This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ExtUtils::Constant (was Re: funny numconvert test in perl@11006 (was Re: report on...
[perl5.git] / lib / CGI.pm
CommitLineData
54310121 1package CGI;
424ec8fa 2require 5.004;
ba056755 3use Carp 'croak';
54310121 4
5# See the bottom of this file for the POD documentation. Search for the
6# string '=head'.
7
8# You can run this file through either pod2man or pod2html to produce pretty
9# documentation in manual or html file format (these utilities are part of the
10# Perl 5 distribution).
11
424ec8fa 12# Copyright 1995-1998 Lincoln D. Stein. All rights reserved.
54310121 13# It may be used and modified freely, but I do request that this copyright
14# notice remain attached to the file. You may modify this module as you
15# wish, but if you redistribute a modified version, please attach a note
16# listing the modifications you have made.
17
18# The most recent version and complete docs are available at:
71f3e297 19# http://stein.cshl.org/WWW/software/CGI/
54310121 20
ba056755 21$CGI::revision = '$Id: CGI.pm,v 1.49 2001/02/04 23:08:39 lstein Exp $';
199d4a26 22$CGI::VERSION='2.753';
54310121 23
24# HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
25# UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
26# $TempFile::TMPDIRECTORY = '/usr/tmp';
3d1a2ec4 27use CGI::Util qw(rearrange make_attributes unescape escape expires);
54310121 28
ba056755
JH		 29use constant XHTML_DTD => ['-//W3C//DTD XHTML Basic 1.0//EN',
30 'http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd'];
6b4ac661 31
424ec8fa
GS		 32# >>>>> Here are some globals that you might want to adjust <<<<<<
33sub initialize_globals {
34 # Set this to 1 to enable copious autoloader debugging messages
35 $AUTOLOAD_DEBUG = 0;
6b4ac661
JH		 36
37 # Set this to 1 to generate XTML-compatible output
38 $XHTML = 1;
424ec8fa
GS		 39
40 # Change this to the preferred DTD to print in start_html()
41 # or use default_dtd('text of DTD to use');
3d1a2ec4
GS		 42 $DEFAULT_DTD = [ '-//W3C//DTD HTML 4.01 Transitional//EN',
43 'http://www.w3.org/TR/html4/loose.dtd' ] ;
44
45 # Set this to 1 to enable NOSTICKY scripts
46 # or:
47 # 1) use CGI qw(-nosticky)
48 # 2) $CGI::nosticky(1)
49 $NOSTICKY = 0;
424ec8fa
GS		 50
51 # Set this to 1 to enable NPH scripts
52 # or:
53 # 1) use CGI qw(-nph)
3d1a2ec4 54 # 2) CGI::nph(1)
424ec8fa
GS		 55 # 3) print header(-nph=>1)
56 $NPH = 0;
57
3d1a2ec4
GS		 58 # Set this to 1 to enable debugging from @ARGV
59 # Set to 2 to enable debugging from STDIN
60 $DEBUG = 1;
424ec8fa
GS		 61
62 # Set this to 1 to make the temporary files created
63 # during file uploads safe from prying eyes
64 # or do...
65 # 1) use CGI qw(:private_tempfiles)
3d1a2ec4 66 # 2) CGI::private_tempfiles(1);
424ec8fa
GS		 67 $PRIVATE_TEMPFILES = 0;
68
69 # Set this to a positive value to limit the size of a POSTing
70 # to a certain number of bytes:
71 $POST_MAX = -1;
72
73 # Change this to 1 to disable uploads entirely:
74 $DISABLE_UPLOADS = 0;
75
3538e1d5
GS		 76 # Automatically determined -- don't change
77 $EBCDIC = 0;
78
71f3e297
JH		 79 # Change this to 1 to suppress redundant HTTP headers
80 $HEADERS_ONCE = 0;
81
82 # separate the name=value pairs by semicolons rather than ampersands
3d1a2ec4 83 $USE_PARAM_SEMICOLONS = 1;
71f3e297 84
199d4a26
JH		 85 # Do not include undefined params parsed from query string
86 # use CGI qw(-no_undef_params);
87 $NO_UNDEF_PARAMS = 0;
88
424ec8fa
GS		 89 # Other globals that you shouldn't worry about.
90 undef $Q;
91 $BEEN_THERE = 0;
92 undef @QUERY_PARAM;
93 undef %EXPORT;
d45d855d
JH		 94 undef $QUERY_CHARSET;
95 undef %QUERY_FIELDNAMES;
424ec8fa
GS		 96
97 # prevent complaints by mod_perl
98 1;
99}
100
54310121 101# ------------------ START OF THE LIBRARY ------------
102
424ec8fa
GS		 103# make mod_perlhappy
104initialize_globals();
105
54310121 106# FIGURE OUT THE OS WE'RE RUNNING UNDER
107# Some systems support the $^O variable. If not
108# available then require() the Config library
109unless ($OS) {
110 unless ($OS = $^O) {
111 require Config;
112 $OS = $Config::Config{'osname'};
113 }
114}
ac1855b3 115if ($OS =~ /^MSWin/i) {
3538e1d5 116 $OS = 'WINDOWS';
ac1855b3 117} elsif ($OS =~ /^VMS/i) {
3538e1d5 118 $OS = 'VMS';
ac1855b3 119} elsif ($OS =~ /^dos/i) {
3538e1d5 120 $OS = 'DOS';
ac1855b3 121} elsif ($OS =~ /^MacOS/i) {
54310121 122 $OS = 'MACINTOSH';
ac1855b3 123} elsif ($OS =~ /^os2/i) {
54310121 124 $OS = 'OS2';
ac1855b3 125} elsif ($OS =~ /^epoc/i) {
fa6a1c44 126 $OS = 'EPOC';
54310121 127} else {
128 $OS = 'UNIX';
129}
130
131# Some OS logic. Binary mode enabled on DOS, NT and VMS
3538e1d5 132$needs_binmode = $OS=~/^(WINDOWS|DOS|OS2|MSWin)/;
54310121 133
134# This is the default class for the CGI object to use when all else fails.
135$DefaultClass = 'CGI' unless defined $CGI::DefaultClass;
424ec8fa 136
54310121 137# This is where to look for autoloaded routines.
138$AutoloadClass = $DefaultClass unless defined $CGI::AutoloadClass;
139
140# The path separator is a slash, backslash or semicolon, depending
141# on the paltform.
142$SL = {
ba056755
JH		 143 UNIX=>'/', OS2=>'\\', EPOC=>'/',
144 WINDOWS=>'\\', DOS=>'\\', MACINTOSH=>':', VMS=>'/'
54310121 145 }->{$OS};
146
424ec8fa 147# This no longer seems to be necessary
54310121 148# Turn on NPH scripts by default when running under IIS server!
424ec8fa
GS		 149# $NPH++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/;
150$IIS++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/;
54310121 151
152# Turn on special checking for Doug MacEachern's modperl
71f3e297
JH		 153if (exists $ENV{'GATEWAY_INTERFACE'}
154 &&
3538e1d5 155 ($MOD_PERL = $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-Perl\//))
424ec8fa 156{
54310121 157 $| = 1;
424ec8fa
GS		 158 require Apache;
159}
160# Turn on special checking for ActiveState's PerlEx
161$PERLEX++ if defined($ENV{'GATEWAY_INTERFACE'}) && $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-PerlEx/;
162
163# Define the CRLF sequence. I can't use a simple "\r\n" because the meaning
164# of "\n" is different on different OS's (sometimes it generates CRLF, sometimes LF
165# and sometimes CR). The most popular VMS web server
166# doesn't accept CRLF -- instead it wants a LR. EBCDIC machines don't
167# use ASCII, so \015\012 means something different. I find this all
168# really annoying.
169$EBCDIC = "\t" ne "\011";
170if ($OS eq 'VMS') {
3538e1d5 171 $CRLF = "\n";
424ec8fa 172} elsif ($EBCDIC) {
3538e1d5 173 $CRLF= "\r\n";
424ec8fa 174} else {
3538e1d5
GS		 175 $CRLF = "\015\012";
176}
177
54310121 178if ($needs_binmode) {
179 $CGI::DefaultClass->binmode(main::STDOUT);
180 $CGI::DefaultClass->binmode(main::STDIN);
181 $CGI::DefaultClass->binmode(main::STDERR);
182}
183
54310121 184%EXPORT_TAGS = (
424ec8fa
GS		 185 ':html2'=>['h1'..'h6',qw/p br hr ol ul li dl dt dd menu code var strong em
186 tt u i b blockquote pre img a address cite samp dfn html head
187 base body Link nextid title meta kbd start_html end_html
3d1a2ec4 188 input Select option comment charset escapeHTML/],
71f3e297 189 ':html3'=>[qw/div table caption th td TR Tr sup Sub strike applet Param
424ec8fa
GS		 190 embed basefont style span layer ilayer font frameset frame script small big/],
191 ':netscape'=>[qw/blink fontsize center/],
192 ':form'=>[qw/textfield textarea filefield password_field hidden checkbox checkbox_group
193 submit reset defaults radio_group popup_menu button autoEscape
194 scrolling_list image_button start_form end_form startform endform
71f3e297 195 start_multipart_form end_multipart_form isindex tmpFileName uploadInfo URL_ENCODED MULTIPART/],
3538e1d5
GS		 196 ':cgi'=>[qw/param upload path_info path_translated url self_url script_name cookie Dump
197 raw_cookie request_method query_string Accept user_agent remote_host content_type
424ec8fa 198 remote_addr referer server_name server_software server_port server_protocol
3d1a2ec4 199 virtual_host remote_ident auth_type http
424ec8fa 200 save_parameters restore_parameters param_fetch
3538e1d5
GS		 201 remote_user user_name header redirect import_names put
202 Delete Delete_all url_param cgi_error/],
424ec8fa 203 ':ssl' => [qw/https/],
71f3e297 204 ':imagemap' => [qw/Area Map/],
3538e1d5 205 ':cgi-lib' => [qw/ReadParse PrintHeader HtmlTop HtmlBot SplitParam Vars/],
424ec8fa
GS		 206 ':html' => [qw/:html2 :html3 :netscape/],
207 ':standard' => [qw/:html2 :html3 :form :cgi/],
ba056755 208 ':push' => [qw/multipart_init multipart_start multipart_end multipart_final/],
424ec8fa
GS		 209 ':all' => [qw/:html2 :html3 :netscape :form :cgi :internal/]
210 );
54310121 211
212# to import symbols into caller
213sub import {
214 my $self = shift;
424ec8fa
GS		 215
216# This causes modules to clash.
217# undef %EXPORT_OK;
218# undef %EXPORT;
219
220 $self->_setup_symbols(@_);
54310121 221 my ($callpack, $callfile, $callline) = caller;
424ec8fa 222
54310121 223 # To allow overriding, search through the packages
224 # Till we find one in which the correct subroutine is defined.
225 my @packages = ($self,@{"$self\:\:ISA"});
226 foreach $sym (keys %EXPORT) {
227 my $pck;
228 my $def = ${"$self\:\:AutoloadClass"} || $DefaultClass;
229 foreach $pck (@packages) {
230 if (defined(&{"$pck\:\:$sym"})) {
231 $def = $pck;
232 last;
233 }
234 }
235 *{"${callpack}::$sym"} = \&{"$def\:\:$sym"};
236 }
237}
238
424ec8fa
GS		 239sub compile {
240 my $pack = shift;
241 $pack->_setup_symbols('-compile',@_);
242}
243
54310121 244sub expand_tags {
245 my($tag) = @_;
71f3e297 246 return ("start_$1","end_$1") if $tag=~/^(?:\*|start_|end_)(.+)/;
54310121 247 my(@r);
248 return ($tag) unless $EXPORT_TAGS{$tag};
249 foreach (@{$EXPORT_TAGS{$tag}}) {
250 push(@r,&expand_tags($_));
251 }
252 return @r;
253}
254
255#### Method: new
256# The new routine. This will check the current environment
257# for an existing query string, and initialize itself, if so.
258####
259sub new {
260 my($class,$initializer) = @_;
261 my $self = {};
262 bless $self,ref $class || $class || $DefaultClass;
3d1a2ec4
GS		 263 if ($MOD_PERL && defined Apache->request) {
264 Apache->request->register_cleanup(\&CGI::_reset_globals);
265 undef $NPH;
424ec8fa
GS		 266 }
267 $self->_reset_globals if $PERLEX;
54310121 268 $self->init($initializer);
269 return $self;
270}
271
272# We provide a DESTROY method so that the autoloader
273# doesn't bother trying to find it.
274sub DESTROY { }
275
276#### Method: param
277# Returns the value(s)of a named parameter.
278# If invoked in a list context, returns the
279# entire list. Otherwise returns the first
280# member of the list.
281# If name is not provided, return a list of all
282# the known parameters names available.
283# If more than one argument is provided, the
284# second and subsequent arguments are used to
285# set the value of the parameter.
286####
287sub param {
288 my($self,@p) = self_or_default(@_);
289 return $self->all_parameters unless @p;
290 my($name,$value,@other);
291
292 # For compatibility between old calling style and use_named_parameters() style,
293 # we have to special case for a single parameter present.
294 if (@p > 1) {
3d1a2ec4 295 ($name,$value,@other) = rearrange([NAME,[DEFAULT,VALUE,VALUES]],@p);
54310121 296 my(@values);
297
3d1a2ec4 298 if (substr($p[0],0,1) eq '-') {
54310121 299 @values = defined($value) ? (ref($value) && ref($value) eq 'ARRAY' ? @{$value} : $value) : ();
300 } else {
301 foreach ($value,@other) {
302 push(@values,$_) if defined($_);
303 }
304 }
305 # If values is provided, then we set it.
306 if (@values) {
307 $self->add_parameter($name);
308 $self->{$name}=[@values];
309 }
310 } else {
311 $name = $p[0];
312 }
313
71f3e297 314 return unless defined($name) && $self->{$name};
54310121 315 return wantarray ? @{$self->{$name}} : $self->{$name}->[0];
316}
317
54310121 318sub self_or_default {
424ec8fa 319 return @_ if defined($_[0]) && (!ref($_[0])) &&($_[0] eq 'CGI');
54310121 320 unless (defined($_[0]) &&
424ec8fa
GS		 321 (ref($_[0]) eq 'CGI' || UNIVERSAL::isa($_[0],'CGI')) # slightly optimized for common case
322 ) {
54310121 323 $Q = $CGI::DefaultClass->new unless defined($Q);
324 unshift(@_,$Q);
325 }
3d1a2ec4 326 return wantarray ? @_ : $Q;
54310121 327}
328
54310121 329sub self_or_CGI {
330 local $^W=0; # prevent a warning
331 if (defined($_[0]) &&
332 (substr(ref($_[0]),0,3) eq 'CGI'
424ec8fa 333 || UNIVERSAL::isa($_[0],'CGI'))) {
54310121 334 return @_;
335 } else {
336 return ($DefaultClass,@_);
337 }
338}
339
54310121 340########################################
341# THESE METHODS ARE MORE OR LESS PRIVATE
342# GO TO THE __DATA__ SECTION TO SEE MORE
343# PUBLIC METHODS
344########################################
345
346# Initialize the query object from the environment.
347# If a parameter list is found, this object will be set
348# to an associative array in which parameter names are keys
349# and the values are stored as lists
350# If a keyword list is found, this method creates a bogus
351# parameter list with the single parameter 'keywords'.
352
353sub init {
354 my($self,$initializer) = @_;
424ec8fa 355 my($query_string,$meth,$content_length,$fh,@lines) = ('','','','');
71f3e297 356 local($/) = "\n";
54310121 357
358 # if we get called more than once, we want to initialize
359 # ourselves from the original query (which may be gone
360 # if it was read from STDIN originally.)
d45d855d 361 if (defined(@QUERY_PARAM) && !defined($initializer)) {
54310121 362 foreach (@QUERY_PARAM) {
363 $self->param('-name'=>$_,'-value'=>$QUERY_PARAM{$_});
364 }
d45d855d
JH		 365 $self->charset($QUERY_CHARSET);
366 $self->{'.fieldnames'} = {%QUERY_FIELDNAMES};
54310121 367 return;
368 }
369
370 $meth=$ENV{'REQUEST_METHOD'} if defined($ENV{'REQUEST_METHOD'});
424ec8fa 371 $content_length = defined($ENV{'CONTENT_LENGTH'}) ? $ENV{'CONTENT_LENGTH'} : 0;
3538e1d5 372
424ec8fa 373 $fh = to_filehandle($initializer) if $initializer;
54310121 374
a3b3a725
JH		 375 # set charset to the safe ISO-8859-1
376 $self->charset('ISO-8859-1');
377
54310121 378 METHOD: {
54310121 379
3538e1d5
GS		 380 # avoid unreasonably large postings
381 if (($POST_MAX > 0) && ($content_length > $POST_MAX)) {
382 $self->cgi_error("413 Request entity too large");
383 last METHOD;
384 }
385
424ec8fa
GS		 386 # Process multipart postings, but only if the initializer is
387 # not defined.
388 if ($meth eq 'POST'
389 && defined($ENV{'CONTENT_TYPE'})
390 && $ENV{'CONTENT_TYPE'}=~m|^multipart/form-data|
391 && !defined($initializer)
392 ) {
71f3e297 393 my($boundary) = $ENV{'CONTENT_TYPE'} =~ /boundary=\"?([^\";,]+)\"?/;
424ec8fa
GS		 394 $self->read_multipart($boundary,$content_length);
395 last METHOD;
396 }
397
398 # If initializer is defined, then read parameters
399 # from it.
400 if (defined($initializer)) {
401 if (UNIVERSAL::isa($initializer,'CGI')) {
402 $query_string = $initializer->query_string;
403 last METHOD;
404 }
54310121 405 if (ref($initializer) && ref($initializer) eq 'HASH') {
406 foreach (keys %$initializer) {
407 $self->param('-name'=>$_,'-value'=>$initializer->{$_});
408 }
409 last METHOD;
410 }
411
424ec8fa
GS		 412 if (defined($fh) && ($fh ne '')) {
413 while (<$fh>) {
54310121 414 chomp;
415 last if /^=/;
416 push(@lines,$_);
417 }
418 # massage back into standard format
419 if ("@lines" =~ /=/) {
420 $query_string=join("&",@lines);
421 } else {
422 $query_string=join("+",@lines);
423 }
424 last METHOD;
425 }
424ec8fa
GS		 426
427 # last chance -- treat it as a string
428 $initializer = $$initializer if ref($initializer) eq 'SCALAR';
54310121 429 $query_string = $initializer;
424ec8fa 430
54310121 431 last METHOD;
432 }
54310121 433
424ec8fa
GS		 434 # If method is GET or HEAD, fetch the query from
435 # the environment.
436 if ($meth=~/^(GET|HEAD)$/) {
3538e1d5
GS		 437 if ($MOD_PERL) {
438 $query_string = Apache->request->args;
439 } else {
440 $query_string = $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
3d1a2ec4 441 $query_string ||= $ENV{'REDIRECT_QUERY_STRING'} if defined $ENV{'REDIRECT_QUERY_STRING'};
3538e1d5 442 }
424ec8fa
GS		 443 last METHOD;
444 }
54310121 445
424ec8fa
GS		 446 if ($meth eq 'POST') {
447 $self->read_from_client(\*STDIN,\$query_string,$content_length,0)
448 if $content_length > 0;
54310121 449 # Some people want to have their cake and eat it too!
450 # Uncomment this line to have the contents of the query string
451 # APPENDED to the POST data.
424ec8fa 452 # $query_string .= (length($query_string) ? '&' : '') . $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
54310121 453 last METHOD;
454 }
424ec8fa
GS		 455
456 # If $meth is not of GET, POST or HEAD, assume we're being debugged offline.
54310121 457 # Check the command line and then the standard input for data.
458 # We use the shellwords package in order to behave the way that
459 # UN*X programmers expect.
3d1a2ec4 460 $query_string = read_from_cmdline() if $DEBUG;
54310121 461 }
424ec8fa 462
54310121 463 # We now have the query string in hand. We do slightly
464 # different things for keyword lists and parameter lists.
ba056755 465 if (defined $query_string && length $query_string) {
3d1a2ec4 466 if ($query_string =~ /[&=;]/) {
54310121 467 $self->parse_params($query_string);
468 } else {
469 $self->add_parameter('keywords');
470 $self->{'keywords'} = [$self->parse_keywordlist($query_string)];
471 }
472 }
473
474 # Special case. Erase everything if there is a field named
475 # .defaults.
476 if ($self->param('.defaults')) {
477 undef %{$self};
478 }
479
480 # Associative array containing our defined fieldnames
481 $self->{'.fieldnames'} = {};
482 foreach ($self->param('.cgifields')) {
483 $self->{'.fieldnames'}->{$_}++;
484 }
485
486 # Clear out our default submission button flag if present
487 $self->delete('.submit');
488 $self->delete('.cgifields');
3d1a2ec4 489
54310121 490 $self->save_request unless $initializer;
54310121 491}
492
54310121 493# FUNCTIONS TO OVERRIDE:
54310121 494# Turn a string into a filehandle
495sub to_filehandle {
424ec8fa
GS		 496 my $thingy = shift;
497 return undef unless $thingy;
498 return $thingy if UNIVERSAL::isa($thingy,'GLOB');
499 return $thingy if UNIVERSAL::isa($thingy,'FileHandle');
500 if (!ref($thingy)) {
501 my $caller = 1;
502 while (my $package = caller($caller++)) {
503 my($tmp) = $thingy=~/[\':]/ ? $thingy : "$package\:\:$thingy";
504 return $tmp if defined(fileno($tmp));
505 }
54310121 506 }
424ec8fa 507 return undef;
54310121 508}
509
510# send output to the browser
511sub put {
512 my($self,@p) = self_or_default(@_);
513 $self->print(@p);
514}
515
516# print to standard output (for overriding in mod_perl)
517sub print {
518 shift;
519 CORE::print(@_);
520}
521
3538e1d5
GS		 522# get/set last cgi_error
523sub cgi_error {
524 my ($self,$err) = self_or_default(@_);
525 $self->{'.cgi_error'} = $err if defined $err;
526 return $self->{'.cgi_error'};
527}
528
54310121 529sub save_request {
530 my($self) = @_;
531 # We're going to play with the package globals now so that if we get called
532 # again, we initialize ourselves in exactly the same way. This allows
533 # us to have several of these objects.
534 @QUERY_PARAM = $self->param; # save list of parameters
535 foreach (@QUERY_PARAM) {
3d1a2ec4
GS		 536 next unless defined $_;
537 $QUERY_PARAM{$_}=$self->{$_};
54310121 538 }
d45d855d
JH		 539 $QUERY_CHARSET = $self->charset;
540 %QUERY_FIELDNAMES = %{$self->{'.fieldnames'}};
54310121 541}
542
54310121 543sub parse_params {
544 my($self,$tosplit) = @_;
71f3e297 545 my(@pairs) = split(/[&;]/,$tosplit);
54310121 546 my($param,$value);
547 foreach (@pairs) {
424ec8fa 548 ($param,$value) = split('=',$_,2);
199d4a26 549 next if $NO_UNDEF_PARAMS and not $value;
3d1a2ec4 550 $value = '' unless defined $value;
424ec8fa
GS		 551 $param = unescape($param);
552 $value = unescape($value);
54310121 553 $self->add_parameter($param);
554 push (@{$self->{$param}},$value);
555 }
556}
557
558sub add_parameter {
559 my($self,$param)=@_;
3d1a2ec4 560 return unless defined $param;
54310121 561 push (@{$self->{'.parameters'}},$param)
562 unless defined($self->{$param});
563}
564
565sub all_parameters {
566 my $self = shift;
567 return () unless defined($self) && $self->{'.parameters'};
568 return () unless @{$self->{'.parameters'}};
569 return @{$self->{'.parameters'}};
570}
571
424ec8fa
GS		 572# put a filehandle into binary mode (DOS)
573sub binmode {
574 CORE::binmode($_[1]);
575}
576
577sub _make_tag_func {
71f3e297 578 my ($self,$tagname) = @_;
3538e1d5 579 my $func = qq(
3d1a2ec4
GS		 580 sub $tagname {
581 shift if \$_[0] &&
582 (ref(\$_[0]) &&
583 (substr(ref(\$_[0]),0,3) eq 'CGI' ||
584 UNIVERSAL::isa(\$_[0],'CGI')));
424ec8fa
GS		 585 my(\$attr) = '';
586 if (ref(\$_[0]) && ref(\$_[0]) eq 'HASH') {
3d1a2ec4 587 my(\@attr) = make_attributes(shift()||undef,1);
424ec8fa
GS		 588 \$attr = " \@attr" if \@attr;
589 }
3538e1d5 590 );
71f3e297 591 if ($tagname=~/start_(\w+)/i) {
6b4ac661 592 $func .= qq! return "<\L$1\E\$attr>";} !;
71f3e297 593 } elsif ($tagname=~/end_(\w+)/i) {
6b4ac661 594 $func .= qq! return "<\L/$1\E>"; } !;
71f3e297
JH		 595 } else {
596 $func .= qq#
6b4ac661
JH		 597 return \$XHTML ? "\L<$tagname\E\$attr />" : "\L<$tagname\E\$attr>" unless \@_;
598 my(\$tag,\$untag) = ("\L<$tagname\E\$attr>","\L</$tagname>\E");
3d1a2ec4
GS		 599 my \@result = map { "\$tag\$_\$untag" }
600 (ref(\$_[0]) eq 'ARRAY') ? \@{\$_[0]} : "\@_";
424ec8fa 601 return "\@result";
71f3e297
JH		 602 }#;
603 }
604return $func;
54310121 605}
606
607sub AUTOLOAD {
608 print STDERR "CGI::AUTOLOAD for $AUTOLOAD\n" if $CGI::AUTOLOAD_DEBUG;
424ec8fa
GS		 609 my $func = &_compile;
610 goto &$func;
54310121 611}
612
424ec8fa
GS		 613sub _compile {
614 my($func) = $AUTOLOAD;
615 my($pack,$func_name);
616 {
617 local($1,$2); # this fixes an obscure variable suicide problem.
618 $func=~/(.+)::([^:]+)$/;
619 ($pack,$func_name) = ($1,$2);
620 $pack=~s/::SUPER$//; # fix another obscure problem
621 $pack = ${"$pack\:\:AutoloadClass"} || $CGI::DefaultClass
622 unless defined(${"$pack\:\:AUTOLOADED_ROUTINES"});
623
624 my($sub) = \%{"$pack\:\:SUBS"};
625 unless (%$sub) {
626 my($auto) = \${"$pack\:\:AUTOLOADED_ROUTINES"};
627 eval "package $pack; $$auto";
ba056755 628 croak("$AUTOLOAD: $@") if $@;
424ec8fa
GS		 629 $$auto = ''; # Free the unneeded storage (but don't undef it!!!)
630 }
631 my($code) = $sub->{$func_name};
632
633 $code = "sub $AUTOLOAD { }" if (!$code and $func_name eq 'DESTROY');
634 if (!$code) {
71f3e297 635 (my $base = $func_name) =~ s/^(start_|end_)//i;
424ec8fa
GS		 636 if ($EXPORT{':any'} ||
637 $EXPORT{'-any'} ||
71f3e297 638 $EXPORT{$base} ||
424ec8fa 639 (%EXPORT_OK || grep(++$EXPORT_OK{$_},&expand_tags(':html')))
71f3e297
JH		 640 && $EXPORT_OK{$base}) {
641 $code = $CGI::DefaultClass->_make_tag_func($func_name);
424ec8fa
GS		 642 }
643 }
ba056755 644 croak("Undefined subroutine $AUTOLOAD\n") unless $code;
424ec8fa
GS		 645 eval "package $pack; $code";
646 if ($@) {
647 $@ =~ s/ at .*\n//;
ba056755 648 croak("$AUTOLOAD: $@");
424ec8fa
GS		 649 }
650 }
3538e1d5 651 CORE::delete($sub->{$func_name}); #free storage
424ec8fa
GS		 652 return "$pack\:\:$func_name";
653}
654
655sub _reset_globals { initialize_globals(); }
656
657sub _setup_symbols {
658 my $self = shift;
659 my $compile = 0;
660 foreach (@_) {
71f3e297
JH		 661 $HEADERS_ONCE++, next if /^[:-]unique_headers$/;
662 $NPH++, next if /^[:-]nph$/;
3d1a2ec4
GS		 663 $NOSTICKY++, next if /^[:-]nosticky$/;
664 $DEBUG=0, next if /^[:-]no_?[Dd]ebug$/;
665 $DEBUG=2, next if /^[:-][Dd]ebug$/;
71f3e297 666 $USE_PARAM_SEMICOLONS++, next if /^[:-]newstyle_urls$/;
6b4ac661
JH		 667 $XHTML++, next if /^[:-]xhtml$/;
668 $XHTML=0, next if /^[:-]no_?xhtml$/;
3d1a2ec4 669 $USE_PARAM_SEMICOLONS=0, next if /^[:-]oldstyle_urls$/;
71f3e297
JH		 670 $PRIVATE_TEMPFILES++, next if /^[:-]private_tempfiles$/;
671 $EXPORT{$_}++, next if /^[:-]any$/;
672 $compile++, next if /^[:-]compile$/;
199d4a26 673 $NO_UNDEF_PARAMS++, next if /^[:-]no_undef_params$/;
424ec8fa 674
71f3e297 675 # This is probably extremely evil code -- to be deleted some day.
424ec8fa
GS		 676 if (/^[-]autoload$/) {
677 my($pkg) = caller(1);
678 *{"${pkg}::AUTOLOAD"} = sub {
679 my($routine) = $AUTOLOAD;
680 $routine =~ s/^.*::/CGI::/;
681 &$routine;
682 };
683 next;
684 }
685
686 foreach (&expand_tags($_)) {
687 tr/a-zA-Z0-9_//cd; # don't allow weird function names
688 $EXPORT{$_}++;
54310121 689 }
54310121 690 }
424ec8fa 691 _compile_all(keys %EXPORT) if $compile;
54310121 692}
693
3d1a2ec4
GS		 694sub charset {
695 my ($self,$charset) = self_or_default(@_);
696 $self->{'.charset'} = $charset if defined $charset;
697 $self->{'.charset'};
698}
699
54310121 700###############################################################################
701################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
702###############################################################################
703$AUTOLOADED_ROUTINES = ''; # get rid of -w warning
704$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
705
706%SUBS = (
707
708'URL_ENCODED'=> <<'END_OF_FUNC',
709sub URL_ENCODED { 'application/x-www-form-urlencoded'; }
710END_OF_FUNC
711
712'MULTIPART' => <<'END_OF_FUNC',
713sub MULTIPART { 'multipart/form-data'; }
714END_OF_FUNC
715
424ec8fa 716'SERVER_PUSH' => <<'END_OF_FUNC',
ba056755 717sub SERVER_PUSH { 'multipart/x-mixed-replace;boundary="' . shift() . '"'; }
424ec8fa
GS		 718END_OF_FUNC
719
424ec8fa
GS		 720'new_MultipartBuffer' => <<'END_OF_FUNC',
721# Create a new multipart buffer
722sub new_MultipartBuffer {
723 my($self,$boundary,$length,$filehandle) = @_;
724 return MultipartBuffer->new($self,$boundary,$length,$filehandle);
725}
726END_OF_FUNC
727
728'read_from_client' => <<'END_OF_FUNC',
729# Read data from a file handle
730sub read_from_client {
731 my($self, $fh, $buff, $len, $offset) = @_;
732 local $^W=0; # prevent a warning
733 return undef unless defined($fh);
734 return read($fh, $$buff, $len, $offset);
735}
736END_OF_FUNC
737
738'delete' => <<'END_OF_FUNC',
739#### Method: delete
740# Deletes the named parameter entirely.
741####
742sub delete {
6b4ac661
JH		 743 my($self,@p) = self_or_default(@_);
744 my($name) = rearrange([NAME],@p);
3538e1d5
GS		 745 CORE::delete $self->{$name};
746 CORE::delete $self->{'.fieldnames'}->{$name};
424ec8fa
GS		 747 @{$self->{'.parameters'}}=grep($_ ne $name,$self->param());
748 return wantarray ? () : undef;
749}
750END_OF_FUNC
751
752#### Method: import_names
753# Import all parameters into the given namespace.
754# Assumes namespace 'Q' if not specified
755####
756'import_names' => <<'END_OF_FUNC',
757sub import_names {
758 my($self,$namespace,$delete) = self_or_default(@_);
759 $namespace = 'Q' unless defined($namespace);
760 die "Can't import names into \"main\"\n" if \%{"${namespace}::"} == \%::;
3538e1d5 761 if ($delete || $MOD_PERL || exists $ENV{'FCGI_ROLE'}) {
424ec8fa
GS		 762 # can anyone find an easier way to do this?
763 foreach (keys %{"${namespace}::"}) {
764 local *symbol = "${namespace}::${_}";
765 undef $symbol;
766 undef @symbol;
767 undef %symbol;
54310121 768 }
424ec8fa
GS		 769 }
770 my($param,@value,$var);
771 foreach $param ($self->param) {
772 # protect against silly names
773 ($var = $param)=~tr/a-zA-Z0-9_/_/c;
774 $var =~ s/^(?=\d)/_/;
775 local *symbol = "${namespace}::$var";
776 @value = $self->param($param);
777 @symbol = @value;
778 $symbol = $value[0];
54310121 779 }
780}
781END_OF_FUNC
782
783#### Method: keywords
784# Keywords acts a bit differently. Calling it in a list context
785# returns the list of keywords.
786# Calling it in a scalar context gives you the size of the list.
787####
788'keywords' => <<'END_OF_FUNC',
789sub keywords {
790 my($self,@values) = self_or_default(@_);
791 # If values is provided, then we set it.
475342a6 792 $self->{'keywords'}=[@values] if @values;
424ec8fa 793 my(@result) = defined($self->{'keywords'}) ? @{$self->{'keywords'}} : ();
54310121 794 @result;
795}
796END_OF_FUNC
797
798# These are some tie() interfaces for compatibility
799# with Steve Brenner's cgi-lib.pl routines
3538e1d5
GS		 800'Vars' => <<'END_OF_FUNC',
801sub Vars {
ffd2dff2 802 my $q = shift;
3538e1d5 803 my %in;
ffd2dff2 804 tie(%in,CGI,$q);
3538e1d5
GS		 805 return %in if wantarray;
806 return \%in;
807}
808END_OF_FUNC
809
810# These are some tie() interfaces for compatibility
811# with Steve Brenner's cgi-lib.pl routines
54310121 812'ReadParse' => <<'END_OF_FUNC',
813sub ReadParse {
814 local(*in);
815 if (@_) {
816 *in = $_[0];
817 } else {
818 my $pkg = caller();
819 *in=*{"${pkg}::in"};
820 }
821 tie(%in,CGI);
424ec8fa 822 return scalar(keys %in);
54310121 823}
824END_OF_FUNC
825
826'PrintHeader' => <<'END_OF_FUNC',
827sub PrintHeader {
828 my($self) = self_or_default(@_);
829 return $self->header();
830}
831END_OF_FUNC
832
833'HtmlTop' => <<'END_OF_FUNC',
834sub HtmlTop {
835 my($self,@p) = self_or_default(@_);
836 return $self->start_html(@p);
837}
838END_OF_FUNC
839
840'HtmlBot' => <<'END_OF_FUNC',
841sub HtmlBot {
842 my($self,@p) = self_or_default(@_);
843 return $self->end_html(@p);
844}
845END_OF_FUNC
846
847'SplitParam' => <<'END_OF_FUNC',
848sub SplitParam {
849 my ($param) = @_;
850 my (@params) = split ("\0", $param);
851 return (wantarray ? @params : $params[0]);
852}
853END_OF_FUNC
854
855'MethGet' => <<'END_OF_FUNC',
856sub MethGet {
857 return request_method() eq 'GET';
858}
859END_OF_FUNC
860
861'MethPost' => <<'END_OF_FUNC',
862sub MethPost {
863 return request_method() eq 'POST';
864}
865END_OF_FUNC
866
867'TIEHASH' => <<'END_OF_FUNC',
868sub TIEHASH {
ffd2dff2 869 return $_[1] if defined $_[1];
3d1a2ec4 870 return $Q ||= new shift;
54310121 871}
872END_OF_FUNC
873
874'STORE' => <<'END_OF_FUNC',
875sub STORE {
3d1a2ec4
GS		 876 my $self = shift;
877 my $tag = shift;
6b4ac661
JH		 878 my $vals = shift;
879 my @vals = index($vals,"\0")!=-1 ? split("\0",$vals) : $vals;
3d1a2ec4 880 $self->param(-name=>$tag,-value=>\@vals);
54310121 881}
882END_OF_FUNC
883
884'FETCH' => <<'END_OF_FUNC',
885sub FETCH {
886 return $_[0] if $_[1] eq 'CGI';
887 return undef unless defined $_[0]->param($_[1]);
888 return join("\0",$_[0]->param($_[1]));
889}
890END_OF_FUNC
891
892'FIRSTKEY' => <<'END_OF_FUNC',
893sub FIRSTKEY {
894 $_[0]->{'.iterator'}=0;
895 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++];
896}
897END_OF_FUNC
898
899'NEXTKEY' => <<'END_OF_FUNC',
900sub NEXTKEY {
901 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++];
902}
903END_OF_FUNC
904
905'EXISTS' => <<'END_OF_FUNC',
906sub EXISTS {
907 exists $_[0]->{$_[1]};
908}
909END_OF_FUNC
910
911'DELETE' => <<'END_OF_FUNC',
912sub DELETE {
913 $_[0]->delete($_[1]);
914}
915END_OF_FUNC
916
917'CLEAR' => <<'END_OF_FUNC',
918sub CLEAR {
919 %{$_[0]}=();
920}
921####
922END_OF_FUNC
923
924####
925# Append a new value to an existing query
926####
927'append' => <<'EOF',
928sub append {
929 my($self,@p) = @_;
3d1a2ec4 930 my($name,$value) = rearrange([NAME,[VALUE,VALUES]],@p);
54310121 931 my(@values) = defined($value) ? (ref($value) ? @{$value} : $value) : ();
932 if (@values) {
933 $self->add_parameter($name);
934 push(@{$self->{$name}},@values);
935 }
936 return $self->param($name);
937}
938EOF
939
940#### Method: delete_all
941# Delete all parameters
942####
943'delete_all' => <<'EOF',
944sub delete_all {
945 my($self) = self_or_default(@_);
946 undef %{$self};
947}
948EOF
949
424ec8fa
GS		 950'Delete' => <<'EOF',
951sub Delete {
952 my($self,@p) = self_or_default(@_);
953 $self->delete(@p);
954}
955EOF
956
957'Delete_all' => <<'EOF',
958sub Delete_all {
959 my($self,@p) = self_or_default(@_);
960 $self->delete_all(@p);
961}
962EOF
963
54310121 964#### Method: autoescape
965# If you want to turn off the autoescaping features,
966# call this method with undef as the argument
967'autoEscape' => <<'END_OF_FUNC',
968sub autoEscape {
969 my($self,$escape) = self_or_default(@_);
970 $self->{'dontescape'}=!$escape;
971}
972END_OF_FUNC
973
974
975#### Method: version
976# Return the current version
977####
978'version' => <<'END_OF_FUNC',
979sub version {
980 return $VERSION;
981}
982END_OF_FUNC
983
424ec8fa
GS		 984#### Method: url_param
985# Return a parameter in the QUERY_STRING, regardless of
986# whether this was a POST or a GET
987####
988'url_param' => <<'END_OF_FUNC',
989sub url_param {
990 my ($self,@p) = self_or_default(@_);
991 my $name = shift(@p);
992 return undef unless exists($ENV{QUERY_STRING});
993 unless (exists($self->{'.url_param'})) {
994 $self->{'.url_param'}={}; # empty hash
995 if ($ENV{QUERY_STRING} =~ /=/) {
71f3e297 996 my(@pairs) = split(/[&;]/,$ENV{QUERY_STRING});
424ec8fa
GS		 997 my($param,$value);
998 foreach (@pairs) {
999 ($param,$value) = split('=',$_,2);
1000 $param = unescape($param);
1001 $value = unescape($value);
1002 push(@{$self->{'.url_param'}->{$param}},$value);
1003 }
1004 } else {
1005 $self->{'.url_param'}->{'keywords'} = [$self->parse_keywordlist($ENV{QUERY_STRING})];
1006 }
1007 }
1008 return keys %{$self->{'.url_param'}} unless defined($name);
1009 return () unless $self->{'.url_param'}->{$name};
1010 return wantarray ? @{$self->{'.url_param'}->{$name}}
1011 : $self->{'.url_param'}->{$name}->[0];
1012}
1013END_OF_FUNC
1014
3d1a2ec4 1015#### Method: Dump
54310121 1016# Returns a string in which all the known parameter/value
1017# pairs are represented as nested lists, mainly for the purposes
1018# of debugging.
1019####
3d1a2ec4
GS		 1020'Dump' => <<'END_OF_FUNC',
1021sub Dump {
54310121 1022 my($self) = self_or_default(@_);
1023 my($param,$value,@result);
1024 return '<UL></UL>' unless $self->param;
1025 push(@result,"<UL>");
1026 foreach $param ($self->param) {
1027 my($name)=$self->escapeHTML($param);
1028 push(@result,"<LI><STRONG>$param</STRONG>");
1029 push(@result,"<UL>");
1030 foreach $value ($self->param($param)) {
1031 $value = $self->escapeHTML($value);
3538e1d5 1032 $value =~ s/\n/<BR>\n/g;
54310121 1033 push(@result,"<LI>$value");
1034 }
1035 push(@result,"</UL>");
1036 }
1037 push(@result,"</UL>\n");
1038 return join("\n",@result);
1039}
1040END_OF_FUNC
1041
424ec8fa
GS		 1042#### Method as_string
1043#
1044# synonym for "dump"
1045####
1046'as_string' => <<'END_OF_FUNC',
1047sub as_string {
3d1a2ec4 1048 &Dump(@_);
424ec8fa
GS		 1049}
1050END_OF_FUNC
1051
1052#### Method: save
1053# Write values out to a filehandle in such a way that they can
1054# be reinitialized by the filehandle form of the new() method
54310121 1055####
1056'save' => <<'END_OF_FUNC',
1057sub save {
1058 my($self,$filehandle) = self_or_default(@_);
54310121 1059 $filehandle = to_filehandle($filehandle);
424ec8fa
GS		 1060 my($param);
1061 local($,) = ''; # set print field separator back to a sane value
71f3e297 1062 local($\) = ''; # set output line separator to a sane value
54310121 1063 foreach $param ($self->param) {
424ec8fa 1064 my($escaped_param) = escape($param);
54310121 1065 my($value);
1066 foreach $value ($self->param($param)) {
3538e1d5 1067 print $filehandle "$escaped_param=",escape("$value"),"\n";
54310121 1068 }
1069 }
d45d855d
JH		 1070 foreach (keys %{$self->{'.fieldnames'}}) {
1071 print $filehandle ".cgifields=",escape("$_"),"\n";
1072 }
54310121 1073 print $filehandle "=\n"; # end of record
1074}
1075END_OF_FUNC
1076
1077
424ec8fa
GS		 1078#### Method: save_parameters
1079# An alias for save() that is a better name for exportation.
1080# Only intended to be used with the function (non-OO) interface.
1081####
1082'save_parameters' => <<'END_OF_FUNC',
1083sub save_parameters {
1084 my $fh = shift;
1085 return save(to_filehandle($fh));
1086}
1087END_OF_FUNC
1088
1089#### Method: restore_parameters
1090# A way to restore CGI parameters from an initializer.
1091# Only intended to be used with the function (non-OO) interface.
1092####
1093'restore_parameters' => <<'END_OF_FUNC',
1094sub restore_parameters {
1095 $Q = $CGI::DefaultClass->new(@_);
1096}
1097END_OF_FUNC
1098
1099#### Method: multipart_init
1100# Return a Content-Type: style header for server-push
ba056755 1101# This has to be NPH on most web servers, and it is advisable to set $| = 1
424ec8fa
GS		 1102#
1103# Many thanks to Ed Jordan <ed@fidalgo.net> for this
ba056755 1104# contribution, updated by Andrew Benham (adsb@bigfoot.com)
424ec8fa
GS		 1105####
1106'multipart_init' => <<'END_OF_FUNC',
1107sub multipart_init {
1108 my($self,@p) = self_or_default(@_);
3d1a2ec4 1109 my($boundary,@other) = rearrange([BOUNDARY],@p);
424ec8fa 1110 $boundary = $boundary || '------- =_aaaaaaaaaa0';
ba056755
JH		 1111 $self->{'separator'} = "$CRLF--$boundary$CRLF";
1112 $self->{'final_separator'} = "$CRLF--$boundary--$CRLF";
424ec8fa
GS		 1113 $type = SERVER_PUSH($boundary);
1114 return $self->header(
1115 -nph => 1,
1116 -type => $type,
1117 (map { split "=", $_, 2 } @other),
ba056755 1118 ) . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $self->multipart_end;
424ec8fa
GS		 1119}
1120END_OF_FUNC
1121
1122
1123#### Method: multipart_start
1124# Return a Content-Type: style header for server-push, start of section
1125#
1126# Many thanks to Ed Jordan <ed@fidalgo.net> for this
ba056755 1127# contribution, updated by Andrew Benham (adsb@bigfoot.com)
424ec8fa
GS		 1128####
1129'multipart_start' => <<'END_OF_FUNC',
1130sub multipart_start {
ba056755 1131 my(@header);
424ec8fa 1132 my($self,@p) = self_or_default(@_);
3d1a2ec4 1133 my($type,@other) = rearrange([TYPE],@p);
424ec8fa 1134 $type = $type || 'text/html';
ba056755
JH		 1135 push(@header,"Content-Type: $type");
1136
1137 # rearrange() was designed for the HTML portion, so we
1138 # need to fix it up a little.
1139 foreach (@other) {
1140 next unless my($header,$value) = /([^\s=]+)=\"?(.+?)\"?$/;
1141 ($_ = $header) =~ s/^(\w)(.*)/$1 . lc ($2) . ': '.$self->unescapeHTML($value)/e;
1142 }
1143 push(@header,@other);
1144 my $header = join($CRLF,@header)."${CRLF}${CRLF}";
1145 return $header;
424ec8fa
GS		 1146}
1147END_OF_FUNC
1148
1149
1150#### Method: multipart_end
ba056755 1151# Return a MIME boundary separator for server-push, end of section
424ec8fa
GS		 1152#
1153# Many thanks to Ed Jordan <ed@fidalgo.net> for this
1154# contribution
1155####
1156'multipart_end' => <<'END_OF_FUNC',
1157sub multipart_end {
1158 my($self,@p) = self_or_default(@_);
1159 return $self->{'separator'};
1160}
1161END_OF_FUNC
1162
1163
ba056755
JH		 1164#### Method: multipart_final
1165# Return a MIME boundary separator for server-push, end of all sections
1166#
1167# Contributed by Andrew Benham (adsb@bigfoot.com)
1168####
1169'multipart_final' => <<'END_OF_FUNC',
1170sub multipart_final {
1171 my($self,@p) = self_or_default(@_);
1172 return $self->{'final_separator'} . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $CRLF;
1173}
1174END_OF_FUNC
1175
1176
54310121 1177#### Method: header
1178# Return a Content-Type: style header
1179#
1180####
1181'header' => <<'END_OF_FUNC',
1182sub header {
1183 my($self,@p) = self_or_default(@_);
1184 my(@header);
1185
71f3e297
JH		 1186 return undef if $self->{'.header_printed'}++ and $HEADERS_ONCE;
1187
6b4ac661 1188 my($type,$status,$cookie,$target,$expires,$nph,$charset,$attachment,@other) =
3d1a2ec4
GS		 1189 rearrange([['TYPE','CONTENT_TYPE','CONTENT-TYPE'],
1190 'STATUS',['COOKIE','COOKIES'],'TARGET',
6b4ac661
JH		 1191 'EXPIRES','NPH','CHARSET',
1192 'ATTACHMENT'],@p);
3d1a2ec4
GS		 1193
1194 $nph ||= $NPH;
1195 if (defined $charset) {
1196 $self->charset($charset);
1197 } else {
1198 $charset = $self->charset;
1199 }
54310121 1200
1201 # rearrange() was designed for the HTML portion, so we
1202 # need to fix it up a little.
1203 foreach (@other) {
71f3e297 1204 next unless my($header,$value) = /([^\s=]+)=\"?(.+?)\"?$/;
a3b3a725 1205 ($_ = $header) =~ s/^(\w)(.*)/$1 . lc ($2) . ': '.$self->unescapeHTML($value)/e;
54310121 1206 }
1207
71f3e297 1208 $type ||= 'text/html' unless defined($type);
6b4ac661 1209 $type .= "; charset=$charset" if $type ne '' and $type =~ m!^text/! and $type !~ /\bcharset\b/;
54310121 1210
424ec8fa
GS		 1211 # Maybe future compatibility. Maybe not.
1212 my $protocol = $ENV{SERVER_PROTOCOL} || 'HTTP/1.0';
1213 push(@header,$protocol . ' ' . ($status || '200 OK')) if $nph;
ba056755 1214 push(@header,"Server: " . &server_software()) if $nph;
424ec8fa 1215
54310121 1216 push(@header,"Status: $status") if $status;
424ec8fa 1217 push(@header,"Window-Target: $target") if $target;
54310121 1218 # push all the cookies -- there may be several
1219 if ($cookie) {
424ec8fa 1220 my(@cookie) = ref($cookie) && ref($cookie) eq 'ARRAY' ? @{$cookie} : $cookie;
54310121 1221 foreach (@cookie) {
71f3e297
JH		 1222 my $cs = UNIVERSAL::isa($_,'CGI::Cookie') ? $_->as_string : $_;
1223 push(@header,"Set-Cookie: $cs") if $cs ne '';
54310121 1224 }
1225 }
1226 # if the user indicates an expiration time, then we need
1227 # both an Expires and a Date header (so that the browser is
1228 # uses OUR clock)
424ec8fa 1229 push(@header,"Expires: " . expires($expires,'http'))
7d37aa8e 1230 if $expires;
ba056755 1231 push(@header,"Date: " . expires(0,'http')) if $expires || $cookie || $nph;
54310121 1232 push(@header,"Pragma: no-cache") if $self->cache();
6b4ac661 1233 push(@header,"Content-Disposition: attachment; filename=\"$attachment\"") if $attachment;
54310121 1234 push(@header,@other);
71f3e297 1235 push(@header,"Content-Type: $type") if $type ne '';
54310121 1236
424ec8fa
GS		 1237 my $header = join($CRLF,@header)."${CRLF}${CRLF}";
1238 if ($MOD_PERL and not $nph) {
1239 my $r = Apache->request;
1240 $r->send_cgi_header($header);
1241 return '';
1242 }
1243 return $header;
54310121 1244}
1245END_OF_FUNC
1246
1247
1248#### Method: cache
1249# Control whether header() will produce the no-cache
1250# Pragma directive.
1251####
1252'cache' => <<'END_OF_FUNC',
1253sub cache {
1254 my($self,$new_value) = self_or_default(@_);
1255 $new_value = '' unless $new_value;
1256 if ($new_value ne '') {
1257 $self->{'cache'} = $new_value;
1258 }
1259 return $self->{'cache'};
1260}
1261END_OF_FUNC
1262
1263
1264#### Method: redirect
1265# Return a Location: style header
1266#
1267####
1268'redirect' => <<'END_OF_FUNC',
1269sub redirect {
1270 my($self,@p) = self_or_default(@_);
3d1a2ec4 1271 my($url,$target,$cookie,$nph,@other) = rearrange([[LOCATION,URI,URL],TARGET,COOKIE,NPH],@p);
6b4ac661 1272 $url ||= $self->self_url;
54310121 1273 my(@o);
424ec8fa
GS		 1274 foreach (@other) { tr/\"//d; push(@o,split("=",$_,2)); }
1275 unshift(@o,
1276 '-Status'=>'302 Moved',
54310121 1277 '-Location'=>$url,
424ec8fa
GS		 1278 '-nph'=>$nph);
1279 unshift(@o,'-Target'=>$target) if $target;
1280 unshift(@o,'-Cookie'=>$cookie) if $cookie;
71f3e297 1281 unshift(@o,'-Type'=>'');
54310121 1282 return $self->header(@o);
1283}
1284END_OF_FUNC
1285
1286
1287#### Method: start_html
1288# Canned HTML header
1289#
1290# Parameters:
1291# $title -> (optional) The title for this HTML document (-title)
1292# $author -> (optional) e-mail address of the author (-author)
1293# $base -> (optional) if set to true, will enter the BASE address of this document
1294# for resolving relative references (-base)
1295# $xbase -> (optional) alternative base at some remote location (-xbase)
1296# $target -> (optional) target window to load all links into (-target)
1297# $script -> (option) Javascript code (-script)
47e3cabd 1298# $no_script -> (option) Javascript <noscript> tag (-noscript)
54310121 1299# $meta -> (optional) Meta information tags
7d37aa8e
LS		 1300# $head -> (optional) any other elements you'd like to incorporate into the <HEAD> tag
1301# (a scalar or array ref)
1302# $style -> (optional) reference to an external style sheet
54310121 1303# @other -> (optional) any other named parameters you'd like to incorporate into
1304# the <BODY> tag.
1305####
1306'start_html' => <<'END_OF_FUNC',
1307sub start_html {
1308 my($self,@p) = &self_or_default(@_);
6b4ac661
JH		 1309 my($title,$author,$base,$xbase,$script,$noscript,$target,$meta,$head,$style,$dtd,$lang,@other) =
1310 rearrange([TITLE,AUTHOR,BASE,XBASE,SCRIPT,NOSCRIPT,TARGET,META,HEAD,STYLE,DTD,LANG],@p);
54310121 1311
1312 # strangely enough, the title needs to be escaped as HTML
1313 # while the author needs to be escaped as a URL
1314 $title = $self->escapeHTML($title || 'Untitled Document');
424ec8fa 1315 $author = $self->escape($author);
6b4ac661 1316 $lang ||= 'en-US';
ba056755 1317 my(@result,$xml_dtd);
3d1a2ec4 1318 if ($dtd) {
6b4ac661 1319 if (defined(ref($dtd)) and (ref($dtd) eq 'ARRAY')) {
3d1a2ec4
GS		 1320 $dtd = $DEFAULT_DTD unless $dtd->[0] =~ m|^-//|;
1321 } else {
1322 $dtd = $DEFAULT_DTD unless $dtd =~ m|^-//|;
1323 }
1324 } else {
6b4ac661 1325 $dtd = $XHTML ? XHTML_DTD : $DEFAULT_DTD;
3d1a2ec4 1326 }
ba056755
JH		 1327
1328 $xml_dtd++ if ref($dtd) eq 'ARRAY' && $dtd->[0] =~ /\bXHTML\b/i;
1329 $xml_dtd++ if ref($dtd) eq '' && $dtd =~ /\bXHTML\b/i;
1330 push @result,q(<?xml version="1.0" encoding="utf-8"?>) if $xml_dtd;
1331
3d1a2ec4 1332 if (ref($dtd) && ref($dtd) eq 'ARRAY') {
03b9648d 1333 push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd->[0]"\n\t"$dtd->[1]">));
3d1a2ec4 1334 } else {
03b9648d 1335 push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd">));
3d1a2ec4 1336 }
6b4ac661
JH		 1337 push(@result,$XHTML ? qq(<html xmlns="http://www.w3.org/1999/xhtml" lang="$lang"><head><title>$title</title>)
1338 : qq(<html lang="$lang"><head><title>$title</title>));
1339 if (defined $author) {
1340 push(@result,$XHTML ? "<link rev=\"made\" href=\"mailto:$author\" />"
03b9648d 1341 : "<link rev=\"made\" href=\"mailto:$author\">");
6b4ac661 1342 }
54310121 1343
1344 if ($base || $xbase || $target) {
424ec8fa 1345 my $href = $xbase || $self->url('-path'=>1);
6b4ac661
JH		 1346 my $t = $target ? qq/ target="$target"/ : '';
1347 push(@result,$XHTML ? qq(<base href="$href"$t />) : qq(<base href="$href"$t>));
54310121 1348 }
1349
1350 if ($meta && ref($meta) && (ref($meta) eq 'HASH')) {
6b4ac661
JH		 1351 foreach (keys %$meta) { push(@result,$XHTML ? qq(<meta name="$_" content="$meta->{$_}" />)
1352 : qq(<meta name="$_" content="$meta->{$_}">)); }
54310121 1353 }
7d37aa8e
LS		 1354
1355 push(@result,ref($head) ? @$head : $head) if $head;
1356
424ec8fa
GS		 1357 # handle the infrequently-used -style and -script parameters
1358 push(@result,$self->_style($style)) if defined $style;
1359 push(@result,$self->_script($script)) if defined $script;
1360
1361 # handle -noscript parameter
1362 push(@result,<<END) if $noscript;
6b4ac661 1363<noscript>
424ec8fa 1364$noscript
6b4ac661 1365</noscript>
424ec8fa
GS		 1366END
1367 ;
1368 my($other) = @other ? " @other" : '';
6b4ac661 1369 push(@result,"</head><body$other>");
424ec8fa
GS		 1370 return join("\n",@result);
1371}
1372END_OF_FUNC
1373
1374### Method: _style
1375# internal method for generating a CSS style section
1376####
1377'_style' => <<'END_OF_FUNC',
1378sub _style {
1379 my ($self,$style) = @_;
1380 my (@result);
1381 my $type = 'text/css';
a3b3a725
JH		 1382
1383 my $cdata_start = $XHTML ? "\n<!--/* <![CDATA[ */" : "\n<!-- ";
1384 my $cdata_end = $XHTML ? "\n/* ]]> */-->\n" : " -->\n";
1385
424ec8fa 1386 if (ref($style)) {
6b4ac661
JH		 1387 my($src,$code,$stype,@other) =
1388 rearrange([SRC,CODE,TYPE],
1389 '-foo'=>'bar', # a trick to allow the '-' to be omitted
1390 ref($style) eq 'ARRAY' ? @$style : %$style);
1391 $type = $stype if $stype;
6b4ac661
JH		 1392 if (ref($src) eq "ARRAY") # Check to see if the $src variable is an array reference
1393 { # If it is, push a LINK tag for each one.
1394 foreach $src (@$src)
1395 {
ba056755
JH		 1396 push(@result,$XHTML ? qq(<link rel="stylesheet" type="$type" href="$src" />)
1397 : qq(<link rel="stylesheet" type="$type" href="$src">/)) if $src;
6b4ac661
JH		 1398 }
1399 }
1400 else
1401 { # Otherwise, push the single -src, if it exists.
ba056755
JH		 1402 push(@result,$XHTML ? qq(<link rel="stylesheet" type="$type" href="$src" />)
1403 : qq(<link rel="stylesheet" type="$type" href="$src">)
1404 ) if $src;
6b4ac661 1405 }
a3b3a725 1406 push(@result,style({'type'=>$type},"$cdata_start\n$code\n$cdata_end")) if $code;
424ec8fa 1407 } else {
a3b3a725 1408 push(@result,style({'type'=>$type},"$cdata_start\n$style\n$cdata_end"));
7d37aa8e 1409 }
424ec8fa
GS		 1410 @result;
1411}
1412END_OF_FUNC
1413
424ec8fa
GS		 1414'_script' => <<'END_OF_FUNC',
1415sub _script {
1416 my ($self,$script) = @_;
1417 my (@result);
a3b3a725 1418
424ec8fa
GS		 1419 my (@scripts) = ref($script) eq 'ARRAY' ? @$script : ($script);
1420 foreach $script (@scripts) {
7d37aa8e
LS		 1421 my($src,$code,$language);
1422 if (ref($script)) { # script is a hash
3d1a2ec4
GS		 1423 ($src,$code,$language, $type) =
1424 rearrange([SRC,CODE,LANGUAGE,TYPE],
7d37aa8e 1425 '-foo'=>'bar', # a trick to allow the '-' to be omitted
3538e1d5 1426 ref($script) eq 'ARRAY' ? @$script : %$script);
3d1a2ec4
GS		 1427 # User may not have specified language
1428 $language ||= 'JavaScript';
1429 unless (defined $type) {
1430 $type = lc $language;
1431 # strip '1.2' from 'javascript1.2'
1432 $type =~ s/^(\D+).*$/text\/$1/;
1433 }
7d37aa8e 1434 } else {
3d1a2ec4 1435 ($src,$code,$language, $type) = ('',$script,'JavaScript', 'text/javascript');
7d37aa8e 1436 }
a3b3a725
JH		 1437
1438 my $comment = '//'; # javascript by default
1439 $comment = '#' if $type=~/perl|tcl/i;
1440 $comment = "'" if $type=~/vbscript/i;
1441
1442 my $cdata_start = "\n<!-- Hide script\n";
1443 $cdata_start .= "$comment<![CDATA[\n" if $XHTML;
1444 my $cdata_end = $XHTML ? "\n$comment]]>" : $comment;
1445 $cdata_end .= " End script hiding -->\n";
1446
7d37aa8e
LS		 1447 my(@satts);
1448 push(@satts,'src'=>$src) if $src;
3d1a2ec4
GS		 1449 push(@satts,'language'=>$language);
1450 push(@satts,'type'=>$type);
ba056755 1451 $code = "$cdata_start$code$cdata_end" if defined $code;
3538e1d5 1452 push(@result,script({@satts},$code || ''));
7d37aa8e 1453 }
424ec8fa 1454 @result;
54310121 1455}
1456END_OF_FUNC
1457
54310121 1458#### Method: end_html
1459# End an HTML document.
1460# Trivial method for completeness. Just returns "</BODY>"
1461####
1462'end_html' => <<'END_OF_FUNC',
1463sub end_html {
6b4ac661 1464 return "</body></html>";
54310121 1465}
1466END_OF_FUNC
1467
1468
1469################################
1470# METHODS USED IN BUILDING FORMS
1471################################
1472
1473#### Method: isindex
1474# Just prints out the isindex tag.
1475# Parameters:
1476# $action -> optional URL of script to run
1477# Returns:
1478# A string containing a <ISINDEX> tag
1479'isindex' => <<'END_OF_FUNC',
1480sub isindex {
1481 my($self,@p) = self_or_default(@_);
3d1a2ec4 1482 my($action,@other) = rearrange([ACTION],@p);
6b4ac661 1483 $action = qq/action="$action"/ if $action;
54310121 1484 my($other) = @other ? " @other" : '';
6b4ac661 1485 return $XHTML ? "<isindex $action$other />" : "<isindex $action$other>";
54310121 1486}
1487END_OF_FUNC
1488
1489
1490#### Method: startform
1491# Start a form
1492# Parameters:
1493# $method -> optional submission method to use (GET or POST)
1494# $action -> optional URL of script to run
1495# $enctype ->encoding to use (URL_ENCODED or MULTIPART)
1496'startform' => <<'END_OF_FUNC',
1497sub startform {
1498 my($self,@p) = self_or_default(@_);
1499
1500 my($method,$action,$enctype,@other) =
3d1a2ec4 1501 rearrange([METHOD,ACTION,ENCTYPE],@p);
54310121 1502
03b9648d 1503 $method = lc($method) || 'post';
54310121 1504 $enctype = $enctype || &URL_ENCODED;
03b9648d
JH		 1505 unless (defined $action) {
1506 $action = $self->url(-absolute=>1,-path=>1);
1507 $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
1508 }
1509 $action = qq(action="$action");
54310121 1510 my($other) = @other ? " @other" : '';
1511 $self->{'.parametersToAdd'}={};
6b4ac661 1512 return qq/<form method="$method" $action enctype="$enctype"$other>\n/;
54310121 1513}
1514END_OF_FUNC
1515
1516
1517#### Method: start_form
1518# synonym for startform
1519'start_form' => <<'END_OF_FUNC',
1520sub start_form {
1521 &startform;
1522}
1523END_OF_FUNC
1524
71f3e297
JH		 1525'end_multipart_form' => <<'END_OF_FUNC',
1526sub end_multipart_form {
1527 &endform;
1528}
1529END_OF_FUNC
54310121 1530
1531#### Method: start_multipart_form
1532# synonym for startform
1533'start_multipart_form' => <<'END_OF_FUNC',
1534sub start_multipart_form {
1535 my($self,@p) = self_or_default(@_);
3d1a2ec4 1536 if (defined($param[0]) && substr($param[0],0,1) eq '-') {
54310121 1537 my(%p) = @p;
1538 $p{'-enctype'}=&MULTIPART;
1539 return $self->startform(%p);
1540 } else {
1541 my($method,$action,@other) =
3d1a2ec4 1542 rearrange([METHOD,ACTION],@p);
54310121 1543 return $self->startform($method,$action,&MULTIPART,@other);
1544 }
1545}
1546END_OF_FUNC
1547
1548
1549#### Method: endform
1550# End a form
1551'endform' => <<'END_OF_FUNC',
1552sub endform {
1553 my($self,@p) = self_or_default(@_);
3d1a2ec4 1554 if ( $NOSTICKY ) {
6b4ac661 1555 return wantarray ? ("</form>") : "\n</form>";
3d1a2ec4 1556 } else {
6b4ac661
JH		 1557 return wantarray ? ($self->get_fields,"</form>") :
1558 $self->get_fields ."\n</form>";
3d1a2ec4 1559 }
54310121 1560}
1561END_OF_FUNC
1562
1563
1564#### Method: end_form
1565# synonym for endform
1566'end_form' => <<'END_OF_FUNC',
1567sub end_form {
1568 &endform;
1569}
1570END_OF_FUNC
1571
1572
424ec8fa
GS		 1573'_textfield' => <<'END_OF_FUNC',
1574sub _textfield {
1575 my($self,$tag,@p) = self_or_default(@_);
1576 my($name,$default,$size,$maxlength,$override,@other) =
3d1a2ec4 1577 rearrange([NAME,[DEFAULT,VALUE],SIZE,MAXLENGTH,[OVERRIDE,FORCE]],@p);
424ec8fa
GS		 1578
1579 my $current = $override ? $default :
1580 (defined($self->param($name)) ? $self->param($name) : $default);
1581
a3b3a725 1582 $current = defined($current) ? $self->escapeHTML($current,1) : '';
424ec8fa 1583 $name = defined($name) ? $self->escapeHTML($name) : '';
ba056755
JH		 1584 my($s) = defined($size) ? qq/ size="$size"/ : '';
1585 my($m) = defined($maxlength) ? qq/ maxlength="$maxlength"/ : '';
71f3e297
JH		 1586 my($other) = @other ? " @other" : '';
1587 # this entered at cristy's request to fix problems with file upload fields
1588 # and WebTV -- not sure it won't break stuff
6b4ac661
JH		 1589 my($value) = $current ne '' ? qq(value="$current") : '';
1590 return $XHTML ? qq(<input type="$tag" name="$name" $value$s$m$other />)
1591 : qq/<input type="$tag" name="$name" $value$s$m$other>/;
424ec8fa
GS		 1592}
1593END_OF_FUNC
1594
54310121 1595#### Method: textfield
1596# Parameters:
1597# $name -> Name of the text field
1598# $default -> Optional default value of the field if not
1599# already defined.
1600# $size -> Optional width of field in characaters.
1601# $maxlength -> Optional maximum number of characters.
1602# Returns:
1603# A string containing a <INPUT TYPE="text"> field
1604#
1605'textfield' => <<'END_OF_FUNC',
1606sub textfield {
1607 my($self,@p) = self_or_default(@_);
424ec8fa 1608 $self->_textfield('text',@p);
54310121 1609}
1610END_OF_FUNC
1611
1612
1613#### Method: filefield
1614# Parameters:
1615# $name -> Name of the file upload field
1616# $size -> Optional width of field in characaters.
1617# $maxlength -> Optional maximum number of characters.
1618# Returns:
1619# A string containing a <INPUT TYPE="text"> field
1620#
1621'filefield' => <<'END_OF_FUNC',
1622sub filefield {
1623 my($self,@p) = self_or_default(@_);
424ec8fa 1624 $self->_textfield('file',@p);
54310121 1625}
1626END_OF_FUNC
1627
1628
1629#### Method: password
1630# Create a "secret password" entry field
1631# Parameters:
1632# $name -> Name of the field
1633# $default -> Optional default value of the field if not
1634# already defined.
1635# $size -> Optional width of field in characters.
1636# $maxlength -> Optional maximum characters that can be entered.
1637# Returns:
1638# A string containing a <INPUT TYPE="password"> field
1639#
1640'password_field' => <<'END_OF_FUNC',
1641sub password_field {
1642 my ($self,@p) = self_or_default(@_);
424ec8fa 1643 $self->_textfield('password',@p);
54310121 1644}
1645END_OF_FUNC
1646
54310121 1647#### Method: textarea
1648# Parameters:
1649# $name -> Name of the text field
1650# $default -> Optional default value of the field if not
1651# already defined.
1652# $rows -> Optional number of rows in text area
1653# $columns -> Optional number of columns in text area
1654# Returns:
1655# A string containing a <TEXTAREA></TEXTAREA> tag
1656#
1657'textarea' => <<'END_OF_FUNC',
1658sub textarea {
1659 my($self,@p) = self_or_default(@_);
1660
1661 my($name,$default,$rows,$cols,$override,@other) =
3d1a2ec4 1662 rearrange([NAME,[DEFAULT,VALUE],ROWS,[COLS,COLUMNS],[OVERRIDE,FORCE]],@p);
54310121 1663
1664 my($current)= $override ? $default :
1665 (defined($self->param($name)) ? $self->param($name) : $default);
1666
1667 $name = defined($name) ? $self->escapeHTML($name) : '';
1668 $current = defined($current) ? $self->escapeHTML($current) : '';
6b4ac661
JH		 1669 my($r) = $rows ? " rows=$rows" : '';
1670 my($c) = $cols ? " cols=$cols" : '';
54310121 1671 my($other) = @other ? " @other" : '';
6b4ac661 1672 return qq{<textarea name="$name"$r$c$other>$current</textarea>};
54310121 1673}
1674END_OF_FUNC
1675
1676
1677#### Method: button
1678# Create a javascript button.
1679# Parameters:
1680# $name -> (optional) Name for the button. (-name)
1681# $value -> (optional) Value of the button when selected (and visible name) (-value)
1682# $onclick -> (optional) Text of the JavaScript to run when the button is
1683# clicked.
1684# Returns:
1685# A string containing a <INPUT TYPE="button"> tag
1686####
1687'button' => <<'END_OF_FUNC',
1688sub button {
1689 my($self,@p) = self_or_default(@_);
1690
3d1a2ec4 1691 my($label,$value,$script,@other) = rearrange([NAME,[VALUE,LABEL],
54310121 1692 [ONCLICK,SCRIPT]],@p);
1693
1694 $label=$self->escapeHTML($label);
a3b3a725 1695 $value=$self->escapeHTML($value,1);
54310121 1696 $script=$self->escapeHTML($script);
1697
1698 my($name) = '';
ba056755 1699 $name = qq/ name="$label"/ if $label;
54310121 1700 $value = $value || $label;
1701 my($val) = '';
6b4ac661
JH		 1702 $val = qq/ value="$value"/ if $value;
1703 $script = qq/ onclick="$script"/ if $script;
54310121 1704 my($other) = @other ? " @other" : '';
6b4ac661
JH		 1705 return $XHTML ? qq(<input type="button"$name$val$script$other />)
1706 : qq/<input type="button"$name$val$script$other>/;
54310121 1707}
1708END_OF_FUNC
1709
1710
1711#### Method: submit
1712# Create a "submit query" button.
1713# Parameters:
1714# $name -> (optional) Name for the button.
1715# $value -> (optional) Value of the button when selected (also doubles as label).
1716# $label -> (optional) Label printed on the button(also doubles as the value).
1717# Returns:
1718# A string containing a <INPUT TYPE="submit"> tag
1719####
1720'submit' => <<'END_OF_FUNC',
1721sub submit {
1722 my($self,@p) = self_or_default(@_);
1723
3d1a2ec4 1724 my($label,$value,@other) = rearrange([NAME,[VALUE,LABEL]],@p);
54310121 1725
1726 $label=$self->escapeHTML($label);
a3b3a725 1727 $value=$self->escapeHTML($value,1);
54310121 1728
6b4ac661
JH		 1729 my($name) = ' name=".submit"' unless $NOSTICKY;
1730 $name = qq/ name="$label"/ if defined($label);
424ec8fa 1731 $value = defined($value) ? $value : $label;
54310121 1732 my($val) = '';
6b4ac661 1733 $val = qq/ value="$value"/ if defined($value);
54310121 1734 my($other) = @other ? " @other" : '';
6b4ac661
JH		 1735 return $XHTML ? qq(<input type="submit"$name$val$other />)
1736 : qq/<input type="submit"$name$val$other>/;
54310121 1737}
1738END_OF_FUNC
1739
1740
1741#### Method: reset
1742# Create a "reset" button.
1743# Parameters:
1744# $name -> (optional) Name for the button.
1745# Returns:
1746# A string containing a <INPUT TYPE="reset"> tag
1747####
1748'reset' => <<'END_OF_FUNC',
1749sub reset {
1750 my($self,@p) = self_or_default(@_);
3d1a2ec4 1751 my($label,@other) = rearrange([NAME],@p);
54310121 1752 $label=$self->escapeHTML($label);
6b4ac661 1753 my($value) = defined($label) ? qq/ value="$label"/ : '';
54310121 1754 my($other) = @other ? " @other" : '';
6b4ac661
JH		 1755 return $XHTML ? qq(<input type="reset"$value$other />)
1756 : qq/<input type="reset"$value$other>/;
54310121 1757}
1758END_OF_FUNC
1759
1760
1761#### Method: defaults
1762# Create a "defaults" button.
1763# Parameters:
1764# $name -> (optional) Name for the button.
1765# Returns:
1766# A string containing a <INPUT TYPE="submit" NAME=".defaults"> tag
1767#
1768# Note: this button has a special meaning to the initialization script,
1769# and tells it to ERASE the current query string so that your defaults
1770# are used again!
1771####
1772'defaults' => <<'END_OF_FUNC',
1773sub defaults {
1774 my($self,@p) = self_or_default(@_);
1775
3d1a2ec4 1776 my($label,@other) = rearrange([[NAME,VALUE]],@p);
54310121 1777
a3b3a725 1778 $label=$self->escapeHTML($label,1);
54310121 1779 $label = $label || "Defaults";
6b4ac661 1780 my($value) = qq/ value="$label"/;
54310121 1781 my($other) = @other ? " @other" : '';
d45d855d 1782 return $XHTML ? qq(<input type="submit" name=".defaults"$value$other />)
6b4ac661 1783 : qq/<input type="submit" NAME=".defaults"$value$other>/;
54310121 1784}
1785END_OF_FUNC
1786
1787
424ec8fa
GS		 1788#### Method: comment
1789# Create an HTML <!-- comment -->
1790# Parameters: a string
1791'comment' => <<'END_OF_FUNC',
1792sub comment {
1793 my($self,@p) = self_or_CGI(@_);
1794 return "<!-- @p -->";
1795}
1796END_OF_FUNC
1797
54310121 1798#### Method: checkbox
1799# Create a checkbox that is not logically linked to any others.
1800# The field value is "on" when the button is checked.
1801# Parameters:
1802# $name -> Name of the checkbox
1803# $checked -> (optional) turned on by default if true
1804# $value -> (optional) value of the checkbox, 'on' by default
1805# $label -> (optional) a user-readable label printed next to the box.
1806# Otherwise the checkbox name is used.
1807# Returns:
1808# A string containing a <INPUT TYPE="checkbox"> field
1809####
1810'checkbox' => <<'END_OF_FUNC',
1811sub checkbox {
1812 my($self,@p) = self_or_default(@_);
1813
1814 my($name,$checked,$value,$label,$override,@other) =
3d1a2ec4 1815 rearrange([NAME,[CHECKED,SELECTED,ON],VALUE,LABEL,[OVERRIDE,FORCE]],@p);
54310121 1816
424ec8fa
GS		 1817 $value = defined $value ? $value : 'on';
1818
1819 if (!$override && ($self->{'.fieldnames'}->{$name} ||
1820 defined $self->param($name))) {
03b9648d 1821 $checked = grep($_ eq $value,$self->param($name)) ? ' checked' : '';
54310121 1822 } else {
03b9648d 1823 $checked = $checked ? qq/ checked/ : '';
54310121 1824 }
1825 my($the_label) = defined $label ? $label : $name;
1826 $name = $self->escapeHTML($name);
a3b3a725 1827 $value = $self->escapeHTML($value,1);
54310121 1828 $the_label = $self->escapeHTML($the_label);
1829 my($other) = @other ? " @other" : '';
1830 $self->register_parameter($name);
6b4ac661
JH		 1831 return $XHTML ? qq{<input type="checkbox" name="$name" value="$value"$checked$other />$the_label}
1832 : qq{<input type="checkbox" name="$name" value="$value"$checked$other>$the_label};
54310121 1833}
1834END_OF_FUNC
1835
1836
1837#### Method: checkbox_group
1838# Create a list of logically-linked checkboxes.
1839# Parameters:
1840# $name -> Common name for all the check boxes
1841# $values -> A pointer to a regular array containing the
1842# values for each checkbox in the group.
1843# $defaults -> (optional)
1844# 1. If a pointer to a regular array of checkbox values,
1845# then this will be used to decide which
1846# checkboxes to turn on by default.
1847# 2. If a scalar, will be assumed to hold the
1848# value of a single checkbox in the group to turn on.
1849# $linebreak -> (optional) Set to true to place linebreaks
1850# between the buttons.
1851# $labels -> (optional)
1852# A pointer to an associative array of labels to print next to each checkbox
1853# in the form $label{'value'}="Long explanatory label".
1854# Otherwise the provided values are used as the labels.
1855# Returns:
1856# An ARRAY containing a series of <INPUT TYPE="checkbox"> fields
1857####
1858'checkbox_group' => <<'END_OF_FUNC',
1859sub checkbox_group {
1860 my($self,@p) = self_or_default(@_);
1861
1862 my($name,$values,$defaults,$linebreak,$labels,$rows,$columns,
1863 $rowheaders,$colheaders,$override,$nolabels,@other) =
3d1a2ec4 1864 rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT],
54310121 1865 LINEBREAK,LABELS,ROWS,[COLUMNS,COLS],
1866 ROWHEADERS,COLHEADERS,
1867 [OVERRIDE,FORCE],NOLABELS],@p);
1868
1869 my($checked,$break,$result,$label);
1870
1871 my(%checked) = $self->previous_or_default($name,$defaults,$override);
1872
6b4ac661
JH		 1873 if ($linebreak) {
1874 $break = $XHTML ? "<br />" : "<br>";
1875 }
1876 else {
1877 $break = '';
1878 }
54310121 1879 $name=$self->escapeHTML($name);
1880
1881 # Create the elements
424ec8fa
GS		 1882 my(@elements,@values);
1883
1884 @values = $self->_set_values_and_labels($values,\$labels,$name);
1885
54310121 1886 my($other) = @other ? " @other" : '';
1887 foreach (@values) {
03b9648d 1888 $checked = $checked{$_} ? qq/ checked/ : '';
54310121 1889 $label = '';
1890 unless (defined($nolabels) && $nolabels) {
1891 $label = $_;
424ec8fa 1892 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
54310121 1893 $label = $self->escapeHTML($label);
1894 }
a3b3a725 1895 $_ = $self->escapeHTML($_,1);
6b4ac661
JH		 1896 push(@elements,$XHTML ? qq(<input type="checkbox" name="$name" value="$_"$checked$other />${label}${break})
1897 : qq/<input type="checkbox" name="$name" value="$_"$checked$other>${label}${break}/);
54310121 1898 }
1899 $self->register_parameter($name);
424ec8fa
GS		 1900 return wantarray ? @elements : join(' ',@elements)
1901 unless defined($columns) || defined($rows);
54310121 1902 return _tableize($rows,$columns,$rowheaders,$colheaders,@elements);
1903}
1904END_OF_FUNC
1905
54310121 1906# Escape HTML -- used internally
1907'escapeHTML' => <<'END_OF_FUNC',
1908sub escapeHTML {
a3b3a725 1909 my ($self,$toencode,$newlinestoo) = CGI::self_or_default(@_);
6b4ac661
JH		 1910 return undef unless defined($toencode);
1911 return $toencode if ref($self) && $self->{'dontescape'};
1912 $toencode =~ s{&}{&amp;}gso;
1913 $toencode =~ s{<}{&lt;}gso;
1914 $toencode =~ s{>}{&gt;}gso;
1915 $toencode =~ s{"}{&quot;}gso;
a3b3a725
JH		 1916 my $latin = uc $self->{'.charset'} eq 'ISO-8859-1' ||
1917 uc $self->{'.charset'} eq 'WINDOWS-1252';
1918 if ($latin) { # bug in some browsers
ba056755 1919 $toencode =~ s{'}{&#39;}gso;
6b4ac661
JH		 1920 $toencode =~ s{\x8b}{&#139;}gso;
1921 $toencode =~ s{\x9b}{&#155;}gso;
a3b3a725
JH		 1922 if (defined $newlinestoo && $newlinestoo) {
1923 $toencode =~ s{\012}{&#10;}gso;
1924 $toencode =~ s{\015}{&#13;}gso;
1925 }
1926 }
6b4ac661 1927 return $toencode;
54310121 1928}
1929END_OF_FUNC
1930
424ec8fa
GS		 1931# unescape HTML -- used internally
1932'unescapeHTML' => <<'END_OF_FUNC',
1933sub unescapeHTML {
6b4ac661 1934 my ($self,$string) = CGI::self_or_default(@_);
424ec8fa 1935 return undef unless defined($string);
a3b3a725
JH		 1936 my $latin = defined $self->{'.charset'} ? $self->{'.charset'} =~ /^(ISO-8859-1|WINDOWS-1252)$/i
1937 : 1;
71f3e297
JH		 1938 # thanks to Randal Schwartz for the correct solution to this one
1939 $string=~ s[&(.*?);]{
1940 local $_ = $1;
1941 /^amp$/i ? "&" :
1942 /^quot$/i ? '"' :
1943 /^gt$/i ? ">" :
1944 /^lt$/i ? "<" :
6b4ac661
JH		 1945 /^#(\d+)$/ && $latin ? chr($1) :
1946 /^#x([0-9a-f]+)$/i && $latin ? chr(hex($1)) :
71f3e297
JH		 1947 $_
1948 }gex;
424ec8fa
GS		 1949 return $string;
1950}
1951END_OF_FUNC
54310121 1952
1953# Internal procedure - don't use
1954'_tableize' => <<'END_OF_FUNC',
1955sub _tableize {
1956 my($rows,$columns,$rowheaders,$colheaders,@elements) = @_;
6b4ac661
JH		 1957 $rowheaders = [] unless defined $rowheaders;
1958 $colheaders = [] unless defined $colheaders;
54310121 1959 my($result);
1960
424ec8fa
GS		 1961 if (defined($columns)) {
1962 $rows = int(0.99 + @elements/$columns) unless defined($rows);
1963 }
1964 if (defined($rows)) {
1965 $columns = int(0.99 + @elements/$rows) unless defined($columns);
1966 }
1967
54310121 1968 # rearrange into a pretty table
6b4ac661 1969 $result = "<table>";
54310121 1970 my($row,$column);
475342a6 1971 unshift(@$colheaders,'') if @$colheaders && @$rowheaders;
6b4ac661 1972 $result .= "<tr>" if @{$colheaders};
54310121 1973 foreach (@{$colheaders}) {
6b4ac661 1974 $result .= "<th>$_</th>";
54310121 1975 }
1976 for ($row=0;$row<$rows;$row++) {
6b4ac661
JH		 1977 $result .= "<tr>";
1978 $result .= "<th>$rowheaders->[$row]</th>" if @$rowheaders;
54310121 1979 for ($column=0;$column<$columns;$column++) {
6b4ac661 1980 $result .= "<td>" . $elements[$column*$rows + $row] . "</td>"
424ec8fa 1981 if defined($elements[$column*$rows + $row]);
54310121 1982 }
6b4ac661 1983 $result .= "</tr>";
54310121 1984 }
6b4ac661 1985 $result .= "</table>";
54310121 1986 return $result;
1987}
1988END_OF_FUNC
1989
1990
1991#### Method: radio_group
1992# Create a list of logically-linked radio buttons.
1993# Parameters:
1994# $name -> Common name for all the buttons.
1995# $values -> A pointer to a regular array containing the
1996# values for each button in the group.
1997# $default -> (optional) Value of the button to turn on by default. Pass '-'
1998# to turn _nothing_ on.
1999# $linebreak -> (optional) Set to true to place linebreaks
2000# between the buttons.
2001# $labels -> (optional)
2002# A pointer to an associative array of labels to print next to each checkbox
2003# in the form $label{'value'}="Long explanatory label".
2004# Otherwise the provided values are used as the labels.
2005# Returns:
2006# An ARRAY containing a series of <INPUT TYPE="radio"> fields
2007####
2008'radio_group' => <<'END_OF_FUNC',
2009sub radio_group {
2010 my($self,@p) = self_or_default(@_);
2011
2012 my($name,$values,$default,$linebreak,$labels,
2013 $rows,$columns,$rowheaders,$colheaders,$override,$nolabels,@other) =
3d1a2ec4 2014 rearrange([NAME,[VALUES,VALUE],DEFAULT,LINEBREAK,LABELS,
54310121 2015 ROWS,[COLUMNS,COLS],
2016 ROWHEADERS,COLHEADERS,
2017 [OVERRIDE,FORCE],NOLABELS],@p);
2018 my($result,$checked);
2019
2020 if (!$override && defined($self->param($name))) {
2021 $checked = $self->param($name);
2022 } else {
2023 $checked = $default;
2024 }
424ec8fa 2025 my(@elements,@values);
424ec8fa
GS		 2026 @values = $self->_set_values_and_labels($values,\$labels,$name);
2027
71f3e297
JH		 2028 # If no check array is specified, check the first by default
2029 $checked = $values[0] unless defined($checked) && $checked ne '';
2030 $name=$self->escapeHTML($name);
2031
54310121 2032 my($other) = @other ? " @other" : '';
2033 foreach (@values) {
03b9648d 2034 my($checkit) = $checked eq $_ ? qq/ checked/ : '';
6b4ac661
JH		 2035 my($break);
2036 if ($linebreak) {
ba056755 2037 $break = $XHTML ? "<br />" : "<br>";
6b4ac661
JH		 2038 }
2039 else {
ba056755 2040 $break = '';
6b4ac661 2041 }
54310121 2042 my($label)='';
2043 unless (defined($nolabels) && $nolabels) {
2044 $label = $_;
424ec8fa 2045 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
a3b3a725 2046 $label = $self->escapeHTML($label,1);
54310121 2047 }
2048 $_=$self->escapeHTML($_);
6b4ac661
JH		 2049 push(@elements,$XHTML ? qq(<input type="radio" name="$name" value="$_"$checkit$other />${label}${break})
2050 : qq/<input type="radio" name="$name" value="$_"$checkit$other>${label}${break}/);
54310121 2051 }
2052 $self->register_parameter($name);
424ec8fa
GS		 2053 return wantarray ? @elements : join(' ',@elements)
2054 unless defined($columns) || defined($rows);
54310121 2055 return _tableize($rows,$columns,$rowheaders,$colheaders,@elements);
2056}
2057END_OF_FUNC
2058
2059
2060#### Method: popup_menu
2061# Create a popup menu.
2062# Parameters:
2063# $name -> Name for all the menu
2064# $values -> A pointer to a regular array containing the
2065# text of each menu item.
2066# $default -> (optional) Default item to display
2067# $labels -> (optional)
2068# A pointer to an associative array of labels to print next to each checkbox
2069# in the form $label{'value'}="Long explanatory label".
2070# Otherwise the provided values are used as the labels.
2071# Returns:
2072# A string containing the definition of a popup menu.
2073####
2074'popup_menu' => <<'END_OF_FUNC',
2075sub popup_menu {
2076 my($self,@p) = self_or_default(@_);
2077
2078 my($name,$values,$default,$labels,$override,@other) =
3d1a2ec4 2079 rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LABELS,[OVERRIDE,FORCE]],@p);
54310121 2080 my($result,$selected);
2081
2082 if (!$override && defined($self->param($name))) {
2083 $selected = $self->param($name);
2084 } else {
2085 $selected = $default;
2086 }
2087 $name=$self->escapeHTML($name);
2088 my($other) = @other ? " @other" : '';
2089
424ec8fa
GS		 2090 my(@values);
2091 @values = $self->_set_values_and_labels($values,\$labels,$name);
2092
6b4ac661 2093 $result = qq/<select name="$name"$other>\n/;
54310121 2094 foreach (@values) {
03b9648d 2095 my($selectit) = defined($selected) ? ($selected eq $_ ? qq/selected/ : '' ) : '';
54310121 2096 my($label) = $_;
424ec8fa 2097 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
54310121 2098 my($value) = $self->escapeHTML($_);
a3b3a725 2099 $label=$self->escapeHTML($label,1);
6b4ac661 2100 $result .= "<option $selectit value=\"$value\">$label</option>\n";
54310121 2101 }
2102
6b4ac661 2103 $result .= "</select>\n";
54310121 2104 return $result;
2105}
2106END_OF_FUNC
2107
2108
2109#### Method: scrolling_list
2110# Create a scrolling list.
2111# Parameters:
2112# $name -> name for the list
2113# $values -> A pointer to a regular array containing the
2114# values for each option line in the list.
2115# $defaults -> (optional)
2116# 1. If a pointer to a regular array of options,
2117# then this will be used to decide which
2118# lines to turn on by default.
2119# 2. Otherwise holds the value of the single line to turn on.
2120# $size -> (optional) Size of the list.
2121# $multiple -> (optional) If set, allow multiple selections.
2122# $labels -> (optional)
2123# A pointer to an associative array of labels to print next to each checkbox
2124# in the form $label{'value'}="Long explanatory label".
2125# Otherwise the provided values are used as the labels.
2126# Returns:
2127# A string containing the definition of a scrolling list.
2128####
2129'scrolling_list' => <<'END_OF_FUNC',
2130sub scrolling_list {
2131 my($self,@p) = self_or_default(@_);
2132 my($name,$values,$defaults,$size,$multiple,$labels,$override,@other)
3d1a2ec4 2133 = rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT],
54310121 2134 SIZE,MULTIPLE,LABELS,[OVERRIDE,FORCE]],@p);
2135
424ec8fa
GS		 2136 my($result,@values);
2137 @values = $self->_set_values_and_labels($values,\$labels,$name);
2138
54310121 2139 $size = $size || scalar(@values);
2140
2141 my(%selected) = $self->previous_or_default($name,$defaults,$override);
03b9648d 2142 my($is_multiple) = $multiple ? qq/ multiple/ : '';
6b4ac661 2143 my($has_size) = $size ? qq/ size="$size"/: '';
54310121 2144 my($other) = @other ? " @other" : '';
2145
2146 $name=$self->escapeHTML($name);
6b4ac661 2147 $result = qq/<select name="$name"$has_size$is_multiple$other>\n/;
54310121 2148 foreach (@values) {
03b9648d 2149 my($selectit) = $selected{$_} ? qq/selected/ : '';
54310121 2150 my($label) = $_;
424ec8fa 2151 $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
54310121 2152 $label=$self->escapeHTML($label);
a3b3a725 2153 my($value)=$self->escapeHTML($_,1);
6b4ac661 2154 $result .= "<option $selectit value=\"$value\">$label</option>\n";
54310121 2155 }
6b4ac661 2156 $result .= "</select>\n";
54310121 2157 $self->register_parameter($name);
2158 return $result;
2159}
2160END_OF_FUNC
2161
2162
2163#### Method: hidden
2164# Parameters:
2165# $name -> Name of the hidden field
2166# @default -> (optional) Initial values of field (may be an array)
2167# or
2168# $default->[initial values of field]
2169# Returns:
2170# A string containing a <INPUT TYPE="hidden" NAME="name" VALUE="value">
2171####
2172'hidden' => <<'END_OF_FUNC',
2173sub hidden {
2174 my($self,@p) = self_or_default(@_);
2175
2176 # this is the one place where we departed from our standard
2177 # calling scheme, so we have to special-case (darn)
2178 my(@result,@value);
2179 my($name,$default,$override,@other) =
3d1a2ec4 2180 rearrange([NAME,[DEFAULT,VALUE,VALUES],[OVERRIDE,FORCE]],@p);
54310121 2181
2182 my $do_override = 0;
3d1a2ec4 2183 if ( ref($p[0]) || substr($p[0],0,1) eq '-') {
54310121 2184 @value = ref($default) ? @{$default} : $default;
2185 $do_override = $override;
2186 } else {
2187 foreach ($default,$override,@other) {
2188 push(@value,$_) if defined($_);
2189 }
2190 }
2191
2192 # use previous values if override is not set
2193 my @prev = $self->param($name);
2194 @value = @prev if !$do_override && @prev;
2195
2196 $name=$self->escapeHTML($name);
2197 foreach (@value) {
a3b3a725 2198 $_ = defined($_) ? $self->escapeHTML($_,1) : '';
ba056755 2199 push @result,$XHTML ? qq(<input type="hidden" name="$name" value="$_" />)
03b9648d 2200 : qq(<input type="hidden" name="$name" value="$_">);
54310121 2201 }
2202 return wantarray ? @result : join('',@result);
2203}
2204END_OF_FUNC
2205
2206
2207#### Method: image_button
2208# Parameters:
2209# $name -> Name of the button
2210# $src -> URL of the image source
2211# $align -> Alignment style (TOP, BOTTOM or MIDDLE)
2212# Returns:
2213# A string containing a <INPUT TYPE="image" NAME="name" SRC="url" ALIGN="alignment">
2214####
2215'image_button' => <<'END_OF_FUNC',
2216sub image_button {
2217 my($self,@p) = self_or_default(@_);
2218
2219 my($name,$src,$alignment,@other) =
3d1a2ec4 2220 rearrange([NAME,SRC,ALIGN],@p);
54310121 2221
6b4ac661 2222 my($align) = $alignment ? " align=\U$alignment" : '';
54310121 2223 my($other) = @other ? " @other" : '';
2224 $name=$self->escapeHTML($name);
6b4ac661
JH		 2225 return $XHTML ? qq(<input type="image" name="$name" src="$src"$align$other />)
2226 : qq/<input type="image" name="$name" src="$src"$align$other>/;
54310121 2227}
2228END_OF_FUNC
2229
2230
2231#### Method: self_url
2232# Returns a URL containing the current script and all its
2233# param/value pairs arranged as a query. You can use this
2234# to create a link that, when selected, will reinvoke the
2235# script with all its state information preserved.
2236####
2237'self_url' => <<'END_OF_FUNC',
2238sub self_url {
424ec8fa
GS		 2239 my($self,@p) = self_or_default(@_);
2240 return $self->url('-path_info'=>1,'-query'=>1,'-full'=>1,@p);
54310121 2241}
2242END_OF_FUNC
2243
2244
2245# This is provided as a synonym to self_url() for people unfortunate
2246# enough to have incorporated it into their programs already!
2247'state' => <<'END_OF_FUNC',
2248sub state {
2249 &self_url;
2250}
2251END_OF_FUNC
2252
2253
2254#### Method: url
2255# Like self_url, but doesn't return the query string part of
2256# the URL.
2257####
2258'url' => <<'END_OF_FUNC',
2259sub url {
424ec8fa 2260 my($self,@p) = self_or_default(@_);
03b9648d
JH		 2261 my ($relative,$absolute,$full,$path_info,$query,$base) =
2262 rearrange(['RELATIVE','ABSOLUTE','FULL',['PATH','PATH_INFO'],['QUERY','QUERY_STRING'],'BASE'],@p);
424ec8fa 2263 my $url;
03b9648d 2264 $full++ if $base || !($relative || $absolute);
424ec8fa 2265
3538e1d5 2266 my $path = $self->path_info;
d45d855d
JH		 2267 my $script_name = $self->script_name;
2268
2269# If anybody knows why I ever wrote this please tell me!
2270# if (exists($ENV{REQUEST_URI})) {
2271# my $index;
2272# $script_name = $ENV{REQUEST_URI};
2273# # strip query string
2274# substr($script_name,$index) = '' if ($index = index($script_name,'?')) >= 0;
2275# # and path
2276# if (exists($ENV{PATH_INFO})) {
2277# (my $encoded_path = $ENV{PATH_INFO}) =~ s!([^a-zA-Z0-9_./-])!uc sprintf("%%%02x",ord($1))!eg;;
2278# substr($script_name,$index) = '' if ($index = rindex($script_name,$encoded_path)) >= 0;
2279# }
2280# } else {
2281# $script_name = $self->script_name;
2282# }
3538e1d5 2283
424ec8fa
GS		 2284 if ($full) {
2285 my $protocol = $self->protocol();
2286 $url = "$protocol://";
2287 my $vh = http('host');
2288 if ($vh) {
2289 $url .= $vh;
2290 } else {
2291 $url .= server_name();
2292 my $port = $self->server_port;
2293 $url .= ":" . $port
2294 unless (lc($protocol) eq 'http' && $port == 80)
2295 || (lc($protocol) eq 'https' && $port == 443);
2296 }
03b9648d 2297 return $url if $base;
3538e1d5 2298 $url .= $script_name;
424ec8fa 2299 } elsif ($relative) {
3538e1d5 2300 ($url) = $script_name =~ m!([^/]+)$!;
424ec8fa 2301 } elsif ($absolute) {
3538e1d5 2302 $url = $script_name;
424ec8fa 2303 }
03b9648d 2304
3538e1d5 2305 $url .= $path if $path_info and defined $path;
424ec8fa 2306 $url .= "?" . $self->query_string if $query and $self->query_string;
3d1a2ec4
GS		 2307 $url = '' unless defined $url;
2308 $url =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/uc sprintf("%%%02x",ord($1))/eg;
424ec8fa 2309 return $url;
54310121 2310}
2311
2312END_OF_FUNC
2313
2314#### Method: cookie
2315# Set or read a cookie from the specified name.
2316# Cookie can then be passed to header().
2317# Usual rules apply to the stickiness of -value.
2318# Parameters:
2319# -name -> name for this cookie (optional)
2320# -value -> value of this cookie (scalar, array or hash)
2321# -path -> paths for which this cookie is valid (optional)
2322# -domain -> internet domain in which this cookie is valid (optional)
2323# -secure -> if true, cookie only passed through secure channel (optional)
7d37aa8e 2324# -expires -> expiry date in format Wdy, DD-Mon-YYYY HH:MM:SS GMT (optional)
54310121 2325####
2326'cookie' => <<'END_OF_FUNC',
54310121 2327sub cookie {
2328 my($self,@p) = self_or_default(@_);
2329 my($name,$value,$path,$domain,$secure,$expires) =
3d1a2ec4 2330 rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES],@p);
54310121 2331
424ec8fa 2332 require CGI::Cookie;
54310121 2333
2334 # if no value is supplied, then we retrieve the
2335 # value of the cookie, if any. For efficiency, we cache the parsed
424ec8fa
GS		 2336 # cookies in our state variables.
2337 unless ( defined($value) ) {
2338 $self->{'.cookies'} = CGI::Cookie->fetch
2339 unless $self->{'.cookies'};
54310121 2340
2341 # If no name is supplied, then retrieve the names of all our cookies.
2342 return () unless $self->{'.cookies'};
424ec8fa
GS		 2343 return keys %{$self->{'.cookies'}} unless $name;
2344 return () unless $self->{'.cookies'}->{$name};
2345 return $self->{'.cookies'}->{$name}->value if defined($name) && $name ne '';
54310121 2346 }
54310121 2347
424ec8fa 2348 # If we get here, we're creating a new cookie
ba056755 2349 return undef unless defined($name) && $name ne ''; # this is an error
54310121 2350
424ec8fa
GS		 2351 my @param;
2352 push(@param,'-name'=>$name);
2353 push(@param,'-value'=>$value);
2354 push(@param,'-domain'=>$domain) if $domain;
2355 push(@param,'-path'=>$path) if $path;
2356 push(@param,'-expires'=>$expires) if $expires;
2357 push(@param,'-secure'=>$secure) if $secure;
54310121 2358
6b4ac661 2359 return new CGI::Cookie(@param);
54310121 2360}
2361END_OF_FUNC
2362
424ec8fa
GS		 2363'parse_keywordlist' => <<'END_OF_FUNC',
2364sub parse_keywordlist {
2365 my($self,$tosplit) = @_;
2366 $tosplit = unescape($tosplit); # unescape the keywords
2367 $tosplit=~tr/+/ /; # pluses to spaces
2368 my(@keywords) = split(/\s+/,$tosplit);
2369 return @keywords;
2370}
2371END_OF_FUNC
2372
2373'param_fetch' => <<'END_OF_FUNC',
2374sub param_fetch {
2375 my($self,@p) = self_or_default(@_);
3d1a2ec4 2376 my($name) = rearrange([NAME],@p);
424ec8fa
GS		 2377 unless (exists($self->{$name})) {
2378 $self->add_parameter($name);
2379 $self->{$name} = [];
2380 }
2381
2382 return $self->{$name};
2383}
2384END_OF_FUNC
2385
54310121 2386###############################################
2387# OTHER INFORMATION PROVIDED BY THE ENVIRONMENT
2388###############################################
2389
2390#### Method: path_info
2391# Return the extra virtual path information provided
2392# after the URL (if any)
2393####
2394'path_info' => <<'END_OF_FUNC',
2395sub path_info {
424ec8fa
GS		 2396 my ($self,$info) = self_or_default(@_);
2397 if (defined($info)) {
2398 $info = "/$info" if $info ne '' && substr($info,0,1) ne '/';
2399 $self->{'.path_info'} = $info;
2400 } elsif (! defined($self->{'.path_info'}) ) {
2401 $self->{'.path_info'} = defined($ENV{'PATH_INFO'}) ?
2402 $ENV{'PATH_INFO'} : '';
2403
2404 # hack to fix broken path info in IIS
2405 $self->{'.path_info'} =~ s/^\Q$ENV{'SCRIPT_NAME'}\E// if $IIS;
2406
2407 }
2408 return $self->{'.path_info'};
54310121 2409}
2410END_OF_FUNC
2411
2412
2413#### Method: request_method
2414# Returns 'POST', 'GET', 'PUT' or 'HEAD'
2415####
2416'request_method' => <<'END_OF_FUNC',
2417sub request_method {
2418 return $ENV{'REQUEST_METHOD'};
2419}
2420END_OF_FUNC
2421
3538e1d5
GS		 2422#### Method: content_type
2423# Returns the content_type string
2424####
2425'content_type' => <<'END_OF_FUNC',
2426sub content_type {
2427 return $ENV{'CONTENT_TYPE'};
2428}
2429END_OF_FUNC
2430
54310121 2431#### Method: path_translated
2432# Return the physical path information provided
2433# by the URL (if any)
2434####
2435'path_translated' => <<'END_OF_FUNC',
2436sub path_translated {
2437 return $ENV{'PATH_TRANSLATED'};
2438}
2439END_OF_FUNC
2440
2441
2442#### Method: query_string
2443# Synthesize a query string from our current
2444# parameters
2445####
2446'query_string' => <<'END_OF_FUNC',
2447sub query_string {
2448 my($self) = self_or_default(@_);
2449 my($param,$value,@pairs);
2450 foreach $param ($self->param) {
424ec8fa 2451 my($eparam) = escape($param);
54310121 2452 foreach $value ($self->param($param)) {
424ec8fa 2453 $value = escape($value);
3538e1d5 2454 next unless defined $value;
54310121 2455 push(@pairs,"$eparam=$value");
2456 }
2457 }
d45d855d
JH		 2458 foreach (keys %{$self->{'.fieldnames'}}) {
2459 push(@pairs,".cgifields=".escape("$_"));
2460 }
71f3e297 2461 return join($USE_PARAM_SEMICOLONS ? ';' : '&',@pairs);
54310121 2462}
2463END_OF_FUNC
2464
2465
2466#### Method: accept
2467# Without parameters, returns an array of the
2468# MIME types the browser accepts.
2469# With a single parameter equal to a MIME
2470# type, will return undef if the browser won't
2471# accept it, 1 if the browser accepts it but
2472# doesn't give a preference, or a floating point
2473# value between 0.0 and 1.0 if the browser
2474# declares a quantitative score for it.
2475# This handles MIME type globs correctly.
2476####
71f3e297
JH		 2477'Accept' => <<'END_OF_FUNC',
2478sub Accept {
54310121 2479 my($self,$search) = self_or_CGI(@_);
2480 my(%prefs,$type,$pref,$pat);
2481
2482 my(@accept) = split(',',$self->http('accept'));
2483
2484 foreach (@accept) {
2485 ($pref) = /q=(\d\.\d+|\d+)/;
2486 ($type) = m#(\S+/[^;]+)#;
2487 next unless $type;
2488 $prefs{$type}=$pref || 1;
2489 }
2490
2491 return keys %prefs unless $search;
2492
2493 # if a search type is provided, we may need to
2494 # perform a pattern matching operation.
2495 # The MIME types use a glob mechanism, which
2496 # is easily translated into a perl pattern match
2497
2498 # First return the preference for directly supported
2499 # types:
2500 return $prefs{$search} if $prefs{$search};
2501
2502 # Didn't get it, so try pattern matching.
2503 foreach (keys %prefs) {
2504 next unless /\*/; # not a pattern match
2505 ($pat = $_) =~ s/([^\w*])/\\$1/g; # escape meta characters
2506 $pat =~ s/\*/.*/g; # turn it into a pattern
2507 return $prefs{$_} if $search=~/$pat/;
2508 }
2509}
2510END_OF_FUNC
2511
2512
2513#### Method: user_agent
2514# If called with no parameters, returns the user agent.
2515# If called with one parameter, does a pattern match (case
2516# insensitive) on the user agent.
2517####
2518'user_agent' => <<'END_OF_FUNC',
2519sub user_agent {
2520 my($self,$match)=self_or_CGI(@_);
2521 return $self->http('user_agent') unless $match;
2522 return $self->http('user_agent') =~ /$match/i;
2523}
2524END_OF_FUNC
2525
2526
424ec8fa
GS		 2527#### Method: raw_cookie
2528# Returns the magic cookies for the session.
2529# The cookies are not parsed or altered in any way, i.e.
2530# cookies are returned exactly as given in the HTTP
2531# headers. If a cookie name is given, only that cookie's
2532# value is returned, otherwise the entire raw cookie
2533# is returned.
54310121 2534####
2535'raw_cookie' => <<'END_OF_FUNC',
2536sub raw_cookie {
424ec8fa
GS		 2537 my($self,$key) = self_or_CGI(@_);
2538
2539 require CGI::Cookie;
2540
2541 if (defined($key)) {
2542 $self->{'.raw_cookies'} = CGI::Cookie->raw_fetch
2543 unless $self->{'.raw_cookies'};
2544
2545 return () unless $self->{'.raw_cookies'};
2546 return () unless $self->{'.raw_cookies'}->{$key};
2547 return $self->{'.raw_cookies'}->{$key};
2548 }
54310121 2549 return $self->http('cookie') || $ENV{'COOKIE'} || '';
2550}
2551END_OF_FUNC
2552
2553#### Method: virtual_host
2554# Return the name of the virtual_host, which
2555# is not always the same as the server
2556######
2557'virtual_host' => <<'END_OF_FUNC',
2558sub virtual_host {
424ec8fa
GS		 2559 my $vh = http('host') || server_name();
2560 $vh =~ s/:\d+$//; # get rid of port number
2561 return $vh;
54310121 2562}
2563END_OF_FUNC
2564
2565#### Method: remote_host
2566# Return the name of the remote host, or its IP
2567# address if unavailable. If this variable isn't
2568# defined, it returns "localhost" for debugging
2569# purposes.
2570####
2571'remote_host' => <<'END_OF_FUNC',
2572sub remote_host {
2573 return $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'}
2574 || 'localhost';
2575}
2576END_OF_FUNC
2577
2578
2579#### Method: remote_addr
2580# Return the IP addr of the remote host.
2581####
2582'remote_addr' => <<'END_OF_FUNC',
2583sub remote_addr {
2584 return $ENV{'REMOTE_ADDR'} || '127.0.0.1';
2585}
2586END_OF_FUNC
2587
2588
2589#### Method: script_name
2590# Return the partial URL to this script for
2591# self-referencing scripts. Also see
2592# self_url(), which returns a URL with all state information
2593# preserved.
2594####
2595'script_name' => <<'END_OF_FUNC',
2596sub script_name {
424ec8fa 2597 return $ENV{'SCRIPT_NAME'} if defined($ENV{'SCRIPT_NAME'});
54310121 2598 # These are for debugging
2599 return "/$0" unless $0=~/^\//;
2600 return $0;
2601}
2602END_OF_FUNC
2603
2604
2605#### Method: referer
2606# Return the HTTP_REFERER: useful for generating
2607# a GO BACK button.
2608####
2609'referer' => <<'END_OF_FUNC',
2610sub referer {
2611 my($self) = self_or_CGI(@_);
2612 return $self->http('referer');
2613}
2614END_OF_FUNC
2615
2616
2617#### Method: server_name
2618# Return the name of the server
2619####
2620'server_name' => <<'END_OF_FUNC',
2621sub server_name {
2622 return $ENV{'SERVER_NAME'} || 'localhost';
2623}
2624END_OF_FUNC
2625
2626#### Method: server_software
2627# Return the name of the server software
2628####
2629'server_software' => <<'END_OF_FUNC',
2630sub server_software {
2631 return $ENV{'SERVER_SOFTWARE'} || 'cmdline';
2632}
2633END_OF_FUNC
2634
2635#### Method: server_port
2636# Return the tcp/ip port the server is running on
2637####
2638'server_port' => <<'END_OF_FUNC',
2639sub server_port {
2640 return $ENV{'SERVER_PORT'} || 80; # for debugging
2641}
2642END_OF_FUNC
2643
2644#### Method: server_protocol
2645# Return the protocol (usually HTTP/1.0)
2646####
2647'server_protocol' => <<'END_OF_FUNC',
2648sub server_protocol {
2649 return $ENV{'SERVER_PROTOCOL'} || 'HTTP/1.0'; # for debugging
2650}
2651END_OF_FUNC
2652
2653#### Method: http
2654# Return the value of an HTTP variable, or
2655# the list of variables if none provided
2656####
2657'http' => <<'END_OF_FUNC',
2658sub http {
2659 my ($self,$parameter) = self_or_CGI(@_);
2660 return $ENV{$parameter} if $parameter=~/^HTTP/;
3538e1d5 2661 $parameter =~ tr/-/_/;
54310121 2662 return $ENV{"HTTP_\U$parameter\E"} if $parameter;
2663 my(@p);
2664 foreach (keys %ENV) {
2665 push(@p,$_) if /^HTTP/;
2666 }
2667 return @p;
2668}
2669END_OF_FUNC
2670
2671#### Method: https
2672# Return the value of HTTPS
2673####
2674'https' => <<'END_OF_FUNC',
2675sub https {
2676 local($^W)=0;
2677 my ($self,$parameter) = self_or_CGI(@_);
2678 return $ENV{HTTPS} unless $parameter;
2679 return $ENV{$parameter} if $parameter=~/^HTTPS/;
3538e1d5 2680 $parameter =~ tr/-/_/;
54310121 2681 return $ENV{"HTTPS_\U$parameter\E"} if $parameter;
2682 my(@p);
2683 foreach (keys %ENV) {
2684 push(@p,$_) if /^HTTPS/;
2685 }
2686 return @p;
2687}
2688END_OF_FUNC
2689
2690#### Method: protocol
2691# Return the protocol (http or https currently)
2692####
2693'protocol' => <<'END_OF_FUNC',
2694sub protocol {
2695 local($^W)=0;
2696 my $self = shift;
424ec8fa 2697 return 'https' if uc($self->https()) eq 'ON';
54310121 2698 return 'https' if $self->server_port == 443;
2699 my $prot = $self->server_protocol;
2700 my($protocol,$version) = split('/',$prot);
2701 return "\L$protocol\E";
2702}
2703END_OF_FUNC
2704
2705#### Method: remote_ident
2706# Return the identity of the remote user
2707# (but only if his host is running identd)
2708####
2709'remote_ident' => <<'END_OF_FUNC',
2710sub remote_ident {
2711 return $ENV{'REMOTE_IDENT'};
2712}
2713END_OF_FUNC
2714
2715
2716#### Method: auth_type
2717# Return the type of use verification/authorization in use, if any.
2718####
2719'auth_type' => <<'END_OF_FUNC',
2720sub auth_type {
2721 return $ENV{'AUTH_TYPE'};
2722}
2723END_OF_FUNC
2724
2725
2726#### Method: remote_user
2727# Return the authorization name used for user
2728# verification.
2729####
2730'remote_user' => <<'END_OF_FUNC',
2731sub remote_user {
2732 return $ENV{'REMOTE_USER'};
2733}
2734END_OF_FUNC
2735
2736
2737#### Method: user_name
2738# Try to return the remote user's name by hook or by
2739# crook
2740####
2741'user_name' => <<'END_OF_FUNC',
2742sub user_name {
2743 my ($self) = self_or_CGI(@_);
2744 return $self->http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'};
2745}
2746END_OF_FUNC
2747
3d1a2ec4
GS		 2748#### Method: nosticky
2749# Set or return the NOSTICKY global flag
2750####
2751'nosticky' => <<'END_OF_FUNC',
2752sub nosticky {
2753 my ($self,$param) = self_or_CGI(@_);
2754 $CGI::NOSTICKY = $param if defined($param);
2755 return $CGI::NOSTICKY;
2756}
2757END_OF_FUNC
2758
54310121 2759#### Method: nph
2760# Set or return the NPH global flag
2761####
2762'nph' => <<'END_OF_FUNC',
2763sub nph {
2764 my ($self,$param) = self_or_CGI(@_);
7d37aa8e
LS		 2765 $CGI::NPH = $param if defined($param);
2766 return $CGI::NPH;
2767}
2768END_OF_FUNC
2769
2770#### Method: private_tempfiles
2771# Set or return the private_tempfiles global flag
2772####
2773'private_tempfiles' => <<'END_OF_FUNC',
2774sub private_tempfiles {
2775 my ($self,$param) = self_or_CGI(@_);
424ec8fa 2776 $CGI::PRIVATE_TEMPFILES = $param if defined($param);
7d37aa8e 2777 return $CGI::PRIVATE_TEMPFILES;
54310121 2778}
2779END_OF_FUNC
2780
424ec8fa
GS		 2781#### Method: default_dtd
2782# Set or return the default_dtd global
2783####
2784'default_dtd' => <<'END_OF_FUNC',
2785sub default_dtd {
3d1a2ec4
GS		 2786 my ($self,$param,$param2) = self_or_CGI(@_);
2787 if (defined $param2 && defined $param) {
2788 $CGI::DEFAULT_DTD = [ $param, $param2 ];
2789 } elsif (defined $param) {
2790 $CGI::DEFAULT_DTD = $param;
2791 }
424ec8fa
GS		 2792 return $CGI::DEFAULT_DTD;
2793}
2794END_OF_FUNC
2795
54310121 2796# -------------- really private subroutines -----------------
2797'previous_or_default' => <<'END_OF_FUNC',
2798sub previous_or_default {
2799 my($self,$name,$defaults,$override) = @_;
2800 my(%selected);
2801
2802 if (!$override && ($self->{'.fieldnames'}->{$name} ||
2803 defined($self->param($name)) ) ) {
2804 grep($selected{$_}++,$self->param($name));
2805 } elsif (defined($defaults) && ref($defaults) &&
2806 (ref($defaults) eq 'ARRAY')) {
2807 grep($selected{$_}++,@{$defaults});
2808 } else {
2809 $selected{$defaults}++ if defined($defaults);
2810 }
2811
2812 return %selected;
2813}
2814END_OF_FUNC
2815
2816'register_parameter' => <<'END_OF_FUNC',
2817sub register_parameter {
2818 my($self,$param) = @_;
2819 $self->{'.parametersToAdd'}->{$param}++;
2820}
2821END_OF_FUNC
2822
2823'get_fields' => <<'END_OF_FUNC',
2824sub get_fields {
2825 my($self) = @_;
424ec8fa
GS		 2826 return $self->CGI::hidden('-name'=>'.cgifields',
2827 '-values'=>[keys %{$self->{'.parametersToAdd'}}],
2828 '-override'=>1);
54310121 2829}
2830END_OF_FUNC
2831
2832'read_from_cmdline' => <<'END_OF_FUNC',
2833sub read_from_cmdline {
54310121 2834 my($input,@words);
2835 my($query_string);
3d1a2ec4 2836 if ($DEBUG && @ARGV) {
424ec8fa 2837 @words = @ARGV;
3d1a2ec4 2838 } elsif ($DEBUG > 1) {
424ec8fa 2839 require "shellwords.pl";
54310121 2840 print STDERR "(offline mode: enter name=value pairs on standard input)\n";
424ec8fa 2841 chomp(@lines = <STDIN>); # remove newlines
54310121 2842 $input = join(" ",@lines);
424ec8fa
GS		 2843 @words = &shellwords($input);
2844 }
2845 foreach (@words) {
2846 s/\\=/%3D/g;
2847 s/\\&/%26/g;
54310121 2848 }
2849
54310121 2850 if ("@words"=~/=/) {
2851 $query_string = join('&',@words);
2852 } else {
2853 $query_string = join('+',@words);
2854 }
2855 return $query_string;
2856}
2857END_OF_FUNC
2858
2859#####
2860# subroutine: read_multipart
2861#
2862# Read multipart data and store it into our parameters.
2863# An interesting feature is that if any of the parts is a file, we
2864# create a temporary file and open up a filehandle on it so that the
2865# caller can read from it if necessary.
2866#####
2867'read_multipart' => <<'END_OF_FUNC',
2868sub read_multipart {
424ec8fa
GS		 2869 my($self,$boundary,$length,$filehandle) = @_;
2870 my($buffer) = $self->new_MultipartBuffer($boundary,$length,$filehandle);
54310121 2871 return unless $buffer;
2872 my(%header,$body);
424ec8fa 2873 my $filenumber = 0;
54310121 2874 while (!$buffer->eof) {
2875 %header = $buffer->readHeader;
3538e1d5
GS		 2876
2877 unless (%header) {
2878 $self->cgi_error("400 Bad request (malformed multipart POST)");
2879 return;
2880 }
54310121 2881
424ec8fa 2882 my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]*)"?/;
54310121 2883
424ec8fa 2884 # Bug: Netscape doesn't escape quotation marks in file names!!!
6b4ac661 2885 my($filename) = $header{'Content-Disposition'}=~/ filename="?([^\"]*)"?/;
54310121 2886
2887 # add this parameter to our list
2888 $self->add_parameter($param);
2889
2890 # If no filename specified, then just read the data and assign it
2891 # to our parameter list.
ffd2dff2 2892 if ( !defined($filename) || $filename eq '' ) {
54310121 2893 my($value) = $buffer->readBody;
2894 push(@{$self->{$param}},$value);
2895 next;
2896 }
2897
424ec8fa
GS		 2898 my ($tmpfile,$tmp,$filehandle);
2899 UPLOADS: {
2900 # If we get here, then we are dealing with a potentially large
2901 # uploaded form. Save the data to a temporary file, then open
2902 # the file for reading.
54310121 2903
424ec8fa
GS		 2904 # skip the file if uploads disabled
2905 if ($DISABLE_UPLOADS) {
2906 while (defined($data = $buffer->read)) { }
2907 last UPLOADS;
2908 }
7d37aa8e 2909
3538e1d5
GS		 2910 # choose a relatively unpredictable tmpfile sequence number
2911 my $seqno = unpack("%16C*",join('',localtime,values %ENV));
2912 for (my $cnt=10;$cnt>0;$cnt--) {
2913 next unless $tmpfile = new TempFile($seqno);
2914 $tmp = $tmpfile->as_string;
ffd2dff2 2915 last if defined($filehandle = Fh->new($filename,$tmp,$PRIVATE_TEMPFILES));
3538e1d5
GS		 2916 $seqno += int rand(100);
2917 }
2918 die "CGI open of tmpfile: $!\n" unless $filehandle;
424ec8fa 2919 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;
424ec8fa
GS		 2920
2921 my ($data);
71f3e297 2922 local($\) = '';
424ec8fa
GS		 2923 while (defined($data = $buffer->read)) {
2924 print $filehandle $data;
2925 }
2926
2927 # back up to beginning of file
2928 seek($filehandle,0,0);
2929 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;
2930
2931 # Save some information about the uploaded file where we can get
2932 # at it later.
ffd2dff2 2933 $self->{'.tmpfiles'}->{fileno($filehandle)}= {
424ec8fa
GS		 2934 name => $tmpfile,
2935 info => {%header},
2936 };
2937 push(@{$self->{$param}},$filehandle);
2938 }
54310121 2939 }
2940}
2941END_OF_FUNC
2942
3538e1d5
GS		 2943'upload' =><<'END_OF_FUNC',
2944sub upload {
2945 my($self,$param_name) = self_or_default(@_);
199d4a26
JH		 2946 my @param = grep(ref && fileno($_), $self->param($param_name));
2947 return unless @param;
2948 return wantarray ? @param : $param[0];
3538e1d5
GS		 2949}
2950END_OF_FUNC
2951
54310121 2952'tmpFileName' => <<'END_OF_FUNC',
2953sub tmpFileName {
2954 my($self,$filename) = self_or_default(@_);
ffd2dff2
GS		 2955 return $self->{'.tmpfiles'}->{fileno($filename)}->{name} ?
2956 $self->{'.tmpfiles'}->{fileno($filename)}->{name}->as_string
7d37aa8e 2957 : '';
54310121 2958}
2959END_OF_FUNC
2960
424ec8fa 2961'uploadInfo' => <<'END_OF_FUNC',
54310121 2962sub uploadInfo {
2963 my($self,$filename) = self_or_default(@_);
ffd2dff2 2964 return $self->{'.tmpfiles'}->{fileno($filename)}->{info};
54310121 2965}
2966END_OF_FUNC
2967
424ec8fa
GS		 2968# internal routine, don't use
2969'_set_values_and_labels' => <<'END_OF_FUNC',
2970sub _set_values_and_labels {
2971 my $self = shift;
2972 my ($v,$l,$n) = @_;
2973 $$l = $v if ref($v) eq 'HASH' && !ref($$l);
2974 return $self->param($n) if !defined($v);
2975 return $v if !ref($v);
2976 return ref($v) eq 'HASH' ? keys %$v : @$v;
2977}
2978END_OF_FUNC
2979
2980'_compile_all' => <<'END_OF_FUNC',
2981sub _compile_all {
2982 foreach (@_) {
2983 next if defined(&$_);
2984 $AUTOLOAD = "CGI::$_";
2985 _compile();
2986 }
2987}
2988END_OF_FUNC
2989
54310121 2990);
2991END_OF_AUTOLOAD
2992;
2993
424ec8fa
GS		 2994#########################################################
2995# Globals and stubs for other packages that we use.
2996#########################################################
2997
2998################### Fh -- lightweight filehandle ###############
2999package Fh;
3000use overload
3001 '""' => \&asString,
3002 'cmp' => \&compare,
3003 'fallback'=>1;
3004
3005$FH='fh00000';
3006
3007*Fh::AUTOLOAD = \&CGI::AUTOLOAD;
3008
3009$AUTOLOADED_ROUTINES = ''; # prevent -w error
3010$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3011%SUBS = (
3012'asString' => <<'END_OF_FUNC',
3013sub asString {
3014 my $self = shift;
71f3e297 3015 # get rid of package name
ffd2dff2 3016 (my $i = $$self) =~ s/^\*(\w+::fh\d{5})+//;
ba056755 3017 $i =~ s/%(..)/ chr(hex($1)) /eg;
424ec8fa 3018 return $i;
71f3e297
JH		 3019# BEGIN DEAD CODE
3020# This was an extremely clever patch that allowed "use strict refs".
3021# Unfortunately it relied on another bug that caused leaky file descriptors.
3022# The underlying bug has been fixed, so this no longer works. However
3023# "strict refs" still works for some reason.
3024# my $self = shift;
3025# return ${*{$self}{SCALAR}};
3026# END DEAD CODE
424ec8fa
GS		 3027}
3028END_OF_FUNC
3029
3030'compare' => <<'END_OF_FUNC',
3031sub compare {
3032 my $self = shift;
3033 my $value = shift;
3034 return "$self" cmp $value;
3035}
3036END_OF_FUNC
3037
3038'new' => <<'END_OF_FUNC',
3039sub new {
3040 my($pack,$name,$file,$delete) = @_;
3041 require Fcntl unless defined &Fcntl::O_RDWR;
ba056755
JH		 3042 (my $safename = $name) =~ s/([':%])/ sprintf '%%%02X', ord $1 /eg;
3043 my $fv = ++$FH . $safename;
6b4ac661 3044 my $ref = \*{"Fh::$fv"};
3538e1d5 3045 sysopen($ref,$file,Fcntl::O_RDWR()|Fcntl::O_CREAT()|Fcntl::O_EXCL(),0600) || return;
424ec8fa 3046 unlink($file) if $delete;
6b4ac661 3047 CORE::delete $Fh::{$fv};
71f3e297 3048 return bless $ref,$pack;
424ec8fa
GS		 3049}
3050END_OF_FUNC
3051
3052'DESTROY' => <<'END_OF_FUNC',
3053sub DESTROY {
3054 my $self = shift;
3055 close $self;
3056}
3057END_OF_FUNC
3058
3059);
3060END_OF_AUTOLOAD
3061
3062######################## MultipartBuffer ####################
54310121 3063package MultipartBuffer;
3064
3065# how many bytes to read at a time. We use
71f3e297
JH		 3066# a 4K buffer by default.
3067$INITIAL_FILLUNIT = 1024 * 4;
3068$TIMEOUT = 240*60; # 4 hour timeout for big files
3069$SPIN_LOOP_MAX = 2000; # bug fix for some Netscape servers
54310121 3070$CRLF=$CGI::CRLF;
3071
3072#reuse the autoload function
3073*MultipartBuffer::AUTOLOAD = \&CGI::AUTOLOAD;
3074
424ec8fa
GS		 3075# avoid autoloader warnings
3076sub DESTROY {}
3077
54310121 3078###############################################################################
3079################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
3080###############################################################################
3081$AUTOLOADED_ROUTINES = ''; # prevent -w error
3082$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3083%SUBS = (
3084
3085'new' => <<'END_OF_FUNC',
3086sub new {
3087 my($package,$interface,$boundary,$length,$filehandle) = @_;
424ec8fa 3088 $FILLUNIT = $INITIAL_FILLUNIT;
54310121 3089 my $IN;
3090 if ($filehandle) {
3091 my($package) = caller;
3092 # force into caller's package if necessary
3093 $IN = $filehandle=~/[':]/ ? $filehandle : "$package\:\:$filehandle";
3094 }
3095 $IN = "main::STDIN" unless $IN;
3096
3097 $CGI::DefaultClass->binmode($IN) if $CGI::needs_binmode;
3098
3099 # If the user types garbage into the file upload field,
3100 # then Netscape passes NOTHING to the server (not good).
3101 # We may hang on this read in that case. So we implement
3102 # a read timeout. If nothing is ready to read
3103 # by then, we return.
3104
3105 # Netscape seems to be a little bit unreliable
3106 # about providing boundary strings.
3d1a2ec4 3107 my $boundary_read = 0;
54310121 3108 if ($boundary) {
3109
3110 # Under the MIME spec, the boundary consists of the
3111 # characters "--" PLUS the Boundary string
424ec8fa
GS		 3112
3113 # BUG: IE 3.01 on the Macintosh uses just the boundary -- not
71f3e297 3114 # the two extra hyphens. We do a special case here on the user-agent!!!!
3538e1d5 3115 $boundary = "--$boundary" unless CGI::user_agent('MSIE\s+3\.0[12];\s*Mac');
424ec8fa 3116
54310121 3117 } else { # otherwise we find it ourselves
3118 my($old);
3119 ($old,$/) = ($/,$CRLF); # read a CRLF-delimited line
3120 $boundary = <$IN>; # BUG: This won't work correctly under mod_perl
3121 $length -= length($boundary);
3122 chomp($boundary); # remove the CRLF
3123 $/ = $old; # restore old line separator
3d1a2ec4 3124 $boundary_read++;
54310121 3125 }
3126
3127 my $self = {LENGTH=>$length,
3128 BOUNDARY=>$boundary,
3129 IN=>$IN,
3130 INTERFACE=>$interface,
3131 BUFFER=>'',
3132 };
3133
3134 $FILLUNIT = length($boundary)
3135 if length($boundary) > $FILLUNIT;
3136
424ec8fa
GS		 3137 my $retval = bless $self,ref $package || $package;
3138
3139 # Read the preamble and the topmost (boundary) line plus the CRLF.
3d1a2ec4
GS		 3140 unless ($boundary_read) {
3141 while ($self->read(0)) { }
3142 }
424ec8fa
GS		 3143 die "Malformed multipart POST\n" if $self->eof;
3144
3145 return $retval;
54310121 3146}
3147END_OF_FUNC
3148
3149'readHeader' => <<'END_OF_FUNC',
3150sub readHeader {
3151 my($self) = @_;
3152 my($end);
3153 my($ok) = 0;
47e3cabd 3154 my($bad) = 0;
424ec8fa 3155
3d1a2ec4 3156 local($CRLF) = "\015\012" if $CGI::OS eq 'VMS';
424ec8fa 3157
54310121 3158 do {
3159 $self->fillBuffer($FILLUNIT);
3160 $ok++ if ($end = index($self->{BUFFER},"${CRLF}${CRLF}")) >= 0;
3161 $ok++ if $self->{BUFFER} eq '';
47e3cabd 3162 $bad++ if !$ok && $self->{LENGTH} <= 0;
424ec8fa
GS		 3163 # this was a bad idea
3164 # $FILLUNIT *= 2 if length($self->{BUFFER}) >= $FILLUNIT;
47e3cabd
LS		 3165 } until $ok || $bad;
3166 return () if $bad;
54310121 3167
3168 my($header) = substr($self->{BUFFER},0,$end+2);
3169 substr($self->{BUFFER},0,$end+4) = '';
3170 my %return;
424ec8fa
GS		 3171
3172
3173 # See RFC 2045 Appendix A and RFC 822 sections 3.4.8
3174 # (Folding Long Header Fields), 3.4.3 (Comments)
3175 # and 3.4.5 (Quoted-Strings).
3176
3177 my $token = '[-\w!\#$%&\'*+.^_\`|{}~]';
3178 $header=~s/$CRLF\s+/ /og; # merge continuation lines
3179 while ($header=~/($token+):\s+([^$CRLF]*)/mgox) {
3180 my ($field_name,$field_value) = ($1,$2); # avoid taintedness
3181 $field_name =~ s/\b(\w)/uc($1)/eg; #canonicalize
3182 $return{$field_name}=$field_value;
54310121 3183 }
3184 return %return;
3185}
3186END_OF_FUNC
3187
3188# This reads and returns the body as a single scalar value.
3189'readBody' => <<'END_OF_FUNC',
3190sub readBody {
3191 my($self) = @_;
3192 my($data);
3193 my($returnval)='';
3194 while (defined($data = $self->read)) {
3195 $returnval .= $data;
3196 }
3197 return $returnval;
3198}
3199END_OF_FUNC
3200
3201# This will read $bytes or until the boundary is hit, whichever happens
3202# first. After the boundary is hit, we return undef. The next read will
3203# skip over the boundary and begin reading again;
3204'read' => <<'END_OF_FUNC',
3205sub read {
3206 my($self,$bytes) = @_;
3207
3208 # default number of bytes to read
3209 $bytes = $bytes || $FILLUNIT;
3210
3211 # Fill up our internal buffer in such a way that the boundary
3212 # is never split between reads.
3213 $self->fillBuffer($bytes);
3214
3215 # Find the boundary in the buffer (it may not be there).
3216 my $start = index($self->{BUFFER},$self->{BOUNDARY});
47e3cabd
LS		 3217 # protect against malformed multipart POST operations
3218 die "Malformed multipart POST\n" unless ($start >= 0) || ($self->{LENGTH} > 0);
54310121 3219
3220 # If the boundary begins the data, then skip past it
03b9648d 3221 # and return undef.
54310121 3222 if ($start == 0) {
3223
3224 # clear us out completely if we've hit the last boundary.
3225 if (index($self->{BUFFER},"$self->{BOUNDARY}--")==0) {
3226 $self->{BUFFER}='';
3227 $self->{LENGTH}=0;
3228 return undef;
3229 }
3230
3231 # just remove the boundary.
03b9648d
JH		 3232 substr($self->{BUFFER},0,length($self->{BOUNDARY}))='';
3233 $self->{BUFFER} =~ s/^\012\015?//;
54310121 3234 return undef;
3235 }
3236
3237 my $bytesToReturn;
3238 if ($start > 0) { # read up to the boundary
3239 $bytesToReturn = $start > $bytes ? $bytes : $start;
3240 } else { # read the requested number of bytes
3241 # leave enough bytes in the buffer to allow us to read
3242 # the boundary. Thanks to Kevin Hendrick for finding
3243 # this one.
3244 $bytesToReturn = $bytes - (length($self->{BOUNDARY})+1);
3245 }
3246
3247 my $returnval=substr($self->{BUFFER},0,$bytesToReturn);
3248 substr($self->{BUFFER},0,$bytesToReturn)='';
3249
3250 # If we hit the boundary, remove the CRLF from the end.
3251 return ($start > 0) ? substr($returnval,0,-2) : $returnval;
3252}
3253END_OF_FUNC
3254
3255
3256# This fills up our internal buffer in such a way that the
3257# boundary is never split between reads
3258'fillBuffer' => <<'END_OF_FUNC',
3259sub fillBuffer {
3260 my($self,$bytes) = @_;
3261 return unless $self->{LENGTH};
3262
3263 my($boundaryLength) = length($self->{BOUNDARY});
3264 my($bufferLength) = length($self->{BUFFER});
3265 my($bytesToRead) = $bytes - $bufferLength + $boundaryLength + 2;
3266 $bytesToRead = $self->{LENGTH} if $self->{LENGTH} < $bytesToRead;
3267
3268 # Try to read some data. We may hang here if the browser is screwed up.
3269 my $bytesRead = $self->{INTERFACE}->read_from_client($self->{IN},
3270 \$self->{BUFFER},
3271 $bytesToRead,
3272 $bufferLength);
71f3e297 3273 $self->{BUFFER} = '' unless defined $self->{BUFFER};
54310121 3274
47e3cabd 3275 # An apparent bug in the Apache server causes the read()
54310121 3276 # to return zero bytes repeatedly without blocking if the
3277 # remote user aborts during a file transfer. I don't know how
3278 # they manage this, but the workaround is to abort if we get
3279 # more than SPIN_LOOP_MAX consecutive zero reads.
3280 if ($bytesRead == 0) {
3281 die "CGI.pm: Server closed socket during multipart read (client aborted?).\n"
3282 if ($self->{ZERO_LOOP_COUNTER}++ >= $SPIN_LOOP_MAX);
3283 } else {
3284 $self->{ZERO_LOOP_COUNTER}=0;
3285 }
3286
3287 $self->{LENGTH} -= $bytesRead;
3288}
3289END_OF_FUNC
3290
3291
3292# Return true when we've finished reading
3293'eof' => <<'END_OF_FUNC'
3294sub eof {
3295 my($self) = @_;
3296 return 1 if (length($self->{BUFFER}) == 0)
3297 && ($self->{LENGTH} <= 0);
3298 undef;
3299}
3300END_OF_FUNC
3301
3302);
3303END_OF_AUTOLOAD
3304
3305####################################################################################
3306################################## TEMPORARY FILES #################################
3307####################################################################################
3308package TempFile;
3309
3310$SL = $CGI::SL;
424ec8fa
GS		 3311$MAC = $CGI::OS eq 'MACINTOSH';
3312my ($vol) = $MAC ? MacPerl::Volumes() =~ /:(.*)/ : "";
54310121 3313unless ($TMPDIRECTORY) {
424ec8fa 3314 @TEMP=("${SL}usr${SL}tmp","${SL}var${SL}tmp",
3538e1d5 3315 "C:${SL}temp","${SL}tmp","${SL}temp",
3d1a2ec4 3316 "${vol}${SL}Temporary Items",
ba056755
JH		 3317 "${SL}WWW_ROOT", "${SL}SYS\$SCRATCH",
3318 "C:${SL}system${SL}temp");
3538e1d5
GS		 3319 unshift(@TEMP,$ENV{'TMPDIR'}) if exists $ENV{'TMPDIR'};
3320
3d1a2ec4
GS		 3321 # this feature was supposed to provide per-user tmpfiles, but
3322 # it is problematic.
3538e1d5
GS		 3323 # unshift(@TEMP,(getpwuid($<))[7].'/tmp') if $CGI::OS eq 'UNIX';
3324 # Rob: getpwuid() is unfortunately UNIX specific. On brain dead OS'es this
3325 # : can generate a 'getpwuid() not implemented' exception, even though
3326 # : it's never called. Found under DOS/Win with the DJGPP perl port.
3327 # : Refer to getpwuid() only at run-time if we're fortunate and have UNIX.
3d1a2ec4 3328 # unshift(@TEMP,(eval {(getpwuid($>))[7]}).'/tmp') if $CGI::OS eq 'UNIX' and $> != 0;
3538e1d5 3329
54310121 3330 foreach (@TEMP) {
3331 do {$TMPDIRECTORY = $_; last} if -d $_ && -w _;
3332 }
3333}
3334
424ec8fa 3335$TMPDIRECTORY = $MAC ? "" : "." unless $TMPDIRECTORY;
424ec8fa 3336$MAXTRIES = 5000;
54310121 3337
3338# cute feature, but overload implementation broke it
3339# %OVERLOAD = ('""'=>'as_string');
3340*TempFile::AUTOLOAD = \&CGI::AUTOLOAD;
3341
3342###############################################################################
3343################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
3344###############################################################################
3345$AUTOLOADED_ROUTINES = ''; # prevent -w error
3346$AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3347%SUBS = (
3348
3349'new' => <<'END_OF_FUNC',
3350sub new {
3538e1d5
GS		 3351 my($package,$sequence) = @_;
3352 my $filename;
3353 for (my $i = 0; $i < $MAXTRIES; $i++) {
3354 last if ! -f ($filename = sprintf("${TMPDIRECTORY}${SL}CGItemp%d",$sequence++));
424ec8fa 3355 }
3538e1d5 3356 # untaint the darn thing
ba056755 3357 return unless $filename =~ m!^([a-zA-Z0-9_ '":/.\$\\-]+)$!;
3538e1d5
GS		 3358 $filename = $1;
3359 return bless \$filename;
54310121 3360}
3361END_OF_FUNC
3362
3363'DESTROY' => <<'END_OF_FUNC',
3364sub DESTROY {
3365 my($self) = @_;
3366 unlink $$self; # get rid of the file
3367}
3368END_OF_FUNC
3369
3370'as_string' => <<'END_OF_FUNC'
3371sub as_string {
3372 my($self) = @_;
3373 return $$self;
3374}
3375END_OF_FUNC
3376
3377);
3378END_OF_AUTOLOAD
3379
3380package CGI;
3381
3382# We get a whole bunch of warnings about "possibly uninitialized variables"
3383# when running with the -w switch. Touch them all once to get rid of the
3384# warnings. This is ugly and I hate it.
3385if ($^W) {
3386 $CGI::CGI = '';
3387 $CGI::CGI=<<EOF;
3388 $CGI::VERSION;
3389 $MultipartBuffer::SPIN_LOOP_MAX;
3390 $MultipartBuffer::CRLF;
3391 $MultipartBuffer::TIMEOUT;
424ec8fa 3392 $MultipartBuffer::INITIAL_FILLUNIT;
54310121 3393EOF
3394 ;
3395}
3396
424ec8fa 33971;
54310121 3398
3399__END__
3400
3401=head1 NAME
3402
3403CGI - Simple Common Gateway Interface Class
3404
dc848c6f 3405=head1 SYNOPSIS
3406
424ec8fa
GS		 3407 # CGI script that creates a fill-out form
3408 # and echoes back its values.
3409
3410 use CGI qw/:standard/;
3411 print header,
3412 start_html('A Simple Example'),
3413 h1('A Simple Example'),
3414 start_form,
3415 "What's your name? ",textfield('name'),p,
3416 "What's the combination?", p,
3417 checkbox_group(-name=>'words',
3418 -values=>['eenie','meenie','minie','moe'],
3419 -defaults=>['eenie','minie']), p,
3420 "What's your favorite color? ",
3421 popup_menu(-name=>'color',
3422 -values=>['red','green','blue','chartreuse']),p,
3423 submit,
3424 end_form,
3425 hr;
3426
3427 if (param()) {
3428 print "Your name is",em(param('name')),p,
3429 "The keywords are: ",em(join(", ",param('words'))),p,
3430 "Your favorite color is ",em(param('color')),
3431 hr;
3432 }
dc848c6f 3433
54310121 3434=head1 ABSTRACT
3435
424ec8fa
GS		 3436This perl library uses perl5 objects to make it easy to create Web
3437fill-out forms and parse their contents. This package defines CGI
3438objects, entities that contain the values of the current query string
3439and other state variables. Using a CGI object's methods, you can
3440examine keywords and parameters passed to your script, and create
3441forms whose initial values are taken from the current query (thereby
3442preserving state information). The module provides shortcut functions
3443that produce boilerplate HTML, reducing typing and coding errors. It
3444also provides functionality for some of the more advanced features of
3445CGI scripting, including support for file uploads, cookies, cascading
3446style sheets, server push, and frames.
3447
3448CGI.pm also provides a simple function-oriented programming style for
3449those who don't need its object-oriented features.
54310121 3450
3451The current version of CGI.pm is available at
3452
3453 http://www.genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html
3454 ftp://ftp-genome.wi.mit.edu/pub/software/WWW/
3455
424ec8fa 3456=head1 DESCRIPTION
47e3cabd 3457
424ec8fa
GS		 3458=head2 PROGRAMMING STYLE
3459
3460There are two styles of programming with CGI.pm, an object-oriented
3461style and a function-oriented style. In the object-oriented style you
3462create one or more CGI objects and then use object methods to create
3463the various elements of the page. Each CGI object starts out with the
3464list of named parameters that were passed to your CGI script by the
3465server. You can modify the objects, save them to a file or database
3466and recreate them. Because each object corresponds to the "state" of
3467the CGI script, and because each object's parameter list is
3468independent of the others, this allows you to save the state of the
3469script and restore it later.
3470
f610777f 3471For example, using the object oriented style, here is how you create
424ec8fa
GS		 3472a simple "Hello World" HTML page:
3473
3538e1d5 3474 #!/usr/local/bin/perl -w
424ec8fa
GS		 3475 use CGI; # load CGI routines
3476 $q = new CGI; # create new CGI object
3477 print $q->header, # create the HTTP header
3478 $q->start_html('hello world'), # start the HTML
3479 $q->h1('hello world'), # level 1 header
3480 $q->end_html; # end the HTML
3481
3482In the function-oriented style, there is one default CGI object that
3483you rarely deal with directly. Instead you just call functions to
3484retrieve CGI parameters, create HTML tags, manage cookies, and so
3485on. This provides you with a cleaner programming interface, but
3486limits you to using one CGI object at a time. The following example
3487prints the same page, but uses the function-oriented interface.
3488The main differences are that we now need to import a set of functions
3489into our name space (usually the "standard" functions), and we don't
3490need to create the CGI object.
3491
71f3e297 3492 #!/usr/local/bin/perl
424ec8fa
GS		 3493 use CGI qw/:standard/; # load standard CGI routines
3494 print header, # create the HTTP header
3495 start_html('hello world'), # start the HTML
3496 h1('hello world'), # level 1 header
3497 end_html; # end the HTML
3498
3499The examples in this document mainly use the object-oriented style.
3500See HOW TO IMPORT FUNCTIONS for important information on
3501function-oriented programming in CGI.pm
3502
3503=head2 CALLING CGI.PM ROUTINES
3504
3505Most CGI.pm routines accept several arguments, sometimes as many as 20
3506optional ones! To simplify this interface, all routines use a named
3507argument calling style that looks like this:
3508
3509 print $q->header(-type=>'image/gif',-expires=>'+3d');
3510
3511Each argument name is preceded by a dash. Neither case nor order
3512matters in the argument list. -type, -Type, and -TYPE are all
3513acceptable. In fact, only the first argument needs to begin with a
3514dash. If a dash is present in the first argument, CGI.pm assumes
3515dashes for the subsequent ones.
3516
424ec8fa
GS		 3517Several routines are commonly called with just one argument. In the
3518case of these routines you can provide the single argument without an
3519argument name. header() happens to be one of these routines. In this
3520case, the single argument is the document type.
3521
3522 print $q->header('text/html');
3523
3524Other such routines are documented below.
3525
3526Sometimes named arguments expect a scalar, sometimes a reference to an
3527array, and sometimes a reference to a hash. Often, you can pass any
3528type of argument and the routine will do whatever is most appropriate.
3529For example, the param() routine is used to set a CGI parameter to a
3530single or a multi-valued value. The two cases are shown below:
3531
3532 $q->param(-name=>'veggie',-value=>'tomato');
3d1a2ec4 3533 $q->param(-name=>'veggie',-value=>['tomato','tomahto','potato','potahto']);
424ec8fa
GS		 3534
3535A large number of routines in CGI.pm actually aren't specifically
3536defined in the module, but are generated automatically as needed.
3537These are the "HTML shortcuts," routines that generate HTML tags for
3538use in dynamically-generated pages. HTML tags have both attributes
3539(the attribute="value" pairs within the tag itself) and contents (the
3540part between the opening and closing pairs.) To distinguish between
3541attributes and contents, CGI.pm uses the convention of passing HTML
3542attributes as a hash reference as the first argument, and the
3543contents, if any, as any subsequent arguments. It works out like
3544this:
3545
3546 Code Generated HTML
3547 ---- --------------
3548 h1() <H1>
3549 h1('some','contents'); <H1>some contents</H1>
3550 h1({-align=>left}); <H1 ALIGN="LEFT">
3551 h1({-align=>left},'contents'); <H1 ALIGN="LEFT">contents</H1>
3552
3553HTML tags are described in more detail later.
3554
3555Many newcomers to CGI.pm are puzzled by the difference between the
3556calling conventions for the HTML shortcuts, which require curly braces
3557around the HTML tag attributes, and the calling conventions for other
3558routines, which manage to generate attributes without the curly
3559brackets. Don't be confused. As a convenience the curly braces are
3560optional in all but the HTML shortcuts. If you like, you can use
3561curly braces when calling any routine that takes named arguments. For
3562example:
3563
3564 print $q->header( {-type=>'image/gif',-expires=>'+3d'} );
3565
3566If you use the B<-w> switch, you will be warned that some CGI.pm argument
3567names conflict with built-in Perl functions. The most frequent of
3568these is the -values argument, used to create multi-valued menus,
3569radio button clusters and the like. To get around this warning, you
3570have several choices:
54310121 3571
424ec8fa 3572=over 4
54310121 3573
551e1d92
RB		 3574=item 1.
3575
3576Use another name for the argument, if one is available.
3577For example, -value is an alias for -values.
54310121 3578
551e1d92 3579=item 2.
54310121 3580
551e1d92
RB		 3581Change the capitalization, e.g. -Values
3582
3583=item 3.
3584
3585Put quotes around the argument name, e.g. '-values'
54310121 3586
424ec8fa 3587=back
54310121 3588
424ec8fa
GS		 3589Many routines will do something useful with a named argument that it
3590doesn't recognize. For example, you can produce non-standard HTTP
3591header fields by providing them as named arguments:
54310121 3592
424ec8fa
GS		 3593 print $q->header(-type => 'text/html',
3594 -cost => 'Three smackers',
3595 -annoyance_level => 'high',
3596 -complaints_to => 'bit bucket');
54310121 3597
424ec8fa
GS		 3598This will produce the following nonstandard HTTP header:
3599
3600 HTTP/1.0 200 OK
3601 Cost: Three smackers
3602 Annoyance-level: high
3603 Complaints-to: bit bucket
3604 Content-type: text/html
3605
3606Notice the way that underscores are translated automatically into
3607hyphens. HTML-generating routines perform a different type of
3608translation.
3609
3610This feature allows you to keep up with the rapidly changing HTTP and
3611HTML "standards".
54310121 3612
424ec8fa 3613=head2 CREATING A NEW QUERY OBJECT (OBJECT-ORIENTED STYLE):
54310121 3614
3615 $query = new CGI;
3616
3617This will parse the input (from both POST and GET methods) and store
3618it into a perl5 object called $query.
3619
3620=head2 CREATING A NEW QUERY OBJECT FROM AN INPUT FILE
3621
3622 $query = new CGI(INPUTFILE);
3623
424ec8fa
GS		 3624If you provide a file handle to the new() method, it will read
3625parameters from the file (or STDIN, or whatever). The file can be in
3626any of the forms describing below under debugging (i.e. a series of
3627newline delimited TAG=VALUE pairs will work). Conveniently, this type
3628of file is created by the save() method (see below). Multiple records
3629can be saved and restored.
54310121 3630
3631Perl purists will be pleased to know that this syntax accepts
3632references to file handles, or even references to filehandle globs,
3633which is the "official" way to pass a filehandle:
3634
3635 $query = new CGI(\*STDIN);
3636
424ec8fa
GS		 3637You can also initialize the CGI object with a FileHandle or IO::File
3638object.
3639
3640If you are using the function-oriented interface and want to
3641initialize CGI state from a file handle, the way to do this is with
3642B<restore_parameters()>. This will (re)initialize the
3643default CGI object from the indicated file handle.
3644
3645 open (IN,"test.in") || die;
3646 restore_parameters(IN);
3647 close IN;
3648
54310121 3649You can also initialize the query object from an associative array
3650reference:
3651
3652 $query = new CGI( {'dinosaur'=>'barney',
3653 'song'=>'I love you',
3654 'friends'=>[qw/Jessica George Nancy/]}
3655 );
3656
3657or from a properly formatted, URL-escaped query string:
3658
3659 $query = new CGI('dinosaur=barney&color=purple');
3660
424ec8fa
GS		 3661or from a previously existing CGI object (currently this clones the
3662parameter list, but none of the other object-specific fields, such as
3663autoescaping):
3664
3665 $old_query = new CGI;
3666 $new_query = new CGI($old_query);
3667
54310121 3668To create an empty query, initialize it from an empty string or hash:
3669
424ec8fa
GS		 3670 $empty_query = new CGI("");
3671
3672 -or-
3673
3674 $empty_query = new CGI({});
54310121 3675
3676=head2 FETCHING A LIST OF KEYWORDS FROM THE QUERY:
3677
3678 @keywords = $query->keywords
3679
3680If the script was invoked as the result of an <ISINDEX> search, the
3681parsed keywords can be obtained as an array using the keywords() method.
3682
3683=head2 FETCHING THE NAMES OF ALL THE PARAMETERS PASSED TO YOUR SCRIPT:
3684
3685 @names = $query->param
3686
3687If the script was invoked with a parameter list
3d1a2ec4
GS		 3688(e.g. "name1=value1&name2=value2&name3=value3"), the param() method
3689will return the parameter names as a list. If the script was invoked
3690as an <ISINDEX> script and contains a string without ampersands
3691(e.g. "value1+value2+value3") , there will be a single parameter named
3692"keywords" containing the "+"-delimited keywords.
54310121 3693
3694NOTE: As of version 1.5, the array of parameter names returned will
3695be in the same order as they were submitted by the browser.
3696Usually this order is the same as the order in which the
3697parameters are defined in the form (however, this isn't part
3698of the spec, and so isn't guaranteed).
3699
3700=head2 FETCHING THE VALUE OR VALUES OF A SINGLE NAMED PARAMETER:
3701
3702 @values = $query->param('foo');
3703
3704 -or-
3705
3706 $value = $query->param('foo');
3707
3708Pass the param() method a single argument to fetch the value of the
3709named parameter. If the parameter is multivalued (e.g. from multiple
3710selections in a scrolling list), you can ask to receive an array. Otherwise
3711the method will return a single value.
3712
3d1a2ec4
GS		 3713If a value is not given in the query string, as in the queries
3714"name1=&name2=" or "name1&name2", it will be returned as an empty
3715string. This feature is new in 2.63.
3716
54310121 3717=head2 SETTING THE VALUE(S) OF A NAMED PARAMETER:
3718
3719 $query->param('foo','an','array','of','values');
3720
3721This sets the value for the named parameter 'foo' to an array of
3722values. This is one way to change the value of a field AFTER
3723the script has been invoked once before. (Another way is with
3724the -override parameter accepted by all methods that generate
3725form elements.)
3726
3727param() also recognizes a named parameter style of calling described
3728in more detail later:
3729
3730 $query->param(-name=>'foo',-values=>['an','array','of','values']);
3731
3732 -or-
3733
3734 $query->param(-name=>'foo',-value=>'the value');
3735
3736=head2 APPENDING ADDITIONAL VALUES TO A NAMED PARAMETER:
3737
424ec8fa 3738 $query->append(-name=>'foo',-values=>['yet','more','values']);
54310121 3739
3740This adds a value or list of values to the named parameter. The
3741values are appended to the end of the parameter if it already exists.
3742Otherwise the parameter is created. Note that this method only
3743recognizes the named argument calling syntax.
3744
3745=head2 IMPORTING ALL PARAMETERS INTO A NAMESPACE:
3746
3747 $query->import_names('R');
3748
3749This creates a series of variables in the 'R' namespace. For example,
3750$R::foo, @R:foo. For keyword lists, a variable @R::keywords will appear.
3751If no namespace is given, this method will assume 'Q'.
3752WARNING: don't import anything into 'main'; this is a major security
3753risk!!!!
3754
3755In older versions, this method was called B<import()>. As of version 2.20,
3756this name has been removed completely to avoid conflict with the built-in
3757Perl module B<import> operator.
3758
3759=head2 DELETING A PARAMETER COMPLETELY:
3760
3761 $query->delete('foo');
3762
3763This completely clears a parameter. It sometimes useful for
3764resetting parameters that you don't want passed down between
3765script invocations.
3766
424ec8fa
GS		 3767If you are using the function call interface, use "Delete()" instead
3768to avoid conflicts with Perl's built-in delete operator.
3769
54310121 3770=head2 DELETING ALL PARAMETERS:
3771
424ec8fa 3772 $query->delete_all();
54310121 3773
3774This clears the CGI object completely. It might be useful to ensure
3775that all the defaults are taken when you create a fill-out form.
3776
424ec8fa
GS		 3777Use Delete_all() instead if you are using the function call interface.
3778
3779=head2 DIRECT ACCESS TO THE PARAMETER LIST:
3780
3781 $q->param_fetch('address')->[1] = '1313 Mockingbird Lane';
3782 unshift @{$q->param_fetch(-name=>'address')},'George Munster';
3783
3784If you need access to the parameter list in a way that isn't covered
3785by the methods above, you can obtain a direct reference to it by
3786calling the B<param_fetch()> method with the name of the . This
3787will return an array reference to the named parameters, which you then
3788can manipulate in any way you like.
3789
3790You can also use a named argument style using the B<-name> argument.
3791
3538e1d5
GS		 3792=head2 FETCHING THE PARAMETER LIST AS A HASH:
3793
3794 $params = $q->Vars;
3795 print $params->{'address'};
3796 @foo = split("\0",$params->{'foo'});
3797 %params = $q->Vars;
3798
3799 use CGI ':cgi-lib';
3800 $params = Vars;
3801
3802Many people want to fetch the entire parameter list as a hash in which
3803the keys are the names of the CGI parameters, and the values are the
3804parameters' values. The Vars() method does this. Called in a scalar
3805context, it returns the parameter list as a tied hash reference.
3806Changing a key changes the value of the parameter in the underlying
a3b3a725 3807CGI parameter list. Called in a list context, it returns the
3538e1d5
GS		 3808parameter list as an ordinary hash. This allows you to read the
3809contents of the parameter list, but not to change it.
3810
3811When using this, the thing you must watch out for are multivalued CGI
3812parameters. Because a hash cannot distinguish between scalar and
a3b3a725 3813list context, multivalued parameters will be returned as a packed
3538e1d5
GS		 3814string, separated by the "\0" (null) character. You must split this
3815packed string in order to get at the individual values. This is the
3816convention introduced long ago by Steve Brenner in his cgi-lib.pl
3817module for Perl version 4.
3818
3819If you wish to use Vars() as a function, import the I<:cgi-lib> set of
3820function calls (also see the section on CGI-LIB compatibility).
3821
424ec8fa 3822=head2 SAVING THE STATE OF THE SCRIPT TO A FILE:
54310121 3823
3824 $query->save(FILEHANDLE)
3825
3826This will write the current state of the form to the provided
3827filehandle. You can read it back in by providing a filehandle
3828to the new() method. Note that the filehandle can be a file, a pipe,
3829or whatever!
3830
3831The format of the saved file is:
3832
3833 NAME1=VALUE1
3834 NAME1=VALUE1'
3835 NAME2=VALUE2
3836 NAME3=VALUE3
3837 =
3838
3839Both name and value are URL escaped. Multi-valued CGI parameters are
3840represented as repeated names. A session record is delimited by a
3841single = symbol. You can write out multiple records and read them
3842back in with several calls to B<new>. You can do this across several
3843sessions by opening the file in append mode, allowing you to create
3844primitive guest books, or to keep a history of users' queries. Here's
3845a short example of creating multiple session records:
3846
3847 use CGI;
3848
3849 open (OUT,">>test.out") || die;
3850 $records = 5;
3851 foreach (0..$records) {
3852 my $q = new CGI;
3853 $q->param(-name=>'counter',-value=>$_);
3854 $q->save(OUT);
3855 }
3856 close OUT;
3857
3858 # reopen for reading
3859 open (IN,"test.out") || die;
3860 while (!eof(IN)) {
3861 my $q = new CGI(IN);
3862 print $q->param('counter'),"\n";
3863 }
3864
3865The file format used for save/restore is identical to that used by the
3866Whitehead Genome Center's data exchange format "Boulderio", and can be
3867manipulated and even databased using Boulderio utilities. See
3cb6de81 3868
3538e1d5 3869 http://stein.cshl.org/boulder/
54310121 3870
3871for further details.
3872
424ec8fa
GS		 3873If you wish to use this method from the function-oriented (non-OO)
3874interface, the exported name for this method is B<save_parameters()>.
54310121 3875
3538e1d5
GS		 3876=head2 RETRIEVING CGI ERRORS
3877
3878Errors can occur while processing user input, particularly when
3879processing uploaded files. When these errors occur, CGI will stop
3880processing and return an empty parameter list. You can test for
3881the existence and nature of errors using the I<cgi_error()> function.
3882The error messages are formatted as HTTP status codes. You can either
3883incorporate the error text into an HTML page, or use it as the value
3884of the HTTP status:
3885
3886 my $error = $q->cgi_error;
3887 if ($error) {
3888 print $q->header(-status=>$error),
3889 $q->start_html('Problems'),
3890 $q->h2('Request not processed'),
3891 $q->strong($error);
3892 exit 0;
3893 }
3894
3895When using the function-oriented interface (see the next section),
3896errors may only occur the first time you call I<param()>. Be ready
3897for this!
3898
424ec8fa 3899=head2 USING THE FUNCTION-ORIENTED INTERFACE
54310121 3900
424ec8fa
GS		 3901To use the function-oriented interface, you must specify which CGI.pm
3902routines or sets of routines to import into your script's namespace.
3903There is a small overhead associated with this importation, but it
3904isn't much.
54310121 3905
424ec8fa 3906 use CGI <list of methods>;
54310121 3907
424ec8fa
GS		 3908The listed methods will be imported into the current package; you can
3909call them directly without creating a CGI object first. This example
3910shows how to import the B<param()> and B<header()>
3911methods, and then use them directly:
54310121 3912
424ec8fa
GS		 3913 use CGI 'param','header';
3914 print header('text/plain');
3915 $zipcode = param('zipcode');
54310121 3916
424ec8fa 3917More frequently, you'll import common sets of functions by referring
f610777f 3918to the groups by name. All function sets are preceded with a ":"
424ec8fa 3919character as in ":html3" (for tags defined in the HTML 3 standard).
54310121 3920
424ec8fa 3921Here is a list of the function sets you can import:
54310121 3922
424ec8fa 3923=over 4
54310121 3924
424ec8fa 3925=item B<:cgi>
54310121 3926
424ec8fa
GS		 3927Import all CGI-handling methods, such as B<param()>, B<path_info()>
3928and the like.
54310121 3929
424ec8fa 3930=item B<:form>
54310121 3931
424ec8fa 3932Import all fill-out form generating methods, such as B<textfield()>.
54310121 3933
424ec8fa 3934=item B<:html2>
54310121 3935
424ec8fa 3936Import all methods that generate HTML 2.0 standard elements.
54310121 3937
424ec8fa 3938=item B<:html3>
54310121 3939
424ec8fa
GS		 3940Import all methods that generate HTML 3.0 proposed elements (such as
3941<table>, <super> and <sub>).
54310121 3942
424ec8fa 3943=item B<:netscape>
54310121 3944
424ec8fa 3945Import all methods that generate Netscape-specific HTML extensions.
54310121 3946
424ec8fa 3947=item B<:html>
54310121 3948
424ec8fa
GS		 3949Import all HTML-generating shortcuts (i.e. 'html2' + 'html3' +
3950'netscape')...
54310121 3951
424ec8fa 3952=item B<:standard>
54310121 3953
424ec8fa 3954Import "standard" features, 'html2', 'html3', 'form' and 'cgi'.
54310121 3955
424ec8fa 3956=item B<:all>
54310121 3957
424ec8fa 3958Import all the available methods. For the full list, see the CGI.pm
3538e1d5 3959code, where the variable %EXPORT_TAGS is defined.
424ec8fa
GS		 3960
3961=back
3962
3963If you import a function name that is not part of CGI.pm, the module
3964will treat it as a new HTML tag and generate the appropriate
3965subroutine. You can then use it like any other HTML tag. This is to
3966provide for the rapidly-evolving HTML "standard." For example, say
3967Microsoft comes out with a new tag called <GRADIENT> (which causes the
3968user's desktop to be flooded with a rotating gradient fill until his
3969machine reboots). You don't need to wait for a new version of CGI.pm
d23a249d 3970to start using it immediately:
424ec8fa
GS		 3971
3972 use CGI qw/:standard :html3 gradient/;
3973 print gradient({-start=>'red',-end=>'blue'});
3974
3975Note that in the interests of execution speed CGI.pm does B<not> use
3976the standard L<Exporter> syntax for specifying load symbols. This may
3977change in the future.
3978
3979If you import any of the state-maintaining CGI or form-generating
3980methods, a default CGI object will be created and initialized
3981automatically the first time you use any of the methods that require
3982one to be present. This includes B<param()>, B<textfield()>,
3983B<submit()> and the like. (If you need direct access to the CGI
3984object, you can find it in the global variable B<$CGI::Q>). By
3985importing CGI.pm methods, you can create visually elegant scripts:
3986
3987 use CGI qw/:standard/;
3988 print
3989 header,
3990 start_html('Simple Script'),
3991 h1('Simple Script'),
3992 start_form,
3993 "What's your name? ",textfield('name'),p,
3994 "What's the combination?",
3995 checkbox_group(-name=>'words',
3996 -values=>['eenie','meenie','minie','moe'],
3997 -defaults=>['eenie','moe']),p,
3998 "What's your favorite color?",
3999 popup_menu(-name=>'color',
4000 -values=>['red','green','blue','chartreuse']),p,
4001 submit,
4002 end_form,
4003 hr,"\n";
4004
4005 if (param) {
4006 print
4007 "Your name is ",em(param('name')),p,
4008 "The keywords are: ",em(join(", ",param('words'))),p,
4009 "Your favorite color is ",em(param('color')),".\n";
4010 }
4011 print end_html;
4012
4013=head2 PRAGMAS
4014
4015In addition to the function sets, there are a number of pragmas that
4016you can import. Pragmas, which are always preceded by a hyphen,
4017change the way that CGI.pm functions in various ways. Pragmas,
4018function sets, and individual functions can all be imported in the
4019same use() line. For example, the following use statement imports the
3d1a2ec4
GS		 4020standard set of functions and enables debugging mode (pragma
4021-debug):
424ec8fa 4022
3d1a2ec4 4023 use CGI qw/:standard -debug/;
424ec8fa
GS		 4024
4025The current list of pragmas is as follows:
4026
4027=over 4
4028
4029=item -any
4030
4031When you I<use CGI -any>, then any method that the query object
4032doesn't recognize will be interpreted as a new HTML tag. This allows
4033you to support the next I<ad hoc> Netscape or Microsoft HTML
4034extension. This lets you go wild with new and unsupported tags:
4035
4036 use CGI qw(-any);
4037 $q=new CGI;
4038 print $q->gradient({speed=>'fast',start=>'red',end=>'blue'});
4039
4040Since using <cite>any</cite> causes any mistyped method name
4041to be interpreted as an HTML tag, use it with care or not at
4042all.
54310121 4043
424ec8fa 4044=item -compile
54310121 4045
424ec8fa
GS		 4046This causes the indicated autoloaded methods to be compiled up front,
4047rather than deferred to later. This is useful for scripts that run
4048for an extended period of time under FastCGI or mod_perl, and for
4049those destined to be crunched by Malcom Beattie's Perl compiler. Use
f610777f 4050it in conjunction with the methods or method families you plan to use.
424ec8fa
GS		 4051
4052 use CGI qw(-compile :standard :html3);
4053
4054or even
4055
4056 use CGI qw(-compile :all);
4057
4058Note that using the -compile pragma in this way will always have
4059the effect of importing the compiled functions into the current
4060namespace. If you want to compile without importing use the
4061compile() method instead (see below).
4062
3d1a2ec4
GS		 4063=item -nosticky
4064
4065This makes CGI.pm not generating the hidden fields .submit
4066and .cgifields. It is very useful if you don't want to
4067have the hidden fields appear in the querystring in a GET method.
4068For example, a search script generated this way will have
4069a very nice url with search parameters for bookmarking.
4070
199d4a26
JH		 4071=item -no_undef_params
4072
4073This keeps CGI.pm from including undef params in the parameter list.
4074
6b4ac661
JH		 4075=item -no_xhtml
4076
4077By default, CGI.pm versions 2.69 and higher emit XHTML
4078(http://www.w3.org/TR/xhtml1/). The -no_xhtml pragma disables this
4079feature. Thanks to Michalis Kabrianis <kabrianis@hellug.gr> for this
4080feature.
4081
424ec8fa
GS		 4082=item -nph
4083
4084This makes CGI.pm produce a header appropriate for an NPH (no
4085parsed header) script. You may need to do other things as well
4086to tell the server that the script is NPH. See the discussion
4087of NPH scripts below.
4088
71f3e297
JH		 4089=item -newstyle_urls
4090
4091Separate the name=value pairs in CGI parameter query strings with
4092semicolons rather than ampersands. For example:
4093
4094 ?name=fred;age=24;favorite_color=3
4095
4096Semicolon-delimited query strings are always accepted, but will not be
4097emitted by self_url() and query_string() unless the -newstyle_urls
4098pragma is specified.
4099
3d1a2ec4
GS		 4100This became the default in version 2.64.
4101
4102=item -oldstyle_urls
4103
4104Separate the name=value pairs in CGI parameter query strings with
4105ampersands rather than semicolons. This is no longer the default.
4106
424ec8fa
GS		 4107=item -autoload
4108
4109This overrides the autoloader so that any function in your program
4110that is not recognized is referred to CGI.pm for possible evaluation.
4111This allows you to use all the CGI.pm functions without adding them to
4112your symbol table, which is of concern for mod_perl users who are
4113worried about memory consumption. I<Warning:> when
4114I<-autoload> is in effect, you cannot use "poetry mode"
4115(functions without the parenthesis). Use I<hr()> rather
4116than I<hr>, or add something like I<use subs qw/hr p header/>
4117to the top of your script.
4118
4119=item -no_debug
4120
4121This turns off the command-line processing features. If you want to
4122run a CGI.pm script from the command line to produce HTML, and you
3d1a2ec4
GS		 4123don't want it to read CGI parameters from the command line or STDIN,
4124then use this pragma:
424ec8fa
GS		 4125
4126 use CGI qw(-no_debug :standard);
4127
3d1a2ec4 4128=item -debug
424ec8fa 4129
3d1a2ec4
GS		 4130This turns on full debugging. In addition to reading CGI arguments
4131from the command-line processing, CGI.pm will pause and try to read
4132arguments from STDIN, producing the message "(offline mode: enter
4133name=value pairs on standard input)" features.
3cb6de81 4134
424ec8fa
GS		 4135See the section on debugging for more details.
4136
4137=item -private_tempfiles
4138
3538e1d5
GS		 4139CGI.pm can process uploaded file. Ordinarily it spools the uploaded
4140file to a temporary directory, then deletes the file when done.
4141However, this opens the risk of eavesdropping as described in the file
4142upload section. Another CGI script author could peek at this data
4143during the upload, even if it is confidential information. On Unix
4144systems, the -private_tempfiles pragma will cause the temporary file
4145to be unlinked as soon as it is opened and before any data is written
4146into it, reducing, but not eliminating the risk of eavesdropping
4147(there is still a potential race condition). To make life harder for
4148the attacker, the program chooses tempfile names by calculating a 32
4149bit checksum of the incoming HTTP headers.
4150
4151To ensure that the temporary file cannot be read by other CGI scripts,
4152use suEXEC or a CGI wrapper program to run your script. The temporary
4153file is created with mode 0600 (neither world nor group readable).
4154
4155The temporary directory is selected using the following algorithm:
4156
4157 1. if the current user (e.g. "nobody") has a directory named
4158 "tmp" in its home directory, use that (Unix systems only).
4159
4160 2. if the environment variable TMPDIR exists, use the location
4161 indicated.
4162
4163 3. Otherwise try the locations /usr/tmp, /var/tmp, C:\temp,
4164 /tmp, /temp, ::Temporary Items, and \WWW_ROOT.
4165
4166Each of these locations is checked that it is a directory and is
4167writable. If not, the algorithm tries the next choice.
71f3e297
JH		 4168
4169=back
4170
4171=head2 SPECIAL FORMS FOR IMPORTING HTML-TAG FUNCTIONS
4172
4173Many of the methods generate HTML tags. As described below, tag
4174functions automatically generate both the opening and closing tags.
4175For example:
4176
4177 print h1('Level 1 Header');
4178
4179produces
4180
4181 <H1>Level 1 Header</H1>
4182
4183There will be some times when you want to produce the start and end
4184tags yourself. In this case, you can use the form start_I<tag_name>
4185and end_I<tag_name>, as in:
4186
4187 print start_h1,'Level 1 Header',end_h1;
4188
4189With a few exceptions (described below), start_I<tag_name> and
4190end_I<tag_name> functions are not generated automatically when you
4191I<use CGI>. However, you can specify the tags you want to generate
4192I<start/end> functions for by putting an asterisk in front of their
4193name, or, alternatively, requesting either "start_I<tag_name>" or
4194"end_I<tag_name>" in the import list.
4195
4196Example:
4197
4198 use CGI qw/:standard *table start_ul/;
4199
4200In this example, the following functions are generated in addition to
4201the standard ones:
4202
4203=over 4
4204
4205=item 1. start_table() (generates a <TABLE> tag)
4206
4207=item 2. end_table() (generates a </TABLE> tag)
4208
4209=item 3. start_ul() (generates a <UL> tag)
4210
4211=item 4. end_ul() (generates a </UL> tag)
4212
424ec8fa
GS		 4213=back
4214
4215=head1 GENERATING DYNAMIC DOCUMENTS
4216
4217Most of CGI.pm's functions deal with creating documents on the fly.
4218Generally you will produce the HTTP header first, followed by the
4219document itself. CGI.pm provides functions for generating HTTP
4220headers of various types as well as for generating HTML. For creating
4221GIF images, see the GD.pm module.
4222
4223Each of these functions produces a fragment of HTML or HTTP which you
4224can print out directly so that it displays in the browser window,
4225append to a string, or save to a file for later use.
4226
4227=head2 CREATING A STANDARD HTTP HEADER:
4228
4229Normally the first thing you will do in any CGI script is print out an
4230HTTP header. This tells the browser what type of document to expect,
4231and gives other optional information, such as the language, expiration
4232date, and whether to cache the document. The header can also be
4233manipulated for special purposes, such as server push and pay per view
4234pages.
54310121 4235
4236 print $query->header;
4237
4238 -or-
4239
4240 print $query->header('image/gif');
4241
4242 -or-
4243
4244 print $query->header('text/html','204 No response');
4245
4246 -or-
4247
4248 print $query->header(-type=>'image/gif',
4249 -nph=>1,
4250 -status=>'402 Payment required',
4251 -expires=>'+3d',
4252 -cookie=>$cookie,
3d1a2ec4 4253 -charset=>'utf-7',
6b4ac661 4254 -attachment=>'foo.gif',
54310121 4255 -Cost=>'$2.00');
4256
4257header() returns the Content-type: header. You can provide your own
4258MIME type if you choose, otherwise it defaults to text/html. An
4259optional second parameter specifies the status code and a human-readable
4260message. For example, you can specify 204, "No response" to create a
424ec8fa 4261script that tells the browser to do nothing at all.
54310121 4262
4263The last example shows the named argument style for passing arguments
4264to the CGI methods using named parameters. Recognized parameters are
424ec8fa 4265B<-type>, B<-status>, B<-expires>, and B<-cookie>. Any other named
54310121 4266parameters will be stripped of their initial hyphens and turned into
4267header fields, allowing you to specify any HTTP header you desire.
424ec8fa
GS		 4268Internal underscores will be turned into hyphens:
4269
4270 print $query->header(-Content_length=>3002);
54310121 4271
4272Most browsers will not cache the output from CGI scripts. Every time
4273the browser reloads the page, the script is invoked anew. You can
4274change this behavior with the B<-expires> parameter. When you specify
4275an absolute or relative expiration interval with this parameter, some
4276browsers and proxy servers will cache the script's output until the
4277indicated expiration date. The following forms are all valid for the
4278-expires field:
4279
4280 +30s 30 seconds from now
4281 +10m ten minutes from now
4282 +1h one hour from now
4283 -1d yesterday (i.e. "ASAP!")
4284 now immediately
4285 +3M in three months
4286 +10y in ten years time
424ec8fa 4287 Thursday, 25-Apr-1999 00:40:33 GMT at the indicated time & date
54310121 4288
4289The B<-cookie> parameter generates a header that tells the browser to provide
4290a "magic cookie" during all subsequent transactions with your script.
4291Netscape cookies have a special format that includes interesting attributes
4292such as expiration time. Use the cookie() method to create and retrieve
4293session cookies.
4294
4295The B<-nph> parameter, if set to a true value, will issue the correct
4296headers to work with a NPH (no-parse-header) script. This is important
3d1a2ec4
GS		 4297to use with certain servers that expect all their scripts to be NPH.
4298
4299The B<-charset> parameter can be used to control the character set
4300sent to the browser. If not provided, defaults to ISO-8859-1. As a
4301side effect, this sets the charset() method as well.
54310121 4302
6b4ac661
JH		 4303The B<-attachment> parameter can be used to turn the page into an
4304attachment. Instead of displaying the page, some browsers will prompt
4305the user to save it to disk. The value of the argument is the
4306suggested name for the saved file. In order for this to work, you may
4307have to set the B<-type> to "application/octet-stream".
4308
424ec8fa 4309=head2 GENERATING A REDIRECTION HEADER
54310121 4310
4311 print $query->redirect('http://somewhere.else/in/movie/land');
4312
424ec8fa
GS		 4313Sometimes you don't want to produce a document yourself, but simply
4314redirect the browser elsewhere, perhaps choosing a URL based on the
4315time of day or the identity of the user.
4316
4317The redirect() function redirects the browser to a different URL. If
4318you use redirection like this, you should B<not> print out a header as
6b4ac661 4319well.
54310121 4320
4321One hint I can offer is that relative links may not work correctly
7a2e2cd6 4322when you generate a redirection to another document on your site.
54310121 4323This is due to a well-intentioned optimization that some servers use.
4324The solution to this is to use the full URL (including the http: part)
4325of the document you are redirecting to.
4326
424ec8fa 4327You can also use named arguments:
54310121 4328
4329 print $query->redirect(-uri=>'http://somewhere.else/in/movie/land',
4330 -nph=>1);
4331
4332The B<-nph> parameter, if set to a true value, will issue the correct
4333headers to work with a NPH (no-parse-header) script. This is important
4334to use with certain servers, such as Microsoft Internet Explorer, which
4335expect all their scripts to be NPH.
4336
424ec8fa 4337=head2 CREATING THE HTML DOCUMENT HEADER
54310121 4338
4339 print $query->start_html(-title=>'Secrets of the Pyramids',
4340 -author=>'fred@capricorn.org',
4341 -base=>'true',
4342 -target=>'_blank',
4343 -meta=>{'keywords'=>'pharaoh secret mummy',
4344 'copyright'=>'copyright 1996 King Tut'},
7d37aa8e 4345 -style=>{'src'=>'/styles/style1.css'},
54310121 4346 -BGCOLOR=>'blue');
4347
424ec8fa
GS		 4348After creating the HTTP header, most CGI scripts will start writing
4349out an HTML document. The start_html() routine creates the top of the
4350page, along with a lot of optional information that controls the
4351page's appearance and behavior.
54310121 4352
424ec8fa
GS		 4353This method returns a canned HTML header and the opening <BODY> tag.
4354All parameters are optional. In the named parameter form, recognized
6b4ac661
JH		 4355parameters are -title, -author, -base, -xbase, -dtd, -lang and -target
4356(see below for the explanation). Any additional parameters you
4357provide, such as the Netscape unofficial BGCOLOR attribute, are added
4358to the <BODY> tag. Additional parameters must be proceeded by a
4359hyphen.
54310121 4360
4361The argument B<-xbase> allows you to provide an HREF for the <BASE> tag
4362different from the current location, as in
4363
4364 -xbase=>"http://home.mcom.com/"
4365
4366All relative links will be interpreted relative to this tag.
4367
4368The argument B<-target> allows you to provide a default target frame
3d1a2ec4
GS		 4369for all the links and fill-out forms on the page. B<This is a
4370non-standard HTTP feature which only works with Netscape browsers!>
4371See the Netscape documentation on frames for details of how to
4372manipulate this.
54310121 4373
4374 -target=>"answer_window"
4375
4376All relative links will be interpreted relative to this tag.
4377You add arbitrary meta information to the header with the B<-meta>
4378argument. This argument expects a reference to an associative array
4379containing name/value pairs of meta information. These will be turned
4380into a series of header <META> tags that look something like this:
4381
424ec8fa
GS		 4382 <META NAME="keywords" CONTENT="pharaoh secret mummy">
4383 <META NAME="description" CONTENT="copyright 1996 King Tut">
4384
6b4ac661
JH		 4385To create an HTTP-EQUIV type of <META> tag, use B<-head>, described
4386below.
424ec8fa 4387
6b4ac661
JH		 4388The B<-style> argument is used to incorporate cascading stylesheets
4389into your code. See the section on CASCADING STYLESHEETS for more
4390information.
424ec8fa 4391
6b4ac661
JH		 4392The B<-lang> argument is used to incorporate a language attribute into
4393the <HTML> tag. The default if not specified is "en-US" for US
4394English. For example:
4395
ba056755 4396 print $q->start_html(-lang=>'fr-CA');
424ec8fa
GS		 4397
4398You can place other arbitrary HTML elements to the <HEAD> section with the
4399B<-head> tag. For example, to place the rarely-used <LINK> element in the
4400head section, use this:
4401
3538e1d5 4402 print start_html(-head=>Link({-rel=>'next',
6b4ac661 4403 -href=>'http://www.capricorn.com/s2.html'}));
424ec8fa
GS		 4404
4405To incorporate multiple HTML elements into the <HEAD> section, just pass an
4406array reference:
4407
3538e1d5
GS		 4408 print start_html(-head=>[
4409 Link({-rel=>'next',
4410 -href=>'http://www.capricorn.com/s2.html'}),
4411 Link({-rel=>'previous',
4412 -href=>'http://www.capricorn.com/s1.html'})
424ec8fa
GS		 4413 ]
4414 );
4415
6b4ac661
JH		 4416And here's how to create an HTTP-EQUIV <META> tag:
4417
ba056755
JH		 4418 print start_html(-head=>meta({-http_equiv => 'Content-Type',
4419 -content => 'text/html'}))
6b4ac661
JH		 4420
4421
424ec8fa
GS		 4422JAVASCRIPTING: The B<-script>, B<-noScript>, B<-onLoad>,
4423B<-onMouseOver>, B<-onMouseOut> and B<-onUnload> parameters are used
4424to add Netscape JavaScript calls to your pages. B<-script> should
4425point to a block of text containing JavaScript function definitions.
4426This block will be placed within a <SCRIPT> block inside the HTML (not
4427HTTP) header. The block is placed in the header in order to give your
4428page a fighting chance of having all its JavaScript functions in place
4429even if the user presses the stop button before the page has loaded
4430completely. CGI.pm attempts to format the script in such a way that
4431JavaScript-naive browsers will not choke on the code: unfortunately
4432there are some browsers, such as Chimera for Unix, that get confused
4433by it nevertheless.
4434
4435The B<-onLoad> and B<-onUnload> parameters point to fragments of JavaScript
4436code to execute when the page is respectively opened and closed by the
4437browser. Usually these parameters are calls to functions defined in the
4438B<-script> field:
4439
4440 $query = new CGI;
4441 print $query->header;
4442 $JSCRIPT=<<END;
4443 // Ask a silly question
4444 function riddle_me_this() {
4445 var r = prompt("What walks on four legs in the morning, " +
4446 "two legs in the afternoon, " +
4447 "and three legs in the evening?");
4448 response(r);
4449 }
4450 // Get a silly answer
4451 function response(answer) {
4452 if (answer == "man")
4453 alert("Right you are!");
4454 else
4455 alert("Wrong! Guess again.");
4456 }
4457 END
4458 print $query->start_html(-title=>'The Riddle of the Sphinx',
4459 -script=>$JSCRIPT);
4460
4461Use the B<-noScript> parameter to pass some HTML text that will be displayed on
4462browsers that do not have JavaScript (or browsers where JavaScript is turned
4463off).
4464
4465Netscape 3.0 recognizes several attributes of the <SCRIPT> tag,
4466including LANGUAGE and SRC. The latter is particularly interesting,
4467as it allows you to keep the JavaScript code in a file or CGI script
4468rather than cluttering up each page with the source. To use these
4469attributes pass a HASH reference in the B<-script> parameter containing
4470one or more of -language, -src, or -code:
4471
4472 print $q->start_html(-title=>'The Riddle of the Sphinx',
4473 -script=>{-language=>'JAVASCRIPT',
4474 -src=>'/javascript/sphinx.js'}
4475 );
4476
4477 print $q->(-title=>'The Riddle of the Sphinx',
3538e1d5
GS		 4478 -script=>{-language=>'PERLSCRIPT',
4479 -code=>'print "hello world!\n;"'}
424ec8fa
GS		 4480 );
4481
4482
4483A final feature allows you to incorporate multiple <SCRIPT> sections into the
4484header. Just pass the list of script sections as an array reference.
4485this allows you to specify different source files for different dialects
4486of JavaScript. Example:
4487
3538e1d5
GS		 4488 print $q->start_html(-title=>'The Riddle of the Sphinx',
4489 -script=>[
4490 { -language => 'JavaScript1.0',
4491 -src => '/javascript/utilities10.js'
424ec8fa 4492 },
3538e1d5
GS		 4493 { -language => 'JavaScript1.1',
4494 -src => '/javascript/utilities11.js'
424ec8fa 4495 },
3538e1d5
GS		 4496 { -language => 'JavaScript1.2',
4497 -src => '/javascript/utilities12.js'
424ec8fa 4498 },
3538e1d5
GS		 4499 { -language => 'JavaScript28.2',
4500 -src => '/javascript/utilities219.js'
424ec8fa
GS		 4501 }
4502 ]
4503 );
4504 </pre>
4505
4506If this looks a bit extreme, take my advice and stick with straight CGI scripting.
4507
4508See
4509
4510 http://home.netscape.com/eng/mozilla/2.0/handbook/javascript/
4511
4512for more information about JavaScript.
4513
4514The old-style positional parameters are as follows:
4515
4516=over 4
4517
4518=item B<Parameters:>
4519
4520=item 1.
4521
4522The title
4523
4524=item 2.
4525
4526The author's e-mail address (will create a <LINK REV="MADE"> tag if present
4527
4528=item 3.
4529
4530A 'true' flag if you want to include a <BASE> tag in the header. This
4531helps resolve relative addresses to absolute ones when the document is moved,
4532but makes the document hierarchy non-portable. Use with care!
4533
4534=item 4, 5, 6...
4535
4536Any other parameters you want to include in the <BODY> tag. This is a good
4537place to put Netscape extensions, such as colors and wallpaper patterns.
4538
4539=back
4540
4541=head2 ENDING THE HTML DOCUMENT:
4542
4543 print $query->end_html
4544
4545This ends an HTML document by printing the </BODY></HTML> tags.
4546
4547=head2 CREATING A SELF-REFERENCING URL THAT PRESERVES STATE INFORMATION:
4548
4549 $myself = $query->self_url;
3d1a2ec4 4550 print q(<A HREF="$myself">I'm talking to myself.</A>);
424ec8fa
GS		 4551
4552self_url() will return a URL, that, when selected, will reinvoke
4553this script with all its state information intact. This is most
4554useful when you want to jump around within the document using
4555internal anchors but you don't want to disrupt the current contents
4556of the form(s). Something like this will do the trick.
4557
4558 $myself = $query->self_url;
4559 print "<A HREF=$myself#table1>See table 1</A>";
4560 print "<A HREF=$myself#table2>See table 2</A>";
4561 print "<A HREF=$myself#yourself>See for yourself</A>";
4562
4563If you want more control over what's returned, using the B<url()>
4564method instead.
4565
4566You can also retrieve the unprocessed query string with query_string():
4567
4568 $the_string = $query->query_string;
4569
4570=head2 OBTAINING THE SCRIPT'S URL
4571
4572 $full_url = $query->url();
4573 $full_url = $query->url(-full=>1); #alternative syntax
4574 $relative_url = $query->url(-relative=>1);
4575 $absolute_url = $query->url(-absolute=>1);
4576 $url_with_path = $query->url(-path_info=>1);
4577 $url_with_path_and_query = $query->url(-path_info=>1,-query=>1);
03b9648d 4578 $netloc = $query->url(-base => 1);
424ec8fa
GS		 4579
4580B<url()> returns the script's URL in a variety of formats. Called
4581without any arguments, it returns the full form of the URL, including
4582host name and port number
4583
4584 http://your.host.com/path/to/script.cgi
4585
4586You can modify this format with the following named arguments:
4587
4588=over 4
4589
4590=item B<-absolute>
4591
4592If true, produce an absolute URL, e.g.
4593
4594 /path/to/script.cgi
4595
4596=item B<-relative>
4597
4598Produce a relative URL. This is useful if you want to reinvoke your
4599script with different parameters. For example:
4600
4601 script.cgi
4602
4603=item B<-full>
4604
4605Produce the full URL, exactly as if called without any arguments.
4606This overrides the -relative and -absolute arguments.
4607
4608=item B<-path> (B<-path_info>)
4609
4610Append the additional path information to the URL. This can be
4611combined with B<-full>, B<-absolute> or B<-relative>. B<-path_info>
4612is provided as a synonym.
4613
4614=item B<-query> (B<-query_string>)
4615
4616Append the query string to the URL. This can be combined with
4617B<-full>, B<-absolute> or B<-relative>. B<-query_string> is provided
4618as a synonym.
4619
03b9648d
JH		 4620=item B<-base>
4621
4622Generate just the protocol and net location, as in http://www.foo.com:8000
4623
424ec8fa
GS		 4624=back
4625
71f3e297
JH		 4626=head2 MIXING POST AND URL PARAMETERS
4627
4628 $color = $query-&gt;url_param('color');
4629
4630It is possible for a script to receive CGI parameters in the URL as
4631well as in the fill-out form by creating a form that POSTs to a URL
4632containing a query string (a "?" mark followed by arguments). The
4633B<param()> method will always return the contents of the POSTed
4634fill-out form, ignoring the URL's query string. To retrieve URL
4635parameters, call the B<url_param()> method. Use it in the same way as
4636B<param()>. The main difference is that it allows you to read the
4637parameters, but not set them.
4638
4639
4640Under no circumstances will the contents of the URL query string
4641interfere with similarly-named CGI parameters in POSTed forms. If you
4642try to mix a URL query string with a form submitted with the GET
4643method, the results will not be what you expect.
4644
424ec8fa
GS		 4645=head1 CREATING STANDARD HTML ELEMENTS:
4646
4647CGI.pm defines general HTML shortcut methods for most, if not all of
4648the HTML 3 and HTML 4 tags. HTML shortcuts are named after a single
4649HTML element and return a fragment of HTML text that you can then
4650print or manipulate as you like. Each shortcut returns a fragment of
4651HTML code that you can append to a string, save to a file, or, most
4652commonly, print out so that it displays in the browser window.
4653
4654This example shows how to use the HTML methods:
4655
4656 $q = new CGI;
4657 print $q->blockquote(
4658 "Many years ago on the island of",
4659 $q->a({href=>"http://crete.org/"},"Crete"),
3538e1d5 4660 "there lived a Minotaur named",
424ec8fa
GS		 4661 $q->strong("Fred."),
4662 ),
4663 $q->hr;
4664
4665This results in the following HTML code (extra newlines have been
4666added for readability):
4667
4668 <blockquote>
4669 Many years ago on the island of
4670 <a HREF="http://crete.org/">Crete</a> there lived
4671 a minotaur named <strong>Fred.</strong>
4672 </blockquote>
4673 <hr>
4674
4675If you find the syntax for calling the HTML shortcuts awkward, you can
4676import them into your namespace and dispense with the object syntax
4677completely (see the next section for more details):
4678
4679 use CGI ':standard';
4680 print blockquote(
4681 "Many years ago on the island of",
4682 a({href=>"http://crete.org/"},"Crete"),
4683 "there lived a minotaur named",
4684 strong("Fred."),
4685 ),
4686 hr;
54310121 4687
424ec8fa 4688=head2 PROVIDING ARGUMENTS TO HTML SHORTCUTS
7d37aa8e 4689
424ec8fa
GS		 4690The HTML methods will accept zero, one or multiple arguments. If you
4691provide no arguments, you get a single tag:
7d37aa8e 4692
424ec8fa 4693 print hr; # <HR>
7d37aa8e 4694
424ec8fa
GS		 4695If you provide one or more string arguments, they are concatenated
4696together with spaces and placed between opening and closing tags:
7d37aa8e 4697
424ec8fa 4698 print h1("Chapter","1"); # <H1>Chapter 1</H1>"
7d37aa8e 4699
424ec8fa
GS		 4700If the first argument is an associative array reference, then the keys
4701and values of the associative array become the HTML tag's attributes:
7d37aa8e 4702
424ec8fa
GS		 4703 print a({-href=>'fred.html',-target=>'_new'},
4704 "Open a new frame");
7d37aa8e 4705
424ec8fa 4706 <A HREF="fred.html",TARGET="_new">Open a new frame</A>
3cb6de81 4707
424ec8fa
GS		 4708You may dispense with the dashes in front of the attribute names if
4709you prefer:
54310121 4710
424ec8fa 4711 print img {src=>'fred.gif',align=>'LEFT'};
54310121 4712
424ec8fa 4713 <IMG ALIGN="LEFT" SRC="fred.gif">
54310121 4714
424ec8fa
GS		 4715Sometimes an HTML tag attribute has no argument. For example, ordered
4716lists can be marked as COMPACT. The syntax for this is an argument that
4717that points to an undef string:
54310121 4718
424ec8fa 4719 print ol({compact=>undef},li('one'),li('two'),li('three'));
47e3cabd 4720
424ec8fa
GS		 4721Prior to CGI.pm version 2.41, providing an empty ('') string as an
4722attribute argument was the same as providing undef. However, this has
f610777f 4723changed in order to accommodate those who want to create tags of the form
424ec8fa 4724<IMG ALT="">. The difference is shown in these two pieces of code:
3cb6de81 4725
424ec8fa
GS		 4726 CODE RESULT
4727 img({alt=>undef}) <IMG ALT>
4728 img({alt=>''}) <IMT ALT="">
7d37aa8e 4729
424ec8fa 4730=head2 THE DISTRIBUTIVE PROPERTY OF HTML SHORTCUTS
7d37aa8e 4731
424ec8fa
GS		 4732One of the cool features of the HTML shortcuts is that they are
4733distributive. If you give them an argument consisting of a
4734B<reference> to a list, the tag will be distributed across each
4735element of the list. For example, here's one way to make an ordered
4736list:
7d37aa8e 4737
424ec8fa 4738 print ul(
6b4ac661 4739 li({-type=>'disc'},['Sneezy','Doc','Sleepy','Happy'])
424ec8fa 4740 );
7d37aa8e 4741
424ec8fa 4742This example will result in HTML output that looks like this:
54310121 4743
424ec8fa
GS		 4744 <UL>
4745 <LI TYPE="disc">Sneezy</LI>
4746 <LI TYPE="disc">Doc</LI>
4747 <LI TYPE="disc">Sleepy</LI>
4748 <LI TYPE="disc">Happy</LI>
4749 </UL>
54310121 4750
424ec8fa 4751This is extremely useful for creating tables. For example:
54310121 4752
424ec8fa
GS		 4753 print table({-border=>undef},
4754 caption('When Should You Eat Your Vegetables?'),
4755 Tr({-align=>CENTER,-valign=>TOP},
4756 [
4757 th(['Vegetable', 'Breakfast','Lunch','Dinner']),
4758 td(['Tomatoes' , 'no', 'yes', 'yes']),
4759 td(['Broccoli' , 'no', 'no', 'yes']),
4760 td(['Onions' , 'yes','yes', 'yes'])
4761 ]
4762 )
4763 );
54310121 4764
424ec8fa 4765=head2 HTML SHORTCUTS AND LIST INTERPOLATION
54310121 4766
424ec8fa 4767Consider this bit of code:
54310121 4768
424ec8fa 4769 print blockquote(em('Hi'),'mom!'));
54310121 4770
424ec8fa 4771It will ordinarily return the string that you probably expect, namely:
54310121 4772
424ec8fa 4773 <BLOCKQUOTE><EM>Hi</EM> mom!</BLOCKQUOTE>
54310121 4774
424ec8fa
GS		 4775Note the space between the element "Hi" and the element "mom!".
4776CGI.pm puts the extra space there using array interpolation, which is
4777controlled by the magic $" variable. Sometimes this extra space is
4778not what you want, for example, when you are trying to align a series
4779of images. In this case, you can simply change the value of $" to an
4780empty string.
54310121 4781
424ec8fa
GS		 4782 {
4783 local($") = '';
4784 print blockquote(em('Hi'),'mom!'));
4785 }
54310121 4786
424ec8fa
GS		 4787I suggest you put the code in a block as shown here. Otherwise the
4788change to $" will affect all subsequent code until you explicitly
4789reset it.
54310121 4790
424ec8fa 4791=head2 NON-STANDARD HTML SHORTCUTS
54310121 4792
424ec8fa
GS		 4793A few HTML tags don't follow the standard pattern for various
4794reasons.
54310121 4795
424ec8fa
GS		 4796B<comment()> generates an HTML comment (<!-- comment -->). Call it
4797like
54310121 4798
424ec8fa 4799 print comment('here is my comment');
54310121 4800
424ec8fa
GS		 4801Because of conflicts with built-in Perl functions, the following functions
4802begin with initial caps:
54310121 4803
424ec8fa
GS		 4804 Select
4805 Tr
4806 Link
4807 Delete
71f3e297
JH		 4808 Accept
4809 Sub
54310121 4810
424ec8fa
GS		 4811In addition, start_html(), end_html(), start_form(), end_form(),
4812start_multipart_form() and all the fill-out form tags are special.
4813See their respective sections.
4814
3d1a2ec4
GS		 4815=head2 AUTOESCAPING HTML
4816
4817By default, all HTML that is emitted by the form-generating functions
4818is passed through a function called escapeHTML():
4819
4820=over 4
4821
4822=item $escaped_string = escapeHTML("unescaped string");
4823
4824Escape HTML formatting characters in a string.
4825
4826=back
4827
4828Provided that you have specified a character set of ISO-8859-1 (the
4829default), the standard HTML escaping rules will be used. The "<"
4830character becomes "&lt;", ">" becomes "&gt;", "&" becomes "&amp;", and
4831the quote character becomes "&quot;". In addition, the hexadecimal
48320x8b and 0x9b characters, which many windows-based browsers interpret
4833as the left and right angle-bracket characters, are replaced by their
4834numeric HTML entities ("&#139" and "&#155;"). If you manually change
4835the charset, either by calling the charset() method explicitly or by
4836passing a -charset argument to header(), then B<all> characters will
4837be replaced by their numeric entities, since CGI.pm has no lookup
4838table for all the possible encodings.
4839
4840The automatic escaping does not apply to other shortcuts, such as
4841h1(). You should call escapeHTML() yourself on untrusted data in
4842order to protect your pages against nasty tricks that people may enter
4843into guestbooks, etc.. To change the character set, use charset().
4844To turn autoescaping off completely, use autoescape():
4845
4846=over 4
4847
4848=item $charset = charset([$charset]);
4849
4850Get or set the current character set.
4851
4852=item $flag = autoEscape([$flag]);
4853
4854Get or set the value of the autoescape flag.
4855
4856=back
4857
71f3e297
JH		 4858=head2 PRETTY-PRINTING HTML
4859
4860By default, all the HTML produced by these functions comes out as one
4861long line without carriage returns or indentation. This is yuck, but
4862it does reduce the size of the documents by 10-20%. To get
4863pretty-printed output, please use L<CGI::Pretty>, a subclass
4864contributed by Brian Paulsen.
4865
424ec8fa 4866=head1 CREATING FILL-OUT FORMS:
54310121 4867
4868I<General note> The various form-creating methods all return strings
4869to the caller, containing the tag or tags that will create the requested
4870form element. You are responsible for actually printing out these strings.
4871It's set up this way so that you can place formatting tags
4872around the form elements.
4873
4874I<Another note> The default values that you specify for the forms are only
4875used the B<first> time the script is invoked (when there is no query
4876string). On subsequent invocations of the script (when there is a query
4877string), the former values are used even if they are blank.
4878
4879If you want to change the value of a field from its previous value, you have two
4880choices:
4881
4882(1) call the param() method to set it.
4883
4884(2) use the -override (alias -force) parameter (a new feature in version 2.15).
4885This forces the default value to be used, regardless of the previous value:
4886
4887 print $query->textfield(-name=>'field_name',
4888 -default=>'starting value',
4889 -override=>1,
4890 -size=>50,
4891 -maxlength=>80);
4892
4893I<Yet another note> By default, the text and labels of form elements are
4894escaped according to HTML rules. This means that you can safely use
4895"<CLICK ME>" as the label for a button. However, it also interferes with
4896your ability to incorporate special HTML character sequences, such as &Aacute;,
4897into your fields. If you wish to turn off automatic escaping, call the
4898autoEscape() method with a false value immediately after creating the CGI object:
4899
4900 $query = new CGI;
4901 $query->autoEscape(undef);
3cb6de81 4902
54310121 4903=head2 CREATING AN ISINDEX TAG
4904
4905 print $query->isindex(-action=>$action);
4906
4907 -or-
4908
4909 print $query->isindex($action);
4910
4911Prints out an <ISINDEX> tag. Not very exciting. The parameter
4912-action specifies the URL of the script to process the query. The
4913default is to process the query with the current script.
4914
4915=head2 STARTING AND ENDING A FORM
4916
3d1a2ec4 4917 print $query->start_form(-method=>$method,
54310121 4918 -action=>$action,
71f3e297 4919 -enctype=>$encoding);
54310121 4920 <... various form stuff ...>
4921 print $query->endform;
4922
4923 -or-
4924
3d1a2ec4 4925 print $query->start_form($method,$action,$encoding);
54310121 4926 <... various form stuff ...>
4927 print $query->endform;
4928
3d1a2ec4 4929start_form() will return a <FORM> tag with the optional method,
54310121 4930action and form encoding that you specify. The defaults are:
3cb6de81 4931
54310121 4932 method: POST
4933 action: this script
71f3e297 4934 enctype: application/x-www-form-urlencoded
54310121 4935
4936endform() returns the closing </FORM> tag.
4937
3d1a2ec4 4938Start_form()'s enctype argument tells the browser how to package the various
54310121 4939fields of the form before sending the form to the server. Two
4940values are possible:
4941
3d1a2ec4
GS		 4942B<Note:> This method was previously named startform(), and startform()
4943is still recognized as an alias.
4944
54310121 4945=over 4
4946
4947=item B<application/x-www-form-urlencoded>
4948
4949This is the older type of encoding used by all browsers prior to
4950Netscape 2.0. It is compatible with many CGI scripts and is
4951suitable for short fields containing text data. For your
4952convenience, CGI.pm stores the name of this encoding
6b4ac661 4953type in B<&CGI::URL_ENCODED>.
54310121 4954
4955=item B<multipart/form-data>
4956
4957This is the newer type of encoding introduced by Netscape 2.0.
4958It is suitable for forms that contain very large fields or that
4959are intended for transferring binary data. Most importantly,
4960it enables the "file upload" feature of Netscape 2.0 forms. For
4961your convenience, CGI.pm stores the name of this encoding type
424ec8fa 4962in B<&CGI::MULTIPART>
54310121 4963
4964Forms that use this type of encoding are not easily interpreted
4965by CGI scripts unless they use CGI.pm or another library designed
4966to handle them.
4967
4968=back
4969
3d1a2ec4 4970For compatibility, the start_form() method uses the older form of
54310121 4971encoding by default. If you want to use the newer form of encoding
4972by default, you can call B<start_multipart_form()> instead of
3d1a2ec4 4973B<start_form()>.
54310121 4974
4975JAVASCRIPTING: The B<-name> and B<-onSubmit> parameters are provided
4976for use with JavaScript. The -name parameter gives the
4977form a name so that it can be identified and manipulated by
4978JavaScript functions. -onSubmit should point to a JavaScript
4979function that will be executed just before the form is submitted to your
4980server. You can use this opportunity to check the contents of the form
4981for consistency and completeness. If you find something wrong, you
4982can put up an alert box or maybe fix things up yourself. You can
4983abort the submission by returning false from this function.
4984
4985Usually the bulk of JavaScript functions are defined in a <SCRIPT>
4986block in the HTML header and -onSubmit points to one of these function
4987call. See start_html() for details.
4988
4989=head2 CREATING A TEXT FIELD
4990
4991 print $query->textfield(-name=>'field_name',
4992 -default=>'starting value',
4993 -size=>50,
4994 -maxlength=>80);
4995 -or-
4996
4997 print $query->textfield('field_name','starting value',50,80);
4998
4999textfield() will return a text input field.
5000
5001=over 4
5002
5003=item B<Parameters>
5004
5005=item 1.
5006
5007The first parameter is the required name for the field (-name).
5008
5009=item 2.
5010
5011The optional second parameter is the default starting value for the field
5012contents (-default).
5013
5014=item 3.
5015
5016The optional third parameter is the size of the field in
5017 characters (-size).
5018
5019=item 4.
5020
5021The optional fourth parameter is the maximum number of characters the
5022 field will accept (-maxlength).
5023
5024=back
5025
5026As with all these methods, the field will be initialized with its
5027previous contents from earlier invocations of the script.
5028When the form is processed, the value of the text field can be
5029retrieved with:
5030
5031 $value = $query->param('foo');
5032
5033If you want to reset it from its initial value after the script has been
5034called once, you can do so like this:
5035
5036 $query->param('foo',"I'm taking over this value!");
5037
5038NEW AS OF VERSION 2.15: If you don't want the field to take on its previous
5039value, you can force its current value by using the -override (alias -force)
5040parameter:
5041
5042 print $query->textfield(-name=>'field_name',
5043 -default=>'starting value',
5044 -override=>1,
5045 -size=>50,
5046 -maxlength=>80);
5047
424ec8fa
GS		 5048JAVASCRIPTING: You can also provide B<-onChange>, B<-onFocus>,
5049B<-onBlur>, B<-onMouseOver>, B<-onMouseOut> and B<-onSelect>
5050parameters to register JavaScript event handlers. The onChange
5051handler will be called whenever the user changes the contents of the
5052text field. You can do text validation if you like. onFocus and
5053onBlur are called respectively when the insertion point moves into and
5054out of the text field. onSelect is called when the user changes the
5055portion of the text that is selected.
54310121 5056
5057=head2 CREATING A BIG TEXT FIELD
5058
5059 print $query->textarea(-name=>'foo',
5060 -default=>'starting value',
5061 -rows=>10,
5062 -columns=>50);
5063
5064 -or
5065
5066 print $query->textarea('foo','starting value',10,50);
5067
5068textarea() is just like textfield, but it allows you to specify
5069rows and columns for a multiline text entry box. You can provide
5070a starting value for the field, which can be long and contain
5071multiple lines.
5072
424ec8fa
GS		 5073JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur> ,
5074B<-onMouseOver>, B<-onMouseOut>, and B<-onSelect> parameters are
5075recognized. See textfield().
54310121 5076
5077=head2 CREATING A PASSWORD FIELD
5078
5079 print $query->password_field(-name=>'secret',
5080 -value=>'starting value',
5081 -size=>50,
5082 -maxlength=>80);
5083 -or-
5084
5085 print $query->password_field('secret','starting value',50,80);
5086
5087password_field() is identical to textfield(), except that its contents
5088will be starred out on the web page.
5089
424ec8fa
GS		 5090JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur>,
5091B<-onMouseOver>, B<-onMouseOut> and B<-onSelect> parameters are
5092recognized. See textfield().
54310121 5093
5094=head2 CREATING A FILE UPLOAD FIELD
5095
5096 print $query->filefield(-name=>'uploaded_file',
5097 -default=>'starting value',
5098 -size=>50,
5099 -maxlength=>80);
5100 -or-
5101
5102 print $query->filefield('uploaded_file','starting value',50,80);
5103
5104filefield() will return a file upload field for Netscape 2.0 browsers.
5105In order to take full advantage of this I<you must use the new
5106multipart encoding scheme> for the form. You can do this either
6b4ac661 5107by calling B<start_form()> with an encoding type of B<&CGI::MULTIPART>,
54310121 5108or by calling the new method B<start_multipart_form()> instead of
3d1a2ec4 5109vanilla B<start_form()>.
54310121 5110
5111=over 4
5112
5113=item B<Parameters>
5114
5115=item 1.
5116
5117The first parameter is the required name for the field (-name).
5118
5119=item 2.
5120
5121The optional second parameter is the starting value for the field contents
5122to be used as the default file name (-default).
5123
71f3e297
JH		 5124For security reasons, browsers don't pay any attention to this field,
5125and so the starting value will always be blank. Worse, the field
5126loses its "sticky" behavior and forgets its previous contents. The
5127starting value field is called for in the HTML specification, however,
5128and possibly some browser will eventually provide support for it.
54310121 5129
5130=item 3.
5131
5132The optional third parameter is the size of the field in
5133characters (-size).
5134
5135=item 4.
5136
5137The optional fourth parameter is the maximum number of characters the
5138field will accept (-maxlength).
5139
5140=back
5141
5142When the form is processed, you can retrieve the entered filename
3538e1d5 5143by calling param():
54310121 5144
5145 $filename = $query->param('uploaded_file');
5146
3538e1d5
GS		 5147Different browsers will return slightly different things for the
5148name. Some browsers return the filename only. Others return the full
5149path to the file, using the path conventions of the user's machine.
5150Regardless, the name returned is always the name of the file on the
5151I<user's> machine, and is unrelated to the name of the temporary file
5152that CGI.pm creates during upload spooling (see below).
54310121 5153
5154The filename returned is also a file handle. You can read the contents
5155of the file using standard Perl file reading calls:
5156
5157 # Read a text file and print it out
5158 while (<$filename>) {
5159 print;
5160 }
5161
5162 # Copy a binary file to somewhere safe
5163 open (OUTFILE,">>/usr/local/web/users/feedback");
5164 while ($bytesread=read($filename,$buffer,1024)) {
5165 print OUTFILE $buffer;
5166 }
5167
3538e1d5
GS		 5168However, there are problems with the dual nature of the upload fields.
5169If you C<use strict>, then Perl will complain when you try to use a
5170string as a filehandle. You can get around this by placing the file
5171reading code in a block containing the C<no strict> pragma. More
5172seriously, it is possible for the remote user to type garbage into the
5173upload field, in which case what you get from param() is not a
5174filehandle at all, but a string.
5175
5176To be safe, use the I<upload()> function (new in version 2.47). When
5177called with the name of an upload field, I<upload()> returns a
5178filehandle, or undef if the parameter is not a valid filehandle.
5179
5180 $fh = $query->upload('uploaded_file');
5181 while (<$fh>) {
5182 print;
5183 }
5184
199d4a26
JH		 5185In an array context, upload() will return an array of filehandles.
5186This makes it possible to create forms that use the same name for
5187multiple upload fields.
5188
3538e1d5
GS		 5189This is the recommended idiom.
5190
54310121 5191When a file is uploaded the browser usually sends along some
5192information along with it in the format of headers. The information
5193usually includes the MIME content type. Future browsers may send
5194other information as well (such as modification date and size). To
5195retrieve this information, call uploadInfo(). It returns a reference to
5196an associative array containing all the document headers.
5197
5198 $filename = $query->param('uploaded_file');
5199 $type = $query->uploadInfo($filename)->{'Content-Type'};
5200 unless ($type eq 'text/html') {
5201 die "HTML FILES ONLY!";
5202 }
5203
5204If you are using a machine that recognizes "text" and "binary" data
5205modes, be sure to understand when and how to use them (see the Camel book).
3538e1d5
GS		 5206Otherwise you may find that binary files are corrupted during file
5207uploads.
5208
5209There are occasionally problems involving parsing the uploaded file.
5210This usually happens when the user presses "Stop" before the upload is
5211finished. In this case, CGI.pm will return undef for the name of the
5212uploaded file and set I<cgi_error()> to the string "400 Bad request
5213(malformed multipart POST)". This error message is designed so that
5214you can incorporate it into a status code to be sent to the browser.
5215Example:
5216
5217 $file = $query->upload('uploaded_file');
5218 if (!$file && $query->cgi_error) {
ffd2dff2 5219 print $query->header(-status=>$query->cgi_error);
3538e1d5
GS		 5220 exit 0;
5221 }
5222
5223You are free to create a custom HTML page to complain about the error,
5224if you wish.
54310121 5225
199d4a26
JH		 5226If you are using CGI.pm on a Windows platform and find that binary
5227files get slightly larger when uploaded but that text files remain the
5228same, then you have forgotten to activate binary mode on the output
5229filehandle. Be sure to call binmode() on any handle that you create
5230to write the uploaded file to disk.
5231
424ec8fa
GS		 5232JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur>,
5233B<-onMouseOver>, B<-onMouseOut> and B<-onSelect> parameters are
5234recognized. See textfield() for details.
54310121 5235
5236=head2 CREATING A POPUP MENU
5237
5238 print $query->popup_menu('menu_name',
5239 ['eenie','meenie','minie'],
5240 'meenie');
5241
5242 -or-
5243
5244 %labels = ('eenie'=>'your first choice',
5245 'meenie'=>'your second choice',
5246 'minie'=>'your third choice');
5247 print $query->popup_menu('menu_name',
5248 ['eenie','meenie','minie'],
5249 'meenie',\%labels);
5250
5251 -or (named parameter style)-
5252
5253 print $query->popup_menu(-name=>'menu_name',
5254 -values=>['eenie','meenie','minie'],
5255 -default=>'meenie',
5256 -labels=>\%labels);
5257
5258popup_menu() creates a menu.
5259
5260=over 4
5261
5262=item 1.
5263
5264The required first argument is the menu's name (-name).
5265
5266=item 2.
5267
5268The required second argument (-values) is an array B<reference>
5269containing the list of menu items in the menu. You can pass the
5270method an anonymous array, as shown in the example, or a reference to
5271a named array, such as "\@foo".
5272
5273=item 3.
5274
5275The optional third parameter (-default) is the name of the default
5276menu choice. If not specified, the first item will be the default.
5277The values of the previous choice will be maintained across queries.
5278
5279=item 4.
5280
5281The optional fourth parameter (-labels) is provided for people who
5282want to use different values for the user-visible label inside the
5283popup menu nd the value returned to your script. It's a pointer to an
5284associative array relating menu values to user-visible labels. If you
5285leave this parameter blank, the menu values will be displayed by
5286default. (You can also leave a label undefined if you want to).
5287
5288=back
5289
5290When the form is processed, the selected value of the popup menu can
5291be retrieved using:
5292
5293 $popup_menu_value = $query->param('menu_name');
5294
5295JAVASCRIPTING: popup_menu() recognizes the following event handlers:
424ec8fa
GS		 5296B<-onChange>, B<-onFocus>, B<-onMouseOver>, B<-onMouseOut>, and
5297B<-onBlur>. See the textfield() section for details on when these
5298handlers are called.
54310121 5299
5300=head2 CREATING A SCROLLING LIST
5301
5302 print $query->scrolling_list('list_name',
5303 ['eenie','meenie','minie','moe'],
5304 ['eenie','moe'],5,'true');
5305 -or-
5306
5307 print $query->scrolling_list('list_name',
5308 ['eenie','meenie','minie','moe'],
5309 ['eenie','moe'],5,'true',
5310 \%labels);
5311
5312 -or-
5313
5314 print $query->scrolling_list(-name=>'list_name',
5315 -values=>['eenie','meenie','minie','moe'],
5316 -default=>['eenie','moe'],
5317 -size=>5,
5318 -multiple=>'true',
5319 -labels=>\%labels);
5320
5321scrolling_list() creates a scrolling list.
5322
5323=over 4
5324
5325=item B<Parameters:>
5326
5327=item 1.
5328
5329The first and second arguments are the list name (-name) and values
5330(-values). As in the popup menu, the second argument should be an
5331array reference.
5332
5333=item 2.
5334
5335The optional third argument (-default) can be either a reference to a
5336list containing the values to be selected by default, or can be a
5337single value to select. If this argument is missing or undefined,
5338then nothing is selected when the list first appears. In the named
5339parameter version, you can use the synonym "-defaults" for this
5340parameter.
5341
5342=item 3.
5343
5344The optional fourth argument is the size of the list (-size).
5345
5346=item 4.
5347
5348The optional fifth argument can be set to true to allow multiple
5349simultaneous selections (-multiple). Otherwise only one selection
5350will be allowed at a time.
5351
5352=item 5.
5353
5354The optional sixth argument is a pointer to an associative array
5355containing long user-visible labels for the list items (-labels).
5356If not provided, the values will be displayed.
5357
5358When this form is processed, all selected list items will be returned as
5359a list under the parameter name 'list_name'. The values of the
5360selected items can be retrieved with:
5361
5362 @selected = $query->param('list_name');
5363
5364=back
5365
424ec8fa
GS		 5366JAVASCRIPTING: scrolling_list() recognizes the following event
5367handlers: B<-onChange>, B<-onFocus>, B<-onMouseOver>, B<-onMouseOut>
5368and B<-onBlur>. See textfield() for the description of when these
5369handlers are called.
54310121 5370
5371=head2 CREATING A GROUP OF RELATED CHECKBOXES
5372
5373 print $query->checkbox_group(-name=>'group_name',
5374 -values=>['eenie','meenie','minie','moe'],
5375 -default=>['eenie','moe'],
5376 -linebreak=>'true',
5377 -labels=>\%labels);
5378
5379 print $query->checkbox_group('group_name',
5380 ['eenie','meenie','minie','moe'],
5381 ['eenie','moe'],'true',\%labels);
5382
5383 HTML3-COMPATIBLE BROWSERS ONLY:
5384
5385 print $query->checkbox_group(-name=>'group_name',
5386 -values=>['eenie','meenie','minie','moe'],
5387 -rows=2,-columns=>2);
3cb6de81 5388
54310121 5389
5390checkbox_group() creates a list of checkboxes that are related
5391by the same name.
5392
5393=over 4
5394
5395=item B<Parameters:>
5396
5397=item 1.
5398
5399The first and second arguments are the checkbox name and values,
5400respectively (-name and -values). As in the popup menu, the second
5401argument should be an array reference. These values are used for the
5402user-readable labels printed next to the checkboxes as well as for the
5403values passed to your script in the query string.
5404
5405=item 2.
5406
5407The optional third argument (-default) can be either a reference to a
5408list containing the values to be checked by default, or can be a
5409single value to checked. If this argument is missing or undefined,
5410then nothing is selected when the list first appears.
5411
5412=item 3.
5413
5414The optional fourth argument (-linebreak) can be set to true to place
5415line breaks between the checkboxes so that they appear as a vertical
5416list. Otherwise, they will be strung together on a horizontal line.
5417
5418=item 4.
5419
5420The optional fifth argument is a pointer to an associative array
7a2e2cd6 5421relating the checkbox values to the user-visible labels that will
54310121 5422be printed next to them (-labels). If not provided, the values will
5423be used as the default.
5424
5425=item 5.
5426
424ec8fa
GS		 5427B<HTML3-compatible browsers> (such as Netscape) can take advantage of
5428the optional parameters B<-rows>, and B<-columns>. These parameters
5429cause checkbox_group() to return an HTML3 compatible table containing
5430the checkbox group formatted with the specified number of rows and
5431columns. You can provide just the -columns parameter if you wish;
5432checkbox_group will calculate the correct number of rows for you.
54310121 5433
5434To include row and column headings in the returned table, you
424ec8fa 5435can use the B<-rowheaders> and B<-colheaders> parameters. Both
54310121 5436of these accept a pointer to an array of headings to use.
5437The headings are just decorative. They don't reorganize the
5438interpretation of the checkboxes -- they're still a single named
5439unit.
5440
5441=back
5442
5443When the form is processed, all checked boxes will be returned as
5444a list under the parameter name 'group_name'. The values of the
5445"on" checkboxes can be retrieved with:
5446
5447 @turned_on = $query->param('group_name');
5448
5449The value returned by checkbox_group() is actually an array of button
5450elements. You can capture them and use them within tables, lists,
5451or in other creative ways:
5452
5453 @h = $query->checkbox_group(-name=>'group_name',-values=>\@values);
5454 &use_in_creative_way(@h);
5455
5456JAVASCRIPTING: checkbox_group() recognizes the B<-onClick>
5457parameter. This specifies a JavaScript code fragment or
5458function call to be executed every time the user clicks on
5459any of the buttons in the group. You can retrieve the identity
5460of the particular button clicked on using the "this" variable.
5461
5462=head2 CREATING A STANDALONE CHECKBOX
5463
5464 print $query->checkbox(-name=>'checkbox_name',
5465 -checked=>'checked',
5466 -value=>'ON',
5467 -label=>'CLICK ME');
5468
5469 -or-
5470
5471 print $query->checkbox('checkbox_name','checked','ON','CLICK ME');
5472
5473checkbox() is used to create an isolated checkbox that isn't logically
5474related to any others.
5475
5476=over 4
5477
5478=item B<Parameters:>
5479
5480=item 1.
5481
5482The first parameter is the required name for the checkbox (-name). It
5483will also be used for the user-readable label printed next to the
5484checkbox.
5485
5486=item 2.
5487
5488The optional second parameter (-checked) specifies that the checkbox
5489is turned on by default. Synonyms are -selected and -on.
5490
5491=item 3.
5492
5493The optional third parameter (-value) specifies the value of the
5494checkbox when it is checked. If not provided, the word "on" is
5495assumed.
5496
5497=item 4.
5498
5499The optional fourth parameter (-label) is the user-readable label to
5500be attached to the checkbox. If not provided, the checkbox name is
5501used.
5502
5503=back
5504
5505The value of the checkbox can be retrieved using:
5506
5507 $turned_on = $query->param('checkbox_name');
5508
5509JAVASCRIPTING: checkbox() recognizes the B<-onClick>
5510parameter. See checkbox_group() for further details.
5511
5512=head2 CREATING A RADIO BUTTON GROUP
5513
5514 print $query->radio_group(-name=>'group_name',
5515 -values=>['eenie','meenie','minie'],
5516 -default=>'meenie',
5517 -linebreak=>'true',
5518 -labels=>\%labels);
5519
5520 -or-
5521
5522 print $query->radio_group('group_name',['eenie','meenie','minie'],
5523 'meenie','true',\%labels);
5524
5525
5526 HTML3-COMPATIBLE BROWSERS ONLY:
5527
5528 print $query->radio_group(-name=>'group_name',
5529 -values=>['eenie','meenie','minie','moe'],
5530 -rows=2,-columns=>2);
5531
5532radio_group() creates a set of logically-related radio buttons
5533(turning one member of the group on turns the others off)
5534
5535=over 4
5536
5537=item B<Parameters:>
5538
5539=item 1.
5540
5541The first argument is the name of the group and is required (-name).
5542
5543=item 2.
5544
5545The second argument (-values) is the list of values for the radio
5546buttons. The values and the labels that appear on the page are
5547identical. Pass an array I<reference> in the second argument, either
5548using an anonymous array, as shown, or by referencing a named array as
5549in "\@foo".
5550
5551=item 3.
5552
5553The optional third parameter (-default) is the name of the default
5554button to turn on. If not specified, the first item will be the
5555default. You can provide a nonexistent button name, such as "-" to
5556start up with no buttons selected.
5557
5558=item 4.
5559
5560The optional fourth parameter (-linebreak) can be set to 'true' to put
5561line breaks between the buttons, creating a vertical list.
5562
5563=item 5.
5564
5565The optional fifth parameter (-labels) is a pointer to an associative
5566array relating the radio button values to user-visible labels to be
5567used in the display. If not provided, the values themselves are
5568displayed.
5569
5570=item 6.
5571
5572B<HTML3-compatible browsers> (such as Netscape) can take advantage
5573of the optional
5574parameters B<-rows>, and B<-columns>. These parameters cause
5575radio_group() to return an HTML3 compatible table containing
5576the radio group formatted with the specified number of rows
5577and columns. You can provide just the -columns parameter if you
5578wish; radio_group will calculate the correct number of rows
5579for you.
5580
5581To include row and column headings in the returned table, you
5582can use the B<-rowheader> and B<-colheader> parameters. Both
5583of these accept a pointer to an array of headings to use.
5584The headings are just decorative. They don't reorganize the
f610777f 5585interpretation of the radio buttons -- they're still a single named
54310121 5586unit.
5587
5588=back
5589
5590When the form is processed, the selected radio button can
5591be retrieved using:
5592
5593 $which_radio_button = $query->param('group_name');
5594
5595The value returned by radio_group() is actually an array of button
5596elements. You can capture them and use them within tables, lists,
5597or in other creative ways:
5598
5599 @h = $query->radio_group(-name=>'group_name',-values=>\@values);
5600 &use_in_creative_way(@h);
5601
5602=head2 CREATING A SUBMIT BUTTON
5603
5604 print $query->submit(-name=>'button_name',
5605 -value=>'value');
5606
5607 -or-
5608
5609 print $query->submit('button_name','value');
5610
5611submit() will create the query submission button. Every form
5612should have one of these.
5613
5614=over 4
5615
5616=item B<Parameters:>
5617
5618=item 1.
5619
5620The first argument (-name) is optional. You can give the button a
5621name if you have several submission buttons in your form and you want
5622to distinguish between them. The name will also be used as the
5623user-visible label. Be aware that a few older browsers don't deal with this correctly and
5624B<never> send back a value from a button.
5625
5626=item 2.
5627
5628The second argument (-value) is also optional. This gives the button
5629a value that will be passed to your script in the query string.
5630
5631=back
5632
5633You can figure out which button was pressed by using different
5634values for each one:
5635
5636 $which_one = $query->param('button_name');
5637
5638JAVASCRIPTING: radio_group() recognizes the B<-onClick>
5639parameter. See checkbox_group() for further details.
5640
5641=head2 CREATING A RESET BUTTON
5642
5643 print $query->reset
5644
5645reset() creates the "reset" button. Note that it restores the
5646form to its value from the last time the script was called,
5647NOT necessarily to the defaults.
5648
71f3e297
JH		 5649Note that this conflicts with the Perl reset() built-in. Use
5650CORE::reset() to get the original reset function.
5651
54310121 5652=head2 CREATING A DEFAULT BUTTON
5653
5654 print $query->defaults('button_label')
5655
5656defaults() creates a button that, when invoked, will cause the
5657form to be completely reset to its defaults, wiping out all the
5658changes the user ever made.
5659
5660=head2 CREATING A HIDDEN FIELD
5661
5662 print $query->hidden(-name=>'hidden_name',
5663 -default=>['value1','value2'...]);
5664
5665 -or-
5666
5667 print $query->hidden('hidden_name','value1','value2'...);
5668
5669hidden() produces a text field that can't be seen by the user. It
5670is useful for passing state variable information from one invocation
5671of the script to the next.
5672
5673=over 4
5674
5675=item B<Parameters:>
5676
5677=item 1.
5678
5679The first argument is required and specifies the name of this
5680field (-name).
5681
5682=item 2.
5683
5684The second argument is also required and specifies its value
5685(-default). In the named parameter style of calling, you can provide
5686a single value here or a reference to a whole list
5687
5688=back
5689
5690Fetch the value of a hidden field this way:
5691
5692 $hidden_value = $query->param('hidden_name');
5693
5694Note, that just like all the other form elements, the value of a
5695hidden field is "sticky". If you want to replace a hidden field with
5696some other values after the script has been called once you'll have to
5697do it manually:
5698
5699 $query->param('hidden_name','new','values','here');
5700
5701=head2 CREATING A CLICKABLE IMAGE BUTTON
5702
5703 print $query->image_button(-name=>'button_name',
5704 -src=>'/source/URL',
5705 -align=>'MIDDLE');
5706
5707 -or-
5708
5709 print $query->image_button('button_name','/source/URL','MIDDLE');
5710
5711image_button() produces a clickable image. When it's clicked on the
5712position of the click is returned to your script as "button_name.x"
5713and "button_name.y", where "button_name" is the name you've assigned
5714to it.
5715
5716JAVASCRIPTING: image_button() recognizes the B<-onClick>
5717parameter. See checkbox_group() for further details.
5718
5719=over 4
5720
5721=item B<Parameters:>
5722
5723=item 1.
5724
5725The first argument (-name) is required and specifies the name of this
5726field.
5727
5728=item 2.
5729
5730The second argument (-src) is also required and specifies the URL
5731
5732=item 3.
551e1d92 5733
54310121 5734The third option (-align, optional) is an alignment type, and may be
5735TOP, BOTTOM or MIDDLE
5736
5737=back
5738
5739Fetch the value of the button this way:
5740 $x = $query->param('button_name.x');
5741 $y = $query->param('button_name.y');
5742
5743=head2 CREATING A JAVASCRIPT ACTION BUTTON
5744
5745 print $query->button(-name=>'button_name',
5746 -value=>'user visible label',
5747 -onClick=>"do_something()");
5748
5749 -or-
5750
5751 print $query->button('button_name',"do_something()");
5752
5753button() produces a button that is compatible with Netscape 2.0's
5754JavaScript. When it's pressed the fragment of JavaScript code
5755pointed to by the B<-onClick> parameter will be executed. On
5756non-Netscape browsers this form element will probably not even
5757display.
5758
71f3e297 5759=head1 HTTP COOKIES
54310121 5760
71f3e297
JH		 5761Netscape browsers versions 1.1 and higher, and all versions of
5762Internet Explorer, support a so-called "cookie" designed to help
5763maintain state within a browser session. CGI.pm has several methods
5764that support cookies.
54310121 5765
5766A cookie is a name=value pair much like the named parameters in a CGI
5767query string. CGI scripts create one or more cookies and send
5768them to the browser in the HTTP header. The browser maintains a list
5769of cookies that belong to a particular Web server, and returns them
5770to the CGI script during subsequent interactions.
5771
5772In addition to the required name=value pair, each cookie has several
5773optional attributes:
5774
5775=over 4
5776
5777=item 1. an expiration time
5778
5779This is a time/date string (in a special GMT format) that indicates
5780when a cookie expires. The cookie will be saved and returned to your
5781script until this expiration date is reached if the user exits
71f3e297
JH		 5782the browser and restarts it. If an expiration date isn't specified, the cookie
5783will remain active until the user quits the browser.
54310121 5784
5785=item 2. a domain
5786
5787This is a partial or complete domain name for which the cookie is
5788valid. The browser will return the cookie to any host that matches
5789the partial domain name. For example, if you specify a domain name
71f3e297 5790of ".capricorn.com", then the browser will return the cookie to
54310121 5791Web servers running on any of the machines "www.capricorn.com",
5792"www2.capricorn.com", "feckless.capricorn.com", etc. Domain names
5793must contain at least two periods to prevent attempts to match
5794on top level domains like ".edu". If no domain is specified, then
5795the browser will only return the cookie to servers on the host the
5796cookie originated from.
5797
5798=item 3. a path
5799
5800If you provide a cookie path attribute, the browser will check it
5801against your script's URL before returning the cookie. For example,
5802if you specify the path "/cgi-bin", then the cookie will be returned
5803to each of the scripts "/cgi-bin/tally.pl", "/cgi-bin/order.pl",
5804and "/cgi-bin/customer_service/complain.pl", but not to the script
5805"/cgi-private/site_admin.pl". By default, path is set to "/", which
5806causes the cookie to be sent to any CGI script on your site.
5807
5808=item 4. a "secure" flag
5809
5810If the "secure" attribute is set, the cookie will only be sent to your
5811script if the CGI request is occurring on a secure channel, such as SSL.
5812
5813=back
5814
71f3e297 5815The interface to HTTP cookies is the B<cookie()> method:
54310121 5816
5817 $cookie = $query->cookie(-name=>'sessionID',
5818 -value=>'xyzzy',
5819 -expires=>'+1h',
5820 -path=>'/cgi-bin/database',
5821 -domain=>'.capricorn.org',
5822 -secure=>1);
5823 print $query->header(-cookie=>$cookie);
5824
5825B<cookie()> creates a new cookie. Its parameters include:
5826
5827=over 4
5828
5829=item B<-name>
5830
5831The name of the cookie (required). This can be any string at all.
71f3e297 5832Although browsers limit their cookie names to non-whitespace
54310121 5833alphanumeric characters, CGI.pm removes this restriction by escaping
5834and unescaping cookies behind the scenes.
5835
5836=item B<-value>
5837
5838The value of the cookie. This can be any scalar value,
5839array reference, or even associative array reference. For example,
5840you can store an entire associative array into a cookie this way:
5841
5842 $cookie=$query->cookie(-name=>'family information',
5843 -value=>\%childrens_ages);
5844
5845=item B<-path>
5846
5847The optional partial path for which this cookie will be valid, as described
5848above.
5849
5850=item B<-domain>
5851
5852The optional partial domain for which this cookie will be valid, as described
5853above.
5854
5855=item B<-expires>
5856
5857The optional expiration date for this cookie. The format is as described
5858in the section on the B<header()> method:
5859
5860 "+1h" one hour from now
5861
5862=item B<-secure>
5863
5864If set to true, this cookie will only be used within a secure
5865SSL session.
5866
5867=back
5868
5869The cookie created by cookie() must be incorporated into the HTTP
5870header within the string returned by the header() method:
5871
5872 print $query->header(-cookie=>$my_cookie);
5873
5874To create multiple cookies, give header() an array reference:
5875
5876 $cookie1 = $query->cookie(-name=>'riddle_name',
5877 -value=>"The Sphynx's Question");
5878 $cookie2 = $query->cookie(-name=>'answers',
5879 -value=>\%answers);
5880 print $query->header(-cookie=>[$cookie1,$cookie2]);
5881
03b9648d
JH		 5882To retrieve a cookie, request it by name by calling cookie() method
5883without the B<-value> parameter:
54310121 5884
5885 use CGI;
5886 $query = new CGI;
03b9648d
JH		 5887 $riddle = $query->cookie('riddle_name');
5888 %answers = $query->cookie('answers');
5889
5890Cookies created with a single scalar value, such as the "riddle_name"
5891cookie, will be returned in that form. Cookies with array and hash
5892values can also be retrieved.
54310121 5893
5894The cookie and CGI namespaces are separate. If you have a parameter
5895named 'answers' and a cookie named 'answers', the values retrieved by
5896param() and cookie() are independent of each other. However, it's
5897simple to turn a CGI parameter into a cookie, and vice-versa:
5898
5899 # turn a CGI parameter into a cookie
5900 $c=$q->cookie(-name=>'answers',-value=>[$q->param('answers')]);
5901 # vice-versa
5902 $q->param(-name=>'answers',-value=>[$q->cookie('answers')]);
5903
5904See the B<cookie.cgi> example script for some ideas on how to use
5905cookies effectively.
5906
71f3e297 5907=head1 WORKING WITH FRAMES
54310121 5908
71f3e297
JH		 5909It's possible for CGI.pm scripts to write into several browser panels
5910and windows using the HTML 4 frame mechanism. There are three
5911techniques for defining new frames programmatically:
54310121 5912
5913=over 4
5914
5915=item 1. Create a <Frameset> document
5916
5917After writing out the HTTP header, instead of creating a standard
5918HTML document using the start_html() call, create a <FRAMESET>
5919document that defines the frames on the page. Specify your script(s)
5920(with appropriate parameters) as the SRC for each of the frames.
5921
5922There is no specific support for creating <FRAMESET> sections
5923in CGI.pm, but the HTML is very simple to write. See the frame
5924documentation in Netscape's home pages for details
5925
5926 http://home.netscape.com/assist/net_sites/frames.html
5927
5928=item 2. Specify the destination for the document in the HTTP header
5929
5930You may provide a B<-target> parameter to the header() method:
3cb6de81 5931
54310121 5932 print $q->header(-target=>'ResultsWindow');
5933
71f3e297
JH		 5934This will tell the browser to load the output of your script into the
5935frame named "ResultsWindow". If a frame of that name doesn't already
5936exist, the browser will pop up a new window and load your script's
5937document into that. There are a number of magic names that you can
5938use for targets. See the frame documents on Netscape's home pages for
5939details.
54310121 5940
5941=item 3. Specify the destination for the document in the <FORM> tag
5942
5943You can specify the frame to load in the FORM tag itself. With
5944CGI.pm it looks like this:
5945
3d1a2ec4 5946 print $q->start_form(-target=>'ResultsWindow');
54310121 5947
5948When your script is reinvoked by the form, its output will be loaded
5949into the frame named "ResultsWindow". If one doesn't already exist
5950a new window will be created.
5951
5952=back
5953
5954The script "frameset.cgi" in the examples directory shows one way to
5955create pages in which the fill-out form and the response live in
5956side-by-side frames.
5957
7d37aa8e
LS		 5958=head1 LIMITED SUPPORT FOR CASCADING STYLE SHEETS
5959
5960CGI.pm has limited support for HTML3's cascading style sheets (css).
5961To incorporate a stylesheet into your document, pass the
5962start_html() method a B<-style> parameter. The value of this
5963parameter may be a scalar, in which case it is incorporated directly
5964into a <STYLE> section, or it may be a hash reference. In the latter
5965case you should provide the hash with one or more of B<-src> or
5966B<-code>. B<-src> points to a URL where an externally-defined
5967stylesheet can be found. B<-code> points to a scalar value to be
5968incorporated into a <STYLE> section. Style definitions in B<-code>
5969override similarly-named ones in B<-src>, hence the name "cascading."
5970
424ec8fa
GS		 5971You may also specify the type of the stylesheet by adding the optional
5972B<-type> parameter to the hash pointed to by B<-style>. If not
5973specified, the style defaults to 'text/css'.
5974
7d37aa8e
LS		 5975To refer to a style within the body of your document, add the
5976B<-class> parameter to any HTML element:
5977
5978 print h1({-class=>'Fancy'},'Welcome to the Party');
5979
5980Or define styles on the fly with the B<-style> parameter:
5981
5982 print h1({-style=>'Color: red;'},'Welcome to Hell');
5983
5984You may also use the new B<span()> element to apply a style to a
5985section of text:
5986
5987 print span({-style=>'Color: red;'},
5988 h1('Welcome to Hell'),
5989 "Where did that handbasket get to?"
5990 );
5991
5992Note that you must import the ":html3" definitions to have the
5993B<span()> method available. Here's a quick and dirty example of using
5994CSS's. See the CSS specification at
5995http://www.w3.org/pub/WWW/TR/Wd-css-1.html for more information.
5996
5997 use CGI qw/:standard :html3/;
5998
5999 #here's a stylesheet incorporated directly into the page
6000 $newStyle=<<END;
6001 <!--
6002 P.Tip {
6003 margin-right: 50pt;
6004 margin-left: 50pt;
6005 color: red;
6006 }
6007 P.Alert {
6008 font-size: 30pt;
6009 font-family: sans-serif;
6010 color: red;
6011 }
6012 -->
6013 END
6014 print header();
6015 print start_html( -title=>'CGI with Style',
6016 -style=>{-src=>'http://www.capricorn.com/style/st1.css',
6017 -code=>$newStyle}
6018 );
6019 print h1('CGI with Style'),
6020 p({-class=>'Tip'},
6021 "Better read the cascading style sheet spec before playing with this!"),
6022 span({-style=>'color: magenta'},
6023 "Look Mom, no hands!",
6024 p(),
6025 "Whooo wee!"
6026 );
6027 print end_html;
6028
6b4ac661
JH		 6029Pass an array reference to B<-style> in order to incorporate multiple
6030stylesheets into your document.
6031
54310121 6032=head1 DEBUGGING
6033
3d1a2ec4
GS		 6034If you are running the script from the command line or in the perl
6035debugger, you can pass the script a list of keywords or
6036parameter=value pairs on the command line or from standard input (you
6037don't have to worry about tricking your script into reading from
6038environment variables). You can pass keywords like this:
54310121 6039
6040 your_script.pl keyword1 keyword2 keyword3
6041
6042or this:
6043
6044 your_script.pl keyword1+keyword2+keyword3
6045
6046or this:
6047
6048 your_script.pl name1=value1 name2=value2
6049
6050or this:
6051
6052 your_script.pl name1=value1&name2=value2
6053
3d1a2ec4
GS		 6054To turn off this feature, use the -no_debug pragma.
6055
6056To test the POST method, you may enable full debugging with the -debug
6057pragma. This will allow you to feed newline-delimited name=value
6058pairs to the script on standard input.
54310121 6059
6060When debugging, you can use quotes and backslashes to escape
6061characters in the familiar shell manner, letting you place
6062spaces and other funny characters in your parameter=value
6063pairs:
6064
6065 your_script.pl "name1='I am a long value'" "name2=two\ words"
6066
6067=head2 DUMPING OUT ALL THE NAME/VALUE PAIRS
6068
3d1a2ec4 6069The Dump() method produces a string consisting of all the query's
54310121 6070name/value pairs formatted nicely as a nested list. This is useful
6071for debugging purposes:
6072
3d1a2ec4 6073 print $query->Dump
3cb6de81 6074
54310121 6075
6076Produces something that looks like:
6077
6078 <UL>
6079 <LI>name1
6080 <UL>
6081 <LI>value1
6082 <LI>value2
6083 </UL>
6084 <LI>name2
6085 <UL>
6086 <LI>value1
6087 </UL>
6088 </UL>
6089
71f3e297
JH		 6090As a shortcut, you can interpolate the entire CGI object into a string
6091and it will be replaced with the a nice HTML dump shown above:
54310121 6092
6093 $query=new CGI;
6094 print "<H2>Current Values</H2> $query\n";
6095
6096=head1 FETCHING ENVIRONMENT VARIABLES
6097
6098Some of the more useful environment variables can be fetched
6099through this interface. The methods are as follows:
6100
6101=over 4
6102
71f3e297
JH		 6103=item B<Accept()>
6104
6105Return a list of MIME types that the remote browser accepts. If you
6106give this method a single argument corresponding to a MIME type, as in
6107$query->Accept('text/html'), it will return a floating point value
6108corresponding to the browser's preference for this type from 0.0
6109(don't want) to 1.0. Glob types (e.g. text/*) in the browser's accept
6110list are handled correctly.
54310121 6111
71f3e297
JH		 6112Note that the capitalization changed between version 2.43 and 2.44 in
6113order to avoid conflict with Perl's accept() function.
54310121 6114
6115=item B<raw_cookie()>
6116
424ec8fa 6117Returns the HTTP_COOKIE variable, an HTTP extension implemented by
71f3e297
JH		 6118Netscape browsers version 1.1 and higher, and all versions of Internet
6119Explorer. Cookies have a special format, and this method call just
6120returns the raw form (?cookie dough). See cookie() for ways of
6121setting and retrieving cooked cookies.
424ec8fa
GS		 6122
6123Called with no parameters, raw_cookie() returns the packed cookie
6124structure. You can separate it into individual cookies by splitting
6125on the character sequence "; ". Called with the name of a cookie,
6126retrieves the B<unescaped> form of the cookie. You can use the
6127regular cookie() method to get the names, or use the raw_fetch()
6128method from the CGI::Cookie module.
54310121 6129
6130=item B<user_agent()>
6131
6132Returns the HTTP_USER_AGENT variable. If you give
6133this method a single argument, it will attempt to
6134pattern match on it, allowing you to do something
6135like $query->user_agent(netscape);
6136
6137=item B<path_info()>
6138
6139Returns additional path information from the script URL.
6b4ac661
JH		 6140E.G. fetching /cgi-bin/your_script/additional/stuff will result in
6141$query->path_info() returning "/additional/stuff".
54310121 6142
6143NOTE: The Microsoft Internet Information Server
6144is broken with respect to additional path information. If
6145you use the Perl DLL library, the IIS server will attempt to
6146execute the additional path information as a Perl script.
6147If you use the ordinary file associations mapping, the
6148path information will be present in the environment,
6149but incorrect. The best thing to do is to avoid using additional
6150path information in CGI scripts destined for use with IIS.
6151
6152=item B<path_translated()>
6153
6154As per path_info() but returns the additional
6155path information translated into a physical path, e.g.
6156"/usr/local/etc/httpd/htdocs/additional/stuff".
6157
6158The Microsoft IIS is broken with respect to the translated
6159path as well.
6160
6161=item B<remote_host()>
6162
6163Returns either the remote host name or IP address.
6164if the former is unavailable.
6165
6166=item B<script_name()>
551e1d92 6167
54310121 6168Return the script name as a partial URL, for self-refering
6169scripts.
6170
6171=item B<referer()>
6172
6173Return the URL of the page the browser was viewing
6174prior to fetching your script. Not available for all
6175browsers.
6176
6177=item B<auth_type ()>
6178
6179Return the authorization/verification method in use for this
6180script, if any.
6181
6182=item B<server_name ()>
6183
6184Returns the name of the server, usually the machine's host
6185name.
6186
6187=item B<virtual_host ()>
6188
6189When using virtual hosts, returns the name of the host that
6190the browser attempted to contact
6191
03b9648d
JH		 6192=item B<server_port ()>
6193
6194Return the port that the server is listening on.
6195
54310121 6196=item B<server_software ()>
6197
6198Returns the server software and version number.
6199
6200=item B<remote_user ()>
6201
6202Return the authorization/verification name used for user
6203verification, if this script is protected.
6204
6205=item B<user_name ()>
6206
71f3e297
JH		 6207Attempt to obtain the remote user's name, using a variety of different
6208techniques. This only works with older browsers such as Mosaic.
6209Newer browsers do not report the user name for privacy reasons!
54310121 6210
6211=item B<request_method()>
6212
6213Returns the method used to access your script, usually
6214one of 'POST', 'GET' or 'HEAD'.
6215
3538e1d5
GS		 6216=item B<content_type()>
6217
6218Returns the content_type of data submitted in a POST, generally
6219multipart/form-data or application/x-www-form-urlencoded
6220
6221=item B<http()>
6222
6223Called with no arguments returns the list of HTTP environment
6224variables, including such things as HTTP_USER_AGENT,
6225HTTP_ACCEPT_LANGUAGE, and HTTP_ACCEPT_CHARSET, corresponding to the
6226like-named HTTP header fields in the request. Called with the name of
6227an HTTP header field, returns its value. Capitalization and the use
6228of hyphens versus underscores are not significant.
6229
6230For example, all three of these examples are equivalent:
6231
6232 $requested_language = $q->http('Accept-language');
6233 $requested_language = $q->http('Accept_language');
6234 $requested_language = $q->http('HTTP_ACCEPT_LANGUAGE');
6235
6236=item B<https()>
6237
6238The same as I<http()>, but operates on the HTTPS environment variables
6239present when the SSL protocol is in effect. Can be used to determine
6240whether SSL is turned on.
6241
54310121 6242=back
6243
424ec8fa 6244=head1 USING NPH SCRIPTS
54310121 6245
424ec8fa
GS		 6246NPH, or "no-parsed-header", scripts bypass the server completely by
6247sending the complete HTTP header directly to the browser. This has
6248slight performance benefits, but is of most use for taking advantage
6249of HTTP extensions that are not directly supported by your server,
6250such as server push and PICS headers.
54310121 6251
424ec8fa
GS		 6252Servers use a variety of conventions for designating CGI scripts as
6253NPH. Many Unix servers look at the beginning of the script's name for
6254the prefix "nph-". The Macintosh WebSTAR server and Microsoft's
6255Internet Information Server, in contrast, try to decide whether a
6256program is an NPH script by examining the first line of script output.
54310121 6257
54310121 6258
424ec8fa
GS		 6259CGI.pm supports NPH scripts with a special NPH mode. When in this
6260mode, CGI.pm will output the necessary extra header information when
6261the header() and redirect() methods are
6262called.
54310121 6263
424ec8fa
GS		 6264The Microsoft Internet Information Server requires NPH mode. As of version
62652.30, CGI.pm will automatically detect when the script is running under IIS
6266and put itself into this mode. You do not need to do this manually, although
6267it won't hurt anything if you do.
54310121 6268
424ec8fa 6269There are a number of ways to put CGI.pm into NPH mode:
54310121 6270
424ec8fa 6271=over 4
54310121 6272
424ec8fa 6273=item In the B<use> statement
54310121 6274
424ec8fa
GS		 6275Simply add the "-nph" pragmato the list of symbols to be imported into
6276your script:
54310121 6277
424ec8fa 6278 use CGI qw(:standard -nph)
54310121 6279
424ec8fa 6280=item By calling the B<nph()> method:
54310121 6281
424ec8fa 6282Call B<nph()> with a non-zero parameter at any point after using CGI.pm in your program.
54310121 6283
424ec8fa 6284 CGI->nph(1)
54310121 6285
551e1d92
RB		 6286=item By using B<-nph> parameters
6287
6288in the B<header()> and B<redirect()> statements:
54310121 6289
424ec8fa 6290 print $q->header(-nph=>1);
54310121 6291
424ec8fa 6292=back
54310121 6293
424ec8fa
GS		 6294=head1 Server Push
6295
ba056755 6296CGI.pm provides four simple functions for producing multipart
424ec8fa
GS		 6297documents of the type needed to implement server push. These
6298functions were graciously provided by Ed Jordan <ed@fidalgo.net>. To
6299import these into your namespace, you must import the ":push" set.
6300You are also advised to put the script into NPH mode and to set $| to
63011 to avoid buffering problems.
6302
6303Here is a simple script that demonstrates server push:
6304
6305 #!/usr/local/bin/perl
6306 use CGI qw/:push -nph/;
6307 $| = 1;
ba056755
JH		 6308 print multipart_init(-boundary=>'----here we go!');
6309 foreach (0 .. 4) {
424ec8fa 6310 print multipart_start(-type=>'text/plain'),
ba056755
JH		 6311 "The current time is ",scalar(localtime),"\n";
6312 if ($_ < 4) {
6313 print multipart_end;
6314 } else {
6315 print multipart_final;
6316 }
424ec8fa
GS		 6317 sleep 1;
6318 }
54310121 6319
424ec8fa 6320This script initializes server push by calling B<multipart_init()>.
ba056755
JH		 6321It then enters a loop in which it begins a new multipart section by
6322calling B<multipart_start()>, prints the current local time,
424ec8fa 6323and ends a multipart section with B<multipart_end()>. It then sleeps
ba056755
JH		 6324a second, and begins again. On the final iteration, it ends the
6325multipart section with B<multipart_final()> rather than with
6326B<multipart_end()>.
54310121 6327
424ec8fa 6328=over 4
54310121 6329
424ec8fa 6330=item multipart_init()
3cb6de81 6331
424ec8fa 6332 multipart_init(-boundary=>$boundary);
54310121 6333
424ec8fa
GS		 6334Initialize the multipart system. The -boundary argument specifies
6335what MIME boundary string to use to separate parts of the document.
6336If not provided, CGI.pm chooses a reasonable boundary for you.
54310121 6337
424ec8fa 6338=item multipart_start()
54310121 6339
424ec8fa 6340 multipart_start(-type=>$type)
54310121 6341
424ec8fa
GS		 6342Start a new part of the multipart document using the specified MIME
6343type. If not specified, text/html is assumed.
54310121 6344
424ec8fa 6345=item multipart_end()
54310121 6346
424ec8fa 6347 multipart_end()
54310121 6348
424ec8fa 6349End a part. You must remember to call multipart_end() once for each
ba056755
JH		 6350multipart_start(), except at the end of the last part of the multipart
6351document when multipart_final() should be called instead of multipart_end().
6352
6353=item multipart_final()
6354
6355 multipart_final()
6356
6357End all parts. You should call multipart_final() rather than
6358multipart_end() at the end of the last part of the multipart document.
54310121 6359
424ec8fa 6360=back
54310121 6361
424ec8fa
GS		 6362Users interested in server push applications should also have a look
6363at the CGI::Push module.
54310121 6364
ba056755
JH		 6365Only Netscape Navigator supports server push. Internet Explorer
6366browsers do not.
6367
424ec8fa 6368=head1 Avoiding Denial of Service Attacks
54310121 6369
424ec8fa
GS		 6370A potential problem with CGI.pm is that, by default, it attempts to
6371process form POSTings no matter how large they are. A wily hacker
6372could attack your site by sending a CGI script a huge POST of many
6373megabytes. CGI.pm will attempt to read the entire POST into a
6374variable, growing hugely in size until it runs out of memory. While
6375the script attempts to allocate the memory the system may slow down
6376dramatically. This is a form of denial of service attack.
54310121 6377
424ec8fa
GS		 6378Another possible attack is for the remote user to force CGI.pm to
6379accept a huge file upload. CGI.pm will accept the upload and store it
6380in a temporary directory even if your script doesn't expect to receive
6381an uploaded file. CGI.pm will delete the file automatically when it
6382terminates, but in the meantime the remote user may have filled up the
6383server's disk space, causing problems for other programs.
54310121 6384
424ec8fa
GS		 6385The best way to avoid denial of service attacks is to limit the amount
6386of memory, CPU time and disk space that CGI scripts can use. Some Web
6387servers come with built-in facilities to accomplish this. In other
6388cases, you can use the shell I<limit> or I<ulimit>
6389commands to put ceilings on CGI resource usage.
54310121 6390
54310121 6391
424ec8fa
GS		 6392CGI.pm also has some simple built-in protections against denial of
6393service attacks, but you must activate them before you can use them.
6394These take the form of two global variables in the CGI name space:
54310121 6395
424ec8fa 6396=over 4
54310121 6397
424ec8fa 6398=item B<$CGI::POST_MAX>
54310121 6399
424ec8fa
GS		 6400If set to a non-negative integer, this variable puts a ceiling
6401on the size of POSTings, in bytes. If CGI.pm detects a POST
6402that is greater than the ceiling, it will immediately exit with an error
6403message. This value will affect both ordinary POSTs and
6404multipart POSTs, meaning that it limits the maximum size of file
6405uploads as well. You should set this to a reasonably high
6406value, such as 1 megabyte.
54310121 6407
424ec8fa 6408=item B<$CGI::DISABLE_UPLOADS>
54310121 6409
424ec8fa
GS		 6410If set to a non-zero value, this will disable file uploads
6411completely. Other fill-out form values will work as usual.
54310121 6412
6413=back
6414
424ec8fa 6415You can use these variables in either of two ways.
54310121 6416
424ec8fa 6417=over 4
54310121 6418
424ec8fa 6419=item B<1. On a script-by-script basis>
54310121 6420
424ec8fa 6421Set the variable at the top of the script, right after the "use" statement:
54310121 6422
424ec8fa
GS		 6423 use CGI qw/:standard/;
6424 use CGI::Carp 'fatalsToBrowser';
6425 $CGI::POST_MAX=1024 * 100; # max 100K posts
6426 $CGI::DISABLE_UPLOADS = 1; # no uploads
54310121 6427
424ec8fa 6428=item B<2. Globally for all scripts>
54310121 6429
424ec8fa
GS		 6430Open up CGI.pm, find the definitions for $POST_MAX and
6431$DISABLE_UPLOADS, and set them to the desired values. You'll
6432find them towards the top of the file in a subroutine named
6433initialize_globals().
54310121 6434
424ec8fa 6435=back
54310121 6436
3538e1d5
GS		 6437An attempt to send a POST larger than $POST_MAX bytes will cause
6438I<param()> to return an empty CGI parameter list. You can test for
6439this event by checking I<cgi_error()>, either after you create the CGI
6440object or, if you are using the function-oriented interface, call
6441<param()> for the first time. If the POST was intercepted, then
6442cgi_error() will return the message "413 POST too large".
6443
6444This error message is actually defined by the HTTP protocol, and is
6445designed to be returned to the browser as the CGI script's status
6446 code. For example:
6447
6448 $uploaded_file = param('upload');
6449 if (!$uploaded_file && cgi_error()) {
6450 print header(-status=>cgi_error());
6451 exit 0;
6452 }
6453
6454However it isn't clear that any browser currently knows what to do
6455with this status code. It might be better just to create an
6456HTML page that warns the user of the problem.
54310121 6457
424ec8fa 6458=head1 COMPATIBILITY WITH CGI-LIB.PL
54310121 6459
3538e1d5
GS		 6460To make it easier to port existing programs that use cgi-lib.pl the
6461compatibility routine "ReadParse" is provided. Porting is simple:
54310121 6462
424ec8fa
GS		 6463OLD VERSION
6464 require "cgi-lib.pl";
6465 &ReadParse;
6466 print "The value of the antique is $in{antique}.\n";
54310121 6467
424ec8fa
GS		 6468NEW VERSION
6469 use CGI;
6470 CGI::ReadParse
6471 print "The value of the antique is $in{antique}.\n";
54310121 6472
424ec8fa
GS		 6473CGI.pm's ReadParse() routine creates a tied variable named %in,
6474which can be accessed to obtain the query variables. Like
6475ReadParse, you can also provide your own variable. Infrequently
6476used features of ReadParse, such as the creation of @in and $in
6477variables, are not supported.
54310121 6478
424ec8fa
GS		 6479Once you use ReadParse, you can retrieve the query object itself
6480this way:
54310121 6481
424ec8fa
GS		 6482 $q = $in{CGI};
6483 print $q->textfield(-name=>'wow',
6484 -value=>'does this really work?');
54310121 6485
424ec8fa
GS		 6486This allows you to start using the more interesting features
6487of CGI.pm without rewriting your old scripts from scratch.
54310121 6488
6489=head1 AUTHOR INFORMATION
6490
71f3e297
JH		 6491Copyright 1995-1998, Lincoln D. Stein. All rights reserved.
6492
6493This library is free software; you can redistribute it and/or modify
6494it under the same terms as Perl itself.
54310121 6495
71f3e297
JH		 6496Address bug reports and comments to: lstein@cshl.org. When sending
6497bug reports, please provide the version of CGI.pm, the version of
6498Perl, the name and version of your Web server, and the name and
6499version of the operating system you are using. If the problem is even
6500remotely browser dependent, please provide information about the
6501affected browers as well.
54310121 6502
6503=head1 CREDITS
6504
6505Thanks very much to:
6506
6507=over 4
6508
6509=item Matt Heffron (heffron@falstaff.css.beckman.com)
6510
6511=item James Taylor (james.taylor@srs.gov)
6512
6513=item Scott Anguish <sanguish@digifix.com>
6514
6515=item Mike Jewell (mlj3u@virginia.edu)
6516
6517=item Timothy Shimmin (tes@kbs.citri.edu.au)
6518
6519=item Joergen Haegg (jh@axis.se)
6520
71f3e297 6521=item Laurent Delfosse (delfosse@delfosse.com)
54310121 6522
6523=item Richard Resnick (applepi1@aol.com)
6524
6525=item Craig Bishop (csb@barwonwater.vic.gov.au)
6526
6527=item Tony Curtis (tc@vcpc.univie.ac.at)
6528
6529=item Tim Bunce (Tim.Bunce@ig.co.uk)
6530
6531=item Tom Christiansen (tchrist@convex.com)
6532
6533=item Andreas Koenig (k@franz.ww.TU-Berlin.DE)
6534
6535=item Tim MacKenzie (Tim.MacKenzie@fulcrum.com.au)
6536
6537=item Kevin B. Hendricks (kbhend@dogwood.tyler.wm.edu)
6538
6539=item Stephen Dahmen (joyfire@inxpress.net)
6540
6541=item Ed Jordan (ed@fidalgo.net)
6542
6543=item David Alan Pisoni (david@cnation.com)
6544
424ec8fa
GS		 6545=item Doug MacEachern (dougm@opengroup.org)
6546
6547=item Robin Houston (robin@oneworld.org)
6548
54310121 6549=item ...and many many more...
6550
6551for suggestions and bug fixes.
6552
6553=back
6554
6555=head1 A COMPLETE EXAMPLE OF A SIMPLE FORM-BASED SCRIPT
6556
6557
6558 #!/usr/local/bin/perl
3cb6de81 6559
54310121 6560 use CGI;
3cb6de81 6561
54310121 6562 $query = new CGI;
6563
6564 print $query->header;
6565 print $query->start_html("Example CGI.pm Form");
6566 print "<H1> Example CGI.pm Form</H1>\n";
6567 &print_prompt($query);
6568 &do_work($query);
6569 &print_tail;
6570 print $query->end_html;
3cb6de81 6571
54310121 6572 sub print_prompt {
6573 my($query) = @_;
3cb6de81 6574
3d1a2ec4 6575 print $query->start_form;
54310121 6576 print "<EM>What's your name?</EM><BR>";
6577 print $query->textfield('name');
6578 print $query->checkbox('Not my real name');
3cb6de81 6579
54310121 6580 print "<P><EM>Where can you find English Sparrows?</EM><BR>";
6581 print $query->checkbox_group(
6582 -name=>'Sparrow locations',
6583 -values=>[England,France,Spain,Asia,Hoboken],
6584 -linebreak=>'yes',
6585 -defaults=>[England,Asia]);
3cb6de81 6586
54310121 6587 print "<P><EM>How far can they fly?</EM><BR>",
6588 $query->radio_group(
6589 -name=>'how far',
6590 -values=>['10 ft','1 mile','10 miles','real far'],
6591 -default=>'1 mile');
3cb6de81 6592
54310121 6593 print "<P><EM>What's your favorite color?</EM> ";
6594 print $query->popup_menu(-name=>'Color',
6595 -values=>['black','brown','red','yellow'],
6596 -default=>'red');
3cb6de81 6597
54310121 6598 print $query->hidden('Reference','Monty Python and the Holy Grail');
3cb6de81 6599
54310121 6600 print "<P><EM>What have you got there?</EM><BR>";
6601 print $query->scrolling_list(
6602 -name=>'possessions',
6603 -values=>['A Coconut','A Grail','An Icon',
6604 'A Sword','A Ticket'],
6605 -size=>5,
6606 -multiple=>'true');
3cb6de81 6607
54310121 6608 print "<P><EM>Any parting comments?</EM><BR>";
6609 print $query->textarea(-name=>'Comments',
6610 -rows=>10,
6611 -columns=>50);
3cb6de81 6612
ffd2dff2 6613 print "<P>",$query->reset;
54310121 6614 print $query->submit('Action','Shout');
6615 print $query->submit('Action','Scream');
6616 print $query->endform;
6617 print "<HR>\n";
6618 }
3cb6de81 6619
54310121 6620 sub do_work {
6621 my($query) = @_;
6622 my(@values,$key);
6623
6624 print "<H2>Here are the current settings in this form</H2>";
6625
6626 foreach $key ($query->param) {
6627 print "<STRONG>$key</STRONG> -> ";
6628 @values = $query->param($key);
6629 print join(", ",@values),"<BR>\n";
6630 }
6631 }
3cb6de81 6632
54310121 6633 sub print_tail {
6634 print <<END;
6635 <HR>
6636 <ADDRESS>Lincoln D. Stein</ADDRESS><BR>
6637 <A HREF="/">Home Page</A>
6638 END
6639 }
6640
6641=head1 BUGS
6642
6643This module has grown large and monolithic. Furthermore it's doing many
6644things, such as handling URLs, parsing CGI input, writing HTML, etc., that
6645are also done in the LWP modules. It should be discarded in favor of
6646the CGI::* modules, but somehow I continue to work on it.
6647
6648Note that the code is truly contorted in order to avoid spurious
6649warnings when programs are run with the B<-w> switch.
6650
6651=head1 SEE ALSO
6652
6653L<CGI::Carp>, L<URI::URL>, L<CGI::Request>, L<CGI::MiniSvr>,
71f3e297
JH		 6654L<CGI::Base>, L<CGI::Form>, L<CGI::Push>, L<CGI::Fast>,
6655L<CGI::Pretty>
54310121 6656
6657=cut
6658
Unnamed repository; edit this file 'description' to name the repository.