host, which
2957# is not always the same as the server
2958######
2959'virtual_host' => <<'END_OF_FUNC',
2960sub virtual_host {
13548fdf 2961 my $vh = http('x_forwarded_host') || http('host') || server_name();
424ec8fa
GS		 2962 $vh =~ s/:\d+$//; # get rid of port number
2963 return $vh;
54310121 2964}
2965END_OF_FUNC
2966
2967#### Method: remote_host
2968# Return the name of the remote host, or its IP
2969# address if unavailable. If this variable isn't
2970# defined, it returns "localhost" for debugging
2971# purposes.
2972####
2973'remote_host' => <<'END_OF_FUNC',
2974sub remote_host {
2975 return $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'}
2976 || 'localhost';
2977}
2978END_OF_FUNC
2979
2980
2981#### Method: remote_addr
2982# Return the IP addr of the remote host.
2983####
2984'remote_addr' => <<'END_OF_FUNC',
2985sub remote_addr {
2986 return $ENV{'REMOTE_ADDR'} || '127.0.0.1';
2987}
2988END_OF_FUNC
2989
2990
2991#### Method: script_name
2992# Return the partial URL to this script for
2993# self-referencing scripts. Also see
2994# self_url(), which returns a URL with all state information
2995# preserved.
2996####
2997'script_name' => <<'END_OF_FUNC',
2998sub script_name {
7dc108d1
SP		 2999 my ($self,@p) = self_or_default(@_);
3000 if (@p) {
3001 $self->{'.script_name'} = shift;
3002 } elsif (!exists $self->{'.script_name'}) {
3003 my ($script_name,$path_info) = $self->_name_and_path_from_env();
3004 $self->{'.script_name'} = $script_name;
3005 }
3006 return $self->{'.script_name'};
54310121 3007}
3008END_OF_FUNC
3009
3010
3011#### Method: referer
3012# Return the HTTP_REFERER: useful for generating
3013# a GO BACK button.
3014####
3015'referer' => <<'END_OF_FUNC',
3016sub referer {
3017 my($self) = self_or_CGI(@_);
3018 return $self->http('referer');
3019}
3020END_OF_FUNC
3021
3022
3023#### Method: server_name
3024# Return the name of the server
3025####
3026'server_name' => <<'END_OF_FUNC',
3027sub server_name {
3028 return $ENV{'SERVER_NAME'} || 'localhost';
3029}
3030END_OF_FUNC
3031
3032#### Method: server_software
3033# Return the name of the server software
3034####
3035'server_software' => <<'END_OF_FUNC',
3036sub server_software {
3037 return $ENV{'SERVER_SOFTWARE'} || 'cmdline';
3038}
3039END_OF_FUNC
3040
2ed511ec
RGS		 3041#### Method: virtual_port
3042# Return the server port, taking virtual hosts into account
3043####
3044'virtual_port' => <<'END_OF_FUNC',
3045sub virtual_port {
3046 my($self) = self_or_default(@_);
13548fdf 3047 my $vh = $self->http('x_forwarded_host') || $self->http('host');
0a9bdad4 3048 my $protocol = $self->protocol;
2ed511ec 3049 if ($vh) {
0a9bdad4 3050 return ($vh =~ /:(\d+)$/)[0] || ($protocol eq 'https' ? 443 : 80);
2ed511ec
RGS		 3051 } else {
3052 return $self->server_port();
3053 }
3054}
3055END_OF_FUNC
3056
54310121 3057#### Method: server_port
3058# Return the tcp/ip port the server is running on
3059####
3060'server_port' => <<'END_OF_FUNC',
3061sub server_port {
3062 return $ENV{'SERVER_PORT'} || 80; # for debugging
3063}
3064END_OF_FUNC
3065
3066#### Method: server_protocol
3067# Return the protocol (usually HTTP/1.0)
3068####
3069'server_protocol' => <<'END_OF_FUNC',
3070sub server_protocol {
3071 return $ENV{'SERVER_PROTOCOL'} || 'HTTP/1.0'; # for debugging
3072}
3073END_OF_FUNC
3074
3075#### Method: http
3076# Return the value of an HTTP variable, or
3077# the list of variables if none provided
3078####
3079'http' => <<'END_OF_FUNC',
3080sub http {
3081 my ($self,$parameter) = self_or_CGI(@_);
3082 return $ENV{$parameter} if $parameter=~/^HTTP/;
3538e1d5 3083 $parameter =~ tr/-/_/;
54310121 3084 return $ENV{"HTTP_\U$parameter\E"} if $parameter;
3085 my(@p);
3086 foreach (keys %ENV) {
3087 push(@p,$_) if /^HTTP/;
3088 }
3089 return @p;
3090}
3091END_OF_FUNC
3092
3093#### Method: https
3094# Return the value of HTTPS
3095####
3096'https' => <<'END_OF_FUNC',
3097sub https {
3098 local($^W)=0;
3099 my ($self,$parameter) = self_or_CGI(@_);
3100 return $ENV{HTTPS} unless $parameter;
3101 return $ENV{$parameter} if $parameter=~/^HTTPS/;
3538e1d5 3102 $parameter =~ tr/-/_/;
54310121 3103 return $ENV{"HTTPS_\U$parameter\E"} if $parameter;
3104 my(@p);
3105 foreach (keys %ENV) {
3106 push(@p,$_) if /^HTTPS/;
3107 }
3108 return @p;
3109}
3110END_OF_FUNC
3111
3112#### Method: protocol
3113# Return the protocol (http or https currently)
3114####
3115'protocol' => <<'END_OF_FUNC',
3116sub protocol {
3117 local($^W)=0;
3118 my $self = shift;
424ec8fa 3119 return 'https' if uc($self->https()) eq 'ON';
54310121 3120 return 'https' if $self->server_port == 443;
3121 my $prot = $self->server_protocol;
3122 my($protocol,$version) = split('/',$prot);
3123 return "\L$protocol\E";
3124}
3125END_OF_FUNC
3126
3127#### Method: remote_ident
3128# Return the identity of the remote user
3129# (but only if his host is running identd)
3130####
3131'remote_ident' => <<'END_OF_FUNC',
3132sub remote_ident {
3133 return $ENV{'REMOTE_IDENT'};
3134}
3135END_OF_FUNC
3136
3137
3138#### Method: auth_type
3139# Return the type of use verification/authorization in use, if any.
3140####
3141'auth_type' => <<'END_OF_FUNC',
3142sub auth_type {
3143 return $ENV{'AUTH_TYPE'};
3144}
3145END_OF_FUNC
3146
3147
3148#### Method: remote_user
3149# Return the authorization name used for user
3150# verification.
3151####
3152'remote_user' => <<'END_OF_FUNC',
3153sub remote_user {
3154 return $ENV{'REMOTE_USER'};
3155}
3156END_OF_FUNC
3157
3158
3159#### Method: user_name
3160# Try to return the remote user's name by hook or by
3161# crook
3162####
3163'user_name' => <<'END_OF_FUNC',
3164sub user_name {
3165 my ($self) = self_or_CGI(@_);
3166 return $self->http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'};
3167}
3168END_OF_FUNC
3169
3d1a2ec4
GS		 3170#### Method: nosticky
3171# Set or return the NOSTICKY global flag
3172####
3173'nosticky' => <<'END_OF_FUNC',
3174sub nosticky {
3175 my ($self,$param) = self_or_CGI(@_);
3176 $CGI::NOSTICKY = $param if defined($param);
3177 return $CGI::NOSTICKY;
3178}
3179END_OF_FUNC
3180
54310121 3181#### Method: nph
3182# Set or return the NPH global flag
3183####
3184'nph' => <<'END_OF_FUNC',
3185sub nph {
3186 my ($self,$param) = self_or_CGI(@_);
7d37aa8e
LS		 3187 $CGI::NPH = $param if defined($param);
3188 return $CGI::NPH;
3189}
3190END_OF_FUNC
3191
3192#### Method: private_tempfiles
3193# Set or return the private_tempfiles global flag
3194####
3195'private_tempfiles' => <<'END_OF_FUNC',
3196sub private_tempfiles {
3197 my ($self,$param) = self_or_CGI(@_);
424ec8fa 3198 $CGI::PRIVATE_TEMPFILES = $param if defined($param);
7d37aa8e 3199 return $CGI::PRIVATE_TEMPFILES;
54310121 3200}
3201END_OF_FUNC
8f3ccfa2
JH		 3202#### Method: close_upload_files
3203# Set or return the close_upload_files global flag
3204####
3205'close_upload_files' => <<'END_OF_FUNC',
3206sub close_upload_files {
3207 my ($self,$param) = self_or_CGI(@_);
3208 $CGI::CLOSE_UPLOAD_FILES = $param if defined($param);
3209 return $CGI::CLOSE_UPLOAD_FILES;
3210}
3211END_OF_FUNC
3212
54310121 3213
424ec8fa
GS		 3214#### Method: default_dtd
3215# Set or return the default_dtd global
3216####
3217'default_dtd' => <<'END_OF_FUNC',
3218sub default_dtd {
3d1a2ec4
GS		 3219 my ($self,$param,$param2) = self_or_CGI(@_);
3220 if (defined $param2 && defined $param) {
3221 $CGI::DEFAULT_DTD = [ $param, $param2 ];
3222 } elsif (defined $param) {
3223 $CGI::DEFAULT_DTD = $param;
3224 }
424ec8fa
GS		 3225 return $CGI::DEFAULT_DTD;
3226}
3227END_OF_FUNC
3228
54310121 3229# -------------- really private subroutines -----------------
3230'previous_or_default' => <<'END_OF_FUNC',
3231sub previous_or_default {
3232 my($self,$name,$defaults,$override) = @_;
3233 my(%selected);
3234
3235 if (!$override && ($self->{'.fieldnames'}->{$name} ||
3236 defined($self->param($name)) ) ) {
3237 grep($selected{$_}++,$self->param($name));
3238 } elsif (defined($defaults) && ref($defaults) &&
3239 (ref($defaults) eq 'ARRAY')) {
3240 grep($selected{$_}++,@{$defaults});
3241 } else {
3242 $selected{$defaults}++ if defined($defaults);
3243 }
3244
3245 return %selected;
3246}
3247END_OF_FUNC
3248
3249'register_parameter' => <<'END_OF_FUNC',
3250sub register_parameter {
3251 my($self,$param) = @_;
3252 $self->{'.parametersToAdd'}->{$param}++;
3253}
3254END_OF_FUNC
3255
3256'get_fields' => <<'END_OF_FUNC',
3257sub get_fields {
3258 my($self) = @_;
424ec8fa
GS		 3259 return $self->CGI::hidden('-name'=>'.cgifields',
3260 '-values'=>[keys %{$self->{'.parametersToAdd'}}],
3261 '-override'=>1);
54310121 3262}
3263END_OF_FUNC
3264
3265'read_from_cmdline' => <<'END_OF_FUNC',
3266sub read_from_cmdline {
54310121 3267 my($input,@words);
3268 my($query_string);
2ed511ec 3269 my($subpath);
3d1a2ec4 3270 if ($DEBUG && @ARGV) {
424ec8fa 3271 @words = @ARGV;
3d1a2ec4 3272 } elsif ($DEBUG > 1) {
424ec8fa 3273 require "shellwords.pl";
2ed511ec 3274 print STDERR "(offline mode: enter name=value pairs on standard input; press ^D or ^Z when done)\n";
424ec8fa 3275 chomp(@lines = <STDIN>); # remove newlines
54310121 3276 $input = join(" ",@lines);
424ec8fa
GS		 3277 @words = &shellwords($input);
3278 }
3279 foreach (@words) {
3280 s/\\=/%3D/g;
3281 s/\\&/%26/g;
54310121 3282 }
3283
54310121 3284 if ("@words"=~/=/) {
3285 $query_string = join('&',@words);
3286 } else {
3287 $query_string = join('+',@words);
3288 }
2ed511ec
RGS		 3289 if ($query_string =~ /^(.*?)\?(.*)$/)
3290 {
3291 $query_string = $2;
3292 $subpath = $1;
3293 }
3294 return { 'query_string' => $query_string, 'subpath' => $subpath };
54310121 3295}
3296END_OF_FUNC
3297
3298#####
3299# subroutine: read_multipart
3300#
3301# Read multipart data and store it into our parameters.
3302# An interesting feature is that if any of the parts is a file, we
3303# create a temporary file and open up a filehandle on it so that the
3304# caller can read from it if necessary.
3305#####
3306'read_multipart' => <<'END_OF_FUNC',
3307sub read_multipart {
2ed511ec
RGS		 3308 my($self,$boundary,$length) = @_;
3309 my($buffer) = $self->new_MultipartBuffer($boundary,$length);
54310121 3310 return unless $buffer;
3311 my(%header,$body);
424ec8fa 3312 my $filenumber = 0;
54310121 3313 while (!$buffer->eof) {
3314 %header = $buffer->readHeader;
3538e1d5
GS		 3315
3316 unless (%header) {
3317 $self->cgi_error("400 Bad request (malformed multipart POST)");
3318 return;
3319 }
54310121 3320
c29edf6c 3321 my($param)= $header{'Content-Disposition'}=~/ name="([^"]*)"/;
188ba755 3322 $param .= $TAINTED;
54310121 3323
424ec8fa 3324 # Bug: Netscape doesn't escape quotation marks in file names!!!
c29edf6c 3325 my($filename) = $header{'Content-Disposition'}=~/ filename="([^"]*)"/;
8f3ccfa2
JH		 3326 # Test for Opera's multiple upload feature
3327 my($multipart) = ( defined( $header{'Content-Type'} ) &&
3328 $header{'Content-Type'} =~ /multipart\/mixed/ ) ?
3329 1 : 0;
54310121 3330
3331 # add this parameter to our list
3332 $self->add_parameter($param);
3333
3334 # If no filename specified, then just read the data and assign it
3335 # to our parameter list.
8f3ccfa2 3336 if ( ( !defined($filename) || $filename eq '' ) && !$multipart ) {
54310121 3337 my($value) = $buffer->readBody;
188ba755 3338 $value .= $TAINTED;
54310121 3339 push(@{$self->{$param}},$value);
3340 next;
3341 }
3342
424ec8fa
GS		 3343 my ($tmpfile,$tmp,$filehandle);
3344 UPLOADS: {
3345 # If we get here, then we are dealing with a potentially large
3346 # uploaded form. Save the data to a temporary file, then open
3347 # the file for reading.
54310121 3348
424ec8fa
GS		 3349 # skip the file if uploads disabled
3350 if ($DISABLE_UPLOADS) {
3351 while (defined($data = $buffer->read)) { }
3352 last UPLOADS;
3353 }
7d37aa8e 3354
8f3ccfa2
JH		 3355 # set the filename to some recognizable value
3356 if ( ( !defined($filename) || $filename eq '' ) && $multipart ) {
3357 $filename = "multipart/mixed";
3358 }
3359
3538e1d5 3360 # choose a relatively unpredictable tmpfile sequence number
29ddc2a4 3361 my $seqno = unpack("%16C*",join('',localtime,grep {defined $_} values %ENV));
3538e1d5 3362 for (my $cnt=10;$cnt>0;$cnt--) {
ac734d8b 3363 next unless $tmpfile = new CGITempFile($seqno);
3538e1d5 3364 $tmp = $tmpfile->as_string;
ffd2dff2 3365 last if defined($filehandle = Fh->new($filename,$tmp,$PRIVATE_TEMPFILES));
3538e1d5
GS		 3366 $seqno += int rand(100);
3367 }
69c89ae7 3368 die "CGI open of tmpfile: $!\n" unless defined $filehandle;
2ed511ec
RGS		 3369 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode
3370 && defined fileno($filehandle);
424ec8fa 3371
8f3ccfa2 3372 # if this is an multipart/mixed attachment, save the header
2ed511ec 3373 # together with the body for later parsing with an external
8f3ccfa2
JH		 3374 # MIME parser module
3375 if ( $multipart ) {
3376 foreach ( keys %header ) {
3377 print $filehandle "$_: $header{$_}${CRLF}";
3378 }
3379 print $filehandle "${CRLF}";
3380 }
3381
424ec8fa 3382 my ($data);
71f3e297 3383 local($\) = '';
2ed511ec
RGS		 3384 my $totalbytes;
3385 while (defined($data = $buffer->read)) {
3386 if (defined $self->{'.upload_hook'})
3387 {
3388 $totalbytes += length($data);
3389 &{$self->{'.upload_hook'}}($filename ,$data, $totalbytes, $self->{'.upload_data'});
3390 }
cb3b230c 3391 print $filehandle $data if ($self->{'use_tempfile'});
2ed511ec 3392 }
424ec8fa
GS		 3393
3394 # back up to beginning of file
3395 seek($filehandle,0,0);
8f3ccfa2
JH		 3396
3397 ## Close the filehandle if requested this allows a multipart MIME
3398 ## upload to contain many files, and we won't die due to too many
3399 ## open file handles. The user can access the files using the hash
3400 ## below.
3401 close $filehandle if $CLOSE_UPLOAD_FILES;
424ec8fa
GS		 3402 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;
3403
3404 # Save some information about the uploaded file where we can get
3405 # at it later.
0a9bdad4
SP		 3406 # Use the typeglob as the key, as this is guaranteed to be
3407 # unique for each filehandle. Don't use the file descriptor as
3408 # this will be re-used for each filehandle if the
3409 # close_upload_files feature is used.
3410 $self->{'.tmpfiles'}->{$$filehandle}= {
2ed511ec 3411 hndl => $filehandle,
424ec8fa
GS		 3412 name => $tmpfile,
3413 info => {%header},
3414 };
3415 push(@{$self->{$param}},$filehandle);
3416 }
54310121 3417 }
3418}
3419END_OF_FUNC
3420
3538e1d5
GS		 3421'upload' =><<'END_OF_FUNC',
3422sub upload {
3423 my($self,$param_name) = self_or_default(@_);
0664a57d 3424 my @param = grep {ref($_) && defined(fileno($_))} $self->param($param_name);
199d4a26
JH		 3425 return unless @param;
3426 return wantarray ? @param : $param[0];
3538e1d5
GS		 3427}
3428END_OF_FUNC
3429
54310121 3430'tmpFileName' => <<'END_OF_FUNC',
3431sub tmpFileName {
3432 my($self,$filename) = self_or_default(@_);
0a9bdad4
SP		 3433 return $self->{'.tmpfiles'}->{$$filename}->{name} ?
3434 $self->{'.tmpfiles'}->{$$filename}->{name}->as_string
7d37aa8e 3435 : '';
54310121 3436}
3437END_OF_FUNC
3438
424ec8fa 3439'uploadInfo' => <<'END_OF_FUNC',
54310121 3440sub uploadInfo {
3441 my($self,$filename) = self_or_default(@_);
0a9bdad4 3442 return $self->{'.tmpfiles'}->{$$filename}->{info};
54310121 3443}
3444END_OF_FUNC
3445
424ec8fa
GS		 3446# internal routine, don't use
3447'_set_values_and_labels' => <<'END_OF_FUNC',
3448sub _set_values_and_labels {
3449 my $self = shift;
3450 my ($v,$l,$n) = @_;
3451 $$l = $v if ref($v) eq 'HASH' && !ref($$l);
3452 return $self->param($n) if !defined($v);
3453 return $v if !ref($v);
3454 return ref($v) eq 'HASH' ? keys %$v : @$v;
3455}
3456END_OF_FUNC
3457
188ba755
JH		 3458# internal routine, don't use
3459'_set_attributes' => <<'END_OF_FUNC',
3460sub _set_attributes {
3461 my $self = shift;
3462 my($element, $attributes) = @_;
3463 return '' unless defined($attributes->{$element});
3464 $attribs = ' ';
3465 foreach my $attrib (keys %{$attributes->{$element}}) {
13548fdf
RGS		 3466 (my $clean_attrib = $attrib) =~ s/^-//;
3467 $attribs .= "@{[lc($clean_attrib)]}=\"$attributes->{$element}{$attrib}\" ";
188ba755
JH		 3468 }
3469 $attribs =~ s/ $//;
3470 return $attribs;
3471}
3472END_OF_FUNC
3473
424ec8fa
GS		 3474'_compile_all' => <<'END_OF_FUNC',
3475sub _compile_all {
3476 foreach (@_) {
3477 next if defined(&$_);
3478 $AUTOLOAD = "CGI::$_";
3479 _compile();
3480 }
3481}
3482END_OF_FUNC
3483
54310121 3484);
3485END_OF_AUTOLOAD
3486;
3487
424ec8fa
GS		 3488#########################################################
3489# Globals and stubs for other packages that we use.
3490#########################################################
3491
3492################### Fh -- lightweight filehandle ###############
3493package Fh;
3494use overload
3495 '""' => \&asString,
3496 'cmp' => \&compare,
3497 'fallback'=>1;
3498
3499$FH='fh00000';
3500
3501*Fh::AUTOLOAD = \&CGI::AUTOLOAD;
3502
29ddc2a4
RGS		 3503sub DESTROY {
3504 my $self = shift;
3505 close $self;
3506}
3507
424ec8fa
GS		 3508$AUTOLOADED_ROUTINES = ''; # prevent -w error
3509$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3510%SUBS = (
3511'asString' => <<'END_OF_FUNC',
3512sub asString {
3513 my $self = shift;
71f3e297 3514 # get rid of package name
ffd2dff2 3515 (my $i = $$self) =~ s/^\*(\w+::fh\d{5})+//;
ba056755 3516 $i =~ s/%(..)/ chr(hex($1)) /eg;
188ba755 3517 return $i.$CGI::TAINTED;
71f3e297
JH		 3518# BEGIN DEAD CODE
3519# This was an extremely clever patch that allowed "use strict refs".
3520# Unfortunately it relied on another bug that caused leaky file descriptors.
3521# The underlying bug has been fixed, so this no longer works. However
3522# "strict refs" still works for some reason.
3523# my $self = shift;
3524# return ${*{$self}{SCALAR}};
3525# END DEAD CODE
424ec8fa
GS		 3526}
3527END_OF_FUNC
3528
3529'compare' => <<'END_OF_FUNC',
3530sub compare {
3531 my $self = shift;
3532 my $value = shift;
3533 return "$self" cmp $value;
3534}
3535END_OF_FUNC
3536
3537'new' => <<'END_OF_FUNC',
3538sub new {
3539 my($pack,$name,$file,$delete) = @_;
188ba755 3540 _setup_symbols(@SAVED_SYMBOLS) if @SAVED_SYMBOLS;
424ec8fa 3541 require Fcntl unless defined &Fcntl::O_RDWR;
ba056755
JH		 3542 (my $safename = $name) =~ s/([':%])/ sprintf '%%%02X', ord $1 /eg;
3543 my $fv = ++$FH . $safename;
6b4ac661 3544 my $ref = \*{"Fh::$fv"};
188ba755
JH		 3545 $file =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return;
3546 my $safe = $1;
3547 sysopen($ref,$safe,Fcntl::O_RDWR()|Fcntl::O_CREAT()|Fcntl::O_EXCL(),0600) || return;
3548 unlink($safe) if $delete;
6b4ac661 3549 CORE::delete $Fh::{$fv};
71f3e297 3550 return bless $ref,$pack;
424ec8fa
GS		 3551}
3552END_OF_FUNC
3553
424ec8fa
GS		 3554);
3555END_OF_AUTOLOAD
3556
3557######################## MultipartBuffer ####################
54310121 3558package MultipartBuffer;
3559
2ed511ec
RGS		 3560use constant DEBUG => 0;
3561
54310121 3562# how many bytes to read at a time. We use
71f3e297
JH		 3563# a 4K buffer by default.
3564$INITIAL_FILLUNIT = 1024 * 4;
3565$TIMEOUT = 240*60; # 4 hour timeout for big files
3566$SPIN_LOOP_MAX = 2000; # bug fix for some Netscape servers
54310121 3567$CRLF=$CGI::CRLF;
3568
3569#reuse the autoload function
3570*MultipartBuffer::AUTOLOAD = \&CGI::AUTOLOAD;
3571
424ec8fa
GS		 3572# avoid autoloader warnings
3573sub DESTROY {}
3574
54310121 3575###############################################################################
3576################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
3577###############################################################################
3578$AUTOLOADED_ROUTINES = ''; # prevent -w error
3579$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3580%SUBS = (
3581
3582'new' => <<'END_OF_FUNC',
3583sub new {
2ed511ec 3584 my($package,$interface,$boundary,$length) = @_;
424ec8fa 3585 $FILLUNIT = $INITIAL_FILLUNIT;
2ed511ec 3586 $CGI::DefaultClass->binmode($IN); # if $CGI::needs_binmode; # just do it always
29ddc2a4 3587
54310121 3588 # If the user types garbage into the file upload field,
3589 # then Netscape passes NOTHING to the server (not good).
3590 # We may hang on this read in that case. So we implement
3591 # a read timeout. If nothing is ready to read
3592 # by then, we return.
3593
3594 # Netscape seems to be a little bit unreliable
3595 # about providing boundary strings.
3d1a2ec4 3596 my $boundary_read = 0;
54310121 3597 if ($boundary) {
3598
3599 # Under the MIME spec, the boundary consists of the
3600 # characters "--" PLUS the Boundary string
424ec8fa
GS		 3601
3602 # BUG: IE 3.01 on the Macintosh uses just the boundary -- not
71f3e297 3603 # the two extra hyphens. We do a special case here on the user-agent!!!!
69c89ae7 3604 $boundary = "--$boundary" unless CGI::user_agent('MSIE\s+3\.0[12];\s*Mac|DreamPassport');
424ec8fa 3605
54310121 3606 } else { # otherwise we find it ourselves
3607 my($old);
3608 ($old,$/) = ($/,$CRLF); # read a CRLF-delimited line
2ed511ec 3609 $boundary = <STDIN>; # BUG: This won't work correctly under mod_perl
54310121 3610 $length -= length($boundary);
3611 chomp($boundary); # remove the CRLF
3612 $/ = $old; # restore old line separator
3d1a2ec4 3613 $boundary_read++;
54310121 3614 }
3615
3616 my $self = {LENGTH=>$length,
29ddc2a4 3617 CHUNKED=>!defined $length,
54310121 3618 BOUNDARY=>$boundary,
54310121 3619 INTERFACE=>$interface,
3620 BUFFER=>'',
3621 };
3622
3623 $FILLUNIT = length($boundary)
3624 if length($boundary) > $FILLUNIT;
3625
424ec8fa
GS		 3626 my $retval = bless $self,ref $package || $package;
3627
3628 # Read the preamble and the topmost (boundary) line plus the CRLF.
3d1a2ec4
GS		 3629 unless ($boundary_read) {
3630 while ($self->read(0)) { }
3631 }
2ed511ec 3632 die "Malformed multipart POST: data truncated\n" if $self->eof;
424ec8fa
GS		 3633
3634 return $retval;
54310121 3635}
3636END_OF_FUNC
3637
3638'readHeader' => <<'END_OF_FUNC',
3639sub readHeader {
3640 my($self) = @_;
3641 my($end);
3642 my($ok) = 0;
47e3cabd 3643 my($bad) = 0;
424ec8fa 3644
2ed511ec 3645 local($CRLF) = "\015\012" if $CGI::OS eq 'VMS' || $CGI::EBCDIC;
424ec8fa 3646
54310121 3647 do {
3648 $self->fillBuffer($FILLUNIT);
3649 $ok++ if ($end = index($self->{BUFFER},"${CRLF}${CRLF}")) >= 0;
3650 $ok++ if $self->{BUFFER} eq '';
47e3cabd 3651 $bad++ if !$ok && $self->{LENGTH} <= 0;
424ec8fa
GS		 3652 # this was a bad idea
3653 # $FILLUNIT *= 2 if length($self->{BUFFER}) >= $FILLUNIT;
47e3cabd
LS		 3654 } until $ok || $bad;
3655 return () if $bad;
54310121 3656
2ed511ec
RGS		 3657 #EBCDIC NOTE: translate header into EBCDIC, but watch out for continuation lines!
3658
54310121 3659 my($header) = substr($self->{BUFFER},0,$end+2);
3660 substr($self->{BUFFER},0,$end+4) = '';
3661 my %return;
424ec8fa 3662
2ed511ec
RGS		 3663 if ($CGI::EBCDIC) {
3664 warn "untranslated header=$header\n" if DEBUG;
3665 $header = CGI::Util::ascii2ebcdic($header);
3666 warn "translated header=$header\n" if DEBUG;
3667 }
3668
424ec8fa
GS		 3669 # See RFC 2045 Appendix A and RFC 822 sections 3.4.8
3670 # (Folding Long Header Fields), 3.4.3 (Comments)
3671 # and 3.4.5 (Quoted-Strings).
3672
3673 my $token = '[-\w!\#$%&\'*+.^_\`|{}~]';
3674 $header=~s/$CRLF\s+/ /og; # merge continuation lines
188ba755 3675
424ec8fa 3676 while ($header=~/($token+):\s+([^$CRLF]*)/mgox) {
188ba755 3677 my ($field_name,$field_value) = ($1,$2);
424ec8fa
GS		 3678 $field_name =~ s/\b(\w)/uc($1)/eg; #canonicalize
3679 $return{$field_name}=$field_value;
54310121 3680 }
3681 return %return;
3682}
3683END_OF_FUNC
3684
3685# This reads and returns the body as a single scalar value.
3686'readBody' => <<'END_OF_FUNC',
3687sub readBody {
3688 my($self) = @_;
3689 my($data);
3690 my($returnval)='';
2ed511ec
RGS		 3691
3692 #EBCDIC NOTE: want to translate returnval into EBCDIC HERE
3693
54310121 3694 while (defined($data = $self->read)) {
3695 $returnval .= $data;
3696 }
2ed511ec
RGS		 3697
3698 if ($CGI::EBCDIC) {
3699 warn "untranslated body=$returnval\n" if DEBUG;
3700 $returnval = CGI::Util::ascii2ebcdic($returnval);
3701 warn "translated body=$returnval\n" if DEBUG;
3702 }
54310121 3703 return $returnval;
3704}
3705END_OF_FUNC
3706
3707# This will read $bytes or until the boundary is hit, whichever happens
3708# first. After the boundary is hit, we return undef. The next read will
3709# skip over the boundary and begin reading again;
3710'read' => <<'END_OF_FUNC',
3711sub read {
3712 my($self,$bytes) = @_;
3713
3714 # default number of bytes to read
2ed511ec 3715 $bytes = $bytes || $FILLUNIT;
54310121 3716
3717 # Fill up our internal buffer in such a way that the boundary
3718 # is never split between reads.
3719 $self->fillBuffer($bytes);
3720
2ed511ec
RGS		 3721 my $boundary_start = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY}) : $self->{BOUNDARY};
3722 my $boundary_end = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY}.'--') : $self->{BOUNDARY}.'--';
3723
54310121 3724 # Find the boundary in the buffer (it may not be there).
2ed511ec
RGS		 3725 my $start = index($self->{BUFFER},$boundary_start);
3726
3727 warn "boundary=$self->{BOUNDARY} length=$self->{LENGTH} start=$start\n" if DEBUG;
54310121 3728
29ddc2a4
RGS		 3729 # protect against malformed multipart POST operations
3730 die "Malformed multipart POST\n" unless $self->{CHUNKED} || ($start >= 0 || $self->{LENGTH} > 0);
2ed511ec
RGS		 3731
3732 #EBCDIC NOTE: want to translate boundary search into ASCII here.
3733
54310121 3734 # If the boundary begins the data, then skip past it
03b9648d 3735 # and return undef.
54310121 3736 if ($start == 0) {
3737
3738 # clear us out completely if we've hit the last boundary.
2ed511ec 3739 if (index($self->{BUFFER},$boundary_end)==0) {
54310121 3740 $self->{BUFFER}='';
3741 $self->{LENGTH}=0;
3742 return undef;
3743 }
3744
3745 # just remove the boundary.
2ed511ec 3746 substr($self->{BUFFER},0,length($boundary_start))='';
03b9648d 3747 $self->{BUFFER} =~ s/^\012\015?//;
54310121 3748 return undef;
3749 }
3750
8f3ccfa2 3751 my $bytesToReturn;
54310121 3752 if ($start > 0) { # read up to the boundary
8f3ccfa2 3753 $bytesToReturn = $start-2 > $bytes ? $bytes : $start;
54310121 3754 } else { # read the requested number of bytes
3755 # leave enough bytes in the buffer to allow us to read
3756 # the boundary. Thanks to Kevin Hendrick for finding
3757 # this one.
2ed511ec 3758 $bytesToReturn = $bytes - (length($boundary_start)+1);
54310121 3759 }
3760
3761 my $returnval=substr($self->{BUFFER},0,$bytesToReturn);
3762 substr($self->{BUFFER},0,$bytesToReturn)='';
3763
3764 # If we hit the boundary, remove the CRLF from the end.
8f3ccfa2 3765 return ($bytesToReturn==$start)
ac734d8b 3766 ? substr($returnval,0,-2) : $returnval;
54310121 3767}
3768END_OF_FUNC
3769
3770
3771# This fills up our internal buffer in such a way that the
3772# boundary is never split between reads
3773'fillBuffer' => <<'END_OF_FUNC',
3774sub fillBuffer {
3775 my($self,$bytes) = @_;
29ddc2a4 3776 return unless $self->{CHUNKED} || $self->{LENGTH};
54310121 3777
3778 my($boundaryLength) = length($self->{BOUNDARY});
3779 my($bufferLength) = length($self->{BUFFER});
3780 my($bytesToRead) = $bytes - $bufferLength + $boundaryLength + 2;
29ddc2a4 3781 $bytesToRead = $self->{LENGTH} if !$self->{CHUNKED} && $self->{LENGTH} < $bytesToRead;
54310121 3782
2ed511ec
RGS		 3783 # Try to read some data. We may hang here if the browser is screwed up.
3784 my $bytesRead = $self->{INTERFACE}->read_from_client(\$self->{BUFFER},
54310121 3785 $bytesToRead,
3786 $bufferLength);
2ed511ec 3787 warn "bytesToRead=$bytesToRead, bufferLength=$bufferLength, buffer=$self->{BUFFER}\n" if DEBUG;
71f3e297 3788 $self->{BUFFER} = '' unless defined $self->{BUFFER};
54310121 3789
47e3cabd 3790 # An apparent bug in the Apache server causes the read()
54310121 3791 # to return zero bytes repeatedly without blocking if the
3792 # remote user aborts during a file transfer. I don't know how
3793 # they manage this, but the workaround is to abort if we get
3794 # more than SPIN_LOOP_MAX consecutive zero reads.
29ddc2a4 3795 if ($bytesRead <= 0) {
54310121 3796 die "CGI.pm: Server closed socket during multipart read (client aborted?).\n"
3797 if ($self->{ZERO_LOOP_COUNTER}++ >= $SPIN_LOOP_MAX);
3798 } else {
3799 $self->{ZERO_LOOP_COUNTER}=0;
3800 }
3801
29ddc2a4 3802 $self->{LENGTH} -= $bytesRead if !$self->{CHUNKED} && $bytesRead;
54310121 3803}
3804END_OF_FUNC
3805
3806
3807# Return true when we've finished reading
3808'eof' => <<'END_OF_FUNC'
3809sub eof {
3810 my($self) = @_;
3811 return 1 if (length($self->{BUFFER}) == 0)
3812 && ($self->{LENGTH} <= 0);
3813 undef;
3814}
3815END_OF_FUNC
3816
3817);
3818END_OF_AUTOLOAD
3819
3820####################################################################################
3821################################## TEMPORARY FILES #################################
3822####################################################################################
ac734d8b 3823package CGITempFile;
54310121 3824
cff99809 3825sub find_tempdir {
cff99809
JH		 3826 $SL = $CGI::SL;
3827 $MAC = $CGI::OS eq 'MACINTOSH';
3828 my ($vol) = $MAC ? MacPerl::Volumes() =~ /:(.*)/ : "";
0a9bdad4 3829 unless (defined $TMPDIRECTORY) {
424ec8fa 3830 @TEMP=("${SL}usr${SL}tmp","${SL}var${SL}tmp",
3538e1d5 3831 "C:${SL}temp","${SL}tmp","${SL}temp",
3d1a2ec4 3832 "${vol}${SL}Temporary Items",
ba056755
JH		 3833 "${SL}WWW_ROOT", "${SL}SYS\$SCRATCH",
3834 "C:${SL}system${SL}temp");
188ba755 3835 unshift(@TEMP,$ENV{'TMPDIR'}) if defined $ENV{'TMPDIR'};
3538e1d5 3836
3d1a2ec4
GS		 3837 # this feature was supposed to provide per-user tmpfiles, but
3838 # it is problematic.
3538e1d5
GS		 3839 # unshift(@TEMP,(getpwuid($<))[7].'/tmp') if $CGI::OS eq 'UNIX';
3840 # Rob: getpwuid() is unfortunately UNIX specific. On brain dead OS'es this
3841 # : can generate a 'getpwuid() not implemented' exception, even though
3842 # : it's never called. Found under DOS/Win with the DJGPP perl port.
3843 # : Refer to getpwuid() only at run-time if we're fortunate and have UNIX.
3d1a2ec4 3844 # unshift(@TEMP,(eval {(getpwuid($>))[7]}).'/tmp') if $CGI::OS eq 'UNIX' and $> != 0;
3538e1d5 3845
54310121 3846 foreach (@TEMP) {
cff99809 3847 do {$TMPDIRECTORY = $_; last} if -d $_ && -w _;
54310121 3848 }
cff99809
JH		 3849 }
3850 $TMPDIRECTORY = $MAC ? "" : "." unless $TMPDIRECTORY;
54310121 3851}
3852
cff99809
JH		 3853find_tempdir();
3854
424ec8fa 3855$MAXTRIES = 5000;
54310121 3856
3857# cute feature, but overload implementation broke it
3858# %OVERLOAD = ('""'=>'as_string');
ac734d8b 3859*CGITempFile::AUTOLOAD = \&CGI::AUTOLOAD;
54310121 3860
2371fea9
JH		 3861sub DESTROY {
3862 my($self) = @_;
188ba755
JH		 3863 $$self =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return;
3864 my $safe = $1; # untaint operation
3865 unlink $safe; # get rid of the file
2371fea9
JH		 3866}
3867
54310121 3868###############################################################################
3869################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
3870###############################################################################
3871$AUTOLOADED_ROUTINES = ''; # prevent -w error
3872$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3873%SUBS = (
3874
3875'new' => <<'END_OF_FUNC',
3876sub new {
3538e1d5
GS		 3877 my($package,$sequence) = @_;
3878 my $filename;
cff99809 3879 find_tempdir() unless -w $TMPDIRECTORY;
3538e1d5
GS		 3880 for (my $i = 0; $i < $MAXTRIES; $i++) {
3881 last if ! -f ($filename = sprintf("${TMPDIRECTORY}${SL}CGItemp%d",$sequence++));
424ec8fa 3882 }
188ba755
JH		 3883 # check that it is a more-or-less valid filename
3884 return unless $filename =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$!;
3885 # this used to untaint, now it doesn't
3886 # $filename = $1;
3538e1d5 3887 return bless \$filename;
54310121 3888}
3889END_OF_FUNC
3890
54310121 3891'as_string' => <<'END_OF_FUNC'
3892sub as_string {
3893 my($self) = @_;
3894 return $$self;
3895}
3896END_OF_FUNC
3897
3898);
3899END_OF_AUTOLOAD
3900
3901package CGI;
3902
3903# We get a whole bunch of warnings about "possibly uninitialized variables"
3904# when running with the -w switch. Touch them all once to get rid of the
3905# warnings. This is ugly and I hate it.
3906if ($^W) {
3907 $CGI::CGI = '';
3908 $CGI::CGI=<<EOF;
3909 $CGI::VERSION;
3910 $MultipartBuffer::SPIN_LOOP_MAX;
3911 $MultipartBuffer::CRLF;
3912 $MultipartBuffer::TIMEOUT;
424ec8fa 3913 $MultipartBuffer::INITIAL_FILLUNIT;
54310121 3914EOF
3915 ;
3916}
3917
424ec8fa 39181;
54310121 3919
3920__END__
3921
3922=head1 NAME
3923
3924CGI - Simple Common Gateway Interface Class
3925
dc848c6f 3926=head1 SYNOPSIS
3927
424ec8fa
GS		 3928 # CGI script that creates a fill-out form
3929 # and echoes back its values.
3930
3931 use CGI qw/:standard/;
3932 print header,
3933 start_html('A Simple Example'),
3934 h1('A Simple Example'),
3935 start_form,
3936 "What's your name? ",textfield('name'),p,
3937 "What's the combination?", p,
3938 checkbox_group(-name=>'words',
3939 -values=>['eenie','meenie','minie','moe'],
3940 -defaults=>['eenie','minie']), p,
3941 "What's your favorite color? ",
3942 popup_menu(-name=>'color',
3943 -values=>['red','green','blue','chartreuse']),p,
3944 submit,
3945 end_form,
3946 hr;
3947
3948 if (param()) {
7dc108d1
SP		 3949 my $name = param('name');
3950 my $keywords = join ', ',param('words');
3951 my $color = param('color');
3952 print "Your name is",em(escapeHTML($name)),p,
3953 "The keywords are: ",em(escapeHTML($keywords)),p,
3954 "Your favorite color is ",em(escapeHTML($color)),
424ec8fa
GS		 3955 hr;
3956 }
dc848c6f 3957
54310121 3958=head1 ABSTRACT
3959
424ec8fa
GS		 3960This perl library uses perl5 objects to make it easy to create Web
3961fill-out forms and parse their contents. This package defines CGI
3962objects, entities that contain the values of the current query string
3963and other state variables. Using a CGI object's methods, you can
3964examine keywords and parameters passed to your script, and create
3965forms whose initial values are taken from the current query (thereby
3966preserving state information). The module provides shortcut functions
3967that produce boilerplate HTML, reducing typing and coding errors. It
3968also provides functionality for some of the more advanced features of
3969CGI scripting, including support for file uploads, cookies, cascading
3970style sheets, server push, and frames.
3971
3972CGI.pm also provides a simple function-oriented programming style for
3973those who don't need its object-oriented features.
54310121 3974
3975The current version of CGI.pm is available at
3976
3977 http://www.genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html
3978 ftp://ftp-genome.wi.mit.edu/pub/software/WWW/
3979
424ec8fa 3980=head1 DESCRIPTION
47e3cabd 3981
424ec8fa
GS		 3982=head2 PROGRAMMING STYLE
3983
3984There are two styles of programming with CGI.pm, an object-oriented
3985style and a function-oriented style. In the object-oriented style you
3986create one or more CGI objects and then use object methods to create
3987the various elements of the page. Each CGI object starts out with the
3988list of named parameters that were passed to your CGI script by the
3989server. You can modify the objects, save them to a file or database
3990and recreate them. Because each object corresponds to the "state" of
3991the CGI script, and because each object's parameter list is
3992independent of the others, this allows you to save the state of the
3993script and restore it later.
3994
f610777f 3995For example, using the object oriented style, here is how you create
424ec8fa
GS		 3996a simple "Hello World" HTML page:
3997
3538e1d5 3998 #!/usr/local/bin/perl -w
424ec8fa
GS		 3999 use CGI; # load CGI routines
4000 $q = new CGI; # create new CGI object
4001 print $q->header, # create the HTTP header
4002 $q->start_html('hello world'), # start the HTML
4003 $q->h1('hello world'), # level 1 header
4004 $q->end_html; # end the HTML
4005
4006In the function-oriented style, there is one default CGI object that
4007you rarely deal with directly. Instead you just call functions to
4008retrieve CGI parameters, create HTML tags, manage cookies, and so
4009on. This provides you with a cleaner programming interface, but
4010limits you to using one CGI object at a time. The following example
4011prints the same page, but uses the function-oriented interface.
4012The main differences are that we now need to import a set of functions
4013into our name space (usually the "standard" functions), and we don't
4014need to create the CGI object.
4015
71f3e297 4016 #!/usr/local/bin/perl
424ec8fa
GS		 4017 use CGI qw/:standard/; # load standard CGI routines
4018 print header, # create the HTTP header
4019 start_html('hello world'), # start the HTML
4020 h1('hello world'), # level 1 header
4021 end_html; # end the HTML
4022
4023The examples in this document mainly use the object-oriented style.
4024See HOW TO IMPORT FUNCTIONS for important information on
4025function-oriented programming in CGI.pm
4026
4027=head2 CALLING CGI.PM ROUTINES
4028
4029Most CGI.pm routines accept several arguments, sometimes as many as 20
4030optional ones! To simplify this interface, all routines use a named
4031argument calling style that looks like this:
4032
4033 print $q->header(-type=>'image/gif',-expires=>'+3d');
4034
4035Each argument name is preceded by a dash. Neither case nor order
4036matters in the argument list. -type, -Type, and -TYPE are all
4037acceptable. In fact, only the first argument needs to begin with a
4038dash. If a dash is present in the first argument, CGI.pm assumes
4039dashes for the subsequent ones.
4040
424ec8fa
GS		 4041Several routines are commonly called with just one argument. In the
4042case of these routines you can provide the single argument without an
4043argument name. header() happens to be one of these routines. In this
4044case, the single argument is the document type.
4045
4046 print $q->header('text/html');
4047
4048Other such routines are documented below.
4049
4050Sometimes named arguments expect a scalar, sometimes a reference to an
4051array, and sometimes a reference to a hash. Often, you can pass any
4052type of argument and the routine will do whatever is most appropriate.
4053For example, the param() routine is used to set a CGI parameter to a
4054single or a multi-valued value. The two cases are shown below:
4055
4056 $q->param(-name=>'veggie',-value=>'tomato');
3d1a2ec4 4057 $q->param(-name=>'veggie',-value=>['tomato','tomahto','potato','potahto']);
424ec8fa
GS		 4058
4059A large number of routines in CGI.pm actually aren't specifically
4060defined in the module, but are generated automatically as needed.
4061These are the "HTML shortcuts," routines that generate HTML tags for
4062use in dynamically-generated pages. HTML tags have both attributes
4063(the attribute="value" pairs within the tag itself) and contents (the
4064part between the opening and closing pairs.) To distinguish between
4065attributes and contents, CGI.pm uses the convention of passing HTML
4066attributes as a hash reference as the first argument, and the
4067contents, if any, as any subsequent arguments. It works out like
4068this:
4069
4070 Code Generated HTML
4071 ---- --------------
3acbd4f5
JH		 4072 h1() <h1>
4073 h1('some','contents'); <h1>some contents</h1>
188ba755
JH		 4074 h1({-align=>left}); <h1 align="LEFT">
4075 h1({-align=>left},'contents'); <h1 align="LEFT">contents</h1>
424ec8fa 4076
188ba755 4077HTML tags are described in more detail later.
424ec8fa
GS		 4078
4079Many newcomers to CGI.pm are puzzled by the difference between the
4080calling conventions for the HTML shortcuts, which require curly braces
4081around the HTML tag attributes, and the calling conventions for other
4082routines, which manage to generate attributes without the curly
4083brackets. Don't be confused. As a convenience the curly braces are
4084optional in all but the HTML shortcuts. If you like, you can use
4085curly braces when calling any routine that takes named arguments. For
4086example:
4087
4088 print $q->header( {-type=>'image/gif',-expires=>'+3d'} );
4089
4090If you use the B<-w> switch, you will be warned that some CGI.pm argument
4091names conflict with built-in Perl functions. The most frequent of
4092these is the -values argument, used to create multi-valued menus,
4093radio button clusters and the like. To get around this warning, you
4094have several choices:
54310121 4095
424ec8fa 4096=over 4
54310121 4097
551e1d92
RB		 4098=item 1.
4099
4100Use another name for the argument, if one is available.
4101For example, -value is an alias for -values.
54310121 4102
551e1d92 4103=item 2.
54310121 4104
551e1d92
RB		 4105Change the capitalization, e.g. -Values
4106
4107=item 3.
4108
4109Put quotes around the argument name, e.g. '-values'
54310121 4110
424ec8fa 4111=back
54310121 4112
424ec8fa
GS		 4113Many routines will do something useful with a named argument that it
4114doesn't recognize. For example, you can produce non-standard HTTP
4115header fields by providing them as named arguments:
54310121 4116
424ec8fa
GS		 4117 print $q->header(-type => 'text/html',
4118 -cost => 'Three smackers',
4119 -annoyance_level => 'high',
4120 -complaints_to => 'bit bucket');
54310121 4121
424ec8fa
GS		 4122This will produce the following nonstandard HTTP header:
4123
4124 HTTP/1.0 200 OK
4125 Cost: Three smackers
4126 Annoyance-level: high
4127 Complaints-to: bit bucket
4128 Content-type: text/html
4129
4130Notice the way that underscores are translated automatically into
4131hyphens. HTML-generating routines perform a different type of
4132translation.
4133
4134This feature allows you to keep up with the rapidly changing HTTP and
4135HTML "standards".
54310121 4136
424ec8fa 4137=head2 CREATING A NEW QUERY OBJECT (OBJECT-ORIENTED STYLE):
54310121 4138
4139 $query = new CGI;
4140
4141This will parse the input (from both POST and GET methods) and store
4142it into a perl5 object called $query.
4143
4144=head2 CREATING A NEW QUERY OBJECT FROM AN INPUT FILE
4145
4146 $query = new CGI(INPUTFILE);
4147
424ec8fa
GS		 4148If you provide a file handle to the new() method, it will read
4149parameters from the file (or STDIN, or whatever). The file can be in
4150any of the forms describing below under debugging (i.e. a series of
4151newline delimited TAG=VALUE pairs will work). Conveniently, this type
4152of file is created by the save() method (see below). Multiple records
4153can be saved and restored.
54310121 4154
4155Perl purists will be pleased to know that this syntax accepts
4156references to file handles, or even references to filehandle globs,
4157which is the "official" way to pass a filehandle:
4158
4159 $query = new CGI(\*STDIN);
4160
424ec8fa
GS		 4161You can also initialize the CGI object with a FileHandle or IO::File
4162object.
4163
4164If you are using the function-oriented interface and want to
4165initialize CGI state from a file handle, the way to do this is with
4166B<restore_parameters()>. This will (re)initialize the
4167default CGI object from the indicated file handle.
4168
4169 open (IN,"test.in") || die;
4170 restore_parameters(IN);
4171 close IN;
4172
54310121 4173You can also initialize the query object from an associative array
4174reference:
4175
4176 $query = new CGI( {'dinosaur'=>'barney',
4177 'song'=>'I love you',
4178 'friends'=>[qw/Jessica George Nancy/]}
4179 );
4180
4181or from a properly formatted, URL-escaped query string:
4182
4183 $query = new CGI('dinosaur=barney&color=purple');
4184
424ec8fa
GS		 4185or from a previously existing CGI object (currently this clones the
4186parameter list, but none of the other object-specific fields, such as
4187autoescaping):
4188
4189 $old_query = new CGI;
4190 $new_query = new CGI($old_query);
4191
54310121 4192To create an empty query, initialize it from an empty string or hash:
4193
424ec8fa
GS		 4194 $empty_query = new CGI("");
4195
4196 -or-
4197
4198 $empty_query = new CGI({});
54310121 4199
4200=head2 FETCHING A LIST OF KEYWORDS FROM THE QUERY:
4201
4202 @keywords = $query->keywords
4203
4204If the script was invoked as the result of an <ISINDEX> search, the
4205parsed keywords can be obtained as an array using the keywords() method.
4206
4207=head2 FETCHING THE NAMES OF ALL THE PARAMETERS PASSED TO YOUR SCRIPT:
4208
4209 @names = $query->param
4210
4211If the script was invoked with a parameter list
3d1a2ec4
GS		 4212(e.g. "name1=value1&name2=value2&name3=value3"), the param() method
4213will return the parameter names as a list. If the script was invoked
4214as an <ISINDEX> script and contains a string without ampersands
4215(e.g. "value1+value2+value3") , there will be a single parameter named
4216"keywords" containing the "+"-delimited keywords.
54310121 4217
4218NOTE: As of version 1.5, the array of parameter names returned will
4219be in the same order as they were submitted by the browser.
4220Usually this order is the same as the order in which the
4221parameters are defined in the form (however, this isn't part
4222of the spec, and so isn't guaranteed).
4223
4224=head2 FETCHING THE VALUE OR VALUES OF A SINGLE NAMED PARAMETER:
4225
4226 @values = $query->param('foo');
4227
4228 -or-
4229
4230 $value = $query->param('foo');
4231
4232Pass the param() method a single argument to fetch the value of the
4233named parameter. If the parameter is multivalued (e.g. from multiple
4234selections in a scrolling list), you can ask to receive an array. Otherwise
4235the method will return a single value.
4236
3d1a2ec4
GS		 4237If a value is not given in the query string, as in the queries
4238"name1=&name2=" or "name1&name2", it will be returned as an empty
4239string. This feature is new in 2.63.
4240
8f3ccfa2
JH		 4241
4242If the parameter does not exist at all, then param() will return undef
4243in a scalar context, and the empty list in a list context.
4244
4245
54310121 4246=head2 SETTING THE VALUE(S) OF A NAMED PARAMETER:
4247
4248 $query->param('foo','an','array','of','values');
4249
4250This sets the value for the named parameter 'foo' to an array of
4251values. This is one way to change the value of a field AFTER
4252the script has been invoked once before. (Another way is with
4253the -override parameter accepted by all methods that generate
4254form elements.)
4255
4256param() also recognizes a named parameter style of calling described
4257in more detail later:
4258
4259 $query->param(-name=>'foo',-values=>['an','array','of','values']);
4260
4261 -or-
4262
4263 $query->param(-name=>'foo',-value=>'the value');
4264
4265=head2 APPENDING ADDITIONAL VALUES TO A NAMED PARAMETER:
4266
424ec8fa 4267 $query->append(-name=>'foo',-values=>['yet','more','values']);
54310121 4268
4269This adds a value or list of values to the named parameter. The
4270values are appended to the end of the parameter if it already exists.
4271Otherwise the parameter is created. Note that this method only
4272recognizes the named argument calling syntax.
4273
4274=head2 IMPORTING ALL PARAMETERS INTO A NAMESPACE:
4275
4276 $query->import_names('R');
4277
4278This creates a series of variables in the 'R' namespace. For example,
4279$R::foo, @R:foo. For keyword lists, a variable @R::keywords will appear.
4280If no namespace is given, this method will assume 'Q'.
4281WARNING: don't import anything into 'main'; this is a major security
4282risk!!!!
4283
8f3ccfa2
JH		 4284NOTE 1: Variable names are transformed as necessary into legal Perl
4285variable names. All non-legal characters are transformed into
4286underscores. If you need to keep the original names, you should use
4287the param() method instead to access CGI variables by name.
4288
4289NOTE 2: In older versions, this method was called B<import()>. As of version 2.20,
54310121 4290this name has been removed completely to avoid conflict with the built-in
4291Perl module B<import> operator.
4292
4293=head2 DELETING A PARAMETER COMPLETELY:
4294
188ba755 4295 $query->delete('foo','bar','baz');
54310121 4296
188ba755
JH		 4297This completely clears a list of parameters. It sometimes useful for
4298resetting parameters that you don't want passed down between script
4299invocations.
54310121 4300
424ec8fa
GS		 4301If you are using the function call interface, use "Delete()" instead
4302to avoid conflicts with Perl's built-in delete operator.
4303
54310121 4304=head2 DELETING ALL PARAMETERS:
4305
424ec8fa 4306 $query->delete_all();
54310121 4307
4308This clears the CGI object completely. It might be useful to ensure
4309that all the defaults are taken when you create a fill-out form.
4310
424ec8fa
GS		 4311Use Delete_all() instead if you are using the function call interface.
4312
0a9bdad4
SP		 4313=head2 HANDLING NON-URLENCODED ARGUMENTS
4314
4315
4316If POSTed data is not of type application/x-www-form-urlencoded or
4317multipart/form-data, then the POSTed data will not be processed, but
4318instead be returned as-is in a parameter named POSTDATA. To retrieve
4319it, use code like this:
4320
4321 my $data = $query->param('POSTDATA');
4322
4323(If you don't know what the preceding means, don't worry about it. It
4324only affects people trying to use CGI for XML processing and other
4325specialized tasks.)
4326
4327
424ec8fa
GS		 4328=head2 DIRECT ACCESS TO THE PARAMETER LIST:
4329
4330 $q->param_fetch('address')->[1] = '1313 Mockingbird Lane';
4331 unshift @{$q->param_fetch(-name=>'address')},'George Munster';
4332
4333If you need access to the parameter list in a way that isn't covered
4334by the methods above, you can obtain a direct reference to it by
4335calling the B<param_fetch()> method with the name of the . This
4336will return an array reference to the named parameters, which you then
4337can manipulate in any way you like.
4338
4339You can also use a named argument style using the B<-name> argument.
4340
3538e1d5
GS		 4341=head2 FETCHING THE PARAMETER LIST AS A HASH:
4342
4343 $params = $q->Vars;
4344 print $params->{'address'};
4345 @foo = split("\0",$params->{'foo'});
4346 %params = $q->Vars;
4347
4348 use CGI ':cgi-lib';
4349 $params = Vars;
4350
4351Many people want to fetch the entire parameter list as a hash in which
4352the keys are the names of the CGI parameters, and the values are the
4353parameters' values. The Vars() method does this. Called in a scalar
4354context, it returns the parameter list as a tied hash reference.
4355Changing a key changes the value of the parameter in the underlying
a3b3a725 4356CGI parameter list. Called in a list context, it returns the
3538e1d5
GS		 4357parameter list as an ordinary hash. This allows you to read the
4358contents of the parameter list, but not to change it.
4359
4360When using this, the thing you must watch out for are multivalued CGI
4361parameters. Because a hash cannot distinguish between scalar and
a3b3a725 4362list context, multivalued parameters will be returned as a packed
3538e1d5
GS		 4363string, separated by the "\0" (null) character. You must split this
4364packed string in order to get at the individual values. This is the
4365convention introduced long ago by Steve Brenner in his cgi-lib.pl
4366module for Perl version 4.
4367
4368If you wish to use Vars() as a function, import the I<:cgi-lib> set of
4369function calls (also see the section on CGI-LIB compatibility).
4370
424ec8fa 4371=head2 SAVING THE STATE OF THE SCRIPT TO A FILE:
54310121 4372
29ddc2a4 4373 $query->save(\*FILEHANDLE)
54310121 4374
4375This will write the current state of the form to the provided
4376filehandle. You can read it back in by providing a filehandle
4377to the new() method. Note that the filehandle can be a file, a pipe,
4378or whatever!
4379
4380The format of the saved file is:
4381
4382 NAME1=VALUE1
4383 NAME1=VALUE1'
4384 NAME2=VALUE2
4385 NAME3=VALUE3
4386 =
4387
4388Both name and value are URL escaped. Multi-valued CGI parameters are
4389represented as repeated names. A session record is delimited by a
4390single = symbol. You can write out multiple records and read them
4391back in with several calls to B<new>. You can do this across several
4392sessions by opening the file in append mode, allowing you to create
4393primitive guest books, or to keep a history of users' queries. Here's
4394a short example of creating multiple session records:
4395
4396 use CGI;
4397
4398 open (OUT,">>test.out") || die;
4399 $records = 5;
4400 foreach (0..$records) {
4401 my $q = new CGI;
4402 $q->param(-name=>'counter',-value=>$_);
29ddc2a4 4403 $q->save(\*OUT);
54310121 4404 }
4405 close OUT;
4406
4407 # reopen for reading
4408 open (IN,"test.out") || die;
4409 while (!eof(IN)) {
29ddc2a4 4410 my $q = new CGI(\*IN);
54310121 4411 print $q->param('counter'),"\n";
4412 }
4413
4414The file format used for save/restore is identical to that used by the
4415Whitehead Genome Center's data exchange format "Boulderio", and can be
4416manipulated and even databased using Boulderio utilities. See
3cb6de81 4417
3538e1d5 4418 http://stein.cshl.org/boulder/
54310121 4419
4420for further details.
4421
424ec8fa
GS		 4422If you wish to use this method from the function-oriented (non-OO)
4423interface, the exported name for this method is B<save_parameters()>.
54310121 4424
3538e1d5
GS		 4425=head2 RETRIEVING CGI ERRORS
4426
4427Errors can occur while processing user input, particularly when
4428processing uploaded files. When these errors occur, CGI will stop
4429processing and return an empty parameter list. You can test for
4430the existence and nature of errors using the I<cgi_error()> function.
4431The error messages are formatted as HTTP status codes. You can either
4432incorporate the error text into an HTML page, or use it as the value
4433of the HTTP status:
4434
4435 my $error = $q->cgi_error;
4436 if ($error) {
4437 print $q->header(-status=>$error),
4438 $q->start_html('Problems'),
4439 $q->h2('Request not processed'),
4440 $q->strong($error);
4441 exit 0;
4442 }
4443
4444When using the function-oriented interface (see the next section),
4445errors may only occur the first time you call I<param()>. Be ready
4446for this!
4447
424ec8fa 4448=head2 USING THE FUNCTION-ORIENTED INTERFACE
54310121 4449
424ec8fa
GS		 4450To use the function-oriented interface, you must specify which CGI.pm
4451routines or sets of routines to import into your script's namespace.
4452There is a small overhead associated with this importation, but it
4453isn't much.
54310121 4454
424ec8fa 4455 use CGI <list of methods>;
54310121 4456
424ec8fa
GS		 4457The listed methods will be imported into the current package; you can
4458call them directly without creating a CGI object first. This example
4459shows how to import the B<param()> and B<header()>
4460methods, and then use them directly:
54310121 4461
424ec8fa
GS		 4462 use CGI 'param','header';
4463 print header('text/plain');
4464 $zipcode = param('zipcode');
54310121 4465
424ec8fa 4466More frequently, you'll import common sets of functions by referring
f610777f 4467to the groups by name. All function sets are preceded with a ":"
424ec8fa 4468character as in ":html3" (for tags defined in the HTML 3 standard).
54310121 4469
424ec8fa 4470Here is a list of the function sets you can import:
54310121 4471
424ec8fa 4472=over 4
54310121 4473
424ec8fa 4474=item B<:cgi>
54310121 4475
424ec8fa
GS		 4476Import all CGI-handling methods, such as B<param()>, B<path_info()>
4477and the like.
54310121 4478
424ec8fa 4479=item B<:form>
54310121 4480
424ec8fa 4481Import all fill-out form generating methods, such as B<textfield()>.
54310121 4482
424ec8fa 4483=item B<:html2>
54310121 4484
424ec8fa 4485Import all methods that generate HTML 2.0 standard elements.
54310121 4486
424ec8fa 4487=item B<:html3>
54310121 4488
3acbd4f5 4489Import all methods that generate HTML 3.0 elements (such as
424ec8fa 4490<table>, <super> and <sub>).
54310121 4491
3acbd4f5
JH		 4492=item B<:html4>
4493
4494Import all methods that generate HTML 4 elements (such as
4495<abbrev>, <acronym> and <thead>).
4496
424ec8fa 4497=item B<:netscape>
54310121 4498
424ec8fa 4499Import all methods that generate Netscape-specific HTML extensions.
54310121 4500
424ec8fa 4501=item B<:html>
54310121 4502
424ec8fa
GS		 4503Import all HTML-generating shortcuts (i.e. 'html2' + 'html3' +
4504'netscape')...
54310121 4505
424ec8fa 4506=item B<:standard>
54310121 4507
3acbd4f5 4508Import "standard" features, 'html2', 'html3', 'html4', 'form' and 'cgi'.
54310121 4509
424ec8fa 4510=item B<:all>
54310121 4511
424ec8fa 4512Import all the available methods. For the full list, see the CGI.pm
3538e1d5 4513code, where the variable %EXPORT_TAGS is defined.
424ec8fa
GS		 4514
4515=back
4516
4517If you import a function name that is not part of CGI.pm, the module
4518will treat it as a new HTML tag and generate the appropriate
4519subroutine. You can then use it like any other HTML tag. This is to
4520provide for the rapidly-evolving HTML "standard." For example, say
3acbd4f5 4521Microsoft comes out with a new tag called <gradient> (which causes the
424ec8fa
GS		 4522user's desktop to be flooded with a rotating gradient fill until his
4523machine reboots). You don't need to wait for a new version of CGI.pm
d23a249d 4524to start using it immediately:
424ec8fa
GS		 4525
4526 use CGI qw/:standard :html3 gradient/;
4527 print gradient({-start=>'red',-end=>'blue'});
4528
4529Note that in the interests of execution speed CGI.pm does B<not> use
4530the standard L<Exporter> syntax for specifying load symbols. This may
4531change in the future.
4532
4533If you import any of the state-maintaining CGI or form-generating
4534methods, a default CGI object will be created and initialized
4535automatically the first time you use any of the methods that require
4536one to be present. This includes B<param()>, B<textfield()>,
4537B<submit()> and the like. (If you need direct access to the CGI
4538object, you can find it in the global variable B<$CGI::Q>). By
4539importing CGI.pm methods, you can create visually elegant scripts:
4540
4541 use CGI qw/:standard/;
4542 print
4543 header,
4544 start_html('Simple Script'),
4545 h1('Simple Script'),
4546 start_form,
4547 "What's your name? ",textfield('name'),p,
4548 "What's the combination?",
4549 checkbox_group(-name=>'words',
4550 -values=>['eenie','meenie','minie','moe'],
4551 -defaults=>['eenie','moe']),p,
4552 "What's your favorite color?",
4553 popup_menu(-name=>'color',
4554 -values=>['red','green','blue','chartreuse']),p,
4555 submit,
4556 end_form,
4557 hr,"\n";
4558
4559 if (param) {
4560 print
4561 "Your name is ",em(param('name')),p,
4562 "The keywords are: ",em(join(", ",param('words'))),p,
4563 "Your favorite color is ",em(param('color')),".\n";
4564 }
4565 print end_html;
4566
4567=head2 PRAGMAS
4568
4569In addition to the function sets, there are a number of pragmas that
4570you can import. Pragmas, which are always preceded by a hyphen,
4571change the way that CGI.pm functions in various ways. Pragmas,
4572function sets, and individual functions can all be imported in the
4573same use() line. For example, the following use statement imports the
3d1a2ec4
GS		 4574standard set of functions and enables debugging mode (pragma
4575-debug):
424ec8fa 4576
3d1a2ec4 4577 use CGI qw/:standard -debug/;
424ec8fa
GS		 4578
4579The current list of pragmas is as follows:
4580
4581=over 4
4582
4583=item -any
4584
4585When you I<use CGI -any>, then any method that the query object
4586doesn't recognize will be interpreted as a new HTML tag. This allows
4587you to support the next I<ad hoc> Netscape or Microsoft HTML
4588extension. This lets you go wild with new and unsupported tags:
4589
4590 use CGI qw(-any);
4591 $q=new CGI;
4592 print $q->gradient({speed=>'fast',start=>'red',end=>'blue'});
4593
4594Since using <cite>any</cite> causes any mistyped method name
4595to be interpreted as an HTML tag, use it with care or not at
4596all.
54310121 4597
424ec8fa 4598=item -compile
54310121 4599
424ec8fa
GS		 4600This causes the indicated autoloaded methods to be compiled up front,
4601rather than deferred to later. This is useful for scripts that run
4602for an extended period of time under FastCGI or mod_perl, and for
4603those destined to be crunched by Malcom Beattie's Perl compiler. Use
f610777f 4604it in conjunction with the methods or method families you plan to use.
424ec8fa
GS		 4605
4606 use CGI qw(-compile :standard :html3);
4607
4608or even
4609
4610 use CGI qw(-compile :all);
4611
4612Note that using the -compile pragma in this way will always have
4613the effect of importing the compiled functions into the current
4614namespace. If you want to compile without importing use the
188ba755
JH		 4615compile() method instead:
4616
4617 use CGI();
4618 CGI->compile();
4619
4620This is particularly useful in a mod_perl environment, in which you
4621might want to precompile all CGI routines in a startup script, and
4622then import the functions individually in each mod_perl script.
424ec8fa 4623
3d1a2ec4
GS		 4624=item -nosticky
4625
29ddc2a4
RGS		 4626By default the CGI module implements a state-preserving behavior
4627called "sticky" fields. The way this works is that if you are
4628regenerating a form, the methods that generate the form field values
4629will interrogate param() to see if similarly-named parameters are
4630present in the query string. If they find a like-named parameter, they
4631will use it to set their default values.
4632
4633Sometimes this isn't what you want. The B<-nosticky> pragma prevents
4634this behavior. You can also selectively change the sticky behavior in
4635each element that you generate.
3d1a2ec4 4636
0a9bdad4
SP		 4637=item -tabindex
4638
4639Automatically add tab index attributes to each form field. With this
4640option turned off, you can still add tab indexes manually by passing a
4641-tabindex option to each field-generating method.
4642
199d4a26
JH		 4643=item -no_undef_params
4644
4645This keeps CGI.pm from including undef params in the parameter list.
4646
6b4ac661
JH		 4647=item -no_xhtml
4648
4649By default, CGI.pm versions 2.69 and higher emit XHTML
4650(http://www.w3.org/TR/xhtml1/). The -no_xhtml pragma disables this
4651feature. Thanks to Michalis Kabrianis <kabrianis@hellug.gr> for this
4652feature.
4653
13548fdf
RGS		 4654If start_html()'s -dtd parameter specifies an HTML 2.0 or 3.2 DTD,
4655XHTML will automatically be disabled without needing to use this
4656pragma.
4657
424ec8fa
GS		 4658=item -nph
4659
4660This makes CGI.pm produce a header appropriate for an NPH (no
4661parsed header) script. You may need to do other things as well
4662to tell the server that the script is NPH. See the discussion
4663of NPH scripts below.
4664
71f3e297
JH		 4665=item -newstyle_urls
4666
4667Separate the name=value pairs in CGI parameter query strings with
4668semicolons rather than ampersands. For example:
4669
4670 ?name=fred;age=24;favorite_color=3
4671
4672Semicolon-delimited query strings are always accepted, but will not be
4673emitted by self_url() and query_string() unless the -newstyle_urls
4674pragma is specified.
4675
3d1a2ec4
GS		 4676This became the default in version 2.64.
4677
4678=item -oldstyle_urls
4679
4680Separate the name=value pairs in CGI parameter query strings with
4681ampersands rather than semicolons. This is no longer the default.
4682
424ec8fa
GS		 4683=item -autoload
4684
4685This overrides the autoloader so that any function in your program
4686that is not recognized is referred to CGI.pm for possible evaluation.
4687This allows you to use all the CGI.pm functions without adding them to
4688your symbol table, which is of concern for mod_perl users who are
4689worried about memory consumption. I<Warning:> when
4690I<-autoload> is in effect, you cannot use "poetry mode"
4691(functions without the parenthesis). Use I<hr()> rather
4692than I<hr>, or add something like I<use subs qw/hr p header/>
4693to the top of your script.
4694
4695=item -no_debug
4696
4697This turns off the command-line processing features. If you want to
4698run a CGI.pm script from the command line to produce HTML, and you
3d1a2ec4
GS		 4699don't want it to read CGI parameters from the command line or STDIN,
4700then use this pragma:
424ec8fa
GS		 4701
4702 use CGI qw(-no_debug :standard);
4703
3d1a2ec4 4704=item -debug
424ec8fa 4705
3d1a2ec4
GS		 4706This turns on full debugging. In addition to reading CGI arguments
4707from the command-line processing, CGI.pm will pause and try to read
4708arguments from STDIN, producing the message "(offline mode: enter
4709name=value pairs on standard input)" features.
3cb6de81 4710
424ec8fa
GS		 4711See the section on debugging for more details.
4712
4713=item -private_tempfiles
4714
3538e1d5
GS		 4715CGI.pm can process uploaded file. Ordinarily it spools the uploaded
4716file to a temporary directory, then deletes the file when done.
4717However, this opens the risk of eavesdropping as described in the file
4718upload section. Another CGI script author could peek at this data
4719during the upload, even if it is confidential information. On Unix
4720systems, the -private_tempfiles pragma will cause the temporary file
4721to be unlinked as soon as it is opened and before any data is written
4722into it, reducing, but not eliminating the risk of eavesdropping
4723(there is still a potential race condition). To make life harder for
4724the attacker, the program chooses tempfile names by calculating a 32
4725bit checksum of the incoming HTTP headers.
4726
4727To ensure that the temporary file cannot be read by other CGI scripts,
4728use suEXEC or a CGI wrapper program to run your script. The temporary
4729file is created with mode 0600 (neither world nor group readable).
4730
4731The temporary directory is selected using the following algorithm:
4732
4733 1. if the current user (e.g. "nobody") has a directory named
4734 "tmp" in its home directory, use that (Unix systems only).
4735
4736 2. if the environment variable TMPDIR exists, use the location
4737 indicated.
4738
4739 3. Otherwise try the locations /usr/tmp, /var/tmp, C:\temp,
4740 /tmp, /temp, ::Temporary Items, and \WWW_ROOT.
4741
4742Each of these locations is checked that it is a directory and is
4743writable. If not, the algorithm tries the next choice.
71f3e297
JH		 4744
4745=back
4746
4747=head2 SPECIAL FORMS FOR IMPORTING HTML-TAG FUNCTIONS
4748
4749Many of the methods generate HTML tags. As described below, tag
4750functions automatically generate both the opening and closing tags.
4751For example:
4752
4753 print h1('Level 1 Header');
4754
4755produces
4756
3acbd4f5 4757 <h1>Level 1 Header</h1>
71f3e297
JH		 4758
4759There will be some times when you want to produce the start and end
4760tags yourself. In this case, you can use the form start_I<tag_name>
4761and end_I<tag_name>, as in:
4762
4763 print start_h1,'Level 1 Header',end_h1;
4764
4765With a few exceptions (described below), start_I<tag_name> and
4766end_I<tag_name> functions are not generated automatically when you
4767I<use CGI>. However, you can specify the tags you want to generate
4768I<start/end> functions for by putting an asterisk in front of their
4769name, or, alternatively, requesting either "start_I<tag_name>" or
4770"end_I<tag_name>" in the import list.
4771
4772Example:
4773
4774 use CGI qw/:standard *table start_ul/;
4775
4776In this example, the following functions are generated in addition to
4777the standard ones:
4778
4779=over 4
4780
3acbd4f5 4781=item 1. start_table() (generates a <table> tag)
71f3e297 4782
3acbd4f5 4783=item 2. end_table() (generates a </table> tag)
71f3e297 4784
3acbd4f5 4785=item 3. start_ul() (generates a <ul> tag)
71f3e297 4786
3acbd4f5 4787=item 4. end_ul() (generates a </ul> tag)
71f3e297 4788
424ec8fa
GS		 4789=back
4790
4791=head1 GENERATING DYNAMIC DOCUMENTS
4792
4793Most of CGI.pm's functions deal with creating documents on the fly.
4794Generally you will produce the HTTP header first, followed by the
4795document itself. CGI.pm provides functions for generating HTTP
4796headers of various types as well as for generating HTML. For creating
4797GIF images, see the GD.pm module.
4798
4799Each of these functions produces a fragment of HTML or HTTP which you
4800can print out directly so that it displays in the browser window,
4801append to a string, or save to a file for later use.
4802
4803=head2 CREATING A STANDARD HTTP HEADER:
4804
4805Normally the first thing you will do in any CGI script is print out an
4806HTTP header. This tells the browser what type of document to expect,
4807and gives other optional information, such as the language, expiration
4808date, and whether to cache the document. The header can also be
4809manipulated for special purposes, such as server push and pay per view
4810pages.
54310121 4811
29ddc2a4 4812 print header;
54310121 4813
4814 -or-
4815
29ddc2a4 4816 print header('image/gif');
54310121 4817
4818 -or-
4819
29ddc2a4 4820 print header('text/html','204 No response');
54310121 4821
4822 -or-
4823
29ddc2a4 4824 print header(-type=>'image/gif',
54310121 4825 -nph=>1,
4826 -status=>'402 Payment required',
4827 -expires=>'+3d',
4828 -cookie=>$cookie,
3d1a2ec4 4829 -charset=>'utf-7',
6b4ac661 4830 -attachment=>'foo.gif',
54310121 4831 -Cost=>'$2.00');
4832
4833header() returns the Content-type: header. You can provide your own
4834MIME type if you choose, otherwise it defaults to text/html. An
4835optional second parameter specifies the status code and a human-readable
4836message. For example, you can specify 204, "No response" to create a
424ec8fa 4837script that tells the browser to do nothing at all.
54310121 4838
4839The last example shows the named argument style for passing arguments
4840to the CGI methods using named parameters. Recognized parameters are
424ec8fa 4841B<-type>, B<-status>, B<-expires>, and B<-cookie>. Any other named
54310121 4842parameters will be stripped of their initial hyphens and turned into
4843header fields, allowing you to specify any HTTP header you desire.
424ec8fa
GS		 4844Internal underscores will be turned into hyphens:
4845
29ddc2a4 4846 print header(-Content_length=>3002);
54310121 4847
4848Most browsers will not cache the output from CGI scripts. Every time
4849the browser reloads the page, the script is invoked anew. You can
4850change this behavior with the B<-expires> parameter. When you specify
4851an absolute or relative expiration interval with this parameter, some
4852browsers and proxy servers will cache the script's output until the
4853indicated expiration date. The following forms are all valid for the
4854-expires field:
4855
4856 +30s 30 seconds from now
4857 +10m ten minutes from now
4858 +1h one hour from now
4859 -1d yesterday (i.e. "ASAP!")
4860 now immediately
4861 +3M in three months
4862 +10y in ten years time
424ec8fa 4863 Thursday, 25-Apr-1999 00:40:33 GMT at the indicated time & date
54310121 4864
4865The B<-cookie> parameter generates a header that tells the browser to provide
4866a "magic cookie" during all subsequent transactions with your script.
4867Netscape cookies have a special format that includes interesting attributes
4868such as expiration time. Use the cookie() method to create and retrieve
4869session cookies.
4870
4871The B<-nph> parameter, if set to a true value, will issue the correct
8f3ccfa2 4872headers to work with a NPH (no-parse-header) script. This is important
3d1a2ec4
GS		 4873to use with certain servers that expect all their scripts to be NPH.
4874
4875The B<-charset> parameter can be used to control the character set
4876sent to the browser. If not provided, defaults to ISO-8859-1. As a
4877side effect, this sets the charset() method as well.
54310121 4878
6b4ac661
JH		 4879The B<-attachment> parameter can be used to turn the page into an
4880attachment. Instead of displaying the page, some browsers will prompt
4881the user to save it to disk. The value of the argument is the
4882suggested name for the saved file. In order for this to work, you may
4883have to set the B<-type> to "application/octet-stream".
4884
8f3ccfa2
JH		 4885The B<-p3p> parameter will add a P3P tag to the outgoing header. The
4886parameter can be an arrayref or a space-delimited string of P3P tags.
4887For example:
4888
4889 print header(-p3p=>[qw(CAO DSP LAW CURa)]);
4890 print header(-p3p=>'CAO DSP LAW CURa');
4891
4892In either case, the outgoing header will be formatted as:
4893
4894 P3P: policyref="/w3c/p3p.xml" cp="CAO DSP LAW CURa"
4895
424ec8fa 4896=head2 GENERATING A REDIRECTION HEADER
54310121 4897
29ddc2a4 4898 print redirect('http://somewhere.else/in/movie/land');
54310121 4899
424ec8fa
GS		 4900Sometimes you don't want to produce a document yourself, but simply
4901redirect the browser elsewhere, perhaps choosing a URL based on the
4902time of day or the identity of the user.
4903
4904The redirect() function redirects the browser to a different URL. If
4905you use redirection like this, you should B<not> print out a header as
6b4ac661 4906well.
54310121 4907
2ed511ec
RGS		 4908You should always use full URLs (including the http: or ftp: part) in
4909redirection requests. Relative URLs will not work correctly.
54310121 4910
424ec8fa 4911You can also use named arguments:
54310121 4912
29ddc2a4 4913 print redirect(-uri=>'http://somewhere.else/in/movie/land',
13548fdf
RGS		 4914 -nph=>1,
4915 -status=>301);
54310121 4916
4917The B<-nph> parameter, if set to a true value, will issue the correct
8f3ccfa2 4918headers to work with a NPH (no-parse-header) script. This is important
58129083 4919to use with certain servers, such as Microsoft IIS, which
54310121 4920expect all their scripts to be NPH.
4921
13548fdf
RGS		 4922The B<-status> parameter will set the status of the redirect. HTTP
4923defines three different possible redirection status codes:
4924
4925 301 Moved Permanently
4926 302 Found
4927 303 See Other
4928
4929The default if not specified is 302, which means "moved temporarily."
4930You may change the status to another status code if you wish. Be
4931advised that changing the status to anything other than 301, 302 or
4932303 will probably break redirection.
4933
424ec8fa 4934=head2 CREATING THE HTML DOCUMENT HEADER
54310121 4935
29ddc2a4 4936 print start_html(-title=>'Secrets of the Pyramids',
54310121 4937 -author=>'fred@capricorn.org',
4938 -base=>'true',
4939 -target=>'_blank',
4940 -meta=>{'keywords'=>'pharaoh secret mummy',
4941 'copyright'=>'copyright 1996 King Tut'},
7d37aa8e 4942 -style=>{'src'=>'/styles/style1.css'},
54310121 4943 -BGCOLOR=>'blue');
4944
424ec8fa
GS		 4945After creating the HTTP header, most CGI scripts will start writing
4946out an HTML document. The start_html() routine creates the top of the
4947page, along with a lot of optional information that controls the
4948page's appearance and behavior.
54310121 4949
3acbd4f5 4950This method returns a canned HTML header and the opening <body> tag.
424ec8fa 4951All parameters are optional. In the named parameter form, recognized
6b4ac661
JH		 4952parameters are -title, -author, -base, -xbase, -dtd, -lang and -target
4953(see below for the explanation). Any additional parameters you
4954provide, such as the Netscape unofficial BGCOLOR attribute, are added
3acbd4f5 4955to the <body> tag. Additional parameters must be proceeded by a
6b4ac661 4956hyphen.
54310121 4957
3acbd4f5 4958The argument B<-xbase> allows you to provide an HREF for the <base> tag
54310121 4959different from the current location, as in
4960
4961 -xbase=>"http://home.mcom.com/"
4962
4963All relative links will be interpreted relative to this tag.
4964
4965The argument B<-target> allows you to provide a default target frame
3d1a2ec4
GS		 4966for all the links and fill-out forms on the page. B<This is a
4967non-standard HTTP feature which only works with Netscape browsers!>
4968See the Netscape documentation on frames for details of how to
4969manipulate this.
54310121 4970
4971 -target=>"answer_window"
4972
4973All relative links will be interpreted relative to this tag.
4974You add arbitrary meta information to the header with the B<-meta>
4975argument. This argument expects a reference to an associative array
4976containing name/value pairs of meta information. These will be turned
3acbd4f5 4977into a series of header <meta> tags that look something like this:
54310121 4978
3acbd4f5
JH		 4979 <meta name="keywords" content="pharaoh secret mummy">
4980 <meta name="description" content="copyright 1996 King Tut">
424ec8fa 4981
3acbd4f5 4982To create an HTTP-EQUIV type of <meta> tag, use B<-head>, described
6b4ac661 4983below.
424ec8fa 4984
6b4ac661
JH		 4985The B<-style> argument is used to incorporate cascading stylesheets
4986into your code. See the section on CASCADING STYLESHEETS for more
4987information.
424ec8fa 4988
6b4ac661 4989The B<-lang> argument is used to incorporate a language attribute into
13548fdf 4990the <html> tag. For example:
6b4ac661 4991
ba056755 4992 print $q->start_html(-lang=>'fr-CA');
424ec8fa 4993
13548fdf
RGS		 4994The default if not specified is "en-US" for US English, unless the
4995-dtd parameter specifies an HTML 2.0 or 3.2 DTD, in which case the
4996lang attribute is left off. You can force the lang attribute to left
4997off in other cases by passing an empty string (-lang=>'').
8f3ccfa2 4998
ac734d8b 4999The B<-encoding> argument can be used to specify the character set for
b2d0d414 5000XHTML. It defaults to iso-8859-1 if not specified.
ac734d8b 5001
29ddc2a4
RGS		 5002The B<-declare_xml> argument, when used in conjunction with XHTML,
5003will put a <?xml> declaration at the top of the HTML header. The sole
5004purpose of this declaration is to declare the character set
5005encoding. In the absence of -declare_xml, the output HTML will contain
5006a <meta> tag that specifies the encoding, allowing the HTML to pass
5007most validators. The default for -declare_xml is false.
5008
3acbd4f5
JH		 5009You can place other arbitrary HTML elements to the <head> section with the
5010B<-head> tag. For example, to place the rarely-used <link> element in the
424ec8fa
GS		 5011head section, use this:
5012
3538e1d5 5013 print start_html(-head=>Link({-rel=>'next',
6b4ac661 5014 -href=>'http://www.capricorn.com/s2.html'}));
424ec8fa 5015
3acbd4f5 5016To incorporate multiple HTML elements into the <head> section, just pass an
424ec8fa
GS		 5017array reference:
5018
3538e1d5
GS		 5019 print start_html(-head=>[
5020 Link({-rel=>'next',
5021 -href=>'http://www.capricorn.com/s2.html'}),
5022 Link({-rel=>'previous',
5023 -href=>'http://www.capricorn.com/s1.html'})
424ec8fa
GS		 5024 ]
5025 );
5026
3acbd4f5 5027And here's how to create an HTTP-EQUIV <meta> tag:
6b4ac661 5028
ba056755
JH		 5029 print start_html(-head=>meta({-http_equiv => 'Content-Type',
5030 -content => 'text/html'}))
6b4ac661
JH		 5031
5032
424ec8fa
GS		 5033JAVASCRIPTING: The B<-script>, B<-noScript>, B<-onLoad>,
5034B<-onMouseOver>, B<-onMouseOut> and B<-onUnload> parameters are used
5035to add Netscape JavaScript calls to your pages. B<-script> should
5036point to a block of text containing JavaScript function definitions.
3acbd4f5 5037This block will be placed within a <script> block inside the HTML (not
424ec8fa
GS		 5038HTTP) header. The block is placed in the header in order to give your
5039page a fighting chance of having all its JavaScript functions in place
5040even if the user presses the stop button before the page has loaded
5041completely. CGI.pm attempts to format the script in such a way that
5042JavaScript-naive browsers will not choke on the code: unfortunately
5043there are some browsers, such as Chimera for Unix, that get confused
5044by it nevertheless.
5045
5046The B<-onLoad> and B<-onUnload> parameters point to fragments of JavaScript
5047code to execute when the page is respectively opened and closed by the
5048browser. Usually these parameters are calls to functions defined in the
5049B<-script> field:
5050
5051 $query = new CGI;
29ddc2a4 5052 print header;
424ec8fa
GS		 5053 $JSCRIPT=<<END;
5054 // Ask a silly question
5055 function riddle_me_this() {
5056 var r = prompt("What walks on four legs in the morning, " +
5057 "two legs in the afternoon, " +
5058 "and three legs in the evening?");
5059 response(r);
5060 }
5061 // Get a silly answer
5062 function response(answer) {
5063 if (answer == "man")
5064 alert("Right you are!");
5065 else
5066 alert("Wrong! Guess again.");
5067 }
5068 END
29ddc2a4 5069 print start_html(-title=>'The Riddle of the Sphinx',
424ec8fa
GS		 5070 -script=>$JSCRIPT);
5071
5072Use the B<-noScript> parameter to pass some HTML text that will be displayed on
5073browsers that do not have JavaScript (or browsers where JavaScript is turned
5074off).
5075
3acbd4f5 5076Netscape 3.0 recognizes several attributes of the <script> tag,
424ec8fa
GS		 5077including LANGUAGE and SRC. The latter is particularly interesting,
5078as it allows you to keep the JavaScript code in a file or CGI script
5079rather than cluttering up each page with the source. To use these
5080attributes pass a HASH reference in the B<-script> parameter containing
5081one or more of -language, -src, or -code:
5082
5083 print $q->start_html(-title=>'The Riddle of the Sphinx',
5084 -script=>{-language=>'JAVASCRIPT',
5085 -src=>'/javascript/sphinx.js'}
5086 );
5087
5088 print $q->(-title=>'The Riddle of the Sphinx',
3538e1d5
GS		 5089 -script=>{-language=>'PERLSCRIPT',
5090 -code=>'print "hello world!\n;"'}
424ec8fa
GS		 5091 );
5092
5093
3acbd4f5 5094A final feature allows you to incorporate multiple <script> sections into the
424ec8fa
GS		 5095header. Just pass the list of script sections as an array reference.
5096this allows you to specify different source files for different dialects
5097of JavaScript. Example:
5098
3538e1d5
GS		 5099 print $q->start_html(-title=>'The Riddle of the Sphinx',
5100 -script=>[
5101 { -language => 'JavaScript1.0',
5102 -src => '/javascript/utilities10.js'
424ec8fa 5103 },
3538e1d5
GS		 5104 { -language => 'JavaScript1.1',
5105 -src => '/javascript/utilities11.js'
424ec8fa 5106 },
3538e1d5
GS		 5107 { -language => 'JavaScript1.2',
5108 -src => '/javascript/utilities12.js'
424ec8fa 5109 },
3538e1d5
GS		 5110 { -language => 'JavaScript28.2',
5111 -src => '/javascript/utilities219.js'
424ec8fa
GS		 5112 }
5113 ]
5114 );
424ec8fa
GS		 5115
5116If this looks a bit extreme, take my advice and stick with straight CGI scripting.
5117
5118See
5119
5120 http://home.netscape.com/eng/mozilla/2.0/handbook/javascript/
5121
5122for more information about JavaScript.
5123
5124The old-style positional parameters are as follows:
5125
5126=over 4
5127
5128=item B<Parameters:>
5129
5130=item 1.
5131
5132The title
5133
5134=item 2.
5135
3acbd4f5 5136The author's e-mail address (will create a <link rev="MADE"> tag if present
424ec8fa
GS		 5137
5138=item 3.
5139
3acbd4f5 5140A 'true' flag if you want to include a <base> tag in the header. This
424ec8fa
GS		 5141helps resolve relative addresses to absolute ones when the document is moved,
5142but makes the document hierarchy non-portable. Use with care!
5143
5144=item 4, 5, 6...
5145
3acbd4f5 5146Any other parameters you want to include in the <body> tag. This is a good
424ec8fa
GS		 5147place to put Netscape extensions, such as colors and wallpaper patterns.
5148
5149=back
5150
5151=head2 ENDING THE HTML DOCUMENT:
5152
29ddc2a4 5153 print end_html
424ec8fa 5154
3acbd4f5 5155This ends an HTML document by printing the </body></html> tags.
424ec8fa
GS		 5156
5157=head2 CREATING A SELF-REFERENCING URL THAT PRESERVES STATE INFORMATION:
5158
29ddc2a4 5159 $myself = self_url;
3acbd4f5 5160 print q(<a href="$myself">I'm talking to myself.</a>);
424ec8fa
GS		 5161
5162self_url() will return a URL, that, when selected, will reinvoke
5163this script with all its state information intact. This is most
5164useful when you want to jump around within the document using
5165internal anchors but you don't want to disrupt the current contents
5166of the form(s). Something like this will do the trick.
5167
29ddc2a4 5168 $myself = self_url;
188ba755
JH		 5169 print "<a href=\"$myself#table1\">See table 1</a>";
5170 print "<a href=\"$myself#table2\">See table 2</a>";
5171 print "<a href=\"$myself#yourself\">See for yourself</a>";
424ec8fa
GS		 5172
5173If you want more control over what's returned, using the B<url()>
5174method instead.
5175
5176You can also retrieve the unprocessed query string with query_string():
5177
29ddc2a4 5178 $the_string = query_string;
424ec8fa
GS		 5179
5180=head2 OBTAINING THE SCRIPT'S URL
5181
29ddc2a4
RGS		 5182 $full_url = url();
5183 $full_url = url(-full=>1); #alternative syntax
5184 $relative_url = url(-relative=>1);
5185 $absolute_url = url(-absolute=>1);
5186 $url_with_path = url(-path_info=>1);
5187 $url_with_path_and_query = url(-path_info=>1,-query=>1);
5188 $netloc = url(-base => 1);
424ec8fa
GS		 5189
5190B<url()> returns the script's URL in a variety of formats. Called
5191without any arguments, it returns the full form of the URL, including
5192host name and port number
5193
5194 http://your.host.com/path/to/script.cgi
5195
5196You can modify this format with the following named arguments:
5197
5198=over 4
5199
5200=item B<-absolute>
5201
5202If true, produce an absolute URL, e.g.
5203
5204 /path/to/script.cgi
5205
5206=item B<-relative>
5207
5208Produce a relative URL. This is useful if you want to reinvoke your
5209script with different parameters. For example:
5210
5211 script.cgi
5212
5213=item B<-full>
5214
5215Produce the full URL, exactly as if called without any arguments.
5216This overrides the -relative and -absolute arguments.
5217
5218=item B<-path> (B<-path_info>)
5219
5220Append the additional path information to the URL. This can be
5221combined with B<-full>, B<-absolute> or B<-relative>. B<-path_info>
5222is provided as a synonym.
5223
5224=item B<-query> (B<-query_string>)
5225
5226Append the query string to the URL. This can be combined with
5227B<-full>, B<-absolute> or B<-relative>. B<-query_string> is provided
5228as a synonym.
5229
03b9648d
JH		 5230=item B<-base>
5231
5232Generate just the protocol and net location, as in http://www.foo.com:8000
5233
0a9bdad4
SP		 5234=item B<-rewrite>
5235
5236If Apache's mod_rewrite is turned on, then the script name and path
5237info probably won't match the request that the user sent. Set
5238-rewrite=>1 (default) to return URLs that match what the user sent
5239(the original request URI). Set -rewrite->0 to return URLs that match
5240the URL after mod_rewrite's rules have run. Because the additional
5241path information only makes sense in the context of the rewritten URL,
5242-rewrite is set to false when you request path info in the URL.
5243
424ec8fa
GS		 5244=back
5245
71f3e297
JH		 5246=head2 MIXING POST AND URL PARAMETERS
5247
29ddc2a4 5248 $color = url_param('color');
71f3e297
JH		 5249
5250It is possible for a script to receive CGI parameters in the URL as
5251well as in the fill-out form by creating a form that POSTs to a URL
5252containing a query string (a "?" mark followed by arguments). The
5253B<param()> method will always return the contents of the POSTed
5254fill-out form, ignoring the URL's query string. To retrieve URL
5255parameters, call the B<url_param()> method. Use it in the same way as
5256B<param()>. The main difference is that it allows you to read the
5257parameters, but not set them.
5258
5259
5260Under no circumstances will the contents of the URL query string
5261interfere with similarly-named CGI parameters in POSTed forms. If you
5262try to mix a URL query string with a form submitted with the GET
5263method, the results will not be what you expect.
5264
424ec8fa
GS		 5265=head1 CREATING STANDARD HTML ELEMENTS:
5266
5267CGI.pm defines general HTML shortcut methods for most, if not all of
5268the HTML 3 and HTML 4 tags. HTML shortcuts are named after a single
5269HTML element and return a fragment of HTML text that you can then
5270print or manipulate as you like. Each shortcut returns a fragment of
5271HTML code that you can append to a string, save to a file, or, most
5272commonly, print out so that it displays in the browser window.
5273
5274This example shows how to use the HTML methods:
5275
424ec8fa
GS		 5276 print $q->blockquote(
5277 "Many years ago on the island of",
5278 $q->a({href=>"http://crete.org/"},"Crete"),
3538e1d5 5279 "there lived a Minotaur named",
424ec8fa
GS		 5280 $q->strong("Fred."),
5281 ),
5282 $q->hr;
5283
5284This results in the following HTML code (extra newlines have been
5285added for readability):
5286
5287 <blockquote>
5288 Many years ago on the island of
3acbd4f5 5289 <a href="http://crete.org/">Crete</a> there lived
424ec8fa
GS		 5290 a minotaur named <strong>Fred.</strong>
5291 </blockquote>
5292 <hr>
5293
5294If you find the syntax for calling the HTML shortcuts awkward, you can
5295import them into your namespace and dispense with the object syntax
5296completely (see the next section for more details):
5297
5298 use CGI ':standard';
5299 print blockquote(
5300 "Many years ago on the island of",
5301 a({href=>"http://crete.org/"},"Crete"),
5302 "there lived a minotaur named",
5303 strong("Fred."),
5304 ),
5305 hr;
54310121 5306
424ec8fa 5307=head2 PROVIDING ARGUMENTS TO HTML SHORTCUTS
7d37aa8e 5308
424ec8fa
GS		 5309The HTML methods will accept zero, one or multiple arguments. If you
5310provide no arguments, you get a single tag:
7d37aa8e 5311
3acbd4f5 5312 print hr; # <hr>
7d37aa8e 5313
424ec8fa
GS		 5314If you provide one or more string arguments, they are concatenated
5315together with spaces and placed between opening and closing tags:
7d37aa8e 5316
3acbd4f5 5317 print h1("Chapter","1"); # <h1>Chapter 1</h1>"
7d37aa8e 5318
424ec8fa
GS		 5319If the first argument is an associative array reference, then the keys
5320and values of the associative array become the HTML tag's attributes:
7d37aa8e 5321
424ec8fa
GS		 5322 print a({-href=>'fred.html',-target=>'_new'},
5323 "Open a new frame");
7d37aa8e 5324
3acbd4f5 5325 <a href="fred.html",target="_new">Open a new frame</a>
3cb6de81 5326
424ec8fa
GS		 5327You may dispense with the dashes in front of the attribute names if
5328you prefer:
54310121 5329
424ec8fa 5330 print img {src=>'fred.gif',align=>'LEFT'};
54310121 5331
3acbd4f5 5332 <img align="LEFT" src="fred.gif">
54310121 5333
424ec8fa 5334Sometimes an HTML tag attribute has no argument. For example, ordered
8f3ccfa2 5335lists can be marked as COMPACT. The syntax for this is an argument that
424ec8fa 5336that points to an undef string:
54310121 5337
424ec8fa 5338 print ol({compact=>undef},li('one'),li('two'),li('three'));
47e3cabd 5339
424ec8fa
GS		 5340Prior to CGI.pm version 2.41, providing an empty ('') string as an
5341attribute argument was the same as providing undef. However, this has
8f3ccfa2 5342changed in order to accommodate those who want to create tags of the form
3acbd4f5 5343<img alt="">. The difference is shown in these two pieces of code:
3cb6de81 5344
8f3ccfa2
JH		 5345 CODE RESULT
5346 img({alt=>undef}) <img alt>
5347 img({alt=>''}) <img alt="">
7d37aa8e 5348
424ec8fa 5349=head2 THE DISTRIBUTIVE PROPERTY OF HTML SHORTCUTS
7d37aa8e 5350
424ec8fa
GS		 5351One of the cool features of the HTML shortcuts is that they are
5352distributive. If you give them an argument consisting of a
5353B<reference> to a list, the tag will be distributed across each
5354element of the list. For example, here's one way to make an ordered
5355list:
7d37aa8e 5356
424ec8fa 5357 print ul(
6b4ac661 5358 li({-type=>'disc'},['Sneezy','Doc','Sleepy','Happy'])
424ec8fa 5359 );
7d37aa8e 5360
424ec8fa 5361This example will result in HTML output that looks like this:
54310121 5362
3acbd4f5
JH		 5363 <ul>
5364 <li type="disc">Sneezy</li>
5365 <li type="disc">Doc</li>
5366 <li type="disc">Sleepy</li>
5367 <li type="disc">Happy</li>
5368 </ul>
54310121 5369
424ec8fa 5370This is extremely useful for creating tables. For example:
54310121 5371
424ec8fa
GS		 5372 print table({-border=>undef},
5373 caption('When Should You Eat Your Vegetables?'),
5374 Tr({-align=>CENTER,-valign=>TOP},
5375 [
5376 th(['Vegetable', 'Breakfast','Lunch','Dinner']),
5377 td(['Tomatoes' , 'no', 'yes', 'yes']),
5378 td(['Broccoli' , 'no', 'no', 'yes']),
5379 td(['Onions' , 'yes','yes', 'yes'])
5380 ]
5381 )
5382 );
54310121 5383
424ec8fa 5384=head2 HTML SHORTCUTS AND LIST INTERPOLATION
54310121 5385
424ec8fa 5386Consider this bit of code:
54310121 5387
424ec8fa 5388 print blockquote(em('Hi'),'mom!'));
54310121 5389
424ec8fa 5390It will ordinarily return the string that you probably expect, namely:
54310121 5391
3acbd4f5 5392 <blockquote><em>Hi</em> mom!</blockquote>
54310121 5393
424ec8fa
GS		 5394Note the space between the element "Hi" and the element "mom!".
5395CGI.pm puts the extra space there using array interpolation, which is
5396controlled by the magic $" variable. Sometimes this extra space is
5397not what you want, for example, when you are trying to align a series
5398of images. In this case, you can simply change the value of $" to an
5399empty string.
54310121 5400
424ec8fa
GS		 5401 {
5402 local($") = '';
5403 print blockquote(em('Hi'),'mom!'));
5404 }
54310121 5405
424ec8fa
GS		 5406I suggest you put the code in a block as shown here. Otherwise the
5407change to $" will affect all subsequent code until you explicitly
5408reset it.
54310121 5409
424ec8fa 5410=head2 NON-STANDARD HTML SHORTCUTS
54310121 5411
424ec8fa
GS		 5412A few HTML tags don't follow the standard pattern for various
5413reasons.
54310121 5414
424ec8fa
GS		 5415B<comment()> generates an HTML comment (<!-- comment -->). Call it
5416like
54310121 5417
424ec8fa 5418 print comment('here is my comment');
54310121 5419
424ec8fa
GS		 5420Because of conflicts with built-in Perl functions, the following functions
5421begin with initial caps:
54310121 5422
424ec8fa
GS		 5423 Select
5424 Tr
5425 Link
5426 Delete
71f3e297
JH		 5427 Accept
5428 Sub
54310121 5429
424ec8fa
GS		 5430In addition, start_html(), end_html(), start_form(), end_form(),
5431start_multipart_form() and all the fill-out form tags are special.
5432See their respective sections.
5433
3d1a2ec4
GS		 5434=head2 AUTOESCAPING HTML
5435
5436By default, all HTML that is emitted by the form-generating functions
5437is passed through a function called escapeHTML():
5438
5439=over 4
5440
5441=item $escaped_string = escapeHTML("unescaped string");
5442
5443Escape HTML formatting characters in a string.
5444
5445=back
5446
5447Provided that you have specified a character set of ISO-8859-1 (the
5448default), the standard HTML escaping rules will be used. The "<"
5449character becomes "&lt;", ">" becomes "&gt;", "&" becomes "&amp;", and
5450the quote character becomes "&quot;". In addition, the hexadecimal
188ba755 54510x8b and 0x9b characters, which some browsers incorrectly interpret
3d1a2ec4 5452as the left and right angle-bracket characters, are replaced by their
188ba755 5453numeric character entities ("&#8249" and "&#8250;"). If you manually change
3d1a2ec4
GS		 5454the charset, either by calling the charset() method explicitly or by
5455passing a -charset argument to header(), then B<all> characters will
5456be replaced by their numeric entities, since CGI.pm has no lookup
5457table for all the possible encodings.
5458
5459The automatic escaping does not apply to other shortcuts, such as
5460h1(). You should call escapeHTML() yourself on untrusted data in
5461order to protect your pages against nasty tricks that people may enter
5462into guestbooks, etc.. To change the character set, use charset().
188ba755 5463To turn autoescaping off completely, use autoEscape(0):
3d1a2ec4
GS		 5464
5465=over 4
5466
5467=item $charset = charset([$charset]);
5468
5469Get or set the current character set.
5470
5471=item $flag = autoEscape([$flag]);
5472
5473Get or set the value of the autoescape flag.
5474
5475=back
5476
71f3e297
JH		 5477=head2 PRETTY-PRINTING HTML
5478
5479By default, all the HTML produced by these functions comes out as one
5480long line without carriage returns or indentation. This is yuck, but
5481it does reduce the size of the documents by 10-20%. To get
5482pretty-printed output, please use L<CGI::Pretty>, a subclass
5483contributed by Brian Paulsen.
5484
424ec8fa 5485=head1 CREATING FILL-OUT FORMS:
54310121 5486
5487I<General note> The various form-creating methods all return strings
5488to the caller, containing the tag or tags that will create the requested
5489form element. You are responsible for actually printing out these strings.
5490It's set up this way so that you can place formatting tags
5491around the form elements.
5492
5493I<Another note> The default values that you specify for the forms are only
5494used the B<first> time the script is invoked (when there is no query
5495string). On subsequent invocations of the script (when there is a query
5496string), the former values are used even if they are blank.
5497
5498If you want to change the value of a field from its previous value, you have two
5499choices:
5500
5501(1) call the param() method to set it.
5502
5503(2) use the -override (alias -force) parameter (a new feature in version 2.15).
5504This forces the default value to be used, regardless of the previous value:
5505
29ddc2a4 5506 print textfield(-name=>'field_name',
54310121 5507 -default=>'starting value',
5508 -override=>1,
5509 -size=>50,
5510 -maxlength=>80);
5511
5512I<Yet another note> By default, the text and labels of form elements are
5513escaped according to HTML rules. This means that you can safely use
5514"<CLICK ME>" as the label for a button. However, it also interferes with
5515your ability to incorporate special HTML character sequences, such as &Aacute;,
5516into your fields. If you wish to turn off automatic escaping, call the
5517autoEscape() method with a false value immediately after creating the CGI object:
5518
5519 $query = new CGI;
29ddc2a4 5520 autoEscape(undef);
3cb6de81 5521
13548fdf
RGS		 5522I<A Lurking Trap!> Some of the form-element generating methods return
5523multiple tags. In a scalar context, the tags will be concatenated
5524together with spaces, or whatever is the current value of the $"
5525global. In a list context, the methods will return a list of
5526elements, allowing you to modify them if you wish. Usually you will
5527not notice this behavior, but beware of this:
5528
29ddc2a4 5529 printf("%s\n",end_form())
13548fdf
RGS		 5530
5531end_form() produces several tags, and only the first of them will be
5532printed because the format only expects one value.
5533
5534<p>
5535
5536
54310121 5537=head2 CREATING AN ISINDEX TAG
5538
29ddc2a4 5539 print isindex(-action=>$action);
54310121 5540
5541 -or-
5542
29ddc2a4 5543 print isindex($action);
54310121 5544
3acbd4f5 5545Prints out an <isindex> tag. Not very exciting. The parameter
54310121 5546-action specifies the URL of the script to process the query. The
5547default is to process the query with the current script.
5548
5549=head2 STARTING AND ENDING A FORM
5550
29ddc2a4
RGS		 5551 print start_form(-method=>$method,
5552 -action=>$action,
5553 -enctype=>$encoding);
54310121 5554 <... various form stuff ...>
29ddc2a4 5555 print endform;
54310121 5556
5557 -or-
5558
29ddc2a4 5559 print start_form($method,$action,$encoding);
54310121 5560 <... various form stuff ...>
29ddc2a4 5561 print endform;
54310121 5562
3acbd4f5 5563start_form() will return a <form> tag with the optional method,
54310121 5564action and form encoding that you specify. The defaults are:
3cb6de81 5565
54310121 5566 method: POST
5567 action: this script
71f3e297 5568 enctype: application/x-www-form-urlencoded
54310121 5569
3acbd4f5 5570endform() returns the closing </form> tag.
54310121 5571
3d1a2ec4 5572Start_form()'s enctype argument tells the browser how to package the various
54310121 5573fields of the form before sending the form to the server. Two
5574values are possible:
5575
3d1a2ec4
GS		 5576B<Note:> This method was previously named startform(), and startform()
5577is still recognized as an alias.
5578
54310121 5579=over 4
5580
5581=item B<application/x-www-form-urlencoded>
5582
5583This is the older type of encoding used by all browsers prior to
5584Netscape 2.0. It is compatible with many CGI scripts and is
5585suitable for short fields containing text data. For your
5586convenience, CGI.pm stores the name of this encoding
6b4ac661 5587type in B<&CGI::URL_ENCODED>.
54310121 5588
5589=item B<multipart/form-data>
5590
5591This is the newer type of encoding introduced by Netscape 2.0.
5592It is suitable for forms that contain very large fields or that
5593are intended for transferring binary data. Most importantly,
5594it enables the "file upload" feature of Netscape 2.0 forms. For
5595your convenience, CGI.pm stores the name of this encoding type
424ec8fa 5596in B<&CGI::MULTIPART>
54310121 5597
5598Forms that use this type of encoding are not easily interpreted
5599by CGI scripts unless they use CGI.pm or another library designed
5600to handle them.
5601
29ddc2a4
RGS		 5602If XHTML is activated (the default), then forms will be automatically
5603created using this type of encoding.
5604
54310121 5605=back
5606
3d1a2ec4 5607For compatibility, the start_form() method uses the older form of
54310121 5608encoding by default. If you want to use the newer form of encoding
5609by default, you can call B<start_multipart_form()> instead of
3d1a2ec4 5610B<start_form()>.
54310121 5611
5612JAVASCRIPTING: The B<-name> and B<-onSubmit> parameters are provided
5613for use with JavaScript. The -name parameter gives the
5614form a name so that it can be identified and manipulated by
5615JavaScript functions. -onSubmit should point to a JavaScript
5616function that will be executed just before the form is submitted to your
5617server. You can use this opportunity to check the contents of the form
5618for consistency and completeness. If you find something wrong, you
5619can put up an alert box or maybe fix things up yourself. You can
5620abort the submission by returning false from this function.
5621
3acbd4f5 5622Usually the bulk of JavaScript functions are defined in a <script>
54310121 5623block in the HTML header and -onSubmit points to one of these function
5624call. See start_html() for details.
5625
29ddc2a4
RGS		 5626=head2 FORM ELEMENTS
5627
5628After starting a form, you will typically create one or more
5629textfields, popup menus, radio groups and other form elements. Each
5630of these elements takes a standard set of named arguments. Some
5631elements also have optional arguments. The standard arguments are as
5632follows:
5633
5634=over 4
5635
5636=item B<-name>
5637
5638The name of the field. After submission this name can be used to
5639retrieve the field's value using the param() method.
5640
5641=item B<-value>, B<-values>
5642
5643The initial value of the field which will be returned to the script
5644after form submission. Some form elements, such as text fields, take
5645a single scalar -value argument. Others, such as popup menus, take a
5646reference to an array of values. The two arguments are synonyms.
5647
5648=item B<-tabindex>
5649
5650A numeric value that sets the order in which the form element receives
5651focus when the user presses the tab key. Elements with lower values
5652receive focus first.
5653
5654=item B<-id>
5655
5656A string identifier that can be used to identify this element to
5657JavaScript and DHTML.
5658
5659=item B<-override>
5660
5661A boolean, which, if true, forces the element to take on the value
5662specified by B<-value>, overriding the sticky behavior described
5663earlier for the B<-no_sticky> pragma.
5664
5665=item B<-onChange>, B<-onFocus>, B<-onBlur>, B<-onMouseOver>, B<-onMouseOut>, B<-onSelect>
5666
5667These are used to assign JavaScript event handlers. See the
5668JavaScripting section for more details.
5669
5670=back
5671
5672Other common arguments are described in the next section. In addition
5673to these, all attributes described in the HTML specifications are
5674supported.
5675
54310121 5676=head2 CREATING A TEXT FIELD
5677
29ddc2a4
RGS		 5678 print textfield(-name=>'field_name',
5679 -value=>'starting value',
5680 -size=>50,
5681 -maxlength=>80);
54310121 5682 -or-
5683
29ddc2a4 5684 print textfield('field_name','starting value',50,80);
54310121 5685
29ddc2a4 5686textfield() will return a text input field.
54310121 5687
5688=over 4
5689
5690=item B<Parameters>
5691
5692=item 1.
5693
29ddc2a4 5694The first parameter is the required name for the field (-name).
54310121 5695
5696=item 2.
5697
5698The optional second parameter is the default starting value for the field
29ddc2a4 5699contents (-value, formerly known as -default).
54310121 5700
5701=item 3.
5702
5703The optional third parameter is the size of the field in
5704 characters (-size).
5705
5706=item 4.
5707
5708The optional fourth parameter is the maximum number of characters the
5709 field will accept (-maxlength).
5710
5711=back
5712
5713As with all these methods, the field will be initialized with its
5714previous contents from earlier invocations of the script.
5715When the form is processed, the value of the text field can be
5716retrieved with:
5717
29ddc2a4 5718 $value = param('foo');
54310121 5719
5720If you want to reset it from its initial value after the script has been
5721called once, you can do so like this:
5722
29ddc2a4 5723 param('foo',"I'm taking over this value!");
54310121 5724
5725=head2 CREATING A BIG TEXT FIELD
5726
29ddc2a4 5727 print textarea(-name=>'foo',
54310121 5728 -default=>'starting value',
5729 -rows=>10,
5730 -columns=>50);
5731
5732 -or
5733
29ddc2a4 5734 print textarea('foo','starting value',10,50);
54310121 5735
5736textarea() is just like textfield, but it allows you to specify
5737rows and columns for a multiline text entry box. You can provide
5738a starting value for the field, which can be long and contain
5739multiple lines.
5740
54310121 5741=head2 CREATING A PASSWORD FIELD
5742
29ddc2a4 5743 print password_field(-name=>'secret',
54310121 5744 -value=>'starting value',
5745 -size=>50,
5746 -maxlength=>80);
5747 -or-
5748
29ddc2a4 5749 print password_field('secret','starting value',50,80);
54310121 5750
5751password_field() is identical to textfield(), except that its contents
5752will be starred out on the web page.
5753
54310121 5754=head2 CREATING A FILE UPLOAD FIELD
5755
29ddc2a4 5756 print filefield(-name=>'uploaded_file',
54310121 5757 -default=>'starting value',
5758 -size=>50,
5759 -maxlength=>80);
5760 -or-
5761
29ddc2a4 5762 print filefield('uploaded_file','starting value',50,80);
54310121 5763
5764filefield() will return a file upload field for Netscape 2.0 browsers.
5765In order to take full advantage of this I<you must use the new
5766multipart encoding scheme> for the form. You can do this either
6b4ac661 5767by calling B<start_form()> with an encoding type of B<&CGI::MULTIPART>,
54310121 5768or by calling the new method B<start_multipart_form()> instead of
3d1a2ec4 5769vanilla B<start_form()>.
54310121 5770
5771=over 4
5772
5773=item B<Parameters>
5774
5775=item 1.
5776
5777The first parameter is the required name for the field (-name).
5778
5779=item 2.
5780
5781The optional second parameter is the starting value for the field contents
5782to be used as the default file name (-default).
5783
71f3e297
JH		 5784For security reasons, browsers don't pay any attention to this field,
5785and so the starting value will always be blank. Worse, the field
5786loses its "sticky" behavior and forgets its previous contents. The
5787starting value field is called for in the HTML specification, however,
5788and possibly some browser will eventually provide support for it.
54310121 5789
5790=item 3.
5791
5792The optional third parameter is the size of the field in
5793characters (-size).
5794
5795=item 4.
5796
5797The optional fourth parameter is the maximum number of characters the
5798field will accept (-maxlength).
5799
5800=back
5801
5802When the form is processed, you can retrieve the entered filename
3538e1d5 5803by calling param():
54310121 5804
29ddc2a4 5805 $filename = param('uploaded_file');
54310121 5806
3538e1d5
GS		 5807Different browsers will return slightly different things for the
5808name. Some browsers return the filename only. Others return the full
5809path to the file, using the path conventions of the user's machine.
5810Regardless, the name returned is always the name of the file on the
5811I<user's> machine, and is unrelated to the name of the temporary file
5812that CGI.pm creates during upload spooling (see below).
54310121 5813
5814The filename returned is also a file handle. You can read the contents
5815of the file using standard Perl file reading calls:
5816
5817 # Read a text file and print it out
5818 while (<$filename>) {
5819 print;
5820 }
5821
5822 # Copy a binary file to somewhere safe
5823 open (OUTFILE,">>/usr/local/web/users/feedback");
5824 while ($bytesread=read($filename,$buffer,1024)) {
5825 print OUTFILE $buffer;
5826 }
5827
3538e1d5
GS		 5828However, there are problems with the dual nature of the upload fields.
5829If you C<use strict>, then Perl will complain when you try to use a
5830string as a filehandle. You can get around this by placing the file
5831reading code in a block containing the C<no strict> pragma. More
5832seriously, it is possible for the remote user to type garbage into the
5833upload field, in which case what you get from param() is not a
5834filehandle at all, but a string.
5835
5836To be safe, use the I<upload()> function (new in version 2.47). When
5837called with the name of an upload field, I<upload()> returns a
5838filehandle, or undef if the parameter is not a valid filehandle.
5839
29ddc2a4 5840 $fh = upload('uploaded_file');
3538e1d5
GS		 5841 while (<$fh>) {
5842 print;
5843 }
5844
13548fdf 5845In an list context, upload() will return an array of filehandles.
199d4a26
JH		 5846This makes it possible to create forms that use the same name for
5847multiple upload fields.
5848
3538e1d5
GS		 5849This is the recommended idiom.
5850
54310121 5851When a file is uploaded the browser usually sends along some
5852information along with it in the format of headers. The information
5853usually includes the MIME content type. Future browsers may send
5854other information as well (such as modification date and size). To
5855retrieve this information, call uploadInfo(). It returns a reference to
5856an associative array containing all the document headers.
5857
29ddc2a4
RGS		 5858 $filename = param('uploaded_file');
5859 $type = uploadInfo($filename)->{'Content-Type'};
54310121 5860 unless ($type eq 'text/html') {
5861 die "HTML FILES ONLY!";
5862 }
5863
5864If you are using a machine that recognizes "text" and "binary" data
5865modes, be sure to understand when and how to use them (see the Camel book).
3538e1d5
GS		 5866Otherwise you may find that binary files are corrupted during file
5867uploads.
5868
5869There are occasionally problems involving parsing the uploaded file.
5870This usually happens when the user presses "Stop" before the upload is
5871finished. In this case, CGI.pm will return undef for the name of the
5872uploaded file and set I<cgi_error()> to the string "400 Bad request
5873(malformed multipart POST)". This error message is designed so that
5874you can incorporate it into a status code to be sent to the browser.
5875Example:
5876
29ddc2a4
RGS		 5877 $file = upload('uploaded_file');
5878 if (!$file && cgi_error) {
5879 print header(-status=>cgi_error);
3538e1d5
GS		 5880 exit 0;
5881 }
5882
5883You are free to create a custom HTML page to complain about the error,
5884if you wish.
54310121 5885
2ed511ec
RGS		 5886You can set up a callback that will be called whenever a file upload
5887is being read during the form processing. This is much like the
5888UPLOAD_HOOK facility available in Apache::Request, with the exception
5889that the first argument to the callback is an Apache::Upload object,
5890here it's the remote filename.
5891
cb3b230c 5892 $q = CGI->new(\&hook [,$data [,$use_tempfile]]);
2ed511ec
RGS		 5893
5894 sub hook
5895 {
5896 my ($filename, $buffer, $bytes_read, $data) = @_;
5897 print "Read $bytes_read bytes of $filename\n";
5898 }
5899
cb3b230c
SP		 5900The $data field is optional; it lets you pass configuration
5901information (e.g. a database handle) to your hook callback.
5902
5903The $use_tempfile field is a flag that lets you turn on and off
5904CGI.pm's use of a temporary disk-based file during file upload. If you
5905set this to a FALSE value (default true) then param('uploaded_file')
5906will no longer work, and the only way to get at the uploaded data is
5907via the hook you provide.
5908
2ed511ec
RGS		 5909If using the function-oriented interface, call the CGI::upload_hook()
5910method before calling param() or any other CGI functions:
5911
cb3b230c 5912 CGI::upload_hook(\&hook [,$data [,$use_tempfile]]);
2ed511ec
RGS		 5913
5914This method is not exported by default. You will have to import it
5915explicitly if you wish to use it without the CGI:: prefix.
5916
199d4a26
JH		 5917If you are using CGI.pm on a Windows platform and find that binary
5918files get slightly larger when uploaded but that text files remain the
5919same, then you have forgotten to activate binary mode on the output
5920filehandle. Be sure to call binmode() on any handle that you create
5921to write the uploaded file to disk.
5922
424ec8fa
GS		 5923JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur>,
5924B<-onMouseOver>, B<-onMouseOut> and B<-onSelect> parameters are
5925recognized. See textfield() for details.
54310121 5926
5927=head2 CREATING A POPUP MENU
5928
29ddc2a4 5929 print popup_menu('menu_name',
54310121 5930 ['eenie','meenie','minie'],
5931 'meenie');
5932
5933 -or-
5934
5935 %labels = ('eenie'=>'your first choice',
5936 'meenie'=>'your second choice',
5937 'minie'=>'your third choice');
188ba755 5938 %attributes = ('eenie'=>{'class'=>'class of first choice'});
29ddc2a4 5939 print popup_menu('menu_name',
54310121 5940 ['eenie','meenie','minie'],
188ba755 5941 'meenie',\%labels,\%attributes);
54310121 5942
5943 -or (named parameter style)-
5944
29ddc2a4 5945 print popup_menu(-name=>'menu_name',
54310121 5946 -values=>['eenie','meenie','minie'],
5947 -default=>'meenie',
188ba755
JH		 5948 -labels=>\%labels,
5949 -attributes=>\%attributes);
54310121 5950
5951popup_menu() creates a menu.
5952
5953=over 4
5954
5955=item 1.
5956
5957The required first argument is the menu's name (-name).
5958
5959=item 2.
5960
5961The required second argument (-values) is an array B<reference>
5962containing the list of menu items in the menu. You can pass the
5963method an anonymous array, as shown in the example, or a reference to
5964a named array, such as "\@foo".
5965
5966=item 3.
5967
5968The optional third parameter (-default) is the name of the default
5969menu choice. If not specified, the first item will be the default.
5970The values of the previous choice will be maintained across queries.
5971
5972=item 4.
5973
5974The optional fourth parameter (-labels) is provided for people who
5975want to use different values for the user-visible label inside the
188ba755 5976popup menu and the value returned to your script. It's a pointer to an
54310121 5977associative array relating menu values to user-visible labels. If you
5978leave this parameter blank, the menu values will be displayed by
5979default. (You can also leave a label undefined if you want to).
5980
188ba755
JH		 5981=item 5.
5982
5983The optional fifth parameter (-attributes) is provided to assign
5984any of the common HTML attributes to an individual menu item. It's
5985a pointer to an associative array relating menu values to another
5986associative array with the attribute's name as the key and the
5987attribute's value as the value.
5988
54310121 5989=back
5990
5991When the form is processed, the selected value of the popup menu can
5992be retrieved using:
5993
29ddc2a4 5994 $popup_menu_value = param('menu_name');
54310121 5995
188ba755
JH		 5996=head2 CREATING AN OPTION GROUP
5997
5998Named parameter style
5999
29ddc2a4 6000 print popup_menu(-name=>'menu_name',
188ba755 6001 -values=>[qw/eenie meenie minie/,
29ddc2a4
RGS		 6002 optgroup(-name=>'optgroup_name',
6003 -values => ['moe','catch'],
6004 -attributes=>{'catch'=>{'class'=>'red'}})],
188ba755
JH		 6005 -labels=>{'eenie'=>'one',
6006 'meenie'=>'two',
6007 'minie'=>'three'},
6008 -default=>'meenie');
6009
6010 Old style
29ddc2a4 6011 print popup_menu('menu_name',
188ba755 6012 ['eenie','meenie','minie',
29ddc2a4
RGS		 6013 optgroup('optgroup_name', ['moe', 'catch'],
6014 {'catch'=>{'class'=>'red'}})],'meenie',
188ba755
JH		 6015 {'eenie'=>'one','meenie'=>'two','minie'=>'three'});
6016
29ddc2a4 6017optgroup() creates an option group within a popup menu.
188ba755
JH		 6018
6019=over 4
6020
6021=item 1.
6022
6023The required first argument (B<-name>) is the label attribute of the
6024optgroup and is B<not> inserted in the parameter list of the query.
6025
6026=item 2.
6027
6028The required second argument (B<-values>) is an array reference
6029containing the list of menu items in the menu. You can pass the
6030method an anonymous array, as shown in the example, or a reference
6031to a named array, such as \@foo. If you pass a HASH reference,
6032the keys will be used for the menu values, and the values will be
6033used for the menu labels (see -labels below).
6034
6035=item 3.
6036
6037The optional third parameter (B<-labels>) allows you to pass a reference
6038to an associative array containing user-visible labels for one or more
6039of the menu items. You can use this when you want the user to see one
6040menu string, but have the browser return your program a different one.
6041If you don't specify this, the value string will be used instead
6042("eenie", "meenie" and "minie" in this example). This is equivalent
6043to using a hash reference for the -values parameter.
6044
6045=item 4.
6046
6047An optional fourth parameter (B<-labeled>) can be set to a true value
6048and indicates that the values should be used as the label attribute
6049for each option element within the optgroup.
6050
6051=item 5.
6052
6053An optional fifth parameter (-novals) can be set to a true value and
3c4b39be 6054indicates to suppress the val attribute in each option element within
188ba755
JH		 6055the optgroup.
6056
6057See the discussion on optgroup at W3C
6058(http://www.w3.org/TR/REC-html40/interact/forms.html#edef-OPTGROUP)
6059for details.
6060
6061=item 6.
6062
6063An optional sixth parameter (-attributes) is provided to assign
6064any of the common HTML attributes to an individual menu item. It's
6065a pointer to an associative array relating menu values to another
6066associative array with the attribute's name as the key and the
6067attribute's value as the value.
6068
cff99809
JH		 6069=back
6070
54310121 6071=head2 CREATING A SCROLLING LIST
6072
29ddc2a4 6073 print scrolling_list('list_name',
54310121 6074 ['eenie','meenie','minie','moe'],
188ba755 6075 ['eenie','moe'],5,'true',{'moe'=>{'class'=>'red'}});
54310121 6076 -or-
6077
29ddc2a4 6078 print scrolling_list('list_name',
54310121 6079 ['eenie','meenie','minie','moe'],
6080 ['eenie','moe'],5,'true',
188ba755 6081 \%labels,%attributes);
54310121 6082
6083 -or-
6084
29ddc2a4 6085 print scrolling_list(-name=>'list_name',
54310121 6086 -values=>['eenie','meenie','minie','moe'],
6087 -default=>['eenie','moe'],
6088 -size=>5,
6089 -multiple=>'true',
188ba755
JH		 6090 -labels=>\%labels,
6091 -attributes=>\%attributes);
54310121 6092
6093scrolling_list() creates a scrolling list.
6094
6095=over 4
6096
6097=item B<Parameters:>
6098
6099=item 1.
6100
6101The first and second arguments are the list name (-name) and values
6102(-values). As in the popup menu, the second argument should be an
6103array reference.
6104
6105=item 2.
6106
6107The optional third argument (-default) can be either a reference to a
6108list containing the values to be selected by default, or can be a
6109single value to select. If this argument is missing or undefined,
6110then nothing is selected when the list first appears. In the named
6111parameter version, you can use the synonym "-defaults" for this
6112parameter.
6113
6114=item 3.
6115
6116The optional fourth argument is the size of the list (-size).
6117
6118=item 4.
6119
6120The optional fifth argument can be set to true to allow multiple
6121simultaneous selections (-multiple). Otherwise only one selection
6122will be allowed at a time.
6123
6124=item 5.
6125
6126The optional sixth argument is a pointer to an associative array
6127containing long user-visible labels for the list items (-labels).
6128If not provided, the values will be displayed.
6129
188ba755
JH		 6130=item 6.
6131
6132The optional sixth parameter (-attributes) is provided to assign
6133any of the common HTML attributes to an individual menu item. It's
6134a pointer to an associative array relating menu values to another
6135associative array with the attribute's name as the key and the
6136attribute's value as the value.
6137
54310121 6138When this form is processed, all selected list items will be returned as
6139a list under the parameter name 'list_name'. The values of the
6140selected items can be retrieved with:
6141
29ddc2a4 6142 @selected = param('list_name');
54310121 6143
6144=back
6145
54310121 6146=head2 CREATING A GROUP OF RELATED CHECKBOXES
6147
29ddc2a4 6148 print checkbox_group(-name=>'group_name',
54310121 6149 -values=>['eenie','meenie','minie','moe'],
6150 -default=>['eenie','moe'],
6151 -linebreak=>'true',
188ba755
JH		 6152 -labels=>\%labels,
6153 -attributes=>\%attributes);
54310121 6154
29ddc2a4 6155 print checkbox_group('group_name',
54310121 6156 ['eenie','meenie','minie','moe'],
188ba755
JH		 6157 ['eenie','moe'],'true',\%labels,
6158 {'moe'=>{'class'=>'red'}});
54310121 6159
6160 HTML3-COMPATIBLE BROWSERS ONLY:
6161
29ddc2a4 6162 print checkbox_group(-name=>'group_name',
54310121 6163 -values=>['eenie','meenie','minie','moe'],
6164 -rows=2,-columns=>2);
3cb6de81 6165
54310121 6166
6167checkbox_group() creates a list of checkboxes that are related
6168by the same name.
6169
6170=over 4
6171
6172=item B<Parameters:>
6173
6174=item 1.
6175
6176The first and second arguments are the checkbox name and values,
6177respectively (-name and -values). As in the popup menu, the second
6178argument should be an array reference. These values are used for the
6179user-readable labels printed next to the checkboxes as well as for the
6180values passed to your script in the query string.
6181
6182=item 2.
6183
6184The optional third argument (-default) can be either a reference to a
6185list containing the values to be checked by default, or can be a
6186single value to checked. If this argument is missing or undefined,
6187then nothing is selected when the list first appears.
6188
6189=item 3.
6190
6191The optional fourth argument (-linebreak) can be set to true to place
6192line breaks between the checkboxes so that they appear as a vertical
6193list. Otherwise, they will be strung together on a horizontal line.
6194
29ddc2a4 6195=back
54310121 6196
54310121 6197
29ddc2a4
RGS		 6198The optional b<-labels> argument is a pointer to an associative array
6199relating the checkbox values to the user-visible labels that will be
6200printed next to them. If not provided, the values will be used as the
6201default.
54310121 6202
54310121 6203
29ddc2a4
RGS		 6204Modern browsers can take advantage of the optional parameters
6205B<-rows>, and B<-columns>. These parameters cause checkbox_group() to
6206return an HTML3 compatible table containing the checkbox group
6207formatted with the specified number of rows and columns. You can
6208provide just the -columns parameter if you wish; checkbox_group will
6209calculate the correct number of rows for you.
188ba755 6210
188ba755 6211
29ddc2a4
RGS		 6212The optional B<-attributes> argument is provided to assign any of the
6213common HTML attributes to an individual menu item. It's a pointer to
6214an associative array relating menu values to another associative array
6215with the attribute's name as the key and the attribute's value as the
6216value.
54310121 6217
29ddc2a4
RGS		 6218The optional B<-tabindex> argument can be used to control the order in which
6219radio buttons receive focus when the user presses the tab button. If
6220passed a scalar numeric value, the first element in the group will
6221receive this tab index and subsequent elements will be incremented by
6222one. If given a reference to an array of radio button values, then
6223the indexes will be jiggered so that the order specified in the array
6224will correspond to the tab order. You can also pass a reference to a
6225hash in which the hash keys are the radio button values and the values
6226are the tab indexes of each button. Examples:
6227
6228 -tabindex => 100 # this group starts at index 100 and counts up
6229 -tabindex => ['moe','minie','eenie','meenie'] # tab in this order
6230 -tabindex => {meenie=>100,moe=>101,minie=>102,eenie=>200} # tab in this order
54310121 6231
6232When the form is processed, all checked boxes will be returned as
6233a list under the parameter name 'group_name'. The values of the
6234"on" checkboxes can be retrieved with:
6235
29ddc2a4 6236 @turned_on = param('group_name');
54310121 6237
6238The value returned by checkbox_group() is actually an array of button
6239elements. You can capture them and use them within tables, lists,
6240or in other creative ways:
6241
29ddc2a4 6242 @h = checkbox_group(-name=>'group_name',-values=>\@values);
54310121 6243 &use_in_creative_way(@h);
6244
54310121 6245=head2 CREATING A STANDALONE CHECKBOX
6246
29ddc2a4 6247 print checkbox(-name=>'checkbox_name',
ac734d8b 6248 -checked=>1,
54310121 6249 -value=>'ON',
6250 -label=>'CLICK ME');
6251
6252 -or-
6253
29ddc2a4 6254 print checkbox('checkbox_name','checked','ON','CLICK ME');
54310121 6255
6256checkbox() is used to create an isolated checkbox that isn't logically
6257related to any others.
6258
6259=over 4
6260
6261=item B<Parameters:>
6262
6263=item 1.
6264
6265The first parameter is the required name for the checkbox (-name). It
6266will also be used for the user-readable label printed next to the
6267checkbox.
6268
6269=item 2.
6270
6271The optional second parameter (-checked) specifies that the checkbox
6272is turned on by default. Synonyms are -selected and -on.
6273
6274=item 3.
6275
6276The optional third parameter (-value) specifies the value of the
6277checkbox when it is checked. If not provided, the word "on" is
6278assumed.
6279
6280=item 4.
6281
6282The optional fourth parameter (-label) is the user-readable label to
6283be attached to the checkbox. If not provided, the checkbox name is
6284used.
6285
6286=back
6287
6288The value of the checkbox can be retrieved using:
6289
29ddc2a4 6290 $turned_on = param('checkbox_name');
54310121 6291
6292=head2 CREATING A RADIO BUTTON GROUP
6293
29ddc2a4 6294 print radio_group(-name=>'group_name',
54310121 6295 -values=>['eenie','meenie','minie'],
6296 -default=>'meenie',
6297 -linebreak=>'true',
188ba755
JH		 6298 -labels=>\%labels,
6299 -attributes=>\%attributes);
54310121 6300
6301 -or-
6302
29ddc2a4 6303 print radio_group('group_name',['eenie','meenie','minie'],
188ba755 6304 'meenie','true',\%labels,\%attributes);
54310121 6305
6306
6307 HTML3-COMPATIBLE BROWSERS ONLY:
6308
29ddc2a4 6309 print radio_group(-name=>'group_name',
54310121 6310 -values=>['eenie','meenie','minie','moe'],
6311 -rows=2,-columns=>2);
6312
6313radio_group() creates a set of logically-related radio buttons
6314(turning one member of the group on turns the others off)
6315
6316=over 4
6317
6318=item B<Parameters:>
6319
6320=item 1.
6321
6322The first argument is the name of the group and is required (-name).
6323
6324=item 2.
6325
6326The second argument (-values) is the list of values for the radio
6327buttons. The values and the labels that appear on the page are
6328identical. Pass an array I<reference> in the second argument, either
6329using an anonymous array, as shown, or by referencing a named array as
6330in "\@foo".
6331
6332=item 3.
6333
6334The optional third parameter (-default) is the name of the default
6335button to turn on. If not specified, the first item will be the
6336default. You can provide a nonexistent button name, such as "-" to
6337start up with no buttons selected.
6338
6339=item 4.
6340
6341The optional fourth parameter (-linebreak) can be set to 'true' to put
6342line breaks between the buttons, creating a vertical list.
6343
6344=item 5.
6345
6346The optional fifth parameter (-labels) is a pointer to an associative
6347array relating the radio button values to user-visible labels to be
6348used in the display. If not provided, the values themselves are
6349displayed.
6350
29ddc2a4 6351=back
54310121 6352
188ba755 6353
29ddc2a4
RGS		 6354All modern browsers can take advantage of the optional parameters
6355B<-rows>, and B<-columns>. These parameters cause radio_group() to
6356return an HTML3 compatible table containing the radio group formatted
6357with the specified number of rows and columns. You can provide just
6358the -columns parameter if you wish; radio_group will calculate the
6359correct number of rows for you.
188ba755 6360
54310121 6361To include row and column headings in the returned table, you
6362can use the B<-rowheader> and B<-colheader> parameters. Both
6363of these accept a pointer to an array of headings to use.
6364The headings are just decorative. They don't reorganize the
f610777f 6365interpretation of the radio buttons -- they're still a single named
54310121 6366unit.
6367
29ddc2a4
RGS		 6368The optional B<-tabindex> argument can be used to control the order in which
6369radio buttons receive focus when the user presses the tab button. If
6370passed a scalar numeric value, the first element in the group will
6371receive this tab index and subsequent elements will be incremented by
6372one. If given a reference to an array of radio button values, then
6373the indexes will be jiggered so that the order specified in the array
6374will correspond to the tab order. You can also pass a reference to a
6375hash in which the hash keys are the radio button values and the values
6376are the tab indexes of each button. Examples:
6377
6378 -tabindex => 100 # this group starts at index 100 and counts up
6379 -tabindex => ['moe','minie','eenie','meenie'] # tab in this order
6380 -tabindex => {meenie=>100,moe=>101,minie=>102,eenie=>200} # tab in this order
6381
6382
6383The optional B<-attributes> argument is provided to assign any of the
6384common HTML attributes to an individual menu item. It's a pointer to
6385an associative array relating menu values to another associative array
6386with the attribute's name as the key and the attribute's value as the
6387value.
54310121 6388
6389When the form is processed, the selected radio button can
6390be retrieved using:
6391
29ddc2a4 6392 $which_radio_button = param('group_name');
54310121 6393
6394The value returned by radio_group() is actually an array of button
6395elements. You can capture them and use them within tables, lists,
6396or in other creative ways:
6397
29ddc2a4 6398 @h = radio_group(-name=>'group_name',-values=>\@values);
54310121 6399 &use_in_creative_way(@h);
6400
6401=head2 CREATING A SUBMIT BUTTON
6402
29ddc2a4 6403 print submit(-name=>'button_name',
54310121 6404 -value=>'value');
6405
6406 -or-
6407
29ddc2a4 6408 print submit('button_name','value');
54310121 6409
6410submit() will create the query submission button. Every form
6411should have one of these.
6412
6413=over 4
6414
6415=item B<Parameters:>
6416
6417=item 1.
6418
6419The first argument (-name) is optional. You can give the button a
6420name if you have several submission buttons in your form and you want
13548fdf 6421to distinguish between them.
54310121 6422
6423=item 2.
6424
6425The second argument (-value) is also optional. This gives the button
13548fdf
RGS		 6426a value that will be passed to your script in the query string. The
6427name will also be used as the user-visible label.
6428
6429=item 3.
6430
6431You can use -label as an alias for -value. I always get confused
6432about which of -name and -value changes the user-visible label on the
6433button.
54310121 6434
6435=back
6436
6437You can figure out which button was pressed by using different
6438values for each one:
6439
29ddc2a4 6440 $which_one = param('button_name');
54310121 6441
6442=head2 CREATING A RESET BUTTON
6443
29ddc2a4 6444 print reset
54310121 6445
6446reset() creates the "reset" button. Note that it restores the
6447form to its value from the last time the script was called,
6448NOT necessarily to the defaults.
6449
71f3e297
JH		 6450Note that this conflicts with the Perl reset() built-in. Use
6451CORE::reset() to get the original reset function.
6452
54310121 6453=head2 CREATING A DEFAULT BUTTON
6454
29ddc2a4 6455 print defaults('button_label')
54310121 6456
6457defaults() creates a button that, when invoked, will cause the
6458form to be completely reset to its defaults, wiping out all the
6459changes the user ever made.
6460
6461=head2 CREATING A HIDDEN FIELD
6462
29ddc2a4 6463 print hidden(-name=>'hidden_name',
54310121 6464 -default=>['value1','value2'...]);
6465
6466 -or-
6467
29ddc2a4 6468 print hidden('hidden_name','value1','value2'...);
54310121 6469
6470hidden() produces a text field that can't be seen by the user. It
6471is useful for passing state variable information from one invocation
6472of the script to the next.
6473
6474=over 4
6475
6476=item B<Parameters:>
6477
6478=item 1.
6479
6480The first argument is required and specifies the name of this
6481field (-name).
6482
6483=item 2.
6484
6485The second argument is also required and specifies its value
6486(-default). In the named parameter style of calling, you can provide
6487a single value here or a reference to a whole list
6488
6489=back
6490
6491Fetch the value of a hidden field this way:
6492
29ddc2a4 6493 $hidden_value = param('hidden_name');
54310121 6494
6495Note, that just like all the other form elements, the value of a
6496hidden field is "sticky". If you want to replace a hidden field with
6497some other values after the script has been called once you'll have to
6498do it manually:
6499
29ddc2a4 6500 param('hidden_name','new','values','here');
54310121 6501
6502=head2 CREATING A CLICKABLE IMAGE BUTTON
6503
29ddc2a4 6504 print image_button(-name=>'button_name',
54310121 6505 -src=>'/source/URL',
6506 -align=>'MIDDLE');
6507
6508 -or-
6509
29ddc2a4 6510 print image_button('button_name','/source/URL','MIDDLE');
54310121 6511
6512image_button() produces a clickable image. When it's clicked on the
6513position of the click is returned to your script as "button_name.x"
6514and "button_name.y", where "button_name" is the name you've assigned
6515to it.
6516
54310121 6517=over 4
6518
6519=item B<Parameters:>
6520
6521=item 1.
6522
6523The first argument (-name) is required and specifies the name of this
6524field.
6525
6526=item 2.
6527
6528The second argument (-src) is also required and specifies the URL
6529
6530=item 3.
6531The third option (-align, optional) is an alignment type, and may be
6532TOP, BOTTOM or MIDDLE
6533
6534=back
6535
6536Fetch the value of the button this way:
29ddc2a4
RGS		 6537 $x = param('button_name.x');
6538 $y = param('button_name.y');
54310121 6539
6540=head2 CREATING A JAVASCRIPT ACTION BUTTON
6541
29ddc2a4 6542 print button(-name=>'button_name',
54310121 6543 -value=>'user visible label',
6544 -onClick=>"do_something()");
6545
6546 -or-
6547
29ddc2a4 6548 print button('button_name',"do_something()");
54310121 6549
6550button() produces a button that is compatible with Netscape 2.0's
6551JavaScript. When it's pressed the fragment of JavaScript code
6552pointed to by the B<-onClick> parameter will be executed. On
6553non-Netscape browsers this form element will probably not even
6554display.
6555
71f3e297 6556=head1 HTTP COOKIES
54310121 6557
71f3e297
JH		 6558Netscape browsers versions 1.1 and higher, and all versions of
6559Internet Explorer, support a so-called "cookie" designed to help
6560maintain state within a browser session. CGI.pm has several methods
6561that support cookies.
54310121 6562
6563A cookie is a name=value pair much like the named parameters in a CGI
6564query string. CGI scripts create one or more cookies and send
6565them to the browser in the HTTP header. The browser maintains a list
6566of cookies that belong to a particular Web server, and returns them
6567to the CGI script during subsequent interactions.
6568
6569In addition to the required name=value pair, each cookie has several
6570optional attributes:
6571
6572=over 4
6573
6574=item 1. an expiration time
6575
6576This is a time/date string (in a special GMT format) that indicates
6577when a cookie expires. The cookie will be saved and returned to your
6578script until this expiration date is reached if the user exits
71f3e297
JH		 6579the browser and restarts it. If an expiration date isn't specified, the cookie
6580will remain active until the user quits the browser.
54310121 6581
6582=item 2. a domain
6583
6584This is a partial or complete domain name for which the cookie is
6585valid. The browser will return the cookie to any host that matches
6586the partial domain name. For example, if you specify a domain name
71f3e297 6587of ".capricorn.com", then the browser will return the cookie to
54310121 6588Web servers running on any of the machines "www.capricorn.com",
6589"www2.capricorn.com", "feckless.capricorn.com", etc. Domain names
6590must contain at least two periods to prevent attempts to match
6591on top level domains like ".edu". If no domain is specified, then
6592the browser will only return the cookie to servers on the host the
6593cookie originated from.
6594
6595=item 3. a path
6596
6597If you provide a cookie path attribute, the browser will check it
6598against your script's URL before returning the cookie. For example,
6599if you specify the path "/cgi-bin", then the cookie will be returned
6600to each of the scripts "/cgi-bin/tally.pl", "/cgi-bin/order.pl",
6601and "/cgi-bin/customer_service/complain.pl", but not to the script
6602"/cgi-private/site_admin.pl". By default, path is set to "/", which
6603causes the cookie to be sent to any CGI script on your site.
6604
6605=item 4. a "secure" flag
6606
6607If the "secure" attribute is set, the cookie will only be sent to your
6608script if the CGI request is occurring on a secure channel, such as SSL.
6609
6610=back
6611
71f3e297 6612The interface to HTTP cookies is the B<cookie()> method:
54310121 6613
29ddc2a4 6614 $cookie = cookie(-name=>'sessionID',
54310121 6615 -value=>'xyzzy',
6616 -expires=>'+1h',
6617 -path=>'/cgi-bin/database',
6618 -domain=>'.capricorn.org',
6619 -secure=>1);
29ddc2a4 6620 print header(-cookie=>$cookie);
54310121 6621
6622B<cookie()> creates a new cookie. Its parameters include:
6623
6624=over 4
6625
6626=item B<-name>
6627
6628The name of the cookie (required). This can be any string at all.
71f3e297 6629Although browsers limit their cookie names to non-whitespace
54310121 6630alphanumeric characters, CGI.pm removes this restriction by escaping
6631and unescaping cookies behind the scenes.
6632
6633=item B<-value>
6634
6635The value of the cookie. This can be any scalar value,
6636array reference, or even associative array reference. For example,
6637you can store an entire associative array into a cookie this way:
6638
29ddc2a4 6639 $cookie=cookie(-name=>'family information',
54310121 6640 -value=>\%childrens_ages);
6641
6642=item B<-path>
6643
6644The optional partial path for which this cookie will be valid, as described
6645above.
6646
6647=item B<-domain>
6648
6649The optional partial domain for which this cookie will be valid, as described
6650above.
6651
6652=item B<-expires>
6653
6654The optional expiration date for this cookie. The format is as described
6655in the section on the B<header()> method:
6656
6657 "+1h" one hour from now
6658
6659=item B<-secure>
6660
6661If set to true, this cookie will only be used within a secure
6662SSL session.
6663
6664=back
6665
6666The cookie created by cookie() must be incorporated into the HTTP
6667header within the string returned by the header() method:
6668
0664a57d 6669 use CGI ':standard';
29ddc2a4 6670 print header(-cookie=>$my_cookie);
54310121 6671
6672To create multiple cookies, give header() an array reference:
6673
29ddc2a4 6674 $cookie1 = cookie(-name=>'riddle_name',
54310121 6675 -value=>"The Sphynx's Question");
29ddc2a4 6676 $cookie2 = cookie(-name=>'answers',
54310121 6677 -value=>\%answers);
29ddc2a4 6678 print header(-cookie=>[$cookie1,$cookie2]);
54310121 6679
03b9648d 6680To retrieve a cookie, request it by name by calling cookie() method
0664a57d
SP		 6681without the B<-value> parameter. This example uses the object-oriented
6682form:
54310121 6683
6684 use CGI;
6685 $query = new CGI;
0664a57d
SP		 6686 $riddle = $query->cookie('riddle_name');
6687 %answers = $query->cookie('answers');
03b9648d
JH		 6688
6689Cookies created with a single scalar value, such as the "riddle_name"
6690cookie, will be returned in that form. Cookies with array and hash
6691values can also be retrieved.
54310121 6692
6693The cookie and CGI namespaces are separate. If you have a parameter
6694named 'answers' and a cookie named 'answers', the values retrieved by
6695param() and cookie() are independent of each other. However, it's
6696simple to turn a CGI parameter into a cookie, and vice-versa:
6697
6698 # turn a CGI parameter into a cookie
29ddc2a4 6699 $c=cookie(-name=>'answers',-value=>[param('answers')]);
54310121 6700 # vice-versa
29ddc2a4 6701 param(-name=>'answers',-value=>[cookie('answers')]);
54310121 6702
55b5d700
SP		 6703If you call cookie() without any parameters, it will return a list of
6704the names of all cookies passed to your script:
6705
6706 @cookies = cookie();
6707
54310121 6708See the B<cookie.cgi> example script for some ideas on how to use
6709cookies effectively.
6710
71f3e297 6711=head1 WORKING WITH FRAMES
54310121 6712
71f3e297
JH		 6713It's possible for CGI.pm scripts to write into several browser panels
6714and windows using the HTML 4 frame mechanism. There are three
6715techniques for defining new frames programmatically:
54310121 6716
6717=over 4
6718
6719=item 1. Create a <Frameset> document
6720
6721After writing out the HTTP header, instead of creating a standard
3acbd4f5 6722HTML document using the start_html() call, create a <frameset>
54310121 6723document that defines the frames on the page. Specify your script(s)
6724(with appropriate parameters) as the SRC for each of the frames.
6725
3acbd4f5 6726There is no specific support for creating <frameset> sections
54310121 6727in CGI.pm, but the HTML is very simple to write. See the frame
6728documentation in Netscape's home pages for details
6729
0664a57d 6730 http://wp.netscape.com/assist/net_sites/frames.html
54310121 6731
6732=item 2. Specify the destination for the document in the HTTP header
6733
6734You may provide a B<-target> parameter to the header() method:
3cb6de81 6735
29ddc2a4 6736 print header(-target=>'ResultsWindow');
54310121 6737
71f3e297
JH		 6738This will tell the browser to load the output of your script into the
6739frame named "ResultsWindow". If a frame of that name doesn't already
6740exist, the browser will pop up a new window and load your script's
6741document into that. There are a number of magic names that you can
6742use for targets. See the frame documents on Netscape's home pages for
6743details.
54310121 6744
3acbd4f5 6745=item 3. Specify the destination for the document in the <form> tag
54310121 6746
6747You can specify the frame to load in the FORM tag itself. With
6748CGI.pm it looks like this:
6749
29ddc2a4 6750 print start_form(-target=>'ResultsWindow');
54310121 6751
6752When your script is reinvoked by the form, its output will be loaded
6753into the frame named "ResultsWindow". If one doesn't already exist
6754a new window will be created.
6755
6756=back
6757
6758The script "frameset.cgi" in the examples directory shows one way to
6759create pages in which the fill-out form and the response live in
6760side-by-side frames.
6761
29ddc2a4
RGS		 6762=head1 SUPPORT FOR JAVASCRIPT
6763
6764Netscape versions 2.0 and higher incorporate an interpreted language
6765called JavaScript. Internet Explorer, 3.0 and higher, supports a
6766closely-related dialect called JScript. JavaScript isn't the same as
6767Java, and certainly isn't at all the same as Perl, which is a great
3c4b39be 6768pity. JavaScript allows you to programmatically change the contents of
29ddc2a4
RGS		 6769fill-out forms, create new windows, and pop up dialog box from within
6770Netscape itself. From the point of view of CGI scripting, JavaScript
6771is quite useful for validating fill-out forms prior to submitting
6772them.
6773
6774You'll need to know JavaScript in order to use it. There are many good
6775sources in bookstores and on the web.
6776
6777The usual way to use JavaScript is to define a set of functions in a
6778<SCRIPT> block inside the HTML header and then to register event
6779handlers in the various elements of the page. Events include such
6780things as the mouse passing over a form element, a button being
6781clicked, the contents of a text field changing, or a form being
6782submitted. When an event occurs that involves an element that has
6783registered an event handler, its associated JavaScript code gets
6784called.
6785
6786The elements that can register event handlers include the <BODY> of an
6787HTML document, hypertext links, all the various elements of a fill-out
6788form, and the form itself. There are a large number of events, and
6789each applies only to the elements for which it is relevant. Here is a
6790partial list:
6791
6792=over 4
6793
6794=item B<onLoad>
6795
6796The browser is loading the current document. Valid in:
6797
6798 + The HTML <BODY> section only.
6799
6800=item B<onUnload>
6801
6802The browser is closing the current page or frame. Valid for:
6803
6804 + The HTML <BODY> section only.
6805
6806=item B<onSubmit>
6807
6808The user has pressed the submit button of a form. This event happens
6809just before the form is submitted, and your function can return a
6810value of false in order to abort the submission. Valid for:
6811
6812 + Forms only.
6813
6814=item B<onClick>
6815
6816The mouse has clicked on an item in a fill-out form. Valid for:
6817
6818 + Buttons (including submit, reset, and image buttons)
6819 + Checkboxes
6820 + Radio buttons
6821
6822=item B<onChange>
6823
6824The user has changed the contents of a field. Valid for:
6825
6826 + Text fields
6827 + Text areas
6828 + Password fields
6829 + File fields
6830 + Popup Menus
6831 + Scrolling lists
6832
6833=item B<onFocus>
6834
6835The user has selected a field to work with. Valid for:
6836
6837 + Text fields
6838 + Text areas
6839 + Password fields
6840 + File fields
6841 + Popup Menus
6842 + Scrolling lists
6843
6844=item B<onBlur>
6845
6846The user has deselected a field (gone to work somewhere else). Valid
6847for:
6848
6849 + Text fields
6850 + Text areas
6851 + Password fields
6852 + File fields
6853 + Popup Menus
6854 + Scrolling lists
6855
6856=item B<onSelect>
6857
6858The user has changed the part of a text field that is selected. Valid
6859for:
6860
6861 + Text fields
6862 + Text areas
6863 + Password fields
6864 + File fields
6865
6866=item B<onMouseOver>
6867
6868The mouse has moved over an element.
6869
6870 + Text fields
6871 + Text areas
6872 + Password fields
6873 + File fields
6874 + Popup Menus
6875 + Scrolling lists
6876
6877=item B<onMouseOut>
6878
6879The mouse has moved off an element.
6880
6881 + Text fields
6882 + Text areas
6883 + Password fields
6884 + File fields
6885 + Popup Menus
6886 + Scrolling lists
6887
6888=back
6889
6890In order to register a JavaScript event handler with an HTML element,
6891just use the event name as a parameter when you call the corresponding
6892CGI method. For example, to have your validateAge() JavaScript code
6893executed every time the textfield named "age" changes, generate the
6894field like this:
6895
6896 print textfield(-name=>'age',-onChange=>"validateAge(this)");
6897
6898This example assumes that you've already declared the validateAge()
6899function by incorporating it into a <SCRIPT> block. The CGI.pm
6900start_html() method provides a convenient way to create this section.
6901
6902Similarly, you can create a form that checks itself over for
6903consistency and alerts the user if some essential value is missing by
6904creating it this way:
6905 print startform(-onSubmit=>"validateMe(this)");
6906
6907See the javascript.cgi script for a demonstration of how this all
6908works.
6909
6910
7d37aa8e
LS		 6911=head1 LIMITED SUPPORT FOR CASCADING STYLE SHEETS
6912
6913CGI.pm has limited support for HTML3's cascading style sheets (css).
6914To incorporate a stylesheet into your document, pass the
6915start_html() method a B<-style> parameter. The value of this
2ed511ec
RGS		 6916parameter may be a scalar, in which case it is treated as the source
6917URL for the stylesheet, or it may be a hash reference. In the latter
7d37aa8e
LS		 6918case you should provide the hash with one or more of B<-src> or
6919B<-code>. B<-src> points to a URL where an externally-defined
6920stylesheet can be found. B<-code> points to a scalar value to be
3acbd4f5 6921incorporated into a <style> section. Style definitions in B<-code>
7d37aa8e
LS		 6922override similarly-named ones in B<-src>, hence the name "cascading."
6923
424ec8fa
GS		 6924You may also specify the type of the stylesheet by adding the optional
6925B<-type> parameter to the hash pointed to by B<-style>. If not
6926specified, the style defaults to 'text/css'.
6927
7d37aa8e
LS		 6928To refer to a style within the body of your document, add the
6929B<-class> parameter to any HTML element:
6930
6931 print h1({-class=>'Fancy'},'Welcome to the Party');
6932
6933Or define styles on the fly with the B<-style> parameter:
6934
6935 print h1({-style=>'Color: red;'},'Welcome to Hell');
6936
6937You may also use the new B<span()> element to apply a style to a
6938section of text:
6939
6940 print span({-style=>'Color: red;'},
6941 h1('Welcome to Hell'),
6942 "Where did that handbasket get to?"
6943 );
6944
6945Note that you must import the ":html3" definitions to have the
6946B<span()> method available. Here's a quick and dirty example of using
6947CSS's. See the CSS specification at
6948http://www.w3.org/pub/WWW/TR/Wd-css-1.html for more information.
6949
6950 use CGI qw/:standard :html3/;
6951
6952 #here's a stylesheet incorporated directly into the page
6953 $newStyle=<<END;
6954 <!--
6955 P.Tip {
6956 margin-right: 50pt;
6957 margin-left: 50pt;
6958 color: red;
6959 }
6960 P.Alert {
6961 font-size: 30pt;
6962 font-family: sans-serif;
6963 color: red;
6964 }
6965 -->
6966 END
6967 print header();
6968 print start_html( -title=>'CGI with Style',
6969 -style=>{-src=>'http://www.capricorn.com/style/st1.css',
6970 -code=>$newStyle}
6971 );
6972 print h1('CGI with Style'),
6973 p({-class=>'Tip'},
6974 "Better read the cascading style sheet spec before playing with this!"),
6975 span({-style=>'color: magenta'},
6976 "Look Mom, no hands!",
6977 p(),
6978 "Whooo wee!"
6979 );
6980 print end_html;
6981
13548fdf
RGS		 6982Pass an array reference to B<-code> or B<-src> in order to incorporate
6983multiple stylesheets into your document.
6b4ac661 6984
8f3ccfa2
JH		 6985Should you wish to incorporate a verbatim stylesheet that includes
6986arbitrary formatting in the header, you may pass a -verbatim tag to
6987the -style hash, as follows:
6988
29ddc2a4 6989print start_html (-STYLE => {-verbatim => '@import
8f3ccfa2
JH		 6990url("/server-common/css/'.$cssFile.'");',
6991 -src => '/server-common/css/core.css'});
6992</blockquote></pre>
6993
6994
6995This will generate an HTML header that contains this:
6996
6997 <link rel="stylesheet" type="text/css" href="/server-common/css/core.css">
6998 <style type="text/css">
6999 @import url("/server-common/css/main.css");
7000 </style>
7001
1c87da1d
JH		 7002Any additional arguments passed in the -style value will be
7003incorporated into the <link> tag. For example:
7004
7005 start_html(-style=>{-src=>['/styles/print.css','/styles/layout.css'],
7006 -media => 'all'});
7007
7008This will give:
7009
7010 <link rel="stylesheet" type="text/css" href="/styles/print.css" media="all"/>
7011 <link rel="stylesheet" type="text/css" href="/styles/layout.css" media="all"/>
7012
7013<p>
7014
7015To make more complicated <link> tags, use the Link() function
7016and pass it to start_html() in the -head argument, as in:
7017
7018 @h = (Link({-rel=>'stylesheet',-type=>'text/css',-src=>'/ss/ss.css',-media=>'all'}),
7019 Link({-rel=>'stylesheet',-type=>'text/css',-src=>'/ss/fred.css',-media=>'paper'}));
7020 print start_html({-head=>\@h})
7021
0664a57d
SP		 7022To create primary and "alternate" stylesheet, use the B<-alternate> option:
7023
7024 start_html(-style=>{-src=>[
7025 {-src=>'/styles/print.css'},
7026 {-src=>'/styles/alt.css',-alternate=>1}
7027 ]
7028 });
7029
54310121 7030=head1 DEBUGGING
7031
3d1a2ec4
GS		 7032If you are running the script from the command line or in the perl
7033debugger, you can pass the script a list of keywords or
7034parameter=value pairs on the command line or from standard input (you
7035don't have to worry about tricking your script into reading from
7036environment variables). You can pass keywords like this:
54310121 7037
7038 your_script.pl keyword1 keyword2 keyword3
7039
7040or this:
7041
7042 your_script.pl keyword1+keyword2+keyword3
7043
7044or this:
7045
7046 your_script.pl name1=value1 name2=value2
7047
7048or this:
7049
7050 your_script.pl name1=value1&name2=value2
7051
3d1a2ec4
GS		 7052To turn off this feature, use the -no_debug pragma.
7053
7054To test the POST method, you may enable full debugging with the -debug
7055pragma. This will allow you to feed newline-delimited name=value
7056pairs to the script on standard input.
54310121 7057
7058When debugging, you can use quotes and backslashes to escape
7059characters in the familiar shell manner, letting you place
7060spaces and other funny characters in your parameter=value
7061pairs:
7062
7063 your_script.pl "name1='I am a long value'" "name2=two\ words"
7064
2ed511ec
RGS		 7065Finally, you can set the path info for the script by prefixing the first
7066name/value parameter with the path followed by a question mark (?):
7067
7068 your_script.pl /your/path/here?name1=value1&name2=value2
7069
54310121 7070=head2 DUMPING OUT ALL THE NAME/VALUE PAIRS
7071
3d1a2ec4 7072The Dump() method produces a string consisting of all the query's
54310121 7073name/value pairs formatted nicely as a nested list. This is useful
7074for debugging purposes:
7075
29ddc2a4 7076 print Dump
3cb6de81 7077
54310121 7078
7079Produces something that looks like:
7080
3acbd4f5
JH		 7081 <ul>
7082 <li>name1
7083 <ul>
7084 <li>value1
7085 <li>value2
7086 </ul>
7087 <li>name2
7088 <ul>
7089 <li>value1
7090 </ul>
7091 </ul>
54310121 7092
71f3e297
JH		 7093As a shortcut, you can interpolate the entire CGI object into a string
7094and it will be replaced with the a nice HTML dump shown above:
54310121 7095
7096 $query=new CGI;
3acbd4f5 7097 print "<h2>Current Values</h2> $query\n";
54310121 7098
7099=head1 FETCHING ENVIRONMENT VARIABLES
7100
7101Some of the more useful environment variables can be fetched
7102through this interface. The methods are as follows:
7103
7104=over 4
7105
71f3e297
JH		 7106=item B<Accept()>
7107
7108Return a list of MIME types that the remote browser accepts. If you
7109give this method a single argument corresponding to a MIME type, as in
29ddc2a4 7110Accept('text/html'), it will return a floating point value
71f3e297
JH		 7111corresponding to the browser's preference for this type from 0.0
7112(don't want) to 1.0. Glob types (e.g. text/*) in the browser's accept
7113list are handled correctly.
54310121 7114
71f3e297
JH		 7115Note that the capitalization changed between version 2.43 and 2.44 in
7116order to avoid conflict with Perl's accept() function.
54310121 7117
7118=item B<raw_cookie()>
7119
424ec8fa 7120Returns the HTTP_COOKIE variable, an HTTP extension implemented by
71f3e297
JH		 7121Netscape browsers version 1.1 and higher, and all versions of Internet
7122Explorer. Cookies have a special format, and this method call just
7123returns the raw form (?cookie dough). See cookie() for ways of
7124setting and retrieving cooked cookies.
424ec8fa
GS		 7125
7126Called with no parameters, raw_cookie() returns the packed cookie
7127structure. You can separate it into individual cookies by splitting
7128on the character sequence "; ". Called with the name of a cookie,
7129retrieves the B<unescaped> form of the cookie. You can use the
7130regular cookie() method to get the names, or use the raw_fetch()
7131method from the CGI::Cookie module.
54310121 7132
7133=item B<user_agent()>
7134
7135Returns the HTTP_USER_AGENT variable. If you give
7136this method a single argument, it will attempt to
7137pattern match on it, allowing you to do something
29ddc2a4 7138like user_agent(netscape);
54310121 7139
7140=item B<path_info()>
7141
7142Returns additional path information from the script URL.
6b4ac661 7143E.G. fetching /cgi-bin/your_script/additional/stuff will result in
29ddc2a4 7144path_info() returning "/additional/stuff".
54310121 7145
7146NOTE: The Microsoft Internet Information Server
7147is broken with respect to additional path information. If
7148you use the Perl DLL library, the IIS server will attempt to
7149execute the additional path information as a Perl script.
7150If you use the ordinary file associations mapping, the
7151path information will be present in the environment,
7152but incorrect. The best thing to do is to avoid using additional
7153path information in CGI scripts destined for use with IIS.
7154
7155=item B<path_translated()>
7156
7157As per path_info() but returns the additional
7158path information translated into a physical path, e.g.
7159"/usr/local/etc/httpd/htdocs/additional/stuff".
7160
7161The Microsoft IIS is broken with respect to the translated
7162path as well.
7163
7164=item B<remote_host()>
7165
7166Returns either the remote host name or IP address.
7167if the former is unavailable.
7168
7169=item B<script_name()>
7170Return the script name as a partial URL, for self-refering
7171scripts.
7172
7173=item B<referer()>
7174
7175Return the URL of the page the browser was viewing
7176prior to fetching your script. Not available for all
7177browsers.
7178
7179=item B<auth_type ()>
7180
7181Return the authorization/verification method in use for this
7182script, if any.
7183
7184=item B<server_name ()>
7185
7186Returns the name of the server, usually the machine's host
7187name.
7188
7189=item B<virtual_host ()>
7190
7191When using virtual hosts, returns the name of the host that
7192the browser attempted to contact
7193
03b9648d
JH		 7194=item B<server_port ()>
7195
7196Return the port that the server is listening on.
7197
2ed511ec
RGS		 7198=item B<virtual_port ()>
7199
7200Like server_port() except that it takes virtual hosts into account.
7201Use this when running with virtual hosts.
7202
54310121 7203=item B<server_software ()>
7204
7205Returns the server software and version number.
7206
7207=item B<remote_user ()>
7208
7209Return the authorization/verification name used for user
7210verification, if this script is protected.
7211
7212=item B<user_name ()>
7213
71f3e297
JH		 7214Attempt to obtain the remote user's name, using a variety of different
7215techniques. This only works with older browsers such as Mosaic.
7216Newer browsers do not report the user name for privacy reasons!
54310121 7217
7218=item B<request_method()>
7219
7220Returns the method used to access your script, usually
7221one of 'POST', 'GET' or 'HEAD'.
7222
3538e1d5
GS		 7223=item B<content_type()>
7224
7225Returns the content_type of data submitted in a POST, generally
7226multipart/form-data or application/x-www-form-urlencoded
7227
7228=item B<http()>
7229
7230Called with no arguments returns the list of HTTP environment
7231variables, including such things as HTTP_USER_AGENT,
7232HTTP_ACCEPT_LANGUAGE, and HTTP_ACCEPT_CHARSET, corresponding to the
7233like-named HTTP header fields in the request. Called with the name of
7234an HTTP header field, returns its value. Capitalization and the use
7235of hyphens versus underscores are not significant.
7236
7237For example, all three of these examples are equivalent:
7238
29ddc2a4
RGS		 7239 $requested_language = http('Accept-language');
7240 $requested_language = http('Accept_language');
7241 $requested_language = http('HTTP_ACCEPT_LANGUAGE');
3538e1d5
GS		 7242
7243=item B<https()>
7244
7245The same as I<http()>, but operates on the HTTPS environment variables
7246present when the SSL protocol is in effect. Can be used to determine
7247whether SSL is turned on.
7248
54310121 7249=back
7250
424ec8fa 7251=head1 USING NPH SCRIPTS
54310121 7252
424ec8fa
GS		 7253NPH, or "no-parsed-header", scripts bypass the server completely by
7254sending the complete HTTP header directly to the browser. This has
7255slight performance benefits, but is of most use for taking advantage
7256of HTTP extensions that are not directly supported by your server,
7257such as server push and PICS headers.
54310121 7258
424ec8fa
GS		 7259Servers use a variety of conventions for designating CGI scripts as
7260NPH. Many Unix servers look at the beginning of the script's name for
7261the prefix "nph-". The Macintosh WebSTAR server and Microsoft's
7262Internet Information Server, in contrast, try to decide whether a
7263program is an NPH script by examining the first line of script output.
54310121 7264
54310121 7265
424ec8fa
GS		 7266CGI.pm supports NPH scripts with a special NPH mode. When in this
7267mode, CGI.pm will output the necessary extra header information when
7268the header() and redirect() methods are
7269called.
54310121 7270
69c89ae7
JH		 7271The Microsoft Internet Information Server requires NPH mode. As of
7272version 2.30, CGI.pm will automatically detect when the script is
7273running under IIS and put itself into this mode. You do not need to
7274do this manually, although it won't hurt anything if you do. However,
7275note that if you have applied Service Pack 6, much of the
7276functionality of NPH scripts, including the ability to redirect while
7277setting a cookie, b<do not work at all> on IIS without a special patch
7278from Microsoft. See
7279http://support.microsoft.com/support/kb/articles/Q280/3/41.ASP:
7280Non-Parsed Headers Stripped From CGI Applications That Have nph-
7281Prefix in Name.
54310121 7282
424ec8fa 7283=over 4
54310121 7284
424ec8fa 7285=item In the B<use> statement
54310121 7286
424ec8fa
GS		 7287Simply add the "-nph" pragmato the list of symbols to be imported into
7288your script:
54310121 7289
424ec8fa 7290 use CGI qw(:standard -nph)
54310121 7291
424ec8fa 7292=item By calling the B<nph()> method:
54310121 7293
424ec8fa 7294Call B<nph()> with a non-zero parameter at any point after using CGI.pm in your program.
54310121 7295
424ec8fa 7296 CGI->nph(1)
54310121 7297
551e1d92
RB		 7298=item By using B<-nph> parameters
7299
7300in the B<header()> and B<redirect()> statements:
54310121 7301
29ddc2a4 7302 print header(-nph=>1);
54310121 7303
424ec8fa 7304=back
54310121 7305
424ec8fa
GS		 7306=head1 Server Push
7307
ba056755 7308CGI.pm provides four simple functions for producing multipart
424ec8fa
GS		 7309documents of the type needed to implement server push. These
7310functions were graciously provided by Ed Jordan <ed@fidalgo.net>. To
7311import these into your namespace, you must import the ":push" set.
7312You are also advised to put the script into NPH mode and to set $| to
73131 to avoid buffering problems.
7314
7315Here is a simple script that demonstrates server push:
7316
7317 #!/usr/local/bin/perl
7318 use CGI qw/:push -nph/;
7319 $| = 1;
ba056755
JH		 7320 print multipart_init(-boundary=>'----here we go!');
7321 foreach (0 .. 4) {
424ec8fa 7322 print multipart_start(-type=>'text/plain'),
ba056755
JH		 7323 "The current time is ",scalar(localtime),"\n";
7324 if ($_ < 4) {
7325 print multipart_end;
7326 } else {
7327 print multipart_final;
7328 }
424ec8fa
GS		 7329 sleep 1;
7330 }
54310121 7331
424ec8fa 7332This script initializes server push by calling B<multipart_init()>.
ba056755
JH		 7333It then enters a loop in which it begins a new multipart section by
7334calling B<multipart_start()>, prints the current local time,
424ec8fa 7335and ends a multipart section with B<multipart_end()>. It then sleeps
ba056755
JH		 7336a second, and begins again. On the final iteration, it ends the
7337multipart section with B<multipart_final()> rather than with
7338B<multipart_end()>.
54310121 7339
424ec8fa 7340=over 4
54310121 7341
424ec8fa 7342=item multipart_init()
3cb6de81 7343
424ec8fa 7344 multipart_init(-boundary=>$boundary);
54310121 7345
424ec8fa
GS		 7346Initialize the multipart system. The -boundary argument specifies
7347what MIME boundary string to use to separate parts of the document.
7348If not provided, CGI.pm chooses a reasonable boundary for you.
54310121 7349
424ec8fa 7350=item multipart_start()
54310121 7351
424ec8fa 7352 multipart_start(-type=>$type)
54310121 7353
424ec8fa
GS		 7354Start a new part of the multipart document using the specified MIME
7355type. If not specified, text/html is assumed.
54310121 7356
424ec8fa 7357=item multipart_end()
54310121 7358
424ec8fa 7359 multipart_end()
54310121 7360
424ec8fa 7361End a part. You must remember to call multipart_end() once for each
ba056755
JH		 7362multipart_start(), except at the end of the last part of the multipart
7363document when multipart_final() should be called instead of multipart_end().
7364
7365=item multipart_final()
7366
7367 multipart_final()
7368
7369End all parts. You should call multipart_final() rather than
7370multipart_end() at the end of the last part of the multipart document.
54310121 7371
424ec8fa 7372=back
54310121 7373
424ec8fa
GS		 7374Users interested in server push applications should also have a look
7375at the CGI::Push module.
54310121 7376
ba056755
JH		 7377Only Netscape Navigator supports server push. Internet Explorer
7378browsers do not.
7379
424ec8fa 7380=head1 Avoiding Denial of Service Attacks
54310121 7381
424ec8fa
GS		 7382A potential problem with CGI.pm is that, by default, it attempts to
7383process form POSTings no matter how large they are. A wily hacker
7384could attack your site by sending a CGI script a huge POST of many
7385megabytes. CGI.pm will attempt to read the entire POST into a
7386variable, growing hugely in size until it runs out of memory. While
7387the script attempts to allocate the memory the system may slow down
7388dramatically. This is a form of denial of service attack.
54310121 7389
424ec8fa
GS		 7390Another possible attack is for the remote user to force CGI.pm to
7391accept a huge file upload. CGI.pm will accept the upload and store it
7392in a temporary directory even if your script doesn't expect to receive
7393an uploaded file. CGI.pm will delete the file automatically when it
7394terminates, but in the meantime the remote user may have filled up the
7395server's disk space, causing problems for other programs.
54310121 7396
424ec8fa
GS		 7397The best way to avoid denial of service attacks is to limit the amount
7398of memory, CPU time and disk space that CGI scripts can use. Some Web
7399servers come with built-in facilities to accomplish this. In other
7400cases, you can use the shell I<limit> or I<ulimit>
7401commands to put ceilings on CGI resource usage.
54310121 7402
54310121 7403
424ec8fa
GS		 7404CGI.pm also has some simple built-in protections against denial of
7405service attacks, but you must activate them before you can use them.
7406These take the form of two global variables in the CGI name space:
54310121 7407
424ec8fa 7408=over 4
54310121 7409
424ec8fa 7410=item B<$CGI::POST_MAX>
54310121 7411
424ec8fa
GS		 7412If set to a non-negative integer, this variable puts a ceiling
7413on the size of POSTings, in bytes. If CGI.pm detects a POST
7414that is greater than the ceiling, it will immediately exit with an error
7415message. This value will affect both ordinary POSTs and
7416multipart POSTs, meaning that it limits the maximum size of file
7417uploads as well. You should set this to a reasonably high
7418value, such as 1 megabyte.
54310121 7419
424ec8fa 7420=item B<$CGI::DISABLE_UPLOADS>
54310121 7421
424ec8fa
GS		 7422If set to a non-zero value, this will disable file uploads
7423completely. Other fill-out form values will work as usual.
54310121 7424
7425=back
7426
424ec8fa 7427You can use these variables in either of two ways.
54310121 7428
424ec8fa 7429=over 4
54310121 7430
424ec8fa 7431=item B<1. On a script-by-script basis>
54310121 7432
424ec8fa 7433Set the variable at the top of the script, right after the "use" statement:
54310121 7434
424ec8fa
GS		 7435 use CGI qw/:standard/;
7436 use CGI::Carp 'fatalsToBrowser';
7437 $CGI::POST_MAX=1024 * 100; # max 100K posts
7438 $CGI::DISABLE_UPLOADS = 1; # no uploads
54310121 7439
424ec8fa 7440=item B<2. Globally for all scripts>
54310121 7441
424ec8fa
GS		 7442Open up CGI.pm, find the definitions for $POST_MAX and
7443$DISABLE_UPLOADS, and set them to the desired values. You'll
7444find them towards the top of the file in a subroutine named
7445initialize_globals().
54310121 7446
424ec8fa 7447=back
54310121 7448
3538e1d5
GS		 7449An attempt to send a POST larger than $POST_MAX bytes will cause
7450I<param()> to return an empty CGI parameter list. You can test for
7451this event by checking I<cgi_error()>, either after you create the CGI
7452object or, if you are using the function-oriented interface, call
7453<param()> for the first time. If the POST was intercepted, then
7454cgi_error() will return the message "413 POST too large".
7455
7456This error message is actually defined by the HTTP protocol, and is
7457designed to be returned to the browser as the CGI script's status
7458 code. For example:
7459
7460 $uploaded_file = param('upload');
7461 if (!$uploaded_file && cgi_error()) {
7462 print header(-status=>cgi_error());
7463 exit 0;
7464 }
7465
7466However it isn't clear that any browser currently knows what to do
7467with this status code. It might be better just to create an
7468HTML page that warns the user of the problem.
54310121 7469
424ec8fa 7470=head1 COMPATIBILITY WITH CGI-LIB.PL
54310121 7471
3538e1d5
GS		 7472To make it easier to port existing programs that use cgi-lib.pl the
7473compatibility routine "ReadParse" is provided. Porting is simple:
54310121 7474
424ec8fa
GS		 7475OLD VERSION
7476 require "cgi-lib.pl";
7477 &ReadParse;
7478 print "The value of the antique is $in{antique}.\n";
54310121 7479
424ec8fa
GS		 7480NEW VERSION
7481 use CGI;
5158e96b 7482 CGI::ReadParse();
424ec8fa 7483 print "The value of the antique is $in{antique}.\n";
54310121 7484
424ec8fa
GS		 7485CGI.pm's ReadParse() routine creates a tied variable named %in,
7486which can be accessed to obtain the query variables. Like
7487ReadParse, you can also provide your own variable. Infrequently
7488used features of ReadParse, such as the creation of @in and $in
7489variables, are not supported.
54310121 7490
424ec8fa
GS		 7491Once you use ReadParse, you can retrieve the query object itself
7492this way:
54310121 7493
424ec8fa 7494 $q = $in{CGI};
29ddc2a4 7495 print textfield(-name=>'wow',
424ec8fa 7496 -value=>'does this really work?');
54310121 7497
424ec8fa
GS		 7498This allows you to start using the more interesting features
7499of CGI.pm without rewriting your old scripts from scratch.
54310121 7500
7501=head1 AUTHOR INFORMATION
7502
71f3e297
JH		 7503Copyright 1995-1998, Lincoln D. Stein. All rights reserved.
7504
7505This library is free software; you can redistribute it and/or modify
7506it under the same terms as Perl itself.
54310121 7507
71f3e297
JH		 7508Address bug reports and comments to: lstein@cshl.org. When sending
7509bug reports, please provide the version of CGI.pm, the version of
7510Perl, the name and version of your Web server, and the name and
7511version of the operating system you are using. If the problem is even
7512remotely browser dependent, please provide information about the
7513affected browers as well.
54310121 7514
7515=head1 CREDITS
7516
7517Thanks very much to:
7518
7519=over 4
7520
7521=item Matt Heffron (heffron@falstaff.css.beckman.com)
7522
7523=item James Taylor (james.taylor@srs.gov)
7524
7525=item Scott Anguish <sanguish@digifix.com>
7526
7527=item Mike Jewell (mlj3u@virginia.edu)
7528
7529=item Timothy Shimmin (tes@kbs.citri.edu.au)
7530
7531=item Joergen Haegg (jh@axis.se)
7532
71f3e297 7533=item Laurent Delfosse (delfosse@delfosse.com)
54310121 7534
7535=item Richard Resnick (applepi1@aol.com)
7536
7537=item Craig Bishop (csb@barwonwater.vic.gov.au)
7538
7539=item Tony Curtis (tc@vcpc.univie.ac.at)
7540
7541=item Tim Bunce (Tim.Bunce@ig.co.uk)
7542
7543=item Tom Christiansen (tchrist@convex.com)
7544
7545=item Andreas Koenig (k@franz.ww.TU-Berlin.DE)
7546
7547=item Tim MacKenzie (Tim.MacKenzie@fulcrum.com.au)
7548
7549=item Kevin B. Hendricks (kbhend@dogwood.tyler.wm.edu)
7550
7551=item Stephen Dahmen (joyfire@inxpress.net)
7552
7553=item Ed Jordan (ed@fidalgo.net)
7554
7555=item David Alan Pisoni (david@cnation.com)
7556
424ec8fa
GS		 7557=item Doug MacEachern (dougm@opengroup.org)
7558
7559=item Robin Houston (robin@oneworld.org)
7560
54310121 7561=item ...and many many more...
7562
7563for suggestions and bug fixes.
7564
7565=back
7566
7567=head1 A COMPLETE EXAMPLE OF A SIMPLE FORM-BASED SCRIPT
7568
7569
7570 #!/usr/local/bin/perl
3cb6de81 7571
29ddc2a4 7572 use CGI ':standard';
3cb6de81 7573
29ddc2a4
RGS		 7574 print header;
7575 print start_html("Example CGI.pm Form");
3acbd4f5 7576 print "<h1> Example CGI.pm Form</h1>\n";
29ddc2a4
RGS		 7577 print_prompt();
7578 do_work();
7579 print_tail();
7580 print end_html;
3cb6de81 7581
54310121 7582 sub print_prompt {
29ddc2a4 7583 print start_form;
3acbd4f5 7584 print "<em>What's your name?</em><br>";
29ddc2a4
RGS		 7585 print textfield('name');
7586 print checkbox('Not my real name');
3cb6de81 7587
3acbd4f5 7588 print "<p><em>Where can you find English Sparrows?</em><br>";
29ddc2a4 7589 print checkbox_group(
54310121 7590 -name=>'Sparrow locations',
7591 -values=>[England,France,Spain,Asia,Hoboken],
7592 -linebreak=>'yes',
7593 -defaults=>[England,Asia]);
3cb6de81 7594
3acbd4f5 7595 print "<p><em>How far can they fly?</em><br>",
29ddc2a4 7596 radio_group(
54310121 7597 -name=>'how far',
7598 -values=>['10 ft','1 mile','10 miles','real far'],
7599 -default=>'1 mile');
3cb6de81 7600
3acbd4f5 7601 print "<p><em>What's your favorite color?</em> ";
29ddc2a4 7602 print popup_menu(-name=>'Color',
54310121 7603 -values=>['black','brown','red','yellow'],
7604 -default=>'red');
3cb6de81 7605
29ddc2a4 7606 print hidden('Reference','Monty Python and the Holy Grail');
3cb6de81 7607
3acbd4f5 7608 print "<p><em>What have you got there?</em><br>";
29ddc2a4 7609 print scrolling_list(
54310121 7610 -name=>'possessions',
7611 -values=>['A Coconut','A Grail','An Icon',
7612 'A Sword','A Ticket'],
7613 -size=>5,
7614 -multiple=>'true');
3cb6de81 7615
3acbd4f5 7616 print "<p><em>Any parting comments?</em><br>";
29ddc2a4 7617 print textarea(-name=>'Comments',
54310121 7618 -rows=>10,
7619 -columns=>50);
3cb6de81 7620
29ddc2a4
RGS		 7621 print "<p>",reset;
7622 print submit('Action','Shout');
7623 print submit('Action','Scream');
7624 print endform;
3acbd4f5 7625 print "<hr>\n";
54310121 7626 }
3cb6de81 7627
54310121 7628 sub do_work {
54310121 7629 my(@values,$key);
7630
3acbd4f5 7631 print "<h2>Here are the current settings in this form</h2>";
54310121 7632
29ddc2a4 7633 foreach $key (param) {
3acbd4f5 7634 print "<strong>$key</strong> -> ";
29ddc2a4 7635 @values = param($key);
3acbd4f5 7636 print join(", ",@values),"<br>\n";
54310121 7637 }
7638 }
3cb6de81 7639
54310121 7640 sub print_tail {
7641 print <<END;
3acbd4f5
JH		 7642 <hr>
7643 <address>Lincoln D. Stein</address><br>
7644 <a href="/">Home Page</a>
54310121 7645 END
7646 }
7647
7648=head1 BUGS
7649
188ba755 7650Please report them.
54310121 7651
7652=head1 SEE ALSO
7653
b2d0d414 7654L<CGI::Carp>, L<CGI::Fast>, L<CGI::Pretty>
54310121 7655
7656=cut
7657
Unnamed repository; edit this file 'description' to name the repository.