| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 package CGI; 2 require 5.004; 3 use Carp 'croak'; 4 5 # See the bottom of this file for the POD documentation. Search for the 6 # string '=head'. 7 8 # You can run this file through either pod2man or pod2html to produce pretty 9 # documentation in manual or html file format (these utilities are part of the 10 # Perl 5 distribution). 11 12 # Copyright 1995-1998 Lincoln D. Stein. All rights reserved. 13 # It may be used and modified freely, but I do request that this copyright 14 # notice remain attached to the file. You may modify this module as you 15 # wish, but if you redistribute a modified version, please attach a note 16 # listing the modifications you have made. 17 18 # The most recent version and complete docs are available at: 19 # http://stein.cshl.org/WWW/software/CGI/ 20 21 $CGI::revision = '$Id: CGI.pm,v 1.234 2007/04/16 16:58:46 lstein Exp $'; 22 $CGI::VERSION='3.29'; 23 24 # HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES. 25 # UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING. 26 # $CGITempFile::TMPDIRECTORY = '/usr/tmp'; 27 use CGI::Util qw(rearrange make_attributes unescape escape expires ebcdic2ascii ascii2ebcdic); 28 29 #use constant XHTML_DTD => ['-//W3C//DTD XHTML Basic 1.0//EN', 30 # 'http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd']; 31 32 use constant XHTML_DTD => ['-//W3C//DTD XHTML 1.0 Transitional//EN', 33 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd']; 34 35 { 36 local $^W = 0; 37 $TAINTED = substr("$0$^X",0,0); 38 } 39 40 $MOD_PERL = 0; # no mod_perl by default 41 @SAVED_SYMBOLS = (); 42 43 44 # >>>>> Here are some globals that you might want to adjust <<<<<< 45 sub initialize_globals { 46 # Set this to 1 to enable copious autoloader debugging messages 47 $AUTOLOAD_DEBUG = 0; 48 49 # Set this to 1 to generate XTML-compatible output 50 $XHTML = 1; 51 52 # Change this to the preferred DTD to print in start_html() 53 # or use default_dtd('text of DTD to use'); 54 $DEFAULT_DTD = [ '-//W3C//DTD HTML 4.01 Transitional//EN', 55 'http://www.w3.org/TR/html4/loose.dtd' ] ; 56 57 # Set this to 1 to enable NOSTICKY scripts 58 # or: 59 # 1) use CGI qw(-nosticky) 60 # 2) $CGI::nosticky(1) 61 $NOSTICKY = 0; 62 63 # Set this to 1 to enable NPH scripts 64 # or: 65 # 1) use CGI qw(-nph) 66 # 2) CGI::nph(1) 67 # 3) print header(-nph=>1) 68 $NPH = 0; 69 70 # Set this to 1 to enable debugging from @ARGV 71 # Set to 2 to enable debugging from STDIN 72 $DEBUG = 1; 73 74 # Set this to 1 to make the temporary files created 75 # during file uploads safe from prying eyes 76 # or do... 77 # 1) use CGI qw(:private_tempfiles) 78 # 2) CGI::private_tempfiles(1); 79 $PRIVATE_TEMPFILES = 0; 80 81 # Set this to 1 to generate automatic tab indexes 82 $TABINDEX = 0; 83 84 # Set this to 1 to cause files uploaded in multipart documents 85 # to be closed, instead of caching the file handle 86 # or: 87 # 1) use CGI qw(:close_upload_files) 88 # 2) $CGI::close_upload_files(1); 89 # Uploads with many files run out of file handles. 90 # Also, for performance, since the file is already on disk, 91 # it can just be renamed, instead of read and written. 92 $CLOSE_UPLOAD_FILES = 0; 93 94 # Set this to a positive value to limit the size of a POSTing 95 # to a certain number of bytes: 96 $POST_MAX = -1; 97 98 # Change this to 1 to disable uploads entirely: 99 $DISABLE_UPLOADS = 0; 100 101 # Automatically determined -- don't change 102 $EBCDIC = 0; 103 104 # Change this to 1 to suppress redundant HTTP headers 105 $HEADERS_ONCE = 0; 106 107 # separate the name=value pairs by semicolons rather than ampersands 108 $USE_PARAM_SEMICOLONS = 1; 109 110 # Do not include undefined params parsed from query string 111 # use CGI qw(-no_undef_params); 112 $NO_UNDEF_PARAMS = 0; 113 114 # Other globals that you shouldn't worry about. 115 undef $Q; 116 $BEEN_THERE = 0; 117 $DTD_PUBLIC_IDENTIFIER = ""; 118 undef @QUERY_PARAM; 119 undef %EXPORT; 120 undef $QUERY_CHARSET; 121 undef %QUERY_FIELDNAMES; 122 undef %QUERY_TMPFILES; 123 124 # prevent complaints by mod_perl 125 1; 126 } 127 128 # ------------------ START OF THE LIBRARY ------------ 129 130 *end_form = \&endform; 131 132 # make mod_perlhappy 133 initialize_globals(); 134 135 # FIGURE OUT THE OS WE'RE RUNNING UNDER 136 # Some systems support the $^O variable. If not 137 # available then require() the Config library 138 unless ($OS) { 139 unless ($OS = $^O) { 140 require Config; 141 $OS = $Config::Config{'osname'}; 142 } 143 } 144 if ($OS =~ /^MSWin/i) { 145 $OS = 'WINDOWS'; 146 } elsif ($OS =~ /^VMS/i) { 147 $OS = 'VMS'; 148 } elsif ($OS =~ /^dos/i) { 149 $OS = 'DOS'; 150 } elsif ($OS =~ /^MacOS/i) { 151 $OS = 'MACINTOSH'; 152 } elsif ($OS =~ /^os2/i) { 153 $OS = 'OS2'; 154 } elsif ($OS =~ /^epoc/i) { 155 $OS = 'EPOC'; 156 } elsif ($OS =~ /^cygwin/i) { 157 $OS = 'CYGWIN'; 158 } else { 159 $OS = 'UNIX'; 160 } 161 162 # Some OS logic. Binary mode enabled on DOS, NT and VMS 163 $needs_binmode = $OS=~/^(WINDOWS|DOS|OS2|MSWin|CYGWIN)/; 164 165 # This is the default class for the CGI object to use when all else fails. 166 $DefaultClass = 'CGI' unless defined $CGI::DefaultClass; 167 168 # This is where to look for autoloaded routines. 169 $AutoloadClass = $DefaultClass unless defined $CGI::AutoloadClass; 170 171 # The path separator is a slash, backslash or semicolon, depending 172 # on the paltform. 173 $SL = { 174 UNIX => '/', OS2 => '\\', EPOC => '/', CYGWIN => '/', 175 WINDOWS => '\\', DOS => '\\', MACINTOSH => ':', VMS => '/' 176 }->{$OS}; 177 178 # This no longer seems to be necessary 179 # Turn on NPH scripts by default when running under IIS server! 180 # $NPH++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/; 181 $IIS++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/; 182 183 # Turn on special checking for Doug MacEachern's modperl 184 if (exists $ENV{MOD_PERL}) { 185 # mod_perl handlers may run system() on scripts using CGI.pm; 186 # Make sure so we don't get fooled by inherited $ENV{MOD_PERL} 187 if (exists $ENV{MOD_PERL_API_VERSION} && $ENV{MOD_PERL_API_VERSION} == 2) { 188 $MOD_PERL = 2; 189 require Apache2::Response; 190 require Apache2::RequestRec; 191 require Apache2::RequestUtil; 192 require Apache2::RequestIO; 193 require APR::Pool; 194 } else { 195 $MOD_PERL = 1; 196 require Apache; 197 } 198 } 199 200 # Turn on special checking for ActiveState's PerlEx 201 $PERLEX++ if defined($ENV{'GATEWAY_INTERFACE'}) && $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-PerlEx/; 202 203 # Define the CRLF sequence. I can't use a simple "\r\n" because the meaning 204 # of "\n" is different on different OS's (sometimes it generates CRLF, sometimes LF 205 # and sometimes CR). The most popular VMS web server 206 # doesn't accept CRLF -- instead it wants a LR. EBCDIC machines don't 207 # use ASCII, so \015\012 means something different. I find this all 208 # really annoying. 209 $EBCDIC = "\t" ne "\011"; 210 if ($OS eq 'VMS') { 211 $CRLF = "\n"; 212 } elsif ($EBCDIC) { 213 $CRLF= "\r\n"; 214 } else { 215 $CRLF = "\015\012"; 216 } 217 218 if ($needs_binmode) { 219 $CGI::DefaultClass->binmode(\*main::STDOUT); 220 $CGI::DefaultClass->binmode(\*main::STDIN); 221 $CGI::DefaultClass->binmode(\*main::STDERR); 222 } 223 224 %EXPORT_TAGS = ( 225 ':html2'=>['h1'..'h6',qw/p br hr ol ul li dl dt dd menu code var strong em 226 tt u i b blockquote pre img a address cite samp dfn html head 227 base body Link nextid title meta kbd start_html end_html 228 input Select option comment charset escapeHTML/], 229 ':html3'=>[qw/div table caption th td TR Tr sup Sub strike applet Param 230 embed basefont style span layer ilayer font frameset frame script small big Area Map/], 231 ':html4'=>[qw/abbr acronym bdo col colgroup del fieldset iframe 232 ins label legend noframes noscript object optgroup Q 233 thead tbody tfoot/], 234 ':netscape'=>[qw/blink fontsize center/], 235 ':form'=>[qw/textfield textarea filefield password_field hidden checkbox checkbox_group 236 submit reset defaults radio_group popup_menu button autoEscape 237 scrolling_list image_button start_form end_form startform endform 238 start_multipart_form end_multipart_form isindex tmpFileName uploadInfo URL_ENCODED MULTIPART/], 239 ':cgi'=>[qw/param upload path_info path_translated request_uri url self_url script_name 240 cookie Dump 241 raw_cookie request_method query_string Accept user_agent remote_host content_type 242 remote_addr referer server_name server_software server_port server_protocol virtual_port 243 virtual_host remote_ident auth_type http append 244 save_parameters restore_parameters param_fetch 245 remote_user user_name header redirect import_names put 246 Delete Delete_all url_param cgi_error/], 247 ':ssl' => [qw/https/], 248 ':cgi-lib' => [qw/ReadParse PrintHeader HtmlTop HtmlBot SplitParam Vars/], 249 ':html' => [qw/:html2 :html3 :html4 :netscape/], 250 ':standard' => [qw/:html2 :html3 :html4 :form :cgi/], 251 ':push' => [qw/multipart_init multipart_start multipart_end multipart_final/], 252 ':all' => [qw/:html2 :html3 :netscape :form :cgi :internal :html4/] 253 ); 254 255 # Custom 'can' method for both autoloaded and non-autoloaded subroutines. 256 # Author: Cees Hek <cees@sitesuite.com.au> 257 258 sub can { 259 my($class, $method) = @_; 260 261 # See if UNIVERSAL::can finds it. 262 263 if (my $func = $class -> SUPER::can($method) ){ 264 return $func; 265 } 266 267 # Try to compile the function. 268 269 eval { 270 # _compile looks at $AUTOLOAD for the function name. 271 272 local $AUTOLOAD = join "::", $class, $method; 273 &_compile; 274 }; 275 276 # Now that the function is loaded (if it exists) 277 # just use UNIVERSAL::can again to do the work. 278 279 return $class -> SUPER::can($method); 280 } 281 282 # to import symbols into caller 283 sub import { 284 my $self = shift; 285 286 # This causes modules to clash. 287 undef %EXPORT_OK; 288 undef %EXPORT; 289 290 $self->_setup_symbols(@_); 291 my ($callpack, $callfile, $callline) = caller; 292 293 # To allow overriding, search through the packages 294 # Till we find one in which the correct subroutine is defined. 295 my @packages = ($self,@{"$self\:\:ISA"}); 296 foreach $sym (keys %EXPORT) { 297 my $pck; 298 my $def = ${"$self\:\:AutoloadClass"} || $DefaultClass; 299 foreach $pck (@packages) { 300 if (defined(&{"$pck\:\:$sym"})) { 301 $def = $pck; 302 last; 303 } 304 } 305 *{"$callpack}::$sym"} = \&{"$def\:\:$sym"}; 306 } 307 } 308 309 sub compile { 310 my $pack = shift; 311 $pack->_setup_symbols('-compile',@_); 312 } 313 314 sub expand_tags { 315 my($tag) = @_; 316 return ("start_$1","end_$1") if $tag=~/^(?:\*|start_|end_)(.+)/; 317 my(@r); 318 return ($tag) unless $EXPORT_TAGS{$tag}; 319 foreach (@{$EXPORT_TAGS{$tag}}) { 320 push(@r,&expand_tags($_)); 321 } 322 return @r; 323 } 324 325 #### Method: new 326 # The new routine. This will check the current environment 327 # for an existing query string, and initialize itself, if so. 328 #### 329 sub new { 330 my($class,@initializer) = @_; 331 my $self = {}; 332 333 bless $self,ref $class || $class || $DefaultClass; 334 335 # always use a tempfile 336 $self->{'use_tempfile'} = 1; 337 338 if (ref($initializer[0]) 339 && (UNIVERSAL::isa($initializer[0],'Apache') 340 || 341 UNIVERSAL::isa($initializer[0],'Apache2::RequestRec') 342 )) { 343 $self->r(shift @initializer); 344 } 345 if (ref($initializer[0]) 346 && (UNIVERSAL::isa($initializer[0],'CODE'))) { 347 $self->upload_hook(shift @initializer, shift @initializer); 348 $self->{'use_tempfile'} = shift @initializer if (@initializer > 0); 349 } 350 if ($MOD_PERL) { 351 if ($MOD_PERL == 1) { 352 $self->r(Apache->request) unless $self->r; 353 my $r = $self->r; 354 $r->register_cleanup(\&CGI::_reset_globals); 355 } 356 else { 357 # XXX: once we have the new API 358 # will do a real PerlOptions -SetupEnv check 359 $self->r(Apache2::RequestUtil->request) unless $self->r; 360 my $r = $self->r; 361 $r->subprocess_env unless exists $ENV{REQUEST_METHOD}; 362 $r->pool->cleanup_register(\&CGI::_reset_globals); 363 } 364 undef $NPH; 365 } 366 $self->_reset_globals if $PERLEX; 367 $self->init(@initializer); 368 return $self; 369 } 370 371 # We provide a DESTROY method so that we can ensure that 372 # temporary files are closed (via Fh->DESTROY) before they 373 # are unlinked (via CGITempFile->DESTROY) because it is not 374 # possible to unlink an open file on Win32. We explicitly 375 # call DESTROY on each, rather than just undefing them and 376 # letting Perl DESTROY them by garbage collection, in case the 377 # user is still holding any reference to them as well. 378 sub DESTROY { 379 my $self = shift; 380 if ($OS eq 'WINDOWS') { 381 foreach my $href (values %{$self->{'.tmpfiles'}}) { 382 $href->{hndl}->DESTROY if defined $href->{hndl}; 383 $href->{name}->DESTROY if defined $href->{name}; 384 } 385 } 386 } 387 388 sub r { 389 my $self = shift; 390 my $r = $self->{'.r'}; 391 $self->{'.r'} = shift if @_; 392 $r; 393 } 394 395 sub upload_hook { 396 my $self; 397 if (ref $_[0] eq 'CODE') { 398 $CGI::Q = $self = $CGI::DefaultClass->new(@_); 399 } else { 400 $self = shift; 401 } 402 my ($hook,$data,$use_tempfile) = @_; 403 $self->{'.upload_hook'} = $hook; 404 $self->{'.upload_data'} = $data; 405 $self->{'use_tempfile'} = $use_tempfile if defined $use_tempfile; 406 } 407 408 #### Method: param 409 # Returns the value(s)of a named parameter. 410 # If invoked in a list context, returns the 411 # entire list. Otherwise returns the first 412 # member of the list. 413 # If name is not provided, return a list of all 414 # the known parameters names available. 415 # If more than one argument is provided, the 416 # second and subsequent arguments are used to 417 # set the value of the parameter. 418 #### 419 sub param { 420 my($self,@p) = self_or_default(@_); 421 return $self->all_parameters unless @p; 422 my($name,$value,@other); 423 424 # For compatibility between old calling style and use_named_parameters() style, 425 # we have to special case for a single parameter present. 426 if (@p > 1) { 427 ($name,$value,@other) = rearrange([NAME,[DEFAULT,VALUE,VALUES]],@p); 428 my(@values); 429 430 if (substr($p[0],0,1) eq '-') { 431 @values = defined($value) ? (ref($value) && ref($value) eq 'ARRAY' ? @{$value} : $value) : (); 432 } else { 433 foreach ($value,@other) { 434 push(@values,$_) if defined($_); 435 } 436 } 437 # If values is provided, then we set it. 438 if (@values or defined $value) { 439 $self->add_parameter($name); 440 $self->{$name}=[@values]; 441 } 442 } else { 443 $name = $p[0]; 444 } 445 446 return unless defined($name) && $self->{$name}; 447 448 my $charset = $self->charset || ''; 449 my $utf8 = $charset eq 'utf-8'; 450 if ($utf8) { 451 eval "require Encode; 1;" if $utf8 && !Encode->can('decode'); # bring in these functions 452 return wantarray ? map {Encode::decode(utf8=>$_) } @{$self->{$name}} 453 : Encode::decode(utf8=>$self->{$name}->[0]); 454 } else { 455 return wantarray ? @{$self->{$name}} : $self->{$name}->[0]; 456 } 457 } 458 459 sub self_or_default { 460 return @_ if defined($_[0]) && (!ref($_[0])) &&($_[0] eq 'CGI'); 461 unless (defined($_[0]) && 462 (ref($_[0]) eq 'CGI' || UNIVERSAL::isa($_[0],'CGI')) # slightly optimized for common case 463 ) { 464 $Q = $CGI::DefaultClass->new unless defined($Q); 465 unshift(@_,$Q); 466 } 467 return wantarray ? @_ : $Q; 468 } 469 470 sub self_or_CGI { 471 local $^W=0; # prevent a warning 472 if (defined($_[0]) && 473 (substr(ref($_[0]),0,3) eq 'CGI' 474 || UNIVERSAL::isa($_[0],'CGI'))) { 475 return @_; 476 } else { 477 return ($DefaultClass,@_); 478 } 479 } 480 481 ######################################## 482 # THESE METHODS ARE MORE OR LESS PRIVATE 483 # GO TO THE __DATA__ SECTION TO SEE MORE 484 # PUBLIC METHODS 485 ######################################## 486 487 # Initialize the query object from the environment. 488 # If a parameter list is found, this object will be set 489 # to an associative array in which parameter names are keys 490 # and the values are stored as lists 491 # If a keyword list is found, this method creates a bogus 492 # parameter list with the single parameter 'keywords'. 493 494 sub init { 495 my $self = shift; 496 my($query_string,$meth,$content_length,$fh,@lines) = ('','','',''); 497 498 my $is_xforms; 499 500 my $initializer = shift; # for backward compatibility 501 local($/) = "\n"; 502 503 # set autoescaping on by default 504 $self->{'escape'} = 1; 505 506 # if we get called more than once, we want to initialize 507 # ourselves from the original query (which may be gone 508 # if it was read from STDIN originally.) 509 if (defined(@QUERY_PARAM) && !defined($initializer)) { 510 for my $name (@QUERY_PARAM) { 511 my $val = $QUERY_PARAM{$name}; # always an arrayref; 512 $self->param('-name'=>$name,'-value'=> $val); 513 if (defined $val and ref $val eq 'ARRAY') { 514 for my $fh (grep {defined(fileno($_))} @$val) { 515 seek($fh,0,0); # reset the filehandle. 516 } 517 518 } 519 } 520 $self->charset($QUERY_CHARSET); 521 $self->{'.fieldnames'} = {%QUERY_FIELDNAMES}; 522 $self->{'.tmpfiles'} = {%QUERY_TMPFILES}; 523 return; 524 } 525 526 $meth=$ENV{'REQUEST_METHOD'} if defined($ENV{'REQUEST_METHOD'}); 527 $content_length = defined($ENV{'CONTENT_LENGTH'}) ? $ENV{'CONTENT_LENGTH'} : 0; 528 529 $fh = to_filehandle($initializer) if $initializer; 530 531 # set charset to the safe ISO-8859-1 532 $self->charset('ISO-8859-1'); 533 534 METHOD: { 535 536 # avoid unreasonably large postings 537 if (($POST_MAX > 0) && ($content_length > $POST_MAX)) { 538 #discard the post, unread 539 $self->cgi_error("413 Request entity too large"); 540 last METHOD; 541 } 542 543 # Process multipart postings, but only if the initializer is 544 # not defined. 545 if ($meth eq 'POST' 546 && defined($ENV{'CONTENT_TYPE'}) 547 && $ENV{'CONTENT_TYPE'}=~m|^multipart/form-data| 548 && !defined($initializer) 549 ) { 550 my($boundary) = $ENV{'CONTENT_TYPE'} =~ /boundary=\"?([^\";,]+)\"?/; 551 $self->read_multipart($boundary,$content_length); 552 last METHOD; 553 } 554 555 # Process XForms postings. We know that we have XForms in the 556 # following cases: 557 # method eq 'POST' && content-type eq 'application/xml' 558 # method eq 'POST' && content-type =~ /multipart\/related.+start=/ 559 # There are more cases, actually, but for now, we don't support other 560 # methods for XForm posts. 561 # In a XForm POST, the QUERY_STRING is parsed normally. 562 # If the content-type is 'application/xml', we just set the param 563 # XForms:Model (referring to the xml syntax) param containing the 564 # unparsed XML data. 565 # In the case of multipart/related we set XForms:Model as above, but 566 # the other parts are available as uploads with the Content-ID as the 567 # the key. 568 # See the URL below for XForms specs on this issue. 569 # http://www.w3.org/TR/2006/REC-xforms-20060314/slice11.html#submit-options 570 if ($meth eq 'POST' && defined($ENV{'CONTENT_TYPE'})) { 571 if ($ENV{'CONTENT_TYPE'} eq 'application/xml') { 572 my($param) = 'XForms:Model'; 573 my($value) = ''; 574 $self->add_parameter($param); 575 $self->read_from_client(\$value,$content_length,0) 576 if $content_length > 0; 577 push (@{$self->{$param}},$value); 578 $is_xforms = 1; 579 } elsif ($ENV{'CONTENT_TYPE'} =~ /multipart\/related.+boundary=\"?([^\";,]+)\"?.+start=\"?\<?([^\"\>]+)\>?\"?/) { 580 my($boundary,$start) = ($1,$2); 581 my($param) = 'XForms:Model'; 582 $self->add_parameter($param); 583 my($value) = $self->read_multipart_related($start,$boundary,$content_length,0); 584 push (@{$self->{$param}},$value); 585 if ($MOD_PERL) { 586 $query_string = $self->r->args; 587 } else { 588 $query_string = $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'}; 589 $query_string ||= $ENV{'REDIRECT_QUERY_STRING'} if defined $ENV{'REDIRECT_QUERY_STRING'}; 590 } 591 $is_xforms = 1; 592 } 593 } 594 595 596 # If initializer is defined, then read parameters 597 # from it. 598 if (!$is_xforms && defined($initializer)) { 599 if (UNIVERSAL::isa($initializer,'CGI')) { 600 $query_string = $initializer->query_string; 601 last METHOD; 602 } 603 if (ref($initializer) && ref($initializer) eq 'HASH') { 604 foreach (keys %$initializer) { 605 $self->param('-name'=>$_,'-value'=>$initializer->{$_}); 606 } 607 last METHOD; 608 } 609 610 if (defined($fh) && ($fh ne '')) { 611 while (<$fh>) { 612 chomp; 613 last if /^=/; 614 push(@lines,$_); 615 } 616 # massage back into standard format 617 if ("@lines" =~ /=/) { 618 $query_string=join("&",@lines); 619 } else { 620 $query_string=join("+",@lines); 621 } 622 last METHOD; 623 } 624 625 # last chance -- treat it as a string 626 $initializer = $$initializer if ref($initializer) eq 'SCALAR'; 627 $query_string = $initializer; 628 629 last METHOD; 630 } 631 632 # If method is GET or HEAD, fetch the query from 633 # the environment. 634 if ($is_xforms || $meth=~/^(GET|HEAD)$/) { 635 if ($MOD_PERL) { 636 $query_string = $self->r->args; 637 } else { 638 $query_string = $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'}; 639 $query_string ||= $ENV{'REDIRECT_QUERY_STRING'} if defined $ENV{'REDIRECT_QUERY_STRING'}; 640 } 641 last METHOD; 642 } 643 644 if ($meth eq 'POST') { 645 $self->read_from_client(\$query_string,$content_length,0) 646 if $content_length > 0; 647 # Some people want to have their cake and eat it too! 648 # Uncomment this line to have the contents of the query string 649 # APPENDED to the POST data. 650 # $query_string .= (length($query_string) ? '&' : '') . $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'}; 651 last METHOD; 652 } 653 654 # If $meth is not of GET, POST or HEAD, assume we're being debugged offline. 655 # Check the command line and then the standard input for data. 656 # We use the shellwords package in order to behave the way that 657 # UN*X programmers expect. 658 if ($DEBUG) 659 { 660 my $cmdline_ret = read_from_cmdline(); 661 $query_string = $cmdline_ret->{'query_string'}; 662 if (defined($cmdline_ret->{'subpath'})) 663 { 664 $self->path_info($cmdline_ret->{'subpath'}); 665 } 666 } 667 } 668 669 # YL: Begin Change for XML handler 10/19/2001 670 if (!$is_xforms && $meth eq 'POST' 671 && defined($ENV{'CONTENT_TYPE'}) 672 && $ENV{'CONTENT_TYPE'} !~ m|^application/x-www-form-urlencoded| 673 && $ENV{'CONTENT_TYPE'} !~ m|^multipart/form-data| ) { 674 my($param) = 'POSTDATA' ; 675 $self->add_parameter($param) ; 676 push (@{$self->{$param}},$query_string); 677 undef $query_string ; 678 } 679 # YL: End Change for XML handler 10/19/2001 680 681 # We now have the query string in hand. We do slightly 682 # different things for keyword lists and parameter lists. 683 if (defined $query_string && length $query_string) { 684 if ($query_string =~ /[&=;]/) { 685 $self->parse_params($query_string); 686 } else { 687 $self->add_parameter('keywords'); 688 $self->{'keywords'} = [$self->parse_keywordlist($query_string)]; 689 } 690 } 691 692 # Special case. Erase everything if there is a field named 693 # .defaults. 694 if ($self->param('.defaults')) { 695 $self->delete_all(); 696 } 697 698 # Associative array containing our defined fieldnames 699 $self->{'.fieldnames'} = {}; 700 foreach ($self->param('.cgifields')) { 701 $self->{'.fieldnames'}->{$_}++; 702 } 703 704 # Clear out our default submission button flag if present 705 $self->delete('.submit'); 706 $self->delete('.cgifields'); 707 708 $self->save_request unless defined $initializer; 709 } 710 711 # FUNCTIONS TO OVERRIDE: 712 # Turn a string into a filehandle 713 sub to_filehandle { 714 my $thingy = shift; 715 return undef unless $thingy; 716 return $thingy if UNIVERSAL::isa($thingy,'GLOB'); 717 return $thingy if UNIVERSAL::isa($thingy,'FileHandle'); 718 if (!ref($thingy)) { 719 my $caller = 1; 720 while (my $package = caller($caller++)) { 721 my($tmp) = $thingy=~/[\':]/ ? $thingy : "$package\:\:$thingy"; 722 return $tmp if defined(fileno($tmp)); 723 } 724 } 725 return undef; 726 } 727 728 # send output to the browser 729 sub put { 730 my($self,@p) = self_or_default(@_); 731 $self->print(@p); 732 } 733 734 # print to standard output (for overriding in mod_perl) 735 sub print { 736 shift; 737 CORE::print(@_); 738 } 739 740 # get/set last cgi_error 741 sub cgi_error { 742 my ($self,$err) = self_or_default(@_); 743 $self->{'.cgi_error'} = $err if defined $err; 744 return $self->{'.cgi_error'}; 745 } 746 747 sub save_request { 748 my($self) = @_; 749 # We're going to play with the package globals now so that if we get called 750 # again, we initialize ourselves in exactly the same way. This allows 751 # us to have several of these objects. 752 @QUERY_PARAM = $self->param; # save list of parameters 753 foreach (@QUERY_PARAM) { 754 next unless defined $_; 755 $QUERY_PARAM{$_}=$self->{$_}; 756 } 757 $QUERY_CHARSET = $self->charset; 758 %QUERY_FIELDNAMES = %{$self->{'.fieldnames'}}; 759 %QUERY_TMPFILES = %{ $self->{'.tmpfiles'} || {} }; 760 } 761 762 sub parse_params { 763 my($self,$tosplit) = @_; 764 my(@pairs) = split(/[&;]/,$tosplit); 765 my($param,$value); 766 foreach (@pairs) { 767 ($param,$value) = split('=',$_,2); 768 next unless defined $param; 769 next if $NO_UNDEF_PARAMS and not defined $value; 770 $value = '' unless defined $value; 771 $param = unescape($param); 772 $value = unescape($value); 773 $self->add_parameter($param); 774 push (@{$self->{$param}},$value); 775 } 776 } 777 778 sub add_parameter { 779 my($self,$param)=@_; 780 return unless defined $param; 781 push (@{$self->{'.parameters'}},$param) 782 unless defined($self->{$param}); 783 } 784 785 sub all_parameters { 786 my $self = shift; 787 return () unless defined($self) && $self->{'.parameters'}; 788 return () unless @{$self->{'.parameters'}}; 789 return @{$self->{'.parameters'}}; 790 } 791 792 # put a filehandle into binary mode (DOS) 793 sub binmode { 794 return unless defined($_[1]) && defined fileno($_[1]); 795 CORE::binmode($_[1]); 796 } 797 798 sub _make_tag_func { 799 my ($self,$tagname) = @_; 800 my $func = qq( 801 sub $tagname { 802 my (\$q,\$a,\@rest) = self_or_default(\@_); 803 my(\$attr) = ''; 804 if (ref(\$a) && ref(\$a) eq 'HASH') { 805 my(\@attr) = make_attributes(\$a,\$q->{'escape'}); 806 \$attr = " \@attr" if \@attr; 807 } else { 808 unshift \@rest,\$a if defined \$a; 809 } 810 ); 811 if ($tagname=~/start_(\w+)/i) { 812 $func .= qq! return "<\L$1\E\$attr>";} !; 813 } elsif ($tagname=~/end_(\w+)/i) { 814 $func .= qq! return "<\L/$1\E>"; } !; 815 } else { 816 $func .= qq# 817 return \$XHTML ? "\L<$tagname\E\$attr />" : "\L<$tagname\E\$attr>" unless \@rest; 818 my(\$tag,\$untag) = ("\L<$tagname\E\$attr>","\L</$tagname>\E"); 819 my \@result = map { "\$tag\$_\$untag" } 820 (ref(\$rest[0]) eq 'ARRAY') ? \@{\$rest[0]} : "\@rest"; 821 return "\@result"; 822 }#; 823 } 824 return $func; 825 } 826 827 sub AUTOLOAD { 828 print STDERR "CGI::AUTOLOAD for $AUTOLOAD\n" if $CGI::AUTOLOAD_DEBUG; 829 my $func = &_compile; 830 goto &$func; 831 } 832 833 sub _compile { 834 my($func) = $AUTOLOAD; 835 my($pack,$func_name); 836 { 837 local($1,$2); # this fixes an obscure variable suicide problem. 838 $func=~/(.+)::([^:]+)$/; 839 ($pack,$func_name) = ($1,$2); 840 $pack=~s/::SUPER$//; # fix another obscure problem 841 $pack = ${"$pack\:\:AutoloadClass"} || $CGI::DefaultClass 842 unless defined(${"$pack\:\:AUTOLOADED_ROUTINES"}); 843 844 my($sub) = \%{"$pack\:\:SUBS"}; 845 unless (%$sub) { 846 my($auto) = \${"$pack\:\:AUTOLOADED_ROUTINES"}; 847 local ($@,$!); 848 eval "package $pack; $$auto"; 849 croak("$AUTOLOAD: $@") if $@; 850 $$auto = ''; # Free the unneeded storage (but don't undef it!!!) 851 } 852 my($code) = $sub->{$func_name}; 853 854 $code = "sub $AUTOLOAD { }" if (!$code and $func_name eq 'DESTROY'); 855 if (!$code) { 856 (my $base = $func_name) =~ s/^(start_|end_)//i; 857 if ($EXPORT{':any'} || 858 $EXPORT{'-any'} || 859 $EXPORT{$base} || 860 (%EXPORT_OK || grep(++$EXPORT_OK{$_},&expand_tags(':html'))) 861 && $EXPORT_OK{$base}) { 862 $code = $CGI::DefaultClass->_make_tag_func($func_name); 863 } 864 } 865 croak("Undefined subroutine $AUTOLOAD\n") unless $code; 866 local ($@,$!); 867 eval "package $pack; $code"; 868 if ($@) { 869 $@ =~ s/ at .*\n//; 870 croak("$AUTOLOAD: $@"); 871 } 872 } 873 CORE::delete($sub->{$func_name}); #free storage 874 return "$pack\:\:$func_name"; 875 } 876 877 sub _selected { 878 my $self = shift; 879 my $value = shift; 880 return '' unless $value; 881 return $XHTML ? qq(selected="selected" ) : qq(selected ); 882 } 883 884 sub _checked { 885 my $self = shift; 886 my $value = shift; 887 return '' unless $value; 888 return $XHTML ? qq(checked="checked" ) : qq(checked ); 889 } 890 891 sub _reset_globals { initialize_globals(); } 892 893 sub _setup_symbols { 894 my $self = shift; 895 my $compile = 0; 896 897 # to avoid reexporting unwanted variables 898 undef %EXPORT; 899 900 foreach (@_) { 901 $HEADERS_ONCE++, next if /^[:-]unique_headers$/; 902 $NPH++, next if /^[:-]nph$/; 903 $NOSTICKY++, next if /^[:-]nosticky$/; 904 $DEBUG=0, next if /^[:-]no_?[Dd]ebug$/; 905 $DEBUG=2, next if /^[:-][Dd]ebug$/; 906 $USE_PARAM_SEMICOLONS++, next if /^[:-]newstyle_urls$/; 907 $XHTML++, next if /^[:-]xhtml$/; 908 $XHTML=0, next if /^[:-]no_?xhtml$/; 909 $USE_PARAM_SEMICOLONS=0, next if /^[:-]oldstyle_urls$/; 910 $PRIVATE_TEMPFILES++, next if /^[:-]private_tempfiles$/; 911 $TABINDEX++, next if /^[:-]tabindex$/; 912 $CLOSE_UPLOAD_FILES++, next if /^[:-]close_upload_files$/; 913 $EXPORT{$_}++, next if /^[:-]any$/; 914 $compile++, next if /^[:-]compile$/; 915 $NO_UNDEF_PARAMS++, next if /^[:-]no_undef_params$/; 916 917 # This is probably extremely evil code -- to be deleted some day. 918 if (/^[-]autoload$/) { 919 my($pkg) = caller(1); 920 *{"$pkg}::AUTOLOAD"} = sub { 921 my($routine) = $AUTOLOAD; 922 $routine =~ s/^.*::/CGI::/; 923 &$routine; 924 }; 925 next; 926 } 927 928 foreach (&expand_tags($_)) { 929 tr/a-zA-Z0-9_//cd; # don't allow weird function names 930 $EXPORT{$_}++; 931 } 932 } 933 _compile_all(keys %EXPORT) if $compile; 934 @SAVED_SYMBOLS = @_; 935 } 936 937 sub charset { 938 my ($self,$charset) = self_or_default(@_); 939 $self->{'.charset'} = $charset if defined $charset; 940 $self->{'.charset'}; 941 } 942 943 sub element_id { 944 my ($self,$new_value) = self_or_default(@_); 945 $self->{'.elid'} = $new_value if defined $new_value; 946 sprintf('%010d',$self->{'.elid'}++); 947 } 948 949 sub element_tab { 950 my ($self,$new_value) = self_or_default(@_); 951 $self->{'.etab'} ||= 1; 952 $self->{'.etab'} = $new_value if defined $new_value; 953 my $tab = $self->{'.etab'}++; 954 return '' unless $TABINDEX or defined $new_value; 955 return qq(tabindex="$tab" ); 956 } 957 958 ############################################################################### 959 ################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND #################### 960 ############################################################################### 961 $AUTOLOADED_ROUTINES = ''; # get rid of -w warning 962 $AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD'; 963 964 %SUBS = ( 965 966 'URL_ENCODED'=> <<'END_OF_FUNC', 967 sub URL_ENCODED { 'application/x-www-form-urlencoded'; } 968 END_OF_FUNC 969 970 'MULTIPART' => <<'END_OF_FUNC', 971 sub MULTIPART { 'multipart/form-data'; } 972 END_OF_FUNC 973 974 'SERVER_PUSH' => <<'END_OF_FUNC', 975 sub SERVER_PUSH { 'multipart/x-mixed-replace;boundary="' . shift() . '"'; } 976 END_OF_FUNC 977 978 'new_MultipartBuffer' => <<'END_OF_FUNC', 979 # Create a new multipart buffer 980 sub new_MultipartBuffer { 981 my($self,$boundary,$length) = @_; 982 return MultipartBuffer->new($self,$boundary,$length); 983 } 984 END_OF_FUNC 985 986 'read_from_client' => <<'END_OF_FUNC', 987 # Read data from a file handle 988 sub read_from_client { 989 my($self, $buff, $len, $offset) = @_; 990 local $^W=0; # prevent a warning 991 return $MOD_PERL 992 ? $self->r->read($$buff, $len, $offset) 993 : read(\*STDIN, $$buff, $len, $offset); 994 } 995 END_OF_FUNC 996 997 'delete' => <<'END_OF_FUNC', 998 #### Method: delete 999 # Deletes the named parameter entirely. 1000 #### 1001 sub delete { 1002 my($self,@p) = self_or_default(@_); 1003 my(@names) = rearrange([NAME],@p); 1004 my @to_delete = ref($names[0]) eq 'ARRAY' ? @$names[0] : @names; 1005 my %to_delete; 1006 foreach my $name (@to_delete) 1007 { 1008 CORE::delete $self->{$name}; 1009 CORE::delete $self->{'.fieldnames'}->{$name}; 1010 $to_delete{$name}++; 1011 } 1012 @{$self->{'.parameters'}}=grep { !exists($to_delete{$_}) } $self->param(); 1013 return; 1014 } 1015 END_OF_FUNC 1016 1017 #### Method: import_names 1018 # Import all parameters into the given namespace. 1019 # Assumes namespace 'Q' if not specified 1020 #### 1021 'import_names' => <<'END_OF_FUNC', 1022 sub import_names { 1023 my($self,$namespace,$delete) = self_or_default(@_); 1024 $namespace = 'Q' unless defined($namespace); 1025 die "Can't import names into \"main\"\n" if \%{"$namespace}::"} == \%::; 1026 if ($delete || $MOD_PERL || exists $ENV{'FCGI_ROLE'}) { 1027 # can anyone find an easier way to do this? 1028 foreach (keys %{"$namespace}::"}) { 1029 local *symbol = "$namespace}::$_}"; 1030 undef $symbol; 1031 undef @symbol; 1032 undef %symbol; 1033 } 1034 } 1035 my($param,@value,$var); 1036 foreach $param ($self->param) { 1037 # protect against silly names 1038 ($var = $param)=~tr/a-zA-Z0-9_/_/c; 1039 $var =~ s/^(?=\d)/_/; 1040 local *symbol = "$namespace}::$var"; 1041 @value = $self->param($param); 1042 @symbol = @value; 1043 $symbol = $value[0]; 1044 } 1045 } 1046 END_OF_FUNC 1047 1048 #### Method: keywords 1049 # Keywords acts a bit differently. Calling it in a list context 1050 # returns the list of keywords. 1051 # Calling it in a scalar context gives you the size of the list. 1052 #### 1053 'keywords' => <<'END_OF_FUNC', 1054 sub keywords { 1055 my($self,@values) = self_or_default(@_); 1056 # If values is provided, then we set it. 1057 $self->{'keywords'}=[@values] if @values; 1058 my(@result) = defined($self->{'keywords'}) ? @{$self->{'keywords'}} : (); 1059 @result; 1060 } 1061 END_OF_FUNC 1062 1063 # These are some tie() interfaces for compatibility 1064 # with Steve Brenner's cgi-lib.pl routines 1065 'Vars' => <<'END_OF_FUNC', 1066 sub Vars { 1067 my $q = shift; 1068 my %in; 1069 tie(%in,CGI,$q); 1070 return %in if wantarray; 1071 return \%in; 1072 } 1073 END_OF_FUNC 1074 1075 # These are some tie() interfaces for compatibility 1076 # with Steve Brenner's cgi-lib.pl routines 1077 'ReadParse' => <<'END_OF_FUNC', 1078 sub ReadParse { 1079 local(*in); 1080 if (@_) { 1081 *in = $_[0]; 1082 } else { 1083 my $pkg = caller(); 1084 *in=*{"$pkg}::in"}; 1085 } 1086 tie(%in,CGI); 1087 return scalar(keys %in); 1088 } 1089 END_OF_FUNC 1090 1091 'PrintHeader' => <<'END_OF_FUNC', 1092 sub PrintHeader { 1093 my($self) = self_or_default(@_); 1094 return $self->header(); 1095 } 1096 END_OF_FUNC 1097 1098 'HtmlTop' => <<'END_OF_FUNC', 1099 sub HtmlTop { 1100 my($self,@p) = self_or_default(@_); 1101 return $self->start_html(@p); 1102 } 1103 END_OF_FUNC 1104 1105 'HtmlBot' => <<'END_OF_FUNC', 1106 sub HtmlBot { 1107 my($self,@p) = self_or_default(@_); 1108 return $self->end_html(@p); 1109 } 1110 END_OF_FUNC 1111 1112 'SplitParam' => <<'END_OF_FUNC', 1113 sub SplitParam { 1114 my ($param) = @_; 1115 my (@params) = split ("\0", $param); 1116 return (wantarray ? @params : $params[0]); 1117 } 1118 END_OF_FUNC 1119 1120 'MethGet' => <<'END_OF_FUNC', 1121 sub MethGet { 1122 return request_method() eq 'GET'; 1123 } 1124 END_OF_FUNC 1125 1126 'MethPost' => <<'END_OF_FUNC', 1127 sub MethPost { 1128 return request_method() eq 'POST'; 1129 } 1130 END_OF_FUNC 1131 1132 'TIEHASH' => <<'END_OF_FUNC', 1133 sub TIEHASH { 1134 my $class = shift; 1135 my $arg = $_[0]; 1136 if (ref($arg) && UNIVERSAL::isa($arg,'CGI')) { 1137 return $arg; 1138 } 1139 return $Q ||= $class->new(@_); 1140 } 1141 END_OF_FUNC 1142 1143 'STORE' => <<'END_OF_FUNC', 1144 sub STORE { 1145 my $self = shift; 1146 my $tag = shift; 1147 my $vals = shift; 1148 my @vals = index($vals,"\0")!=-1 ? split("\0",$vals) : $vals; 1149 $self->param(-name=>$tag,-value=>\@vals); 1150 } 1151 END_OF_FUNC 1152 1153 'FETCH' => <<'END_OF_FUNC', 1154 sub FETCH { 1155 return $_[0] if $_[1] eq 'CGI'; 1156 return undef unless defined $_[0]->param($_[1]); 1157 return join("\0",$_[0]->param($_[1])); 1158 } 1159 END_OF_FUNC 1160 1161 'FIRSTKEY' => <<'END_OF_FUNC', 1162 sub FIRSTKEY { 1163 $_[0]->{'.iterator'}=0; 1164 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++]; 1165 } 1166 END_OF_FUNC 1167 1168 'NEXTKEY' => <<'END_OF_FUNC', 1169 sub NEXTKEY { 1170 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++]; 1171 } 1172 END_OF_FUNC 1173 1174 'EXISTS' => <<'END_OF_FUNC', 1175 sub EXISTS { 1176 exists $_[0]->{$_[1]}; 1177 } 1178 END_OF_FUNC 1179 1180 'DELETE' => <<'END_OF_FUNC', 1181 sub DELETE { 1182 $_[0]->delete($_[1]); 1183 } 1184 END_OF_FUNC 1185 1186 'CLEAR' => <<'END_OF_FUNC', 1187 sub CLEAR { 1188 %{$_[0]}=(); 1189 } 1190 #### 1191 END_OF_FUNC 1192 1193 #### 1194 # Append a new value to an existing query 1195 #### 1196 'append' => <<'EOF', 1197 sub append { 1198 my($self,@p) = self_or_default(@_); 1199 my($name,$value) = rearrange([NAME,[VALUE,VALUES]],@p); 1200 my(@values) = defined($value) ? (ref($value) ? @{$value} : $value) : (); 1201 if (@values) { 1202 $self->add_parameter($name); 1203 push(@{$self->{$name}},@values); 1204 } 1205 return $self->param($name); 1206 } 1207 EOF 1208 1209 #### Method: delete_all 1210 # Delete all parameters 1211 #### 1212 'delete_all' => <<'EOF', 1213 sub delete_all { 1214 my($self) = self_or_default(@_); 1215 my @param = $self->param(); 1216 $self->delete(@param); 1217 } 1218 EOF 1219 1220 'Delete' => <<'EOF', 1221 sub Delete { 1222 my($self,@p) = self_or_default(@_); 1223 $self->delete(@p); 1224 } 1225 EOF 1226 1227 'Delete_all' => <<'EOF', 1228 sub Delete_all { 1229 my($self,@p) = self_or_default(@_); 1230 $self->delete_all(@p); 1231 } 1232 EOF 1233 1234 #### Method: autoescape 1235 # If you want to turn off the autoescaping features, 1236 # call this method with undef as the argument 1237 'autoEscape' => <<'END_OF_FUNC', 1238 sub autoEscape { 1239 my($self,$escape) = self_or_default(@_); 1240 my $d = $self->{'escape'}; 1241 $self->{'escape'} = $escape; 1242 $d; 1243 } 1244 END_OF_FUNC 1245 1246 1247 #### Method: version 1248 # Return the current version 1249 #### 1250 'version' => <<'END_OF_FUNC', 1251 sub version { 1252 return $VERSION; 1253 } 1254 END_OF_FUNC 1255 1256 #### Method: url_param 1257 # Return a parameter in the QUERY_STRING, regardless of 1258 # whether this was a POST or a GET 1259 #### 1260 'url_param' => <<'END_OF_FUNC', 1261 sub url_param { 1262 my ($self,@p) = self_or_default(@_); 1263 my $name = shift(@p); 1264 return undef unless exists($ENV{QUERY_STRING}); 1265 unless (exists($self->{'.url_param'})) { 1266 $self->{'.url_param'}={}; # empty hash 1267 if ($ENV{QUERY_STRING} =~ /=/) { 1268 my(@pairs) = split(/[&;]/,$ENV{QUERY_STRING}); 1269 my($param,$value); 1270 foreach (@pairs) { 1271 ($param,$value) = split('=',$_,2); 1272 $param = unescape($param); 1273 $value = unescape($value); 1274 push(@{$self->{'.url_param'}->{$param}},$value); 1275 } 1276 } else { 1277 $self->{'.url_param'}->{'keywords'} = [$self->parse_keywordlist($ENV{QUERY_STRING})]; 1278 } 1279 } 1280 return keys %{$self->{'.url_param'}} unless defined($name); 1281 return () unless $self->{'.url_param'}->{$name}; 1282 return wantarray ? @{$self->{'.url_param'}->{$name}} 1283 : $self->{'.url_param'}->{$name}->[0]; 1284 } 1285 END_OF_FUNC 1286 1287 #### Method: Dump 1288 # Returns a string in which all the known parameter/value 1289 # pairs are represented as nested lists, mainly for the purposes 1290 # of debugging. 1291 #### 1292 'Dump' => <<'END_OF_FUNC', 1293 sub Dump { 1294 my($self) = self_or_default(@_); 1295 my($param,$value,@result); 1296 return '<ul></ul>' unless $self->param; 1297 push(@result,"<ul>"); 1298 foreach $param ($self->param) { 1299 my($name)=$self->escapeHTML($param); 1300 push(@result,"<li><strong>$param</strong></li>"); 1301 push(@result,"<ul>"); 1302 foreach $value ($self->param($param)) { 1303 $value = $self->escapeHTML($value); 1304 $value =~ s/\n/<br \/>\n/g; 1305 push(@result,"<li>$value</li>"); 1306 } 1307 push(@result,"</ul>"); 1308 } 1309 push(@result,"</ul>"); 1310 return join("\n",@result); 1311 } 1312 END_OF_FUNC 1313 1314 #### Method as_string 1315 # 1316 # synonym for "dump" 1317 #### 1318 'as_string' => <<'END_OF_FUNC', 1319 sub as_string { 1320 &Dump(@_); 1321 } 1322 END_OF_FUNC 1323 1324 #### Method: save 1325 # Write values out to a filehandle in such a way that they can 1326 # be reinitialized by the filehandle form of the new() method 1327 #### 1328 'save' => <<'END_OF_FUNC', 1329 sub save { 1330 my($self,$filehandle) = self_or_default(@_); 1331 $filehandle = to_filehandle($filehandle); 1332 my($param); 1333 local($,) = ''; # set print field separator back to a sane value 1334 local($\) = ''; # set output line separator to a sane value 1335 foreach $param ($self->param) { 1336 my($escaped_param) = escape($param); 1337 my($value); 1338 foreach $value ($self->param($param)) { 1339 print $filehandle "$escaped_param=",escape("$value"),"\n"; 1340 } 1341 } 1342 foreach (keys %{$self->{'.fieldnames'}}) { 1343 print $filehandle ".cgifields=",escape("$_"),"\n"; 1344 } 1345 print $filehandle "=\n"; # end of record 1346 } 1347 END_OF_FUNC 1348 1349 1350 #### Method: save_parameters 1351 # An alias for save() that is a better name for exportation. 1352 # Only intended to be used with the function (non-OO) interface. 1353 #### 1354 'save_parameters' => <<'END_OF_FUNC', 1355 sub save_parameters { 1356 my $fh = shift; 1357 return save(to_filehandle($fh)); 1358 } 1359 END_OF_FUNC 1360 1361 #### Method: restore_parameters 1362 # A way to restore CGI parameters from an initializer. 1363 # Only intended to be used with the function (non-OO) interface. 1364 #### 1365 'restore_parameters' => <<'END_OF_FUNC', 1366 sub restore_parameters { 1367 $Q = $CGI::DefaultClass->new(@_); 1368 } 1369 END_OF_FUNC 1370 1371 #### Method: multipart_init 1372 # Return a Content-Type: style header for server-push 1373 # This has to be NPH on most web servers, and it is advisable to set $| = 1 1374 # 1375 # Many thanks to Ed Jordan <ed@fidalgo.net> for this 1376 # contribution, updated by Andrew Benham (adsb@bigfoot.com) 1377 #### 1378 'multipart_init' => <<'END_OF_FUNC', 1379 sub multipart_init { 1380 my($self,@p) = self_or_default(@_); 1381 my($boundary,@other) = rearrange([BOUNDARY],@p); 1382 $boundary = $boundary || '------- =_aaaaaaaaaa0'; 1383 $self->{'separator'} = "$CRLF--$boundary$CRLF"; 1384 $self->{'final_separator'} = "$CRLF--$boundary--$CRLF"; 1385 $type = SERVER_PUSH($boundary); 1386 return $self->header( 1387 -nph => 0, 1388 -type => $type, 1389 (map { split "=", $_, 2 } @other), 1390 ) . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $self->multipart_end; 1391 } 1392 END_OF_FUNC 1393 1394 1395 #### Method: multipart_start 1396 # Return a Content-Type: style header for server-push, start of section 1397 # 1398 # Many thanks to Ed Jordan <ed@fidalgo.net> for this 1399 # contribution, updated by Andrew Benham (adsb@bigfoot.com) 1400 #### 1401 'multipart_start' => <<'END_OF_FUNC', 1402 sub multipart_start { 1403 my(@header); 1404 my($self,@p) = self_or_default(@_); 1405 my($type,@other) = rearrange([TYPE],@p); 1406 $type = $type || 'text/html'; 1407 push(@header,"Content-Type: $type"); 1408 1409 # rearrange() was designed for the HTML portion, so we 1410 # need to fix it up a little. 1411 foreach (@other) { 1412 # Don't use \s because of perl bug 21951 1413 next unless my($header,$value) = /([^ \r\n\t=]+)=\"?(.+?)\"?$/; 1414 ($_ = $header) =~ s/^(\w)(.*)/$1 . lc ($2) . ': '.$self->unescapeHTML($value)/e; 1415 } 1416 push(@header,@other); 1417 my $header = join($CRLF,@header)."$CRLF}$CRLF}"; 1418 return $header; 1419 } 1420 END_OF_FUNC 1421 1422 1423 #### Method: multipart_end 1424 # Return a MIME boundary separator for server-push, end of section 1425 # 1426 # Many thanks to Ed Jordan <ed@fidalgo.net> for this 1427 # contribution 1428 #### 1429 'multipart_end' => <<'END_OF_FUNC', 1430 sub multipart_end { 1431 my($self,@p) = self_or_default(@_); 1432 return $self->{'separator'}; 1433 } 1434 END_OF_FUNC 1435 1436 1437 #### Method: multipart_final 1438 # Return a MIME boundary separator for server-push, end of all sections 1439 # 1440 # Contributed by Andrew Benham (adsb@bigfoot.com) 1441 #### 1442 'multipart_final' => <<'END_OF_FUNC', 1443 sub multipart_final { 1444 my($self,@p) = self_or_default(@_); 1445 return $self->{'final_separator'} . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $CRLF; 1446 } 1447 END_OF_FUNC 1448 1449 1450 #### Method: header 1451 # Return a Content-Type: style header 1452 # 1453 #### 1454 'header' => <<'END_OF_FUNC', 1455 sub header { 1456 my($self,@p) = self_or_default(@_); 1457 my(@header); 1458 1459 return "" if $self->{'.header_printed'}++ and $HEADERS_ONCE; 1460 1461 my($type,$status,$cookie,$target,$expires,$nph,$charset,$attachment,$p3p,@other) = 1462 rearrange([['TYPE','CONTENT_TYPE','CONTENT-TYPE'], 1463 'STATUS',['COOKIE','COOKIES'],'TARGET', 1464 'EXPIRES','NPH','CHARSET', 1465 'ATTACHMENT','P3P'],@p); 1466 1467 $nph ||= $NPH; 1468 1469 $type ||= 'text/html' unless defined($type); 1470 1471 if (defined $charset) { 1472 $self->charset($charset); 1473 } else { 1474 $charset = $self->charset if $type =~ /^text\//; 1475 } 1476 $charset ||= ''; 1477 1478 # rearrange() was designed for the HTML portion, so we 1479 # need to fix it up a little. 1480 foreach (@other) { 1481 # Don't use \s because of perl bug 21951 1482 next unless my($header,$value) = /([^ \r\n\t=]+)=\"?(.+?)\"?$/; 1483 ($_ = $header) =~ s/^(\w)(.*)/"\u$1\L$2" . ': '.$self->unescapeHTML($value)/e; 1484 } 1485 1486 $type .= "; charset=$charset" 1487 if $type ne '' 1488 and $type !~ /\bcharset\b/ 1489 and defined $charset 1490 and $charset ne ''; 1491 1492 # Maybe future compatibility. Maybe not. 1493 my $protocol = $ENV{SERVER_PROTOCOL} || 'HTTP/1.0'; 1494 push(@header,$protocol . ' ' . ($status || '200 OK')) if $nph; 1495 push(@header,"Server: " . &server_software()) if $nph; 1496 1497 push(@header,"Status: $status") if $status; 1498 push(@header,"Window-Target: $target") if $target; 1499 if ($p3p) { 1500 $p3p = join ' ',@$p3p if ref($p3p) eq 'ARRAY'; 1501 push(@header,qq(P3P: policyref="/w3c/p3p.xml", CP="$p3p")); 1502 } 1503 # push all the cookies -- there may be several 1504 if ($cookie) { 1505 my(@cookie) = ref($cookie) && ref($cookie) eq 'ARRAY' ? @{$cookie} : $cookie; 1506 foreach (@cookie) { 1507 my $cs = UNIVERSAL::isa($_,'CGI::Cookie') ? $_->as_string : $_; 1508 push(@header,"Set-Cookie: $cs") if $cs ne ''; 1509 } 1510 } 1511 # if the user indicates an expiration time, then we need 1512 # both an Expires and a Date header (so that the browser is 1513 # uses OUR clock) 1514 push(@header,"Expires: " . expires($expires,'http')) 1515 if $expires; 1516 push(@header,"Date: " . expires(0,'http')) if $expires || $cookie || $nph; 1517 push(@header,"Pragma: no-cache") if $self->cache(); 1518 push(@header,"Content-Disposition: attachment; filename=\"$attachment\"") if $attachment; 1519 push(@header,map {ucfirst $_} @other); 1520 push(@header,"Content-Type: $type") if $type ne ''; 1521 my $header = join($CRLF,@header)."$CRLF}$CRLF}"; 1522 if ($MOD_PERL and not $nph) { 1523 $self->r->send_cgi_header($header); 1524 return ''; 1525 } 1526 return $header; 1527 } 1528 END_OF_FUNC 1529 1530 1531 #### Method: cache 1532 # Control whether header() will produce the no-cache 1533 # Pragma directive. 1534 #### 1535 'cache' => <<'END_OF_FUNC', 1536 sub cache { 1537 my($self,$new_value) = self_or_default(@_); 1538 $new_value = '' unless $new_value; 1539 if ($new_value ne '') { 1540 $self->{'cache'} = $new_value; 1541 } 1542 return $self->{'cache'}; 1543 } 1544 END_OF_FUNC 1545 1546 1547 #### Method: redirect 1548 # Return a Location: style header 1549 # 1550 #### 1551 'redirect' => <<'END_OF_FUNC', 1552 sub redirect { 1553 my($self,@p) = self_or_default(@_); 1554 my($url,$target,$status,$cookie,$nph,@other) = 1555 rearrange([[LOCATION,URI,URL],TARGET,STATUS,['COOKIE','COOKIES'],NPH],@p); 1556 $status = '302 Found' unless defined $status; 1557 $url ||= $self->self_url; 1558 my(@o); 1559 foreach (@other) { tr/\"//d; push(@o,split("=",$_,2)); } 1560 unshift(@o, 1561 '-Status' => $status, 1562 '-Location'=> $url, 1563 '-nph' => $nph); 1564 unshift(@o,'-Target'=>$target) if $target; 1565 unshift(@o,'-Type'=>''); 1566 my @unescaped; 1567 unshift(@unescaped,'-Cookie'=>$cookie) if $cookie; 1568 return $self->header((map {$self->unescapeHTML($_)} @o),@unescaped); 1569 } 1570 END_OF_FUNC 1571 1572 1573 #### Method: start_html 1574 # Canned HTML header 1575 # 1576 # Parameters: 1577 # $title -> (optional) The title for this HTML document (-title) 1578 # $author -> (optional) e-mail address of the author (-author) 1579 # $base -> (optional) if set to true, will enter the BASE address of this document 1580 # for resolving relative references (-base) 1581 # $xbase -> (optional) alternative base at some remote location (-xbase) 1582 # $target -> (optional) target window to load all links into (-target) 1583 # $script -> (option) Javascript code (-script) 1584 # $no_script -> (option) Javascript <noscript> tag (-noscript) 1585 # $meta -> (optional) Meta information tags 1586 # $head -> (optional) any other elements you'd like to incorporate into the <head> tag 1587 # (a scalar or array ref) 1588 # $style -> (optional) reference to an external style sheet 1589 # @other -> (optional) any other named parameters you'd like to incorporate into 1590 # the <body> tag. 1591 #### 1592 'start_html' => <<'END_OF_FUNC', 1593 sub start_html { 1594 my($self,@p) = &self_or_default(@_); 1595 my($title,$author,$base,$xbase,$script,$noscript, 1596 $target,$meta,$head,$style,$dtd,$lang,$encoding,$declare_xml,@other) = 1597 rearrange([TITLE,AUTHOR,BASE,XBASE,SCRIPT,NOSCRIPT,TARGET, 1598 META,HEAD,STYLE,DTD,LANG,ENCODING,DECLARE_XML],@p); 1599 1600 $self->element_id(0); 1601 $self->element_tab(0); 1602 1603 $encoding = lc($self->charset) unless defined $encoding; 1604 1605 # Need to sort out the DTD before it's okay to call escapeHTML(). 1606 my(@result,$xml_dtd); 1607 if ($dtd) { 1608 if (defined(ref($dtd)) and (ref($dtd) eq 'ARRAY')) { 1609 $dtd = $DEFAULT_DTD unless $dtd->[0] =~ m|^-//|; 1610 } else { 1611 $dtd = $DEFAULT_DTD unless $dtd =~ m|^-//|; 1612 } 1613 } else { 1614 $dtd = $XHTML ? XHTML_DTD : $DEFAULT_DTD; 1615 } 1616 1617 $xml_dtd++ if ref($dtd) eq 'ARRAY' && $dtd->[0] =~ /\bXHTML\b/i; 1618 $xml_dtd++ if ref($dtd) eq '' && $dtd =~ /\bXHTML\b/i; 1619 push @result,qq(<?xml version="1.0" encoding="$encoding"?>) if $xml_dtd && $declare_xml; 1620 1621 if (ref($dtd) && ref($dtd) eq 'ARRAY') { 1622 push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd->[0]"\n\t "$dtd->[1]">)); 1623 $DTD_PUBLIC_IDENTIFIER = $dtd->[0]; 1624 } else { 1625 push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd">)); 1626 $DTD_PUBLIC_IDENTIFIER = $dtd; 1627 } 1628 1629 # Now that we know whether we're using the HTML 3.2 DTD or not, it's okay to 1630 # call escapeHTML(). Strangely enough, the title needs to be escaped as 1631 # HTML while the author needs to be escaped as a URL. 1632 $title = $self->escapeHTML($title || 'Untitled Document'); 1633 $author = $self->escape($author); 1634 1635 if ($DTD_PUBLIC_IDENTIFIER =~ /[^X]HTML (2\.0|3\.2)/i) { 1636 $lang = "" unless defined $lang; 1637 $XHTML = 0; 1638 } 1639 else { 1640 $lang = 'en-US' unless defined $lang; 1641 } 1642 1643 my $lang_bits = $lang ne '' ? qq( lang="$lang" xml:lang="$lang") : ''; 1644 my $meta_bits = qq(<meta http-equiv="Content-Type" content="text/html; charset=$encoding" />) 1645 if $XHTML && $encoding && !$declare_xml; 1646 1647 push(@result,$XHTML ? qq(<html xmlns="http://www.w3.org/1999/xhtml"$lang_bits>\n<head>\n<title>$title</title>) 1648 : ($lang ? qq(<html lang="$lang">) : "<html>") 1649 . "<head><title>$title</title>"); 1650 if (defined $author) { 1651 push(@result,$XHTML ? "<link rev=\"made\" href=\"mailto:$author\" />" 1652 : "<link rev=\"made\" href=\"mailto:$author\">"); 1653 } 1654 1655 if ($base || $xbase || $target) { 1656 my $href = $xbase || $self->url('-path'=>1); 1657 my $t = $target ? qq/ target="$target"/ : ''; 1658 push(@result,$XHTML ? qq(<base href="$href"$t />) : qq(<base href="$href"$t>)); 1659 } 1660 1661 if ($meta && ref($meta) && (ref($meta) eq 'HASH')) { 1662 foreach (keys %$meta) { push(@result,$XHTML ? qq(<meta name="$_" content="$meta->{$_}" />) 1663 : qq(<meta name="$_" content="$meta->{$_}">)); } 1664 } 1665 1666 push(@result,ref($head) ? @$head : $head) if $head; 1667 1668 # handle the infrequently-used -style and -script parameters 1669 push(@result,$self->_style($style)) if defined $style; 1670 push(@result,$self->_script($script)) if defined $script; 1671 push(@result,$meta_bits) if defined $meta_bits; 1672 1673 # handle -noscript parameter 1674 push(@result,<<END) if $noscript; 1675 <noscript> 1676 $noscript 1677 </noscript> 1678 END 1679 ; 1680 my($other) = @other ? " @other" : ''; 1681 push(@result,"</head>\n<body$other>\n"); 1682 return join("\n",@result); 1683 } 1684 END_OF_FUNC 1685 1686 ### Method: _style 1687 # internal method for generating a CSS style section 1688 #### 1689 '_style' => <<'END_OF_FUNC', 1690 sub _style { 1691 my ($self,$style) = @_; 1692 my (@result); 1693 1694 my $type = 'text/css'; 1695 my $rel = 'stylesheet'; 1696 1697 1698 my $cdata_start = $XHTML ? "\n<!--/* <![CDATA[ */" : "\n<!-- "; 1699 my $cdata_end = $XHTML ? "\n/* ]]> */-->\n" : " -->\n"; 1700 1701 my @s = ref($style) eq 'ARRAY' ? @$style : $style; 1702 1703 for my $s (@s) { 1704 if (ref($s)) { 1705 my($src,$code,$verbatim,$stype,$alternate,$foo,@other) = 1706 rearrange([qw(SRC CODE VERBATIM TYPE ALTERNATE FOO)], 1707 ('-foo'=>'bar', 1708 ref($s) eq 'ARRAY' ? @$s : %$s)); 1709 my $type = defined $stype ? $stype : 'text/css'; 1710 my $rel = $alternate ? 'alternate stylesheet' : 'stylesheet'; 1711 my $other = @other ? join ' ',@other : ''; 1712 1713 if (ref($src) eq "ARRAY") # Check to see if the $src variable is an array reference 1714 { # If it is, push a LINK tag for each one 1715 foreach $src (@$src) 1716 { 1717 push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>) 1718 : qq(<link rel="$rel" type="$type" href="$src"$other>)) if $src; 1719 } 1720 } 1721 else 1722 { # Otherwise, push the single -src, if it exists. 1723 push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>) 1724 : qq(<link rel="$rel" type="$type" href="$src"$other>) 1725 ) if $src; 1726 } 1727 if ($verbatim) { 1728 my @v = ref($verbatim) eq 'ARRAY' ? @$verbatim : $verbatim; 1729 push(@result, "<style type=\"text/css\">\n$_\n</style>") foreach @v; 1730 } 1731 my @c = ref($code) eq 'ARRAY' ? @$code : $code if $code; 1732 push(@result,style({'type'=>$type},"$cdata_start\n$_\n$cdata_end")) foreach @c; 1733 1734 } else { 1735 my $src = $s; 1736 push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>) 1737 : qq(<link rel="$rel" type="$type" href="$src"$other>)); 1738 } 1739 } 1740 @result; 1741 } 1742 END_OF_FUNC 1743 1744 '_script' => <<'END_OF_FUNC', 1745 sub _script { 1746 my ($self,$script) = @_; 1747 my (@result); 1748 1749 my (@scripts) = ref($script) eq 'ARRAY' ? @$script : ($script); 1750 foreach $script (@scripts) { 1751 my($src,$code,$language); 1752 if (ref($script)) { # script is a hash 1753 ($src,$code,$type) = 1754 rearrange(['SRC','CODE',['LANGUAGE','TYPE']], 1755 '-foo'=>'bar', # a trick to allow the '-' to be omitted 1756 ref($script) eq 'ARRAY' ? @$script : %$script); 1757 $type ||= 'text/javascript'; 1758 unless ($type =~ m!\w+/\w+!) { 1759 $type =~ s/[\d.]+$//; 1760 $type = "text/$type"; 1761 } 1762 } else { 1763 ($src,$code,$type) = ('',$script, 'text/javascript'); 1764 } 1765 1766 my $comment = '//'; # javascript by default 1767 $comment = '#' if $type=~/perl|tcl/i; 1768 $comment = "'" if $type=~/vbscript/i; 1769 1770 my ($cdata_start,$cdata_end); 1771 if ($XHTML) { 1772 $cdata_start = "$comment<![CDATA[\n"; 1773 $cdata_end .= "\n$comment]]>"; 1774 } else { 1775 $cdata_start = "\n<!-- Hide script\n"; 1776 $cdata_end = $comment; 1777 $cdata_end .= " End script hiding -->\n"; 1778 } 1779 my(@satts); 1780 push(@satts,'src'=>$src) if $src; 1781 push(@satts,'type'=>$type); 1782 $code = $cdata_start . $code . $cdata_end if defined $code; 1783 push(@result,$self->script({@satts},$code || '')); 1784 } 1785 @result; 1786 } 1787 END_OF_FUNC 1788 1789 #### Method: end_html 1790 # End an HTML document. 1791 # Trivial method for completeness. Just returns "</body>" 1792 #### 1793 'end_html' => <<'END_OF_FUNC', 1794 sub end_html { 1795 return "\n</body>\n</html>"; 1796 } 1797 END_OF_FUNC 1798 1799 1800 ################################ 1801 # METHODS USED IN BUILDING FORMS 1802 ################################ 1803 1804 #### Method: isindex 1805 # Just prints out the isindex tag. 1806 # Parameters: 1807 # $action -> optional URL of script to run 1808 # Returns: 1809 # A string containing a <isindex> tag 1810 'isindex' => <<'END_OF_FUNC', 1811 sub isindex { 1812 my($self,@p) = self_or_default(@_); 1813 my($action,@other) = rearrange([ACTION],@p); 1814 $action = qq/ action="$action"/ if $action; 1815 my($other) = @other ? " @other" : ''; 1816 return $XHTML ? "<isindex$action$other />" : "<isindex$action$other>"; 1817 } 1818 END_OF_FUNC 1819 1820 1821 #### Method: startform 1822 # Start a form 1823 # Parameters: 1824 # $method -> optional submission method to use (GET or POST) 1825 # $action -> optional URL of script to run 1826 # $enctype ->encoding to use (URL_ENCODED or MULTIPART) 1827 'startform' => <<'END_OF_FUNC', 1828 sub startform { 1829 my($self,@p) = self_or_default(@_); 1830 1831 my($method,$action,$enctype,@other) = 1832 rearrange([METHOD,ACTION,ENCTYPE],@p); 1833 1834 $method = $self->escapeHTML(lc($method) || 'post'); 1835 $enctype = $self->escapeHTML($enctype || &URL_ENCODED); 1836 if (defined $action) { 1837 $action = $self->escapeHTML($action); 1838 } 1839 else { 1840 $action = $self->escapeHTML($self->request_uri || $self->self_url); 1841 } 1842 $action = qq(action="$action"); 1843 my($other) = @other ? " @other" : ''; 1844 $self->{'.parametersToAdd'}={}; 1845 return qq/<form method="$method" $action enctype="$enctype"$other>\n/; 1846 } 1847 END_OF_FUNC 1848 1849 1850 #### Method: start_form 1851 # synonym for startform 1852 'start_form' => <<'END_OF_FUNC', 1853 sub start_form { 1854 $XHTML ? &start_multipart_form : &startform; 1855 } 1856 END_OF_FUNC 1857 1858 'end_multipart_form' => <<'END_OF_FUNC', 1859 sub end_multipart_form { 1860 &endform; 1861 } 1862 END_OF_FUNC 1863 1864 #### Method: start_multipart_form 1865 # synonym for startform 1866 'start_multipart_form' => <<'END_OF_FUNC', 1867 sub start_multipart_form { 1868 my($self,@p) = self_or_default(@_); 1869 if (defined($p[0]) && substr($p[0],0,1) eq '-') { 1870 return $self->startform(-enctype=>&MULTIPART,@p); 1871 } else { 1872 my($method,$action,@other) = 1873 rearrange([METHOD,ACTION],@p); 1874 return $self->startform($method,$action,&MULTIPART,@other); 1875 } 1876 } 1877 END_OF_FUNC 1878 1879 1880 #### Method: endform 1881 # End a form 1882 'endform' => <<'END_OF_FUNC', 1883 sub endform { 1884 my($self,@p) = self_or_default(@_); 1885 if ( $NOSTICKY ) { 1886 return wantarray ? ("</form>") : "\n</form>"; 1887 } else { 1888 if (my @fields = $self->get_fields) { 1889 return wantarray ? ("<div>",@fields,"</div>","</form>") 1890 : "<div>".(join '',@fields)."</div>\n</form>"; 1891 } else { 1892 return "</form>"; 1893 } 1894 } 1895 } 1896 END_OF_FUNC 1897 1898 1899 '_textfield' => <<'END_OF_FUNC', 1900 sub _textfield { 1901 my($self,$tag,@p) = self_or_default(@_); 1902 my($name,$default,$size,$maxlength,$override,$tabindex,@other) = 1903 rearrange([NAME,[DEFAULT,VALUE,VALUES],SIZE,MAXLENGTH,[OVERRIDE,FORCE],TABINDEX],@p); 1904 1905 my $current = $override ? $default : 1906 (defined($self->param($name)) ? $self->param($name) : $default); 1907 1908 $current = defined($current) ? $self->escapeHTML($current,1) : ''; 1909 $name = defined($name) ? $self->escapeHTML($name) : ''; 1910 my($s) = defined($size) ? qq/ size="$size"/ : ''; 1911 my($m) = defined($maxlength) ? qq/ maxlength="$maxlength"/ : ''; 1912 my($other) = @other ? " @other" : ''; 1913 # this entered at cristy's request to fix problems with file upload fields 1914 # and WebTV -- not sure it won't break stuff 1915 my($value) = $current ne '' ? qq(value="$current") : ''; 1916 $tabindex = $self->element_tab($tabindex); 1917 return $XHTML ? qq(<input type="$tag" name="$name" $tabindex$value$s$m$other />) 1918 : qq(<input type="$tag" name="$name" $value$s$m$other>); 1919 } 1920 END_OF_FUNC 1921 1922 #### Method: textfield 1923 # Parameters: 1924 # $name -> Name of the text field 1925 # $default -> Optional default value of the field if not 1926 # already defined. 1927 # $size -> Optional width of field in characaters. 1928 # $maxlength -> Optional maximum number of characters. 1929 # Returns: 1930 # A string containing a <input type="text"> field 1931 # 1932 'textfield' => <<'END_OF_FUNC', 1933 sub textfield { 1934 my($self,@p) = self_or_default(@_); 1935 $self->_textfield('text',@p); 1936 } 1937 END_OF_FUNC 1938 1939 1940 #### Method: filefield 1941 # Parameters: 1942 # $name -> Name of the file upload field 1943 # $size -> Optional width of field in characaters. 1944 # $maxlength -> Optional maximum number of characters. 1945 # Returns: 1946 # A string containing a <input type="file"> field 1947 # 1948 'filefield' => <<'END_OF_FUNC', 1949 sub filefield { 1950 my($self,@p) = self_or_default(@_); 1951 $self->_textfield('file',@p); 1952 } 1953 END_OF_FUNC 1954 1955 1956 #### Method: password 1957 # Create a "secret password" entry field 1958 # Parameters: 1959 # $name -> Name of the field 1960 # $default -> Optional default value of the field if not 1961 # already defined. 1962 # $size -> Optional width of field in characters. 1963 # $maxlength -> Optional maximum characters that can be entered. 1964 # Returns: 1965 # A string containing a <input type="password"> field 1966 # 1967 'password_field' => <<'END_OF_FUNC', 1968 sub password_field { 1969 my ($self,@p) = self_or_default(@_); 1970 $self->_textfield('password',@p); 1971 } 1972 END_OF_FUNC 1973 1974 #### Method: textarea 1975 # Parameters: 1976 # $name -> Name of the text field 1977 # $default -> Optional default value of the field if not 1978 # already defined. 1979 # $rows -> Optional number of rows in text area 1980 # $columns -> Optional number of columns in text area 1981 # Returns: 1982 # A string containing a <textarea></textarea> tag 1983 # 1984 'textarea' => <<'END_OF_FUNC', 1985 sub textarea { 1986 my($self,@p) = self_or_default(@_); 1987 my($name,$default,$rows,$cols,$override,$tabindex,@other) = 1988 rearrange([NAME,[DEFAULT,VALUE],ROWS,[COLS,COLUMNS],[OVERRIDE,FORCE],TABINDEX],@p); 1989 1990 my($current)= $override ? $default : 1991 (defined($self->param($name)) ? $self->param($name) : $default); 1992 1993 $name = defined($name) ? $self->escapeHTML($name) : ''; 1994 $current = defined($current) ? $self->escapeHTML($current) : ''; 1995 my($r) = $rows ? qq/ rows="$rows"/ : ''; 1996 my($c) = $cols ? qq/ cols="$cols"/ : ''; 1997 my($other) = @other ? " @other" : ''; 1998 $tabindex = $self->element_tab($tabindex); 1999 return qq{<textarea name="$name" $tabindex$r$c$other>$current</textarea>}; 2000 } 2001 END_OF_FUNC 2002 2003 2004 #### Method: button 2005 # Create a javascript button. 2006 # Parameters: 2007 # $name -> (optional) Name for the button. (-name) 2008 # $value -> (optional) Value of the button when selected (and visible name) (-value) 2009 # $onclick -> (optional) Text of the JavaScript to run when the button is 2010 # clicked. 2011 # Returns: 2012 # A string containing a <input type="button"> tag 2013 #### 2014 'button' => <<'END_OF_FUNC', 2015 sub button { 2016 my($self,@p) = self_or_default(@_); 2017 2018 my($label,$value,$script,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL], 2019 [ONCLICK,SCRIPT],TABINDEX],@p); 2020 2021 $label=$self->escapeHTML($label); 2022 $value=$self->escapeHTML($value,1); 2023 $script=$self->escapeHTML($script); 2024 2025 my($name) = ''; 2026 $name = qq/ name="$label"/ if $label; 2027 $value = $value || $label; 2028 my($val) = ''; 2029 $val = qq/ value="$value"/ if $value; 2030 $script = qq/ onclick="$script"/ if $script; 2031 my($other) = @other ? " @other" : ''; 2032 $tabindex = $self->element_tab($tabindex); 2033 return $XHTML ? qq(<input type="button" $tabindex$name$val$script$other />) 2034 : qq(<input type="button"$name$val$script$other>); 2035 } 2036 END_OF_FUNC 2037 2038 2039 #### Method: submit 2040 # Create a "submit query" button. 2041 # Parameters: 2042 # $name -> (optional) Name for the button. 2043 # $value -> (optional) Value of the button when selected (also doubles as label). 2044 # $label -> (optional) Label printed on the button(also doubles as the value). 2045 # Returns: 2046 # A string containing a <input type="submit"> tag 2047 #### 2048 'submit' => <<'END_OF_FUNC', 2049 sub submit { 2050 my($self,@p) = self_or_default(@_); 2051 2052 my($label,$value,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL],TABINDEX],@p); 2053 2054 $label=$self->escapeHTML($label); 2055 $value=$self->escapeHTML($value,1); 2056 2057 my $name = $NOSTICKY ? '' : 'name=".submit" '; 2058 $name = qq/name="$label" / if defined($label); 2059 $value = defined($value) ? $value : $label; 2060 my $val = ''; 2061 $val = qq/value="$value" / if defined($value); 2062 $tabindex = $self->element_tab($tabindex); 2063 my($other) = @other ? "@other " : ''; 2064 return $XHTML ? qq(<input type="submit" $tabindex$name$val$other/>) 2065 : qq(<input type="submit" $name$val$other>); 2066 } 2067 END_OF_FUNC 2068 2069 2070 #### Method: reset 2071 # Create a "reset" button. 2072 # Parameters: 2073 # $name -> (optional) Name for the button. 2074 # Returns: 2075 # A string containing a <input type="reset"> tag 2076 #### 2077 'reset' => <<'END_OF_FUNC', 2078 sub reset { 2079 my($self,@p) = self_or_default(@_); 2080 my($label,$value,$tabindex,@other) = rearrange(['NAME',['VALUE','LABEL'],TABINDEX],@p); 2081 $label=$self->escapeHTML($label); 2082 $value=$self->escapeHTML($value,1); 2083 my ($name) = ' name=".reset"'; 2084 $name = qq/ name="$label"/ if defined($label); 2085 $value = defined($value) ? $value : $label; 2086 my($val) = ''; 2087 $val = qq/ value="$value"/ if defined($value); 2088 my($other) = @other ? " @other" : ''; 2089 $tabindex = $self->element_tab($tabindex); 2090 return $XHTML ? qq(<input type="reset" $tabindex$name$val$other />) 2091 : qq(<input type="reset"$name$val$other>); 2092 } 2093 END_OF_FUNC 2094 2095 2096 #### Method: defaults 2097 # Create a "defaults" button. 2098 # Parameters: 2099 # $name -> (optional) Name for the button. 2100 # Returns: 2101 # A string containing a <input type="submit" name=".defaults"> tag 2102 # 2103 # Note: this button has a special meaning to the initialization script, 2104 # and tells it to ERASE the current query string so that your defaults 2105 # are used again! 2106 #### 2107 'defaults' => <<'END_OF_FUNC', 2108 sub defaults { 2109 my($self,@p) = self_or_default(@_); 2110 2111 my($label,$tabindex,@other) = rearrange([[NAME,VALUE],TABINDEX],@p); 2112 2113 $label=$self->escapeHTML($label,1); 2114 $label = $label || "Defaults"; 2115 my($value) = qq/ value="$label"/; 2116 my($other) = @other ? " @other" : ''; 2117 $tabindex = $self->element_tab($tabindex); 2118 return $XHTML ? qq(<input type="submit" name=".defaults" $tabindex$value$other />) 2119 : qq/<input type="submit" NAME=".defaults"$value$other>/; 2120 } 2121 END_OF_FUNC 2122 2123 2124 #### Method: comment 2125 # Create an HTML <!-- comment --> 2126 # Parameters: a string 2127 'comment' => <<'END_OF_FUNC', 2128 sub comment { 2129 my($self,@p) = self_or_CGI(@_); 2130 return "<!-- @p -->"; 2131 } 2132 END_OF_FUNC 2133 2134 #### Method: checkbox 2135 # Create a checkbox that is not logically linked to any others. 2136 # The field value is "on" when the button is checked. 2137 # Parameters: 2138 # $name -> Name of the checkbox 2139 # $checked -> (optional) turned on by default if true 2140 # $value -> (optional) value of the checkbox, 'on' by default 2141 # $label -> (optional) a user-readable label printed next to the box. 2142 # Otherwise the checkbox name is used. 2143 # Returns: 2144 # A string containing a <input type="checkbox"> field 2145 #### 2146 'checkbox' => <<'END_OF_FUNC', 2147 sub checkbox { 2148 my($self,@p) = self_or_default(@_); 2149 2150 my($name,$checked,$value,$label,$override,$tabindex,@other) = 2151 rearrange([NAME,[CHECKED,SELECTED,ON],VALUE,LABEL,[OVERRIDE,FORCE],TABINDEX],@p); 2152 2153 $value = defined $value ? $value : 'on'; 2154 2155 if (!$override && ($self->{'.fieldnames'}->{$name} || 2156 defined $self->param($name))) { 2157 $checked = grep($_ eq $value,$self->param($name)) ? $self->_checked(1) : ''; 2158 } else { 2159 $checked = $self->_checked($checked); 2160 } 2161 my($the_label) = defined $label ? $label : $name; 2162 $name = $self->escapeHTML($name); 2163 $value = $self->escapeHTML($value,1); 2164 $the_label = $self->escapeHTML($the_label); 2165 my($other) = @other ? "@other " : ''; 2166 $tabindex = $self->element_tab($tabindex); 2167 $self->register_parameter($name); 2168 return $XHTML ? CGI::label(qq{<input type="checkbox" name="$name" value="$value" $tabindex$checked$other/>$the_label}) 2169 : qq{<input type="checkbox" name="$name" value="$value"$checked$other>$the_label}; 2170 } 2171 END_OF_FUNC 2172 2173 2174 2175 # Escape HTML -- used internally 2176 'escapeHTML' => <<'END_OF_FUNC', 2177 sub escapeHTML { 2178 # hack to work around earlier hacks 2179 push @_,$_[0] if @_==1 && $_[0] eq 'CGI'; 2180 my ($self,$toencode,$newlinestoo) = CGI::self_or_default(@_); 2181 return undef unless defined($toencode); 2182 return $toencode if ref($self) && !$self->{'escape'}; 2183 $toencode =~ s{&}{&}gso; 2184 $toencode =~ s{<}{<}gso; 2185 $toencode =~ s{>}{>}gso; 2186 if ($DTD_PUBLIC_IDENTIFIER =~ /[^X]HTML 3\.2/i) { 2187 # $quot; was accidentally omitted from the HTML 3.2 DTD -- see 2188 # <http://validator.w3.org/docs/errors.html#bad-entity> / 2189 # <http://lists.w3.org/Archives/Public/www-html/1997Mar/0003.html>. 2190 $toencode =~ s{"}{"}gso; 2191 } 2192 else { 2193 $toencode =~ s{"}{"}gso; 2194 } 2195 my $latin = uc $self->{'.charset'} eq 'ISO-8859-1' || 2196 uc $self->{'.charset'} eq 'WINDOWS-1252'; 2197 if ($latin) { # bug in some browsers 2198 $toencode =~ s{'}{'}gso; 2199 $toencode =~ s{\x8b}{‹}gso; 2200 $toencode =~ s{\x9b}{›}gso; 2201 if (defined $newlinestoo && $newlinestoo) { 2202 $toencode =~ s{\012}{ }gso; 2203 $toencode =~ s{\015}{ }gso; 2204 } 2205 } 2206 return $toencode; 2207 } 2208 END_OF_FUNC 2209 2210 # unescape HTML -- used internally 2211 'unescapeHTML' => <<'END_OF_FUNC', 2212 sub unescapeHTML { 2213 # hack to work around earlier hacks 2214 push @_,$_[0] if @_==1 && $_[0] eq 'CGI'; 2215 my ($self,$string) = CGI::self_or_default(@_); 2216 return undef unless defined($string); 2217 my $latin = defined $self->{'.charset'} ? $self->{'.charset'} =~ /^(ISO-8859-1|WINDOWS-1252)$/i 2218 : 1; 2219 # thanks to Randal Schwartz for the correct solution to this one 2220 $string=~ s[&(.*?);]{ 2221 local $_ = $1; 2222 /^amp$/i ? "&" : 2223 /^quot$/i ? '"' : 2224 /^gt$/i ? ">" : 2225 /^lt$/i ? "<" : 2226 /^#(\d+)$/ && $latin ? chr($1) : 2227 /^#x([0-9a-f]+)$/i && $latin ? chr(hex($1)) : 2228 $_ 2229 }gex; 2230 return $string; 2231 } 2232 END_OF_FUNC 2233 2234 # Internal procedure - don't use 2235 '_tableize' => <<'END_OF_FUNC', 2236 sub _tableize { 2237 my($rows,$columns,$rowheaders,$colheaders,@elements) = @_; 2238 my @rowheaders = $rowheaders ? @$rowheaders : (); 2239 my @colheaders = $colheaders ? @$colheaders : (); 2240 my($result); 2241 2242 if (defined($columns)) { 2243 $rows = int(0.99 + @elements/$columns) unless defined($rows); 2244 } 2245 if (defined($rows)) { 2246 $columns = int(0.99 + @elements/$rows) unless defined($columns); 2247 } 2248 2249 # rearrange into a pretty table 2250 $result = "<table>"; 2251 my($row,$column); 2252 unshift(@colheaders,'') if @colheaders && @rowheaders; 2253 $result .= "<tr>" if @colheaders; 2254 foreach (@colheaders) { 2255 $result .= "<th>$_</th>"; 2256 } 2257 for ($row=0;$row<$rows;$row++) { 2258 $result .= "<tr>"; 2259 $result .= "<th>$rowheaders[$row]</th>" if @rowheaders; 2260 for ($column=0;$column<$columns;$column++) { 2261 $result .= "<td>" . $elements[$column*$rows + $row] . "</td>" 2262 if defined($elements[$column*$rows + $row]); 2263 } 2264 $result .= "</tr>"; 2265 } 2266 $result .= "</table>"; 2267 return $result; 2268 } 2269 END_OF_FUNC 2270 2271 2272 #### Method: radio_group 2273 # Create a list of logically-linked radio buttons. 2274 # Parameters: 2275 # $name -> Common name for all the buttons. 2276 # $values -> A pointer to a regular array containing the 2277 # values for each button in the group. 2278 # $default -> (optional) Value of the button to turn on by default. Pass '-' 2279 # to turn _nothing_ on. 2280 # $linebreak -> (optional) Set to true to place linebreaks 2281 # between the buttons. 2282 # $labels -> (optional) 2283 # A pointer to an associative array of labels to print next to each checkbox 2284 # in the form $label{'value'}="Long explanatory label". 2285 # Otherwise the provided values are used as the labels. 2286 # Returns: 2287 # An ARRAY containing a series of <input type="radio"> fields 2288 #### 2289 'radio_group' => <<'END_OF_FUNC', 2290 sub radio_group { 2291 my($self,@p) = self_or_default(@_); 2292 $self->_box_group('radio',@p); 2293 } 2294 END_OF_FUNC 2295 2296 #### Method: checkbox_group 2297 # Create a list of logically-linked checkboxes. 2298 # Parameters: 2299 # $name -> Common name for all the check boxes 2300 # $values -> A pointer to a regular array containing the 2301 # values for each checkbox in the group. 2302 # $defaults -> (optional) 2303 # 1. If a pointer to a regular array of checkbox values, 2304 # then this will be used to decide which 2305 # checkboxes to turn on by default. 2306 # 2. If a scalar, will be assumed to hold the 2307 # value of a single checkbox in the group to turn on. 2308 # $linebreak -> (optional) Set to true to place linebreaks 2309 # between the buttons. 2310 # $labels -> (optional) 2311 # A pointer to an associative array of labels to print next to each checkbox 2312 # in the form $label{'value'}="Long explanatory label". 2313 # Otherwise the provided values are used as the labels. 2314 # Returns: 2315 # An ARRAY containing a series of <input type="checkbox"> fields 2316 #### 2317 2318 'checkbox_group' => <<'END_OF_FUNC', 2319 sub checkbox_group { 2320 my($self,@p) = self_or_default(@_); 2321 $self->_box_group('checkbox',@p); 2322 } 2323 END_OF_FUNC 2324 2325 '_box_group' => <<'END_OF_FUNC', 2326 sub _box_group { 2327 my $self = shift; 2328 my $box_type = shift; 2329 2330 my($name,$values,$defaults,$linebreak,$labels,$attributes, 2331 $rows,$columns,$rowheaders,$colheaders, 2332 $override,$nolabels,$tabindex,$disabled,@other) = 2333 rearrange([ NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LINEBREAK,LABELS,ATTRIBUTES, 2334 ROWS,[COLUMNS,COLS],[ROWHEADERS,ROWHEADER],[COLHEADERS,COLHEADER], 2335 [OVERRIDE,FORCE],NOLABELS,TABINDEX,DISABLED 2336 ],@_); 2337 2338 my($result,$checked,@elements,@values); 2339 2340 @values = $self->_set_values_and_labels($values,\$labels,$name); 2341 my %checked = $self->previous_or_default($name,$defaults,$override); 2342 2343 # If no check array is specified, check the first by default 2344 $checked{$values[0]}++ if $box_type eq 'radio' && !%checked; 2345 2346 $name=$self->escapeHTML($name); 2347 2348 my %tabs = (); 2349 if ($TABINDEX && $tabindex) { 2350 if (!ref $tabindex) { 2351 $self->element_tab($tabindex); 2352 } elsif (ref $tabindex eq 'ARRAY') { 2353 %tabs = map {$_=>$self->element_tab} @$tabindex; 2354 } elsif (ref $tabindex eq 'HASH') { 2355 %tabs = %$tabindex; 2356 } 2357 } 2358 %tabs = map {$_=>$self->element_tab} @values unless %tabs; 2359 my $other = @other ? "@other " : ''; 2360 my $radio_checked; 2361 2362 # for disabling groups of radio/checkbox buttons 2363 my %disabled; 2364 foreach (@{$disabled}) { 2365 $disabled{$_}=1; 2366 } 2367 2368 foreach (@values) { 2369 my $disable=""; 2370 if ($disabled{$_}) { 2371 $disable="disabled='1'"; 2372 } 2373 2374 my $checkit = $self->_checked($box_type eq 'radio' ? ($checked{$_} && !$radio_checked++) 2375 : $checked{$_}); 2376 my($break); 2377 if ($linebreak) { 2378 $break = $XHTML ? "<br />" : "<br>"; 2379 } 2380 else { 2381 $break = ''; 2382 } 2383 my($label)=''; 2384 unless (defined($nolabels) && $nolabels) { 2385 $label = $_; 2386 $label = $labels->{$_} if defined($labels) && defined($labels->{$_}); 2387 $label = $self->escapeHTML($label,1); 2388 $label = "<span style=\"color:gray\">$label</span>" if $disabled{$_}; 2389 } 2390 my $attribs = $self->_set_attributes($_, $attributes); 2391 my $tab = $tabs{$_}; 2392 $_=$self->escapeHTML($_); 2393 2394 if ($XHTML) { 2395 push @elements, 2396 CGI::label( 2397 qq(<input type="$box_type" name="$name" value="$_" $checkit$other$tab$attribs$disable/>$label)).$break}; 2398 } else { 2399 push(@elements,qq/<input type="$box_type" name="$name" value="$_"$checkit$other$tab$attribs$disable>$label}$break}/); 2400 } 2401 } 2402 $self->register_parameter($name); 2403 return wantarray ? @elements : "@elements" 2404 unless defined($columns) || defined($rows); 2405 return _tableize($rows,$columns,$rowheaders,$colheaders,@elements); 2406 } 2407 END_OF_FUNC 2408 2409 2410 #### Method: popup_menu 2411 # Create a popup menu. 2412 # Parameters: 2413 # $name -> Name for all the menu 2414 # $values -> A pointer to a regular array containing the 2415 # text of each menu item. 2416 # $default -> (optional) Default item to display 2417 # $labels -> (optional) 2418 # A pointer to an associative array of labels to print next to each checkbox 2419 # in the form $label{'value'}="Long explanatory label". 2420 # Otherwise the provided values are used as the labels. 2421 # Returns: 2422 # A string containing the definition of a popup menu. 2423 #### 2424 'popup_menu' => <<'END_OF_FUNC', 2425 sub popup_menu { 2426 my($self,@p) = self_or_default(@_); 2427 2428 my($name,$values,$default,$labels,$attributes,$override,$tabindex,@other) = 2429 rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LABELS, 2430 ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p); 2431 my($result,$selected); 2432 2433 if (!$override && defined($self->param($name))) { 2434 $selected = $self->param($name); 2435 } else { 2436 $selected = $default; 2437 } 2438 $name=$self->escapeHTML($name); 2439 my($other) = @other ? " @other" : ''; 2440 2441 my(@values); 2442 @values = $self->_set_values_and_labels($values,\$labels,$name); 2443 $tabindex = $self->element_tab($tabindex); 2444 $result = qq/<select name="$name" $tabindex$other>\n/; 2445 foreach (@values) { 2446 if (/<optgroup/) { 2447 foreach (split(/\n/)) { 2448 my $selectit = $XHTML ? 'selected="selected"' : 'selected'; 2449 s/(value="$selected")/$selectit $1/ if defined $selected; 2450 $result .= "$_\n"; 2451 } 2452 } 2453 else { 2454 my $attribs = $self->_set_attributes($_, $attributes); 2455 my($selectit) = defined($selected) ? $self->_selected($selected eq $_) : ''; 2456 my($label) = $_; 2457 $label = $labels->{$_} if defined($labels) && defined($labels->{$_}); 2458 my($value) = $self->escapeHTML($_); 2459 $label=$self->escapeHTML($label,1); 2460 $result .= "<option$attribs} $selectit}value=\"$value\">$label</option>\n"; 2461 } 2462 } 2463 2464 $result .= "</select>"; 2465 return $result; 2466 } 2467 END_OF_FUNC 2468 2469 2470 #### Method: optgroup 2471 # Create a optgroup. 2472 # Parameters: 2473 # $name -> Label for the group 2474 # $values -> A pointer to a regular array containing the 2475 # values for each option line in the group. 2476 # $labels -> (optional) 2477 # A pointer to an associative array of labels to print next to each item 2478 # in the form $label{'value'}="Long explanatory label". 2479 # Otherwise the provided values are used as the labels. 2480 # $labeled -> (optional) 2481 # A true value indicates the value should be used as the label attribute 2482 # in the option elements. 2483 # The label attribute specifies the option label presented to the user. 2484 # This defaults to the content of the <option> element, but the label 2485 # attribute allows authors to more easily use optgroup without sacrificing 2486 # compatibility with browsers that do not support option groups. 2487 # $novals -> (optional) 2488 # A true value indicates to suppress the val attribute in the option elements 2489 # Returns: 2490 # A string containing the definition of an option group. 2491 #### 2492 'optgroup' => <<'END_OF_FUNC', 2493 sub optgroup { 2494 my($self,@p) = self_or_default(@_); 2495 my($name,$values,$attributes,$labeled,$noval,$labels,@other) 2496 = rearrange([NAME,[VALUES,VALUE],ATTRIBUTES,LABELED,NOVALS,LABELS],@p); 2497 2498 my($result,@values); 2499 @values = $self->_set_values_and_labels($values,\$labels,$name,$labeled,$novals); 2500 my($other) = @other ? " @other" : ''; 2501 2502 $name=$self->escapeHTML($name); 2503 $result = qq/<optgroup label="$name"$other>\n/; 2504 foreach (@values) { 2505 if (/<optgroup/) { 2506 foreach (split(/\n/)) { 2507 my $selectit = $XHTML ? 'selected="selected"' : 'selected'; 2508 s/(value="$selected")/$selectit $1/ if defined $selected; 2509 $result .= "$_\n"; 2510 } 2511 } 2512 else { 2513 my $attribs = $self->_set_attributes($_, $attributes); 2514 my($label) = $_; 2515 $label = $labels->{$_} if defined($labels) && defined($labels->{$_}); 2516 $label=$self->escapeHTML($label); 2517 my($value)=$self->escapeHTML($_,1); 2518 $result .= $labeled ? $novals ? "<option$attribs label=\"$value\">$label</option>\n" 2519 : "<option$attribs label=\"$value\" value=\"$value\">$label</option>\n" 2520 : $novals ? "<option$attribs>$label</option>\n" 2521 : "<option$attribs value=\"$value\">$label</option>\n"; 2522 } 2523 } 2524 $result .= "</optgroup>"; 2525 return $result; 2526 } 2527 END_OF_FUNC 2528 2529 2530 #### Method: scrolling_list 2531 # Create a scrolling list. 2532 # Parameters: 2533 # $name -> name for the list 2534 # $values -> A pointer to a regular array containing the 2535 # values for each option line in the list. 2536 # $defaults -> (optional) 2537 # 1. If a pointer to a regular array of options, 2538 # then this will be used to decide which 2539 # lines to turn on by default. 2540 # 2. Otherwise holds the value of the single line to turn on. 2541 # $size -> (optional) Size of the list. 2542 # $multiple -> (optional) If set, allow multiple selections. 2543 # $labels -> (optional) 2544 # A pointer to an associative array of labels to print next to each checkbox 2545 # in the form $label{'value'}="Long explanatory label". 2546 # Otherwise the provided values are used as the labels. 2547 # Returns: 2548 # A string containing the definition of a scrolling list. 2549 #### 2550 'scrolling_list' => <<'END_OF_FUNC', 2551 sub scrolling_list { 2552 my($self,@p) = self_or_default(@_); 2553 my($name,$values,$defaults,$size,$multiple,$labels,$attributes,$override,$tabindex,@other) 2554 = rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT], 2555 SIZE,MULTIPLE,LABELS,ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p); 2556 2557 my($result,@values); 2558 @values = $self->_set_values_and_labels($values,\$labels,$name); 2559 2560 $size = $size || scalar(@values); 2561 2562 my(%selected) = $self->previous_or_default($name,$defaults,$override); 2563 my($is_multiple) = $multiple ? qq/ multiple="multiple"/ : ''; 2564 my($has_size) = $size ? qq/ size="$size"/: ''; 2565 my($other) = @other ? " @other" : ''; 2566 2567 $name=$self->escapeHTML($name); 2568 $tabindex = $self->element_tab($tabindex); 2569 $result = qq/<select name="$name" $tabindex$has_size$is_multiple$other>\n/; 2570 foreach (@values) { 2571 my($selectit) = $self->_selected($selected{$_}); 2572 my($label) = $_; 2573 $label = $labels->{$_} if defined($labels) && defined($labels->{$_}); 2574 $label=$self->escapeHTML($label); 2575 my($value)=$self->escapeHTML($_,1); 2576 my $attribs = $self->_set_attributes($_, $attributes); 2577 $result .= "<option $selectit}$attribs}value=\"$value\">$label</option>\n"; 2578 } 2579 $result .= "</select>"; 2580 $self->register_parameter($name); 2581 return $result; 2582 } 2583 END_OF_FUNC 2584 2585 2586 #### Method: hidden 2587 # Parameters: 2588 # $name -> Name of the hidden field 2589 # @default -> (optional) Initial values of field (may be an array) 2590 # or 2591 # $default->[initial values of field] 2592 # Returns: 2593 # A string containing a <input type="hidden" name="name" value="value"> 2594 #### 2595 'hidden' => <<'END_OF_FUNC', 2596 sub hidden { 2597 my($self,@p) = self_or_default(@_); 2598 2599 # this is the one place where we departed from our standard 2600 # calling scheme, so we have to special-case (darn) 2601 my(@result,@value); 2602 my($name,$default,$override,@other) = 2603 rearrange([NAME,[DEFAULT,VALUE,VALUES],[OVERRIDE,FORCE]],@p); 2604 2605 my $do_override = 0; 2606 if ( ref($p[0]) || substr($p[0],0,1) eq '-') { 2607 @value = ref($default) ? @{$default} : $default; 2608 $do_override = $override; 2609 } else { 2610 foreach ($default,$override,@other) { 2611 push(@value,$_) if defined($_); 2612 } 2613 } 2614 2615 # use previous values if override is not set 2616 my @prev = $self->param($name); 2617 @value = @prev if !$do_override && @prev; 2618 2619 $name=$self->escapeHTML($name); 2620 foreach (@value) { 2621 $_ = defined($_) ? $self->escapeHTML($_,1) : ''; 2622 push @result,$XHTML ? qq(<input type="hidden" name="$name" value="$_" @other />) 2623 : qq(<input type="hidden" name="$name" value="$_" @other>); 2624 } 2625 return wantarray ? @result : join('',@result); 2626 } 2627 END_OF_FUNC 2628 2629 2630 #### Method: image_button 2631 # Parameters: 2632 # $name -> Name of the button 2633 # $src -> URL of the image source 2634 # $align -> Alignment style (TOP, BOTTOM or MIDDLE) 2635 # Returns: 2636 # A string containing a <input type="image" name="name" src="url" align="alignment"> 2637 #### 2638 'image_button' => <<'END_OF_FUNC', 2639 sub image_button { 2640 my($self,@p) = self_or_default(@_); 2641 2642 my($name,$src,$alignment,@other) = 2643 rearrange([NAME,SRC,ALIGN],@p); 2644 2645 my($align) = $alignment ? " align=\L\"$alignment\"" : ''; 2646 my($other) = @other ? " @other" : ''; 2647 $name=$self->escapeHTML($name); 2648 return $XHTML ? qq(<input type="image" name="$name" src="$src"$align$other />) 2649 : qq/<input type="image" name="$name" src="$src"$align$other>/; 2650 } 2651 END_OF_FUNC 2652 2653 2654 #### Method: self_url 2655 # Returns a URL containing the current script and all its 2656 # param/value pairs arranged as a query. You can use this 2657 # to create a link that, when selected, will reinvoke the 2658 # script with all its state information preserved. 2659 #### 2660 'self_url' => <<'END_OF_FUNC', 2661 sub self_url { 2662 my($self,@p) = self_or_default(@_); 2663 return $self->url('-path_info'=>1,'-query'=>1,'-full'=>1,@p); 2664 } 2665 END_OF_FUNC 2666 2667 2668 # This is provided as a synonym to self_url() for people unfortunate 2669 # enough to have incorporated it into their programs already! 2670 'state' => <<'END_OF_FUNC', 2671 sub state { 2672 &self_url; 2673 } 2674 END_OF_FUNC 2675 2676 2677 #### Method: url 2678 # Like self_url, but doesn't return the query string part of 2679 # the URL. 2680 #### 2681 'url' => <<'END_OF_FUNC', 2682 sub url { 2683 my($self,@p) = self_or_default(@_); 2684 my ($relative,$absolute,$full,$path_info,$query,$base,$rewrite) = 2685 rearrange(['RELATIVE','ABSOLUTE','FULL',['PATH','PATH_INFO'],['QUERY','QUERY_STRING'],'BASE','REWRITE'],@p); 2686 my $url = ''; 2687 $full++ if $base || !($relative || $absolute); 2688 $rewrite++ unless defined $rewrite; 2689 2690 my $path = $self->path_info; 2691 my $script_name = $self->script_name; 2692 my $request_uri = unescape($self->request_uri) || ''; 2693 my $query_str = $self->query_string; 2694 2695 my $rewrite_in_use = $request_uri && $request_uri !~ /^$script_name/; 2696 undef $path if $rewrite_in_use && $rewrite; # path not valid when rewriting active 2697 2698 my $uri = $rewrite && $request_uri ? $request_uri : $script_name; 2699 $uri =~ s/\?.*$//; # remove query string 2700 $uri =~ s/\Q$path\E$// if defined $path; # remove path 2701 2702 if ($full) { 2703 my $protocol = $self->protocol(); 2704 $url = "$protocol://"; 2705 my $vh = http('x_forwarded_host') || http('host') || ''; 2706 $vh =~ s/\:\d+$//; # some clients add the port number (incorrectly). Get rid of it. 2707 if ($vh) { 2708 $url .= $vh; 2709 } else { 2710 $url .= server_name(); 2711 } 2712 my $port = $self->server_port; 2713 $url .= ":" . $port 2714 unless (lc($protocol) eq 'http' && $port == 80) 2715 || (lc($protocol) eq 'https' && $port == 443); 2716 return $url if $base; 2717 $url .= $uri; 2718 } elsif ($relative) { 2719 ($url) = $uri =~ m!([^/]+)$!; 2720 } elsif ($absolute) { 2721 $url = $uri; 2722 } 2723 2724 $url .= $path if $path_info and defined $path; 2725 $url .= "?$query_str" if $query and $query_str ne ''; 2726 $url =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/sprintf("%%%02X",ord($1))/eg; 2727 return $url; 2728 } 2729 2730 END_OF_FUNC 2731 2732 #### Method: cookie 2733 # Set or read a cookie from the specified name. 2734 # Cookie can then be passed to header(). 2735 # Usual rules apply to the stickiness of -value. 2736 # Parameters: 2737 # -name -> name for this cookie (optional) 2738 # -value -> value of this cookie (scalar, array or hash) 2739 # -path -> paths for which this cookie is valid (optional) 2740 # -domain -> internet domain in which this cookie is valid (optional) 2741 # -secure -> if true, cookie only passed through secure channel (optional) 2742 # -expires -> expiry date in format Wdy, DD-Mon-YYYY HH:MM:SS GMT (optional) 2743 #### 2744 'cookie' => <<'END_OF_FUNC', 2745 sub cookie { 2746 my($self,@p) = self_or_default(@_); 2747 my($name,$value,$path,$domain,$secure,$expires,$httponly) = 2748 rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES,HTTPONLY],@p); 2749 2750 require CGI::Cookie; 2751 2752 # if no value is supplied, then we retrieve the 2753 # value of the cookie, if any. For efficiency, we cache the parsed 2754 # cookies in our state variables. 2755 unless ( defined($value) ) { 2756 $self->{'.cookies'} = CGI::Cookie->fetch 2757 unless $self->{'.cookies'}; 2758 2759 # If no name is supplied, then retrieve the names of all our cookies. 2760 return () unless $self->{'.cookies'}; 2761 return keys %{$self->{'.cookies'}} unless $name; 2762 return () unless $self->{'.cookies'}->{$name}; 2763 return $self->{'.cookies'}->{$name}->value if defined($name) && $name ne ''; 2764 } 2765 2766 # If we get here, we're creating a new cookie 2767 return undef unless defined($name) && $name ne ''; # this is an error 2768 2769 my @param; 2770 push(@param,'-name'=>$name); 2771 push(@param,'-value'=>$value); 2772 push(@param,'-domain'=>$domain) if $domain; 2773 push(@param,'-path'=>$path) if $path; 2774 push(@param,'-expires'=>$expires) if $expires; 2775 push(@param,'-secure'=>$secure) if $secure; 2776 push(@param,'-httponly'=>$httponly) if $httponly; 2777 2778 return new CGI::Cookie(@param); 2779 } 2780 END_OF_FUNC 2781 2782 'parse_keywordlist' => <<'END_OF_FUNC', 2783 sub parse_keywordlist { 2784 my($self,$tosplit) = @_; 2785 $tosplit = unescape($tosplit); # unescape the keywords 2786 $tosplit=~tr/+/ /; # pluses to spaces 2787 my(@keywords) = split(/\s+/,$tosplit); 2788 return @keywords; 2789 } 2790 END_OF_FUNC 2791 2792 'param_fetch' => <<'END_OF_FUNC', 2793 sub param_fetch { 2794 my($self,@p) = self_or_default(@_); 2795 my($name) = rearrange([NAME],@p); 2796 unless (exists($self->{$name})) { 2797 $self->add_parameter($name); 2798 $self->{$name} = []; 2799 } 2800 2801 return $self->{$name}; 2802 } 2803 END_OF_FUNC 2804 2805 ############################################### 2806 # OTHER INFORMATION PROVIDED BY THE ENVIRONMENT 2807 ############################################### 2808 2809 #### Method: path_info 2810 # Return the extra virtual path information provided 2811 # after the URL (if any) 2812 #### 2813 'path_info' => <<'END_OF_FUNC', 2814 sub path_info { 2815 my ($self,$info) = self_or_default(@_); 2816 if (defined($info)) { 2817 $info = "/$info" if $info ne '' && substr($info,0,1) ne '/'; 2818 $self->{'.path_info'} = $info; 2819 } elsif (! defined($self->{'.path_info'}) ) { 2820 my (undef,$path_info) = $self->_name_and_path_from_env; 2821 $self->{'.path_info'} = $path_info || ''; 2822 } 2823 return $self->{'.path_info'}; 2824 } 2825 END_OF_FUNC 2826 2827 # WE USE THIS TO COMPENSATE FOR A BUG IN APACHE 2 PRESENT AT LEAST UP THROUGH 2.0.54 2828 '_name_and_path_from_env' => <<'END_OF_FUNC', 2829 sub _name_and_path_from_env { 2830 my $self = shift; 2831 my $raw_script_name = $ENV{SCRIPT_NAME} || ''; 2832 my $raw_path_info = $ENV{PATH_INFO} || ''; 2833 my $uri = unescape($self->request_uri) || ''; 2834 2835 my $protected = quotemeta($raw_path_info); 2836 $raw_script_name =~ s/$protected$//; 2837 2838 my @uri_double_slashes = $uri =~ m^(/{2,}?)^g; 2839 my @path_double_slashes = "$raw_script_name $raw_path_info" =~ m^(/{2,}?)^g; 2840 2841 my $apache_bug = @uri_double_slashes != @path_double_slashes; 2842 return ($raw_script_name,$raw_path_info) unless $apache_bug; 2843 2844 my $path_info_search = quotemeta($raw_path_info); 2845 $path_info_search =~ s!/!/+!g; 2846 if ($uri =~ m/^(.+)($path_info_search)/) { 2847 return ($1,$2); 2848 } else { 2849 return ($raw_script_name,$raw_path_info); 2850 } 2851 } 2852 END_OF_FUNC 2853 2854 2855 #### Method: request_method 2856 # Returns 'POST', 'GET', 'PUT' or 'HEAD' 2857 #### 2858 'request_method' => <<'END_OF_FUNC', 2859 sub request_method { 2860 return $ENV{'REQUEST_METHOD'}; 2861 } 2862 END_OF_FUNC 2863 2864 #### Method: content_type 2865 # Returns the content_type string 2866 #### 2867 'content_type' => <<'END_OF_FUNC', 2868 sub content_type { 2869 return $ENV{'CONTENT_TYPE'}; 2870 } 2871 END_OF_FUNC 2872 2873 #### Method: path_translated 2874 # Return the physical path information provided 2875 # by the URL (if any) 2876 #### 2877 'path_translated' => <<'END_OF_FUNC', 2878 sub path_translated { 2879 return $ENV{'PATH_TRANSLATED'}; 2880 } 2881 END_OF_FUNC 2882 2883 2884 #### Method: request_uri 2885 # Return the literal request URI 2886 #### 2887 'request_uri' => <<'END_OF_FUNC', 2888 sub request_uri { 2889 return $ENV{'REQUEST_URI'}; 2890 } 2891 END_OF_FUNC 2892 2893 2894 #### Method: query_string 2895 # Synthesize a query string from our current 2896 # parameters 2897 #### 2898 'query_string' => <<'END_OF_FUNC', 2899 sub query_string { 2900 my($self) = self_or_default(@_); 2901 my($param,$value,@pairs); 2902 foreach $param ($self->param) { 2903 my($eparam) = escape($param); 2904 foreach $value ($self->param($param)) { 2905 $value = escape($value); 2906 next unless defined $value; 2907 push(@pairs,"$eparam=$value"); 2908 } 2909 } 2910 foreach (keys %{$self->{'.fieldnames'}}) { 2911 push(@pairs,".cgifields=".escape("$_")); 2912 } 2913 return join($USE_PARAM_SEMICOLONS ? ';' : '&',@pairs); 2914 } 2915 END_OF_FUNC 2916 2917 2918 #### Method: accept 2919 # Without parameters, returns an array of the 2920 # MIME types the browser accepts. 2921 # With a single parameter equal to a MIME 2922 # type, will return undef if the browser won't 2923 # accept it, 1 if the browser accepts it but 2924 # doesn't give a preference, or a floating point 2925 # value between 0.0 and 1.0 if the browser 2926 # declares a quantitative score for it. 2927 # This handles MIME type globs correctly. 2928 #### 2929 'Accept' => <<'END_OF_FUNC', 2930 sub Accept { 2931 my($self,$search) = self_or_CGI(@_); 2932 my(%prefs,$type,$pref,$pat); 2933 2934 my(@accept) = split(',',$self->http('accept')); 2935 2936 foreach (@accept) { 2937 ($pref) = /q=(\d\.\d+|\d+)/; 2938 ($type) = m#(\S+/[^;]+)#; 2939 next unless $type; 2940 $prefs{$type}=$pref || 1; 2941 } 2942 2943 return keys %prefs unless $search; 2944 2945 # if a search type is provided, we may need to 2946 # perform a pattern matching operation. 2947 # The MIME types use a glob mechanism, which 2948 # is easily translated into a perl pattern match 2949 2950 # First return the preference for directly supported 2951 # types: 2952 return $prefs{$search} if $prefs{$search}; 2953 2954 # Didn't get it, so try pattern matching. 2955 foreach (keys %prefs) { 2956 next unless /\*/; # not a pattern match 2957 ($pat = $_) =~ s/([^\w*])/\\$1/g; # escape meta characters 2958 $pat =~ s/\*/.*/g; # turn it into a pattern 2959 return $prefs{$_} if $search=~/$pat/; 2960 } 2961 } 2962 END_OF_FUNC 2963 2964 2965 #### Method: user_agent 2966 # If called with no parameters, returns the user agent. 2967 # If called with one parameter, does a pattern match (case 2968 # insensitive) on the user agent. 2969 #### 2970 'user_agent' => <<'END_OF_FUNC', 2971 sub user_agent { 2972 my($self,$match)=self_or_CGI(@_); 2973 return $self->http('user_agent') unless $match; 2974 return $self->http('user_agent') =~ /$match/i; 2975 } 2976 END_OF_FUNC 2977 2978 2979 #### Method: raw_cookie 2980 # Returns the magic cookies for the session. 2981 # The cookies are not parsed or altered in any way, i.e. 2982 # cookies are returned exactly as given in the HTTP 2983 # headers. If a cookie name is given, only that cookie's 2984 # value is returned, otherwise the entire raw cookie 2985 # is returned. 2986 #### 2987 'raw_cookie' => <<'END_OF_FUNC', 2988 sub raw_cookie { 2989 my($self,$key) = self_or_CGI(@_); 2990 2991 require CGI::Cookie; 2992 2993 if (defined($key)) { 2994 $self->{'.raw_cookies'} = CGI::Cookie->raw_fetch 2995 unless $self->{'.raw_cookies'}; 2996 2997 return () unless $self->{'.raw_cookies'}; 2998 return () unless $self->{'.raw_cookies'}->{$key}; 2999 return $self->{'.raw_cookies'}->{$key}; 3000 } 3001 return $self->http('cookie') || $ENV{'COOKIE'} || ''; 3002 } 3003 END_OF_FUNC 3004 3005 #### Method: virtual_host 3006 # Return the name of the virtual_host, which 3007 # is not always the same as the server 3008 ###### 3009 'virtual_host' => <<'END_OF_FUNC', 3010 sub virtual_host { 3011 my $vh = http('x_forwarded_host') || http('host') || server_name(); 3012 $vh =~ s/:\d+$//; # get rid of port number 3013 return $vh; 3014 } 3015 END_OF_FUNC 3016 3017 #### Method: remote_host 3018 # Return the name of the remote host, or its IP 3019 # address if unavailable. If this variable isn't 3020 # defined, it returns "localhost" for debugging 3021 # purposes. 3022 #### 3023 'remote_host' => <<'END_OF_FUNC', 3024 sub remote_host { 3025 return $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'} 3026 || 'localhost'; 3027 } 3028 END_OF_FUNC 3029 3030 3031 #### Method: remote_addr 3032 # Return the IP addr of the remote host. 3033 #### 3034 'remote_addr' => <<'END_OF_FUNC', 3035 sub remote_addr { 3036 return $ENV{'REMOTE_ADDR'} || '127.0.0.1'; 3037 } 3038 END_OF_FUNC 3039 3040 3041 #### Method: script_name 3042 # Return the partial URL to this script for 3043 # self-referencing scripts. Also see 3044 # self_url(), which returns a URL with all state information 3045 # preserved. 3046 #### 3047 'script_name' => <<'END_OF_FUNC', 3048 sub script_name { 3049 my ($self,@p) = self_or_default(@_); 3050 if (@p) { 3051 $self->{'.script_name'} = shift @p; 3052 } elsif (!exists $self->{'.script_name'}) { 3053 my ($script_name,$path_info) = $self->_name_and_path_from_env(); 3054 $self->{'.script_name'} = $script_name; 3055 } 3056 return $self->{'.script_name'}; 3057 } 3058 END_OF_FUNC 3059 3060 3061 #### Method: referer 3062 # Return the HTTP_REFERER: useful for generating 3063 # a GO BACK button. 3064 #### 3065 'referer' => <<'END_OF_FUNC', 3066 sub referer { 3067 my($self) = self_or_CGI(@_); 3068 return $self->http('referer'); 3069 } 3070 END_OF_FUNC 3071 3072 3073 #### Method: server_name 3074 # Return the name of the server 3075 #### 3076 'server_name' => <<'END_OF_FUNC', 3077 sub server_name { 3078 return $ENV{'SERVER_NAME'} || 'localhost'; 3079 } 3080 END_OF_FUNC 3081 3082 #### Method: server_software 3083 # Return the name of the server software 3084 #### 3085 'server_software' => <<'END_OF_FUNC', 3086 sub server_software { 3087 return $ENV{'SERVER_SOFTWARE'} || 'cmdline'; 3088 } 3089 END_OF_FUNC 3090 3091 #### Method: virtual_port 3092 # Return the server port, taking virtual hosts into account 3093 #### 3094 'virtual_port' => <<'END_OF_FUNC', 3095 sub virtual_port { 3096 my($self) = self_or_default(@_); 3097 my $vh = $self->http('x_forwarded_host') || $self->http('host'); 3098 my $protocol = $self->protocol; 3099 if ($vh) { 3100 return ($vh =~ /:(\d+)$/)[0] || ($protocol eq 'https' ? 443 : 80); 3101 } else { 3102 return $self->server_port(); 3103 } 3104 } 3105 END_OF_FUNC 3106 3107 #### Method: server_port 3108 # Return the tcp/ip port the server is running on 3109 #### 3110 'server_port' => <<'END_OF_FUNC', 3111 sub server_port { 3112 return $ENV{'SERVER_PORT'} || 80; # for debugging 3113 } 3114 END_OF_FUNC 3115 3116 #### Method: server_protocol 3117 # Return the protocol (usually HTTP/1.0) 3118 #### 3119 'server_protocol' => <<'END_OF_FUNC', 3120 sub server_protocol { 3121 return $ENV{'SERVER_PROTOCOL'} || 'HTTP/1.0'; # for debugging 3122 } 3123 END_OF_FUNC 3124 3125 #### Method: http 3126 # Return the value of an HTTP variable, or 3127 # the list of variables if none provided 3128 #### 3129 'http' => <<'END_OF_FUNC', 3130 sub http { 3131 my ($self,$parameter) = self_or_CGI(@_); 3132 return $ENV{$parameter} if $parameter=~/^HTTP/; 3133 $parameter =~ tr/-/_/; 3134 return $ENV{"HTTP_\U$parameter\E"} if $parameter; 3135 my(@p); 3136 foreach (keys %ENV) { 3137 push(@p,$_) if /^HTTP/; 3138 } 3139 return @p; 3140 } 3141 END_OF_FUNC 3142 3143 #### Method: https 3144 # Return the value of HTTPS 3145 #### 3146 'https' => <<'END_OF_FUNC', 3147 sub https { 3148 local($^W)=0; 3149 my ($self,$parameter) = self_or_CGI(@_); 3150 return $ENV{HTTPS} unless $parameter; 3151 return $ENV{$parameter} if $parameter=~/^HTTPS/; 3152 $parameter =~ tr/-/_/; 3153 return $ENV{"HTTPS_\U$parameter\E"} if $parameter; 3154 my(@p); 3155 foreach (keys %ENV) { 3156 push(@p,$_) if /^HTTPS/; 3157 } 3158 return @p; 3159 } 3160 END_OF_FUNC 3161 3162 #### Method: protocol 3163 # Return the protocol (http or https currently) 3164 #### 3165 'protocol' => <<'END_OF_FUNC', 3166 sub protocol { 3167 local($^W)=0; 3168 my $self = shift; 3169 return 'https' if uc($self->https()) eq 'ON'; 3170 return 'https' if $self->server_port == 443; 3171 my $prot = $self->server_protocol; 3172 my($protocol,$version) = split('/',$prot); 3173 return "\L$protocol\E"; 3174 } 3175 END_OF_FUNC 3176 3177 #### Method: remote_ident 3178 # Return the identity of the remote user 3179 # (but only if his host is running identd) 3180 #### 3181 'remote_ident' => <<'END_OF_FUNC', 3182 sub remote_ident { 3183 return $ENV{'REMOTE_IDENT'}; 3184 } 3185 END_OF_FUNC 3186 3187 3188 #### Method: auth_type 3189 # Return the type of use verification/authorization in use, if any. 3190 #### 3191 'auth_type' => <<'END_OF_FUNC', 3192 sub auth_type { 3193 return $ENV{'AUTH_TYPE'}; 3194 } 3195 END_OF_FUNC 3196 3197 3198 #### Method: remote_user 3199 # Return the authorization name used for user 3200 # verification. 3201 #### 3202 'remote_user' => <<'END_OF_FUNC', 3203 sub remote_user { 3204 return $ENV{'REMOTE_USER'}; 3205 } 3206 END_OF_FUNC 3207 3208 3209 #### Method: user_name 3210 # Try to return the remote user's name by hook or by 3211 # crook 3212 #### 3213 'user_name' => <<'END_OF_FUNC', 3214 sub user_name { 3215 my ($self) = self_or_CGI(@_); 3216 return $self->http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'}; 3217 } 3218 END_OF_FUNC 3219 3220 #### Method: nosticky 3221 # Set or return the NOSTICKY global flag 3222 #### 3223 'nosticky' => <<'END_OF_FUNC', 3224 sub nosticky { 3225 my ($self,$param) = self_or_CGI(@_); 3226 $CGI::NOSTICKY = $param if defined($param); 3227 return $CGI::NOSTICKY; 3228 } 3229 END_OF_FUNC 3230 3231 #### Method: nph 3232 # Set or return the NPH global flag 3233 #### 3234 'nph' => <<'END_OF_FUNC', 3235 sub nph { 3236 my ($self,$param) = self_or_CGI(@_); 3237 $CGI::NPH = $param if defined($param); 3238 return $CGI::NPH; 3239 } 3240 END_OF_FUNC 3241 3242 #### Method: private_tempfiles 3243 # Set or return the private_tempfiles global flag 3244 #### 3245 'private_tempfiles' => <<'END_OF_FUNC', 3246 sub private_tempfiles { 3247 my ($self,$param) = self_or_CGI(@_); 3248 $CGI::PRIVATE_TEMPFILES = $param if defined($param); 3249 return $CGI::PRIVATE_TEMPFILES; 3250 } 3251 END_OF_FUNC 3252 #### Method: close_upload_files 3253 # Set or return the close_upload_files global flag 3254 #### 3255 'close_upload_files' => <<'END_OF_FUNC', 3256 sub close_upload_files { 3257 my ($self,$param) = self_or_CGI(@_); 3258 $CGI::CLOSE_UPLOAD_FILES = $param if defined($param); 3259 return $CGI::CLOSE_UPLOAD_FILES; 3260 } 3261 END_OF_FUNC 3262 3263 3264 #### Method: default_dtd 3265 # Set or return the default_dtd global 3266 #### 3267 'default_dtd' => <<'END_OF_FUNC', 3268 sub default_dtd { 3269 my ($self,$param,$param2) = self_or_CGI(@_); 3270 if (defined $param2 && defined $param) { 3271 $CGI::DEFAULT_DTD = [ $param, $param2 ]; 3272 } elsif (defined $param) { 3273 $CGI::DEFAULT_DTD = $param; 3274 } 3275 return $CGI::DEFAULT_DTD; 3276 } 3277 END_OF_FUNC 3278 3279 # -------------- really private subroutines ----------------- 3280 'previous_or_default' => <<'END_OF_FUNC', 3281 sub previous_or_default { 3282 my($self,$name,$defaults,$override) = @_; 3283 my(%selected); 3284 3285 if (!$override && ($self->{'.fieldnames'}->{$name} || 3286 defined($self->param($name)) ) ) { 3287 grep($selected{$_}++,$self->param($name)); 3288 } elsif (defined($defaults) && ref($defaults) && 3289 (ref($defaults) eq 'ARRAY')) { 3290 grep($selected{$_}++,@{$defaults}); 3291 } else { 3292 $selected{$defaults}++ if defined($defaults); 3293 } 3294 3295 return %selected; 3296 } 3297 END_OF_FUNC 3298 3299 'register_parameter' => <<'END_OF_FUNC', 3300 sub register_parameter { 3301 my($self,$param) = @_; 3302 $self->{'.parametersToAdd'}->{$param}++; 3303 } 3304 END_OF_FUNC 3305 3306 'get_fields' => <<'END_OF_FUNC', 3307 sub get_fields { 3308 my($self) = @_; 3309 return $self->CGI::hidden('-name'=>'.cgifields', 3310 '-values'=>[keys %{$self->{'.parametersToAdd'}}], 3311 '-override'=>1); 3312 } 3313 END_OF_FUNC 3314 3315 'read_from_cmdline' => <<'END_OF_FUNC', 3316 sub read_from_cmdline { 3317 my($input,@words); 3318 my($query_string); 3319 my($subpath); 3320 if ($DEBUG && @ARGV) { 3321 @words = @ARGV; 3322 } elsif ($DEBUG > 1) { 3323 require "shellwords.pl"; 3324 print STDERR "(offline mode: enter name=value pairs on standard input; press ^D or ^Z when done)\n"; 3325 chomp(@lines = <STDIN>); # remove newlines 3326 $input = join(" ",@lines); 3327 @words = &shellwords($input); 3328 } 3329 foreach (@words) { 3330 s/\\=/%3D/g; 3331 s/\\&/%26/g; 3332 } 3333 3334 if ("@words"=~/=/) { 3335 $query_string = join('&',@words); 3336 } else { 3337 $query_string = join('+',@words); 3338 } 3339 if ($query_string =~ /^(.*?)\?(.*)$/) 3340 { 3341 $query_string = $2; 3342 $subpath = $1; 3343 } 3344 return { 'query_string' => $query_string, 'subpath' => $subpath }; 3345 } 3346 END_OF_FUNC 3347 3348 ##### 3349 # subroutine: read_multipart 3350 # 3351 # Read multipart data and store it into our parameters. 3352 # An interesting feature is that if any of the parts is a file, we 3353 # create a temporary file and open up a filehandle on it so that the 3354 # caller can read from it if necessary. 3355 ##### 3356 'read_multipart' => <<'END_OF_FUNC', 3357 sub read_multipart { 3358 my($self,$boundary,$length) = @_; 3359 my($buffer) = $self->new_MultipartBuffer($boundary,$length); 3360 return unless $buffer; 3361 my(%header,$body); 3362 my $filenumber = 0; 3363 while (!$buffer->eof) { 3364 %header = $buffer->readHeader; 3365 3366 unless (%header) { 3367 $self->cgi_error("400 Bad request (malformed multipart POST)"); 3368 return; 3369 } 3370 3371 my($param)= $header{'Content-Disposition'}=~/ name="([^"]*)"/; 3372 $param .= $TAINTED; 3373 3374 # Bug: Netscape doesn't escape quotation marks in file names!!! 3375 my($filename) = $header{'Content-Disposition'}=~/ filename="([^"]*)"/; 3376 # Test for Opera's multiple upload feature 3377 my($multipart) = ( defined( $header{'Content-Type'} ) && 3378 $header{'Content-Type'} =~ /multipart\/mixed/ ) ? 3379 1 : 0; 3380 3381 # add this parameter to our list 3382 $self->add_parameter($param); 3383 3384 # If no filename specified, then just read the data and assign it 3385 # to our parameter list. 3386 if ( ( !defined($filename) || $filename eq '' ) && !$multipart ) { 3387 my($value) = $buffer->readBody; 3388 $value .= $TAINTED; 3389 push(@{$self->{$param}},$value); 3390 next; 3391 } 3392 3393 my ($tmpfile,$tmp,$filehandle); 3394 UPLOADS: { 3395 # If we get here, then we are dealing with a potentially large 3396 # uploaded form. Save the data to a temporary file, then open 3397 # the file for reading. 3398 3399 # skip the file if uploads disabled 3400 if ($DISABLE_UPLOADS) { 3401 while (defined($data = $buffer->read)) { } 3402 last UPLOADS; 3403 } 3404 3405 # set the filename to some recognizable value 3406 if ( ( !defined($filename) || $filename eq '' ) && $multipart ) { 3407 $filename = "multipart/mixed"; 3408 } 3409 3410 # choose a relatively unpredictable tmpfile sequence number 3411 my $seqno = unpack("%16C*",join('',localtime,grep {defined $_} values %ENV)); 3412 for (my $cnt=10;$cnt>0;$cnt--) { 3413 next unless $tmpfile = new CGITempFile($seqno); 3414 $tmp = $tmpfile->as_string; 3415 last if defined($filehandle = Fh->new($filename,$tmp,$PRIVATE_TEMPFILES)); 3416 $seqno += int rand(100); 3417 } 3418 die "CGI open of tmpfile: $!\n" unless defined $filehandle; 3419 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode 3420 && defined fileno($filehandle); 3421 3422 # if this is an multipart/mixed attachment, save the header 3423 # together with the body for later parsing with an external 3424 # MIME parser module 3425 if ( $multipart ) { 3426 foreach ( keys %header ) { 3427 print $filehandle "$_: $header{$_}$CRLF}"; 3428 } 3429 print $filehandle "$CRLF}"; 3430 } 3431 3432 my ($data); 3433 local($\) = ''; 3434 my $totalbytes; 3435 while (defined($data = $buffer->read)) { 3436 if (defined $self->{'.upload_hook'}) 3437 { 3438 $totalbytes += length($data); 3439 &{$self->{'.upload_hook'}}($filename ,$data, $totalbytes, $self->{'.upload_data'}); 3440 } 3441 print $filehandle $data if ($self->{'use_tempfile'}); 3442 } 3443 3444 # back up to beginning of file 3445 seek($filehandle,0,0); 3446 3447 ## Close the filehandle if requested this allows a multipart MIME 3448 ## upload to contain many files, and we won't die due to too many 3449 ## open file handles. The user can access the files using the hash 3450 ## below. 3451 close $filehandle if $CLOSE_UPLOAD_FILES; 3452 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode; 3453 3454 # Save some information about the uploaded file where we can get 3455 # at it later. 3456 # Use the typeglob as the key, as this is guaranteed to be 3457 # unique for each filehandle. Don't use the file descriptor as 3458 # this will be re-used for each filehandle if the 3459 # close_upload_files feature is used. 3460 $self->{'.tmpfiles'}->{$$filehandle}= { 3461 hndl => $filehandle, 3462 name => $tmpfile, 3463 info => {%header}, 3464 }; 3465 push(@{$self->{$param}},$filehandle); 3466 } 3467 } 3468 } 3469 END_OF_FUNC 3470 3471 ##### 3472 # subroutine: read_multipart_related 3473 # 3474 # Read multipart/related data and store it into our parameters. The 3475 # first parameter sets the start of the data. The part identified by 3476 # this Content-ID will not be stored as a file upload, but will be 3477 # returned by this method. All other parts will be available as file 3478 # uploads accessible by their Content-ID 3479 ##### 3480 'read_multipart_related' => <<'END_OF_FUNC', 3481 sub read_multipart_related { 3482 my($self,$start,$boundary,$length) = @_; 3483 my($buffer) = $self->new_MultipartBuffer($boundary,$length); 3484 return unless $buffer; 3485 my(%header,$body); 3486 my $filenumber = 0; 3487 my $returnvalue; 3488 while (!$buffer->eof) { 3489 %header = $buffer->readHeader; 3490 3491 unless (%header) { 3492 $self->cgi_error("400 Bad request (malformed multipart POST)"); 3493 return; 3494 } 3495 3496 my($param) = $header{'Content-ID'}=~/\<([^\>]*)\>/; 3497 $param .= $TAINTED; 3498 3499 # If this is the start part, then just read the data and assign it 3500 # to our return variable. 3501 if ( $param eq $start ) { 3502 $returnvalue = $buffer->readBody; 3503 $returnvalue .= $TAINTED; 3504 next; 3505 } 3506 3507 # add this parameter to our list 3508 $self->add_parameter($param); 3509 3510 my ($tmpfile,$tmp,$filehandle); 3511 UPLOADS: { 3512 # If we get here, then we are dealing with a potentially large 3513 # uploaded form. Save the data to a temporary file, then open 3514 # the file for reading. 3515 3516 # skip the file if uploads disabled 3517 if ($DISABLE_UPLOADS) { 3518 while (defined($data = $buffer->read)) { } 3519 last UPLOADS; 3520 } 3521 3522 # choose a relatively unpredictable tmpfile sequence number 3523 my $seqno = unpack("%16C*",join('',localtime,grep {defined $_} values %ENV)); 3524 for (my $cnt=10;$cnt>0;$cnt--) { 3525 next unless $tmpfile = new CGITempFile($seqno); 3526 $tmp = $tmpfile->as_string; 3527 last if defined($filehandle = Fh->new($param,$tmp,$PRIVATE_TEMPFILES)); 3528 $seqno += int rand(100); 3529 } 3530 die "CGI open of tmpfile: $!\n" unless defined $filehandle; 3531 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode 3532 && defined fileno($filehandle); 3533 3534 my ($data); 3535 local($\) = ''; 3536 my $totalbytes; 3537 while (defined($data = $buffer->read)) { 3538 if (defined $self->{'.upload_hook'}) 3539 { 3540 $totalbytes += length($data); 3541 &{$self->{'.upload_hook'}}($param ,$data, $totalbytes, $self->{'.upload_data'}); 3542 } 3543 print $filehandle $data if ($self->{'use_tempfile'}); 3544 } 3545 3546 # back up to beginning of file 3547 seek($filehandle,0,0); 3548 3549 ## Close the filehandle if requested this allows a multipart MIME 3550 ## upload to contain many files, and we won't die due to too many 3551 ## open file handles. The user can access the files using the hash 3552 ## below. 3553 close $filehandle if $CLOSE_UPLOAD_FILES; 3554 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode; 3555 3556 # Save some information about the uploaded file where we can get 3557 # at it later. 3558 # Use the typeglob as the key, as this is guaranteed to be 3559 # unique for each filehandle. Don't use the file descriptor as 3560 # this will be re-used for each filehandle if the 3561 # close_upload_files feature is used. 3562 $self->{'.tmpfiles'}->{$$filehandle}= { 3563 hndl => $filehandle, 3564 name => $tmpfile, 3565 info => {%header}, 3566 }; 3567 push(@{$self->{$param}},$filehandle); 3568 } 3569 } 3570 return $returnvalue; 3571 } 3572 END_OF_FUNC 3573 3574 3575 'upload' =><<'END_OF_FUNC', 3576 sub upload { 3577 my($self,$param_name) = self_or_default(@_); 3578 my @param = grep {ref($_) && defined(fileno($_))} $self->param($param_name); 3579 return unless @param; 3580 return wantarray ? @param : $param[0]; 3581 } 3582 END_OF_FUNC 3583 3584 'tmpFileName' => <<'END_OF_FUNC', 3585 sub tmpFileName { 3586 my($self,$filename) = self_or_default(@_); 3587 return $self->{'.tmpfiles'}->{$$filename}->{name} ? 3588 $self->{'.tmpfiles'}->{$$filename}->{name}->as_string 3589 : ''; 3590 } 3591 END_OF_FUNC 3592 3593 'uploadInfo' => <<'END_OF_FUNC', 3594 sub uploadInfo { 3595 my($self,$filename) = self_or_default(@_); 3596 return $self->{'.tmpfiles'}->{$$filename}->{info}; 3597 } 3598 END_OF_FUNC 3599 3600 # internal routine, don't use 3601 '_set_values_and_labels' => <<'END_OF_FUNC', 3602 sub _set_values_and_labels { 3603 my $self = shift; 3604 my ($v,$l,$n) = @_; 3605 $$l = $v if ref($v) eq 'HASH' && !ref($$l); 3606 return $self->param($n) if !defined($v); 3607 return $v if !ref($v); 3608 return ref($v) eq 'HASH' ? keys %$v : @$v; 3609 } 3610 END_OF_FUNC 3611 3612 # internal routine, don't use 3613 '_set_attributes' => <<'END_OF_FUNC', 3614 sub _set_attributes { 3615 my $self = shift; 3616 my($element, $attributes) = @_; 3617 return '' unless defined($attributes->{$element}); 3618 $attribs = ' '; 3619 foreach my $attrib (keys %{$attributes->{$element}}) { 3620 (my $clean_attrib = $attrib) =~ s/^-//; 3621 $attribs .= "@{[lc($clean_attrib)]}=\"$attributes->{$element}{$attrib}\" "; 3622 } 3623 $attribs =~ s/ $//; 3624 return $attribs; 3625 } 3626 END_OF_FUNC 3627 3628 '_compile_all' => <<'END_OF_FUNC', 3629 sub _compile_all { 3630 foreach (@_) { 3631 next if defined(&$_); 3632 $AUTOLOAD = "CGI::$_"; 3633 _compile(); 3634 } 3635 } 3636 END_OF_FUNC 3637 3638 ); 3639 END_OF_AUTOLOAD 3640 ; 3641 3642 ######################################################### 3643 # Globals and stubs for other packages that we use. 3644 ######################################################### 3645 3646 ################### Fh -- lightweight filehandle ############### 3647 package Fh; 3648 use overload 3649 '""' => \&asString, 3650 'cmp' => \&compare, 3651 'fallback'=>1; 3652 3653 $FH='fh00000'; 3654 3655 *Fh::AUTOLOAD = \&CGI::AUTOLOAD; 3656 3657 sub DESTROY { 3658 my $self = shift; 3659 close $self; 3660 } 3661 3662 $AUTOLOADED_ROUTINES = ''; # prevent -w error 3663 $AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD'; 3664 %SUBS = ( 3665 'asString' => <<'END_OF_FUNC', 3666 sub asString { 3667 my $self = shift; 3668 # get rid of package name 3669 (my $i = $$self) =~ s/^\*(\w+::fh\d{5})+//; 3670 $i =~ s/%(..)/ chr(hex($1)) /eg; 3671 return $i.$CGI::TAINTED; 3672 # BEGIN DEAD CODE 3673 # This was an extremely clever patch that allowed "use strict refs". 3674 # Unfortunately it relied on another bug that caused leaky file descriptors. 3675 # The underlying bug has been fixed, so this no longer works. However 3676 # "strict refs" still works for some reason. 3677 # my $self = shift; 3678 # return ${*{$self}{SCALAR}}; 3679 # END DEAD CODE 3680 } 3681 END_OF_FUNC 3682 3683 'compare' => <<'END_OF_FUNC', 3684 sub compare { 3685 my $self = shift; 3686 my $value = shift; 3687 return "$self" cmp $value; 3688 } 3689 END_OF_FUNC 3690 3691 'new' => <<'END_OF_FUNC', 3692 sub new { 3693 my($pack,$name,$file,$delete) = @_; 3694 _setup_symbols(@SAVED_SYMBOLS) if @SAVED_SYMBOLS; 3695 require Fcntl unless defined &Fcntl::O_RDWR; 3696 (my $safename = $name) =~ s/([':%])/ sprintf '%%%02X', ord $1 /eg; 3697 my $fv = ++$FH . $safename; 3698 my $ref = \*{"Fh::$fv"}; 3699 $file =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return; 3700 my $safe = $1; 3701 sysopen($ref,$safe,Fcntl::O_RDWR()|Fcntl::O_CREAT()|Fcntl::O_EXCL(),0600) || return; 3702 unlink($safe) if $delete; 3703 CORE::delete $Fh::{$fv}; 3704 return bless $ref,$pack; 3705 } 3706 END_OF_FUNC 3707 3708 ); 3709 END_OF_AUTOLOAD 3710 3711 ######################## MultipartBuffer #################### 3712 package MultipartBuffer; 3713 3714 use constant DEBUG => 0; 3715 3716 # how many bytes to read at a time. We use 3717 # a 4K buffer by default. 3718 $INITIAL_FILLUNIT = 1024 * 4; 3719 $TIMEOUT = 240*60; # 4 hour timeout for big files 3720 $SPIN_LOOP_MAX = 2000; # bug fix for some Netscape servers 3721 $CRLF=$CGI::CRLF; 3722 3723 #reuse the autoload function 3724 *MultipartBuffer::AUTOLOAD = \&CGI::AUTOLOAD; 3725 3726 # avoid autoloader warnings 3727 sub DESTROY {} 3728 3729 ############################################################################### 3730 ################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND #################### 3731 ############################################################################### 3732 $AUTOLOADED_ROUTINES = ''; # prevent -w error 3733 $AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD'; 3734 %SUBS = ( 3735 3736 'new' => <<'END_OF_FUNC', 3737 sub new { 3738 my($package,$interface,$boundary,$length) = @_; 3739 $FILLUNIT = $INITIAL_FILLUNIT; 3740 $CGI::DefaultClass->binmode($IN); # if $CGI::needs_binmode; # just do it always 3741 3742 # If the user types garbage into the file upload field, 3743 # then Netscape passes NOTHING to the server (not good). 3744 # We may hang on this read in that case. So we implement 3745 # a read timeout. If nothing is ready to read 3746 # by then, we return. 3747 3748 # Netscape seems to be a little bit unreliable 3749 # about providing boundary strings. 3750 my $boundary_read = 0; 3751 if ($boundary) { 3752 3753 # Under the MIME spec, the boundary consists of the 3754 # characters "--" PLUS the Boundary string 3755 3756 # BUG: IE 3.01 on the Macintosh uses just the boundary -- not 3757 # the two extra hyphens. We do a special case here on the user-agent!!!! 3758 $boundary = "--$boundary" unless CGI::user_agent('MSIE\s+3\.0[12];\s*Mac|DreamPassport'); 3759 3760 } else { # otherwise we find it ourselves 3761 my($old); 3762 ($old,$/) = ($/,$CRLF); # read a CRLF-delimited line 3763 $boundary = <STDIN>; # BUG: This won't work correctly under mod_perl 3764 $length -= length($boundary); 3765 chomp($boundary); # remove the CRLF 3766 $/ = $old; # restore old line separator 3767 $boundary_read++; 3768 } 3769 3770 my $self = {LENGTH=>$length, 3771 CHUNKED=>!defined $length, 3772 BOUNDARY=>$boundary, 3773 INTERFACE=>$interface, 3774 BUFFER=>'', 3775 }; 3776 3777 $FILLUNIT = length($boundary) 3778 if length($boundary) > $FILLUNIT; 3779 3780 my $retval = bless $self,ref $package || $package; 3781 3782 # Read the preamble and the topmost (boundary) line plus the CRLF. 3783 unless ($boundary_read) { 3784 while ($self->read(0)) { } 3785 } 3786 die "Malformed multipart POST: data truncated\n" if $self->eof; 3787 3788 return $retval; 3789 } 3790 END_OF_FUNC 3791 3792 'readHeader' => <<'END_OF_FUNC', 3793 sub readHeader { 3794 my($self) = @_; 3795 my($end); 3796 my($ok) = 0; 3797 my($bad) = 0; 3798 3799 local($CRLF) = "\015\012" if $CGI::OS eq 'VMS' || $CGI::EBCDIC; 3800 3801 do { 3802 $self->fillBuffer($FILLUNIT); 3803 $ok++ if ($end = index($self->{BUFFER},"$CRLF}$CRLF}")) >= 0; 3804 $ok++ if $self->{BUFFER} eq ''; 3805 $bad++ if !$ok && $self->{LENGTH} <= 0; 3806 # this was a bad idea 3807 # $FILLUNIT *= 2 if length($self->{BUFFER}) >= $FILLUNIT; 3808 } until $ok || $bad; 3809 return () if $bad; 3810 3811 #EBCDIC NOTE: translate header into EBCDIC, but watch out for continuation lines! 3812 3813 my($header) = substr($self->{BUFFER},0,$end+2); 3814 substr($self->{BUFFER},0,$end+4) = ''; 3815 my %return; 3816 3817 if ($CGI::EBCDIC) { 3818 warn "untranslated header=$header\n" if DEBUG; 3819 $header = CGI::Util::ascii2ebcdic($header); 3820 warn "translated header=$header\n" if DEBUG; 3821 } 3822 3823 # See RFC 2045 Appendix A and RFC 822 sections 3.4.8 3824 # (Folding Long Header Fields), 3.4.3 (Comments) 3825 # and 3.4.5 (Quoted-Strings). 3826 3827 my $token = '[-\w!\#$%&\'*+.^_\`|{}~]'; 3828 $header=~s/$CRLF\s+/ /og; # merge continuation lines 3829 3830 while ($header=~/($token+):\s+([^$CRLF]*)/mgox) { 3831 my ($field_name,$field_value) = ($1,$2); 3832 $field_name =~ s/\b(\w)/uc($1)/eg; #canonicalize 3833 $return{$field_name}=$field_value; 3834 } 3835 return %return; 3836 } 3837 END_OF_FUNC 3838 3839 # This reads and returns the body as a single scalar value. 3840 'readBody' => <<'END_OF_FUNC', 3841 sub readBody { 3842 my($self) = @_; 3843 my($data); 3844 my($returnval)=''; 3845 3846 #EBCDIC NOTE: want to translate returnval into EBCDIC HERE 3847 3848 while (defined($data = $self->read)) { 3849 $returnval .= $data; 3850 } 3851 3852 if ($CGI::EBCDIC) { 3853 warn "untranslated body=$returnval\n" if DEBUG; 3854 $returnval = CGI::Util::ascii2ebcdic($returnval); 3855 warn "translated body=$returnval\n" if DEBUG; 3856 } 3857 return $returnval; 3858 } 3859 END_OF_FUNC 3860 3861 # This will read $bytes or until the boundary is hit, whichever happens 3862 # first. After the boundary is hit, we return undef. The next read will 3863 # skip over the boundary and begin reading again; 3864 'read' => <<'END_OF_FUNC', 3865 sub read { 3866 my($self,$bytes) = @_; 3867 3868 # default number of bytes to read 3869 $bytes = $bytes || $FILLUNIT; 3870 3871 # Fill up our internal buffer in such a way that the boundary 3872 # is never split between reads. 3873 $self->fillBuffer($bytes); 3874 3875 my $boundary_start = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY}) : $self->{BOUNDARY}; 3876 my $boundary_end = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY}.'--') : $self->{BOUNDARY}.'--'; 3877 3878 # Find the boundary in the buffer (it may not be there). 3879 my $start = index($self->{BUFFER},$boundary_start); 3880 3881 warn "boundary=$self->{BOUNDARY} length=$self->{LENGTH} start=$start\n" if DEBUG; 3882 3883 # protect against malformed multipart POST operations 3884 die "Malformed multipart POST\n" unless $self->{CHUNKED} || ($start >= 0 || $self->{LENGTH} > 0); 3885 3886 #EBCDIC NOTE: want to translate boundary search into ASCII here. 3887 3888 # If the boundary begins the data, then skip past it 3889 # and return undef. 3890 if ($start == 0) { 3891 3892 # clear us out completely if we've hit the last boundary. 3893 if (index($self->{BUFFER},$boundary_end)==0) { 3894 $self->{BUFFER}=''; 3895 $self->{LENGTH}=0; 3896 return undef; 3897 } 3898 3899 # just remove the boundary. 3900 substr($self->{BUFFER},0,length($boundary_start))=''; 3901 $self->{BUFFER} =~ s/^\012\015?//; 3902 return undef; 3903 } 3904 3905 my $bytesToReturn; 3906 if ($start > 0) { # read up to the boundary 3907 $bytesToReturn = $start-2 > $bytes ? $bytes : $start; 3908 } else { # read the requested number of bytes 3909 # leave enough bytes in the buffer to allow us to read 3910 # the boundary. Thanks to Kevin Hendrick for finding 3911 # this one. 3912 $bytesToReturn = $bytes - (length($boundary_start)+1); 3913 } 3914 3915 my $returnval=substr($self->{BUFFER},0,$bytesToReturn); 3916 substr($self->{BUFFER},0,$bytesToReturn)=''; 3917 3918 # If we hit the boundary, remove the CRLF from the end. 3919 return ($bytesToReturn==$start) 3920 ? substr($returnval,0,-2) : $returnval; 3921 } 3922 END_OF_FUNC 3923 3924 3925 # This fills up our internal buffer in such a way that the 3926 # boundary is never split between reads 3927 'fillBuffer' => <<'END_OF_FUNC', 3928 sub fillBuffer { 3929 my($self,$bytes) = @_; 3930 return unless $self->{CHUNKED} || $self->{LENGTH}; 3931 3932 my($boundaryLength) = length($self->{BOUNDARY}); 3933 my($bufferLength) = length($self->{BUFFER}); 3934 my($bytesToRead) = $bytes - $bufferLength + $boundaryLength + 2; 3935 $bytesToRead = $self->{LENGTH} if !$self->{CHUNKED} && $self->{LENGTH} < $bytesToRead; 3936 3937 # Try to read some data. We may hang here if the browser is screwed up. 3938 my $bytesRead = $self->{INTERFACE}->read_from_client(\$self->{BUFFER}, 3939 $bytesToRead, 3940 $bufferLength); 3941 warn "bytesToRead=$bytesToRead, bufferLength=$bufferLength, buffer=$self->{BUFFER}\n" if DEBUG; 3942 $self->{BUFFER} = '' unless defined $self->{BUFFER}; 3943 3944 # An apparent bug in the Apache server causes the read() 3945 # to return zero bytes repeatedly without blocking if the 3946 # remote user aborts during a file transfer. I don't know how 3947 # they manage this, but the workaround is to abort if we get 3948 # more than SPIN_LOOP_MAX consecutive zero reads. 3949 if ($bytesRead <= 0) { 3950 die "CGI.pm: Server closed socket during multipart read (client aborted?).\n" 3951 if ($self->{ZERO_LOOP_COUNTER}++ >= $SPIN_LOOP_MAX); 3952 } else { 3953 $self->{ZERO_LOOP_COUNTER}=0; 3954 } 3955 3956 $self->{LENGTH} -= $bytesRead if !$self->{CHUNKED} && $bytesRead; 3957 } 3958 END_OF_FUNC 3959 3960 3961 # Return true when we've finished reading 3962 'eof' => <<'END_OF_FUNC' 3963 sub eof { 3964 my($self) = @_; 3965 return 1 if (length($self->{BUFFER}) == 0) 3966 && ($self->{LENGTH} <= 0); 3967 undef; 3968 } 3969 END_OF_FUNC 3970 3971 ); 3972 END_OF_AUTOLOAD 3973 3974 #################################################################################### 3975 ################################## TEMPORARY FILES ################################# 3976 #################################################################################### 3977 package CGITempFile; 3978 3979 sub find_tempdir { 3980 $SL = $CGI::SL; 3981 $MAC = $CGI::OS eq 'MACINTOSH'; 3982 my ($vol) = $MAC ? MacPerl::Volumes() =~ /:(.*)/ : ""; 3983 unless (defined $TMPDIRECTORY) { 3984 @TEMP=("$SL}usr$SL}tmp","$SL}var$SL}tmp", 3985 "C:$SL}temp","$SL}tmp","$SL}temp", 3986 "$vol}$SL}Temporary Items", 3987 "$SL}WWW_ROOT", "$SL}SYS\$SCRATCH", 3988 "C:$SL}system$SL}temp"); 3989 unshift(@TEMP,$ENV{'TMPDIR'}) if defined $ENV{'TMPDIR'}; 3990 3991 # this feature was supposed to provide per-user tmpfiles, but 3992 # it is problematic. 3993 # unshift(@TEMP,(getpwuid($<))[7].'/tmp') if $CGI::OS eq 'UNIX'; 3994 # Rob: getpwuid() is unfortunately UNIX specific. On brain dead OS'es this 3995 # : can generate a 'getpwuid() not implemented' exception, even though 3996 # : it's never called. Found under DOS/Win with the DJGPP perl port. 3997 # : Refer to getpwuid() only at run-time if we're fortunate and have UNIX. 3998 # unshift(@TEMP,(eval {(getpwuid($>))[7]}).'/tmp') if $CGI::OS eq 'UNIX' and $> != 0; 3999 4000 foreach (@TEMP) { 4001 do {$TMPDIRECTORY = $_; last} if -d $_ && -w _; 4002 } 4003 } 4004 $TMPDIRECTORY = $MAC ? "" : "." unless $TMPDIRECTORY; 4005 } 4006 4007 find_tempdir(); 4008 4009 $MAXTRIES = 5000; 4010 4011 # cute feature, but overload implementation broke it 4012 # %OVERLOAD = ('""'=>'as_string'); 4013 *CGITempFile::AUTOLOAD = \&CGI::AUTOLOAD; 4014 4015 sub DESTROY { 4016 my($self) = @_; 4017 $$self =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return; 4018 my $safe = $1; # untaint operation 4019 unlink $safe; # get rid of the file 4020 } 4021 4022 ############################################################################### 4023 ################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND #################### 4024 ############################################################################### 4025 $AUTOLOADED_ROUTINES = ''; # prevent -w error 4026 $AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD'; 4027 %SUBS = ( 4028 4029 'new' => <<'END_OF_FUNC', 4030 sub new { 4031 my($package,$sequence) = @_; 4032 my $filename; 4033 find_tempdir() unless -w $TMPDIRECTORY; 4034 for (my $i = 0; $i < $MAXTRIES; $i++) { 4035 last if ! -f ($filename = sprintf("$TMPDIRECTORY}$SL}CGItemp%d",$sequence++)); 4036 } 4037 # check that it is a more-or-less valid filename 4038 return unless $filename =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$!; 4039 # this used to untaint, now it doesn't 4040 # $filename = $1; 4041 return bless \$filename; 4042 } 4043 END_OF_FUNC 4044 4045 'as_string' => <<'END_OF_FUNC' 4046 sub as_string { 4047 my($self) = @_; 4048 return $$self; 4049 } 4050 END_OF_FUNC 4051 4052 ); 4053 END_OF_AUTOLOAD 4054 4055 package CGI; 4056 4057 # We get a whole bunch of warnings about "possibly uninitialized variables" 4058 # when running with the -w switch. Touch them all once to get rid of the 4059 # warnings. This is ugly and I hate it. 4060 if ($^W) { 4061 $CGI::CGI = ''; 4062 $CGI::CGI=<<EOF; 4063 $CGI::VERSION; 4064 $MultipartBuffer::SPIN_LOOP_MAX; 4065 $MultipartBuffer::CRLF; 4066 $MultipartBuffer::TIMEOUT; 4067 $MultipartBuffer::INITIAL_FILLUNIT; 4068 EOF 4069 ; 4070 } 4071 4072 1; 4073 4074 __END__ 4075 4076 =head1 NAME 4077 4078 CGI - Simple Common Gateway Interface Class 4079 4080 =head1 SYNOPSIS 4081 4082 # CGI script that creates a fill-out form 4083 # and echoes back its values. 4084 4085 use CGI qw/:standard/; 4086 print header, 4087 start_html('A Simple Example'), 4088 h1('A Simple Example'), 4089 start_form, 4090 "What's your name? ",textfield('name'),p, 4091 "What's the combination?", p, 4092 checkbox_group(-name=>'words', 4093 -values=>['eenie','meenie','minie','moe'], 4094 -defaults=>['eenie','minie']), p, 4095 "What's your favorite color? ", 4096 popup_menu(-name=>'color', 4097 -values=>['red','green','blue','chartreuse']),p, 4098 submit, 4099 end_form, 4100 hr; 4101 4102 if (param()) { 4103 my $name = param('name'); 4104 my $keywords = join ', ',param('words'); 4105 my $color = param('color'); 4106 print "Your name is",em(escapeHTML($name)),p, 4107 "The keywords are: ",em(escapeHTML($keywords)),p, 4108 "Your favorite color is ",em(escapeHTML($color)), 4109 hr; 4110 } 4111 4112 =head1 ABSTRACT 4113 4114 This perl library uses perl5 objects to make it easy to create Web 4115 fill-out forms and parse their contents. This package defines CGI 4116 objects, entities that contain the values of the current query string 4117 and other state variables. Using a CGI object's methods, you can 4118 examine keywords and parameters passed to your script, and create 4119 forms whose initial values are taken from the current query (thereby 4120 preserving state information). The module provides shortcut functions 4121 that produce boilerplate HTML, reducing typing and coding errors. It 4122 also provides functionality for some of the more advanced features of 4123 CGI scripting, including support for file uploads, cookies, cascading 4124 style sheets, server push, and frames. 4125 4126 CGI.pm also provides a simple function-oriented programming style for 4127 those who don't need its object-oriented features. 4128 4129 The current version of CGI.pm is available at 4130 4131 http://www.genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html 4132 ftp://ftp-genome.wi.mit.edu/pub/software/WWW/ 4133 4134 =head1 DESCRIPTION 4135 4136 =head2 PROGRAMMING STYLE 4137 4138 There are two styles of programming with CGI.pm, an object-oriented 4139 style and a function-oriented style. In the object-oriented style you 4140 create one or more CGI objects and then use object methods to create 4141 the various elements of the page. Each CGI object starts out with the 4142 list of named parameters that were passed to your CGI script by the 4143 server. You can modify the objects, save them to a file or database 4144 and recreate them. Because each object corresponds to the "state" of 4145 the CGI script, and because each object's parameter list is 4146 independent of the others, this allows you to save the state of the 4147 script and restore it later. 4148 4149 For example, using the object oriented style, here is how you create 4150 a simple "Hello World" HTML page: 4151 4152 #!/usr/local/bin/perl -w 4153 use CGI; # load CGI routines 4154 $q = new CGI; # create new CGI object 4155 print $q->header, # create the HTTP header 4156 $q->start_html('hello world'), # start the HTML 4157 $q->h1('hello world'), # level 1 header 4158 $q->end_html; # end the HTML 4159 4160 In the function-oriented style, there is one default CGI object that 4161 you rarely deal with directly. Instead you just call functions to 4162 retrieve CGI parameters, create HTML tags, manage cookies, and so 4163 on. This provides you with a cleaner programming interface, but 4164 limits you to using one CGI object at a time. The following example 4165 prints the same page, but uses the function-oriented interface. 4166 The main differences are that we now need to import a set of functions 4167 into our name space (usually the "standard" functions), and we don't 4168 need to create the CGI object. 4169 4170 #!/usr/local/bin/perl 4171 use CGI qw/:standard/; # load standard CGI routines 4172 print header, # create the HTTP header 4173 start_html('hello world'), # start the HTML 4174 h1('hello world'), # level 1 header 4175 end_html; # end the HTML 4176 4177 The examples in this document mainly use the object-oriented style. 4178 See HOW TO IMPORT FUNCTIONS for important information on 4179 function-oriented programming in CGI.pm 4180 4181 =head2 CALLING CGI.PM ROUTINES 4182 4183 Most CGI.pm routines accept several arguments, sometimes as many as 20 4184 optional ones! To simplify this interface, all routines use a named 4185 argument calling style that looks like this: 4186 4187 print $q->header(-type=>'image/gif',-expires=>'+3d'); 4188 4189 Each argument name is preceded by a dash. Neither case nor order 4190 matters in the argument list. -type, -Type, and -TYPE are all 4191 acceptable. In fact, only the first argument needs to begin with a 4192 dash. If a dash is present in the first argument, CGI.pm assumes 4193 dashes for the subsequent ones. 4194 4195 Several routines are commonly called with just one argument. In the 4196 case of these routines you can provide the single argument without an 4197 argument name. header() happens to be one of these routines. In this 4198 case, the single argument is the document type. 4199 4200 print $q->header('text/html'); 4201 4202 Other such routines are documented below. 4203 4204 Sometimes named arguments expect a scalar, sometimes a reference to an 4205 array, and sometimes a reference to a hash. Often, you can pass any 4206 type of argument and the routine will do whatever is most appropriate. 4207 For example, the param() routine is used to set a CGI parameter to a 4208 single or a multi-valued value. The two cases are shown below: 4209 4210 $q->param(-name=>'veggie',-value=>'tomato'); 4211 $q->param(-name=>'veggie',-value=>['tomato','tomahto','potato','potahto']); 4212 4213 A large number of routines in CGI.pm actually aren't specifically 4214 defined in the module, but are generated automatically as needed. 4215 These are the "HTML shortcuts," routines that generate HTML tags for 4216 use in dynamically-generated pages. HTML tags have both attributes 4217 (the attribute="value" pairs within the tag itself) and contents (the 4218 part between the opening and closing pairs.) To distinguish between 4219 attributes and contents, CGI.pm uses the convention of passing HTML 4220 attributes as a hash reference as the first argument, and the 4221 contents, if any, as any subsequent arguments. It works out like 4222 this: 4223 4224 Code Generated HTML 4225 ---- -------------- 4226 h1() <h1> 4227 h1('some','contents'); <h1>some contents</h1> 4228 h1({-align=>left}); <h1 align="LEFT"> 4229 h1({-align=>left},'contents'); <h1 align="LEFT">contents</h1> 4230 4231 HTML tags are described in more detail later. 4232 4233 Many newcomers to CGI.pm are puzzled by the difference between the 4234 calling conventions for the HTML shortcuts, which require curly braces 4235 around the HTML tag attributes, and the calling conventions for other 4236 routines, which manage to generate attributes without the curly 4237 brackets. Don't be confused. As a convenience the curly braces are 4238 optional in all but the HTML shortcuts. If you like, you can use 4239 curly braces when calling any routine that takes named arguments. For 4240 example: 4241 4242 print $q->header( {-type=>'image/gif',-expires=>'+3d'} ); 4243 4244 If you use the B<-w> switch, you will be warned that some CGI.pm argument 4245 names conflict with built-in Perl functions. The most frequent of 4246 these is the -values argument, used to create multi-valued menus, 4247 radio button clusters and the like. To get around this warning, you 4248 have several choices: 4249 4250 =over 4 4251 4252 =item 1. 4253 4254 Use another name for the argument, if one is available. 4255 For example, -value is an alias for -values. 4256 4257 =item 2. 4258 4259 Change the capitalization, e.g. -Values 4260 4261 =item 3. 4262 4263 Put quotes around the argument name, e.g. '-values' 4264 4265 =back 4266 4267 Many routines will do something useful with a named argument that it 4268 doesn't recognize. For example, you can produce non-standard HTTP 4269 header fields by providing them as named arguments: 4270 4271 print $q->header(-type => 'text/html', 4272 -cost => 'Three smackers', 4273 -annoyance_level => 'high', 4274 -complaints_to => 'bit bucket'); 4275 4276 This will produce the following nonstandard HTTP header: 4277 4278 HTTP/1.0 200 OK 4279 Cost: Three smackers 4280 Annoyance-level: high 4281 Complaints-to: bit bucket 4282 Content-type: text/html 4283 4284 Notice the way that underscores are translated automatically into 4285 hyphens. HTML-generating routines perform a different type of 4286 translation. 4287 4288 This feature allows you to keep up with the rapidly changing HTTP and 4289 HTML "standards". 4290 4291 =head2 CREATING A NEW QUERY OBJECT (OBJECT-ORIENTED STYLE): 4292 4293 $query = new CGI; 4294 4295 This will parse the input (from both POST and GET methods) and store 4296 it into a perl5 object called $query. 4297 4298 Any filehandles from file uploads will have their position reset to 4299 the beginning of the file. 4300 4301 =head2 CREATING A NEW QUERY OBJECT FROM AN INPUT FILE 4302 4303 $query = new CGI(INPUTFILE); 4304 4305 If you provide a file handle to the new() method, it will read 4306 parameters from the file (or STDIN, or whatever). The file can be in 4307 any of the forms describing below under debugging (i.e. a series of 4308 newline delimited TAG=VALUE pairs will work). Conveniently, this type 4309 of file is created by the save() method (see below). Multiple records 4310 can be saved and restored. 4311 4312 Perl purists will be pleased to know that this syntax accepts 4313 references to file handles, or even references to filehandle globs, 4314 which is the "official" way to pass a filehandle: 4315 4316 $query = new CGI(\*STDIN); 4317 4318 You can also initialize the CGI object with a FileHandle or IO::File 4319 object. 4320 4321 If you are using the function-oriented interface and want to 4322 initialize CGI state from a file handle, the way to do this is with 4323 B<restore_parameters()>. This will (re)initialize the 4324 default CGI object from the indicated file handle. 4325 4326 open (IN,"test.in") || die; 4327 restore_parameters(IN); 4328 close IN; 4329 4330 You can also initialize the query object from an associative array 4331 reference: 4332 4333 $query = new CGI( {'dinosaur'=>'barney', 4334 'song'=>'I love you', 4335 'friends'=>[qw/Jessica George Nancy/]} 4336 ); 4337 4338 or from a properly formatted, URL-escaped query string: 4339 4340 $query = new CGI('dinosaur=barney&color=purple'); 4341 4342 or from a previously existing CGI object (currently this clones the 4343 parameter list, but none of the other object-specific fields, such as 4344 autoescaping): 4345 4346 $old_query = new CGI; 4347 $new_query = new CGI($old_query); 4348 4349 To create an empty query, initialize it from an empty string or hash: 4350 4351 $empty_query = new CGI(""); 4352 4353 -or- 4354 4355 $empty_query = new CGI({}); 4356 4357 =head2 FETCHING A LIST OF KEYWORDS FROM THE QUERY: 4358 4359 @keywords = $query->keywords 4360 4361 If the script was invoked as the result of an <ISINDEX> search, the 4362 parsed keywords can be obtained as an array using the keywords() method. 4363 4364 =head2 FETCHING THE NAMES OF ALL THE PARAMETERS PASSED TO YOUR SCRIPT: 4365 4366 @names = $query->param 4367 4368 If the script was invoked with a parameter list 4369 (e.g. "name1=value1&name2=value2&name3=value3"), the param() method 4370 will return the parameter names as a list. If the script was invoked 4371 as an <ISINDEX> script and contains a string without ampersands 4372 (e.g. "value1+value2+value3") , there will be a single parameter named 4373 "keywords" containing the "+"-delimited keywords. 4374 4375 NOTE: As of version 1.5, the array of parameter names returned will 4376 be in the same order as they were submitted by the browser. 4377 Usually this order is the same as the order in which the 4378 parameters are defined in the form (however, this isn't part 4379 of the spec, and so isn't guaranteed). 4380 4381 =head2 FETCHING THE VALUE OR VALUES OF A SINGLE NAMED PARAMETER: 4382 4383 @values = $query->param('foo'); 4384 4385 -or- 4386 4387 $value = $query->param('foo'); 4388 4389 Pass the param() method a single argument to fetch the value of the 4390 named parameter. If the parameter is multivalued (e.g. from multiple 4391 selections in a scrolling list), you can ask to receive an array. Otherwise 4392 the method will return a single value. 4393 4394 If a value is not given in the query string, as in the queries 4395 "name1=&name2=" or "name1&name2", it will be returned as an empty 4396 string. This feature is new in 2.63. 4397 4398 4399 If the parameter does not exist at all, then param() will return undef 4400 in a scalar context, and the empty list in a list context. 4401 4402 4403 =head2 SETTING THE VALUE(S) OF A NAMED PARAMETER: 4404 4405 $query->param('foo','an','array','of','values'); 4406 4407 This sets the value for the named parameter 'foo' to an array of 4408 values. This is one way to change the value of a field AFTER 4409 the script has been invoked once before. (Another way is with 4410 the -override parameter accepted by all methods that generate 4411 form elements.) 4412 4413 param() also recognizes a named parameter style of calling described 4414 in more detail later: 4415 4416 $query->param(-name=>'foo',-values=>['an','array','of','values']); 4417 4418 -or- 4419 4420 $query->param(-name=>'foo',-value=>'the value'); 4421 4422 =head2 APPENDING ADDITIONAL VALUES TO A NAMED PARAMETER: 4423 4424 $query->append(-name=>'foo',-values=>['yet','more','values']); 4425 4426 This adds a value or list of values to the named parameter. The 4427 values are appended to the end of the parameter if it already exists. 4428 Otherwise the parameter is created. Note that this method only 4429 recognizes the named argument calling syntax. 4430 4431 =head2 IMPORTING ALL PARAMETERS INTO A NAMESPACE: 4432 4433 $query->import_names('R'); 4434 4435 This creates a series of variables in the 'R' namespace. For example, 4436 $R::foo, @R:foo. For keyword lists, a variable @R::keywords will appear. 4437 If no namespace is given, this method will assume 'Q'. 4438 WARNING: don't import anything into 'main'; this is a major security 4439 risk!!!! 4440 4441 NOTE 1: Variable names are transformed as necessary into legal Perl 4442 variable names. All non-legal characters are transformed into 4443 underscores. If you need to keep the original names, you should use 4444 the param() method instead to access CGI variables by name. 4445 4446 NOTE 2: In older versions, this method was called B<import()>. As of version 2.20, 4447 this name has been removed completely to avoid conflict with the built-in 4448 Perl module B<import> operator. 4449 4450 =head2 DELETING A PARAMETER COMPLETELY: 4451 4452 $query->delete('foo','bar','baz'); 4453 4454 This completely clears a list of parameters. It sometimes useful for 4455 resetting parameters that you don't want passed down between script 4456 invocations. 4457 4458 If you are using the function call interface, use "Delete()" instead 4459 to avoid conflicts with Perl's built-in delete operator. 4460 4461 =head2 DELETING ALL PARAMETERS: 4462 4463 $query->delete_all(); 4464 4465 This clears the CGI object completely. It might be useful to ensure 4466 that all the defaults are taken when you create a fill-out form. 4467 4468 Use Delete_all() instead if you are using the function call interface. 4469 4470 =head2 HANDLING NON-URLENCODED ARGUMENTS 4471 4472 4473 If POSTed data is not of type application/x-www-form-urlencoded or 4474 multipart/form-data, then the POSTed data will not be processed, but 4475 instead be returned as-is in a parameter named POSTDATA. To retrieve 4476 it, use code like this: 4477 4478 my $data = $query->param('POSTDATA'); 4479 4480 (If you don't know what the preceding means, don't worry about it. It 4481 only affects people trying to use CGI for XML processing and other 4482 specialized tasks.) 4483 4484 4485 =head2 DIRECT ACCESS TO THE PARAMETER LIST: 4486 4487 $q->param_fetch('address')->[1] = '1313 Mockingbird Lane'; 4488 unshift @{$q->param_fetch(-name=>'address')},'George Munster'; 4489 4490 If you need access to the parameter list in a way that isn't covered 4491 by the methods above, you can obtain a direct reference to it by 4492 calling the B<param_fetch()> method with the name of the . This 4493 will return an array reference to the named parameters, which you then 4494 can manipulate in any way you like. 4495 4496 You can also use a named argument style using the B<-name> argument. 4497 4498 =head2 FETCHING THE PARAMETER LIST AS A HASH: 4499 4500 $params = $q->Vars; 4501 print $params->{'address'}; 4502 @foo = split("\0",$params->{'foo'}); 4503 %params = $q->Vars; 4504 4505 use CGI ':cgi-lib'; 4506 $params = Vars; 4507 4508 Many people want to fetch the entire parameter list as a hash in which 4509 the keys are the names of the CGI parameters, and the values are the 4510 parameters' values. The Vars() method does this. Called in a scalar 4511 context, it returns the parameter list as a tied hash reference. 4512 Changing a key changes the value of the parameter in the underlying 4513 CGI parameter list. Called in a list context, it returns the 4514 parameter list as an ordinary hash. This allows you to read the 4515 contents of the parameter list, but not to change it. 4516 4517 When using this, the thing you must watch out for are multivalued CGI 4518 parameters. Because a hash cannot distinguish between scalar and 4519 list context, multivalued parameters will be returned as a packed 4520 string, separated by the "\0" (null) character. You must split this 4521 packed string in order to get at the individual values. This is the 4522 convention introduced long ago by Steve Brenner in his cgi-lib.pl 4523 module for Perl version 4. 4524 4525 If you wish to use Vars() as a function, import the I<:cgi-lib> set of 4526 function calls (also see the section on CGI-LIB compatibility). 4527 4528 =head2 SAVING THE STATE OF THE SCRIPT TO A FILE: 4529 4530 $query->save(\*FILEHANDLE) 4531 4532 This will write the current state of the form to the provided 4533 filehandle. You can read it back in by providing a filehandle 4534 to the new() method. Note that the filehandle can be a file, a pipe, 4535 or whatever! 4536 4537 The format of the saved file is: 4538 4539 NAME1=VALUE1 4540 NAME1=VALUE1' 4541 NAME2=VALUE2 4542 NAME3=VALUE3 4543 = 4544 4545 Both name and value are URL escaped. Multi-valued CGI parameters are 4546 represented as repeated names. A session record is delimited by a 4547 single = symbol. You can write out multiple records and read them 4548 back in with several calls to B<new>. You can do this across several 4549 sessions by opening the file in append mode, allowing you to create 4550 primitive guest books, or to keep a history of users' queries. Here's 4551 a short example of creating multiple session records: 4552 4553 use CGI; 4554 4555 open (OUT,">>test.out") || die; 4556 $records = 5; 4557 foreach (0..$records) { 4558 my $q = new CGI; 4559 $q->param(-name=>'counter',-value=>$_); 4560 $q->save(\*OUT); 4561 } 4562 close OUT; 4563 4564 # reopen for reading 4565 open (IN,"test.out") || die; 4566 while (!eof(IN)) { 4567 my $q = new CGI(\*IN); 4568 print $q->param('counter'),"\n"; 4569 } 4570 4571 The file format used for save/restore is identical to that used by the 4572 Whitehead Genome Center's data exchange format "Boulderio", and can be 4573 manipulated and even databased using Boulderio utilities. See 4574 4575 http://stein.cshl.org/boulder/ 4576 4577 for further details. 4578 4579 If you wish to use this method from the function-oriented (non-OO) 4580 interface, the exported name for this method is B<save_parameters()>. 4581 4582 =head2 RETRIEVING CGI ERRORS 4583 4584 Errors can occur while processing user input, particularly when 4585 processing uploaded files. When these errors occur, CGI will stop 4586 processing and return an empty parameter list. You can test for 4587 the existence and nature of errors using the I<cgi_error()> function. 4588 The error messages are formatted as HTTP status codes. You can either 4589 incorporate the error text into an HTML page, or use it as the value 4590 of the HTTP status: 4591 4592 my $error = $q->cgi_error; 4593 if ($error) { 4594 print $q->header(-status=>$error), 4595 $q->start_html('Problems'), 4596 $q->h2('Request not processed'), 4597 $q->strong($error); 4598 exit 0; 4599 } 4600 4601 When using the function-oriented interface (see the next section), 4602 errors may only occur the first time you call I<param()>. Be ready 4603 for this! 4604 4605 =head2 USING THE FUNCTION-ORIENTED INTERFACE 4606 4607 To use the function-oriented interface, you must specify which CGI.pm 4608 routines or sets of routines to import into your script's namespace. 4609 There is a small overhead associated with this importation, but it 4610 isn't much. 4611 4612 use CGI <list of methods>; 4613 4614 The listed methods will be imported into the current package; you can 4615 call them directly without creating a CGI object first. This example 4616 shows how to import the B<param()> and B<header()> 4617 methods, and then use them directly: 4618 4619 use CGI 'param','header'; 4620 print header('text/plain'); 4621 $zipcode = param('zipcode'); 4622 4623 More frequently, you'll import common sets of functions by referring 4624 to the groups by name. All function sets are preceded with a ":" 4625 character as in ":html3" (for tags defined in the HTML 3 standard). 4626 4627 Here is a list of the function sets you can import: 4628 4629 =over 4 4630 4631 =item B<:cgi> 4632 4633 Import all CGI-handling methods, such as B<param()>, B<path_info()> 4634 and the like. 4635 4636 =item B<:form> 4637 4638 Import all fill-out form generating methods, such as B<textfield()>. 4639 4640 =item B<:html2> 4641 4642 Import all methods that generate HTML 2.0 standard elements. 4643 4644 =item B<:html3> 4645 4646 Import all methods that generate HTML 3.0 elements (such as 4647 <table>, <super> and <sub>). 4648 4649 =item B<:html4> 4650 4651 Import all methods that generate HTML 4 elements (such as 4652 <abbrev>, <acronym> and <thead>). 4653 4654 =item B<:netscape> 4655 4656 Import all methods that generate Netscape-specific HTML extensions. 4657 4658 =item B<:html> 4659 4660 Import all HTML-generating shortcuts (i.e. 'html2' + 'html3' + 4661 'netscape')... 4662 4663 =item B<:standard> 4664 4665 Import "standard" features, 'html2', 'html3', 'html4', 'form' and 'cgi'. 4666 4667 =item B<:all> 4668 4669 Import all the available methods. For the full list, see the CGI.pm 4670 code, where the variable %EXPORT_TAGS is defined. 4671 4672 =back 4673 4674 If you import a function name that is not part of CGI.pm, the module 4675 will treat it as a new HTML tag and generate the appropriate 4676 subroutine. You can then use it like any other HTML tag. This is to 4677 provide for the rapidly-evolving HTML "standard." For example, say 4678 Microsoft comes out with a new tag called <gradient> (which causes the 4679 user's desktop to be flooded with a rotating gradient fill until his 4680 machine reboots). You don't need to wait for a new version of CGI.pm 4681 to start using it immediately: 4682 4683 use CGI qw/:standard :html3 gradient/; 4684 print gradient({-start=>'red',-end=>'blue'}); 4685 4686 Note that in the interests of execution speed CGI.pm does B<not> use 4687 the standard L<Exporter> syntax for specifying load symbols. This may 4688 change in the future. 4689 4690 If you import any of the state-maintaining CGI or form-generating 4691 methods, a default CGI object will be created and initialized 4692 automatically the first time you use any of the methods that require 4693 one to be present. This includes B<param()>, B<textfield()>, 4694 B<submit()> and the like. (If you need direct access to the CGI 4695 object, you can find it in the global variable B<$CGI::Q>). By 4696 importing CGI.pm methods, you can create visually elegant scripts: 4697 4698 use CGI qw/:standard/; 4699 print 4700 header, 4701 start_html('Simple Script'), 4702 h1('Simple Script'), 4703 start_form, 4704 "What's your name? ",textfield('name'),p, 4705 "What's the combination?", 4706 checkbox_group(-name=>'words', 4707 -values=>['eenie','meenie','minie','moe'], 4708 -defaults=>['eenie','moe']),p, 4709 "What's your favorite color?", 4710 popup_menu(-name=>'color', 4711 -values=>['red','green','blue','chartreuse']),p, 4712 submit, 4713 end_form, 4714 hr,"\n"; 4715 4716 if (param) { 4717 print 4718 "Your name is ",em(param('name')),p, 4719 "The keywords are: ",em(join(", ",param('words'))),p, 4720 "Your favorite color is ",em(param('color')),".\n"; 4721 } 4722 print end_html; 4723 4724 =head2 PRAGMAS 4725 4726 In addition to the function sets, there are a number of pragmas that 4727 you can import. Pragmas, which are always preceded by a hyphen, 4728 change the way that CGI.pm functions in various ways. Pragmas, 4729 function sets, and individual functions can all be imported in the 4730 same use() line. For example, the following use statement imports the 4731 standard set of functions and enables debugging mode (pragma 4732 -debug): 4733 4734 use CGI qw/:standard -debug/; 4735 4736 The current list of pragmas is as follows: 4737 4738 =over 4 4739 4740 =item -any 4741 4742 When you I<use CGI -any>, then any method that the query object 4743 doesn't recognize will be interpreted as a new HTML tag. This allows 4744 you to support the next I<ad hoc> Netscape or Microsoft HTML 4745 extension. This lets you go wild with new and unsupported tags: 4746 4747 use CGI qw(-any); 4748 $q=new CGI; 4749 print $q->gradient({speed=>'fast',start=>'red',end=>'blue'}); 4750 4751 Since using <cite>any</cite> causes any mistyped method name 4752 to be interpreted as an HTML tag, use it with care or not at 4753 all. 4754 4755 =item -compile 4756 4757 This causes the indicated autoloaded methods to be compiled up front, 4758 rather than deferred to later. This is useful for scripts that run 4759 for an extended period of time under FastCGI or mod_perl, and for 4760 those destined to be crunched by Malcolm Beattie's Perl compiler. Use 4761 it in conjunction with the methods or method families you plan to use. 4762 4763 use CGI qw(-compile :standard :html3); 4764 4765 or even 4766 4767 use CGI qw(-compile :all); 4768 4769 Note that using the -compile pragma in this way will always have 4770 the effect of importing the compiled functions into the current 4771 namespace. If you want to compile without importing use the 4772 compile() method instead: 4773 4774 use CGI(); 4775 CGI->compile(); 4776 4777 This is particularly useful in a mod_perl environment, in which you 4778 might want to precompile all CGI routines in a startup script, and 4779 then import the functions individually in each mod_perl script. 4780 4781 =item -nosticky 4782 4783 By default the CGI module implements a state-preserving behavior 4784 called "sticky" fields. The way this works is that if you are 4785 regenerating a form, the methods that generate the form field values 4786 will interrogate param() to see if similarly-named parameters are 4787 present in the query string. If they find a like-named parameter, they 4788 will use it to set their default values. 4789 4790 Sometimes this isn't what you want. The B<-nosticky> pragma prevents 4791 this behavior. You can also selectively change the sticky behavior in 4792 each element that you generate. 4793 4794 =item -tabindex 4795 4796 Automatically add tab index attributes to each form field. With this 4797 option turned off, you can still add tab indexes manually by passing a 4798 -tabindex option to each field-generating method. 4799 4800 =item -no_undef_params 4801 4802 This keeps CGI.pm from including undef params in the parameter list. 4803 4804 =item -no_xhtml 4805 4806 By default, CGI.pm versions 2.69 and higher emit XHTML 4807 (http://www.w3.org/TR/xhtml1/). The -no_xhtml pragma disables this 4808 feature. Thanks to Michalis Kabrianis <kabrianis@hellug.gr> for this 4809 feature. 4810 4811 If start_html()'s -dtd parameter specifies an HTML 2.0 or 3.2 DTD, 4812 XHTML will automatically be disabled without needing to use this 4813 pragma. 4814 4815 =item -nph 4816 4817 This makes CGI.pm produce a header appropriate for an NPH (no 4818 parsed header) script. You may need to do other things as well 4819 to tell the server that the script is NPH. See the discussion 4820 of NPH scripts below. 4821 4822 =item -newstyle_urls 4823 4824 Separate the name=value pairs in CGI parameter query strings with 4825 semicolons rather than ampersands. For example: 4826 4827 ?name=fred;age=24;favorite_color=3 4828 4829 Semicolon-delimited query strings are always accepted, but will not be 4830 emitted by self_url() and query_string() unless the -newstyle_urls 4831 pragma is specified. 4832 4833 This became the default in version 2.64. 4834 4835 =item -oldstyle_urls 4836 4837 Separate the name=value pairs in CGI parameter query strings with 4838 ampersands rather than semicolons. This is no longer the default. 4839 4840 =item -autoload 4841 4842 This overrides the autoloader so that any function in your program 4843 that is not recognized is referred to CGI.pm for possible evaluation. 4844 This allows you to use all the CGI.pm functions without adding them to 4845 your symbol table, which is of concern for mod_perl users who are 4846 worried about memory consumption. I<Warning:> when 4847 I<-autoload> is in effect, you cannot use "poetry mode" 4848 (functions without the parenthesis). Use I<hr()> rather 4849 than I<hr>, or add something like I<use subs qw/hr p header/> 4850 to the top of your script. 4851 4852 =item -no_debug 4853 4854 This turns off the command-line processing features. If you want to 4855 run a CGI.pm script from the command line to produce HTML, and you 4856 don't want it to read CGI parameters from the command line or STDIN, 4857 then use this pragma: 4858 4859 use CGI qw(-no_debug :standard); 4860 4861 =item -debug 4862 4863 This turns on full debugging. In addition to reading CGI arguments 4864 from the command-line processing, CGI.pm will pause and try to read 4865 arguments from STDIN, producing the message "(offline mode: enter 4866 name=value pairs on standard input)" features. 4867 4868 See the section on debugging for more details. 4869 4870 =item -private_tempfiles 4871 4872 CGI.pm can process uploaded file. Ordinarily it spools the uploaded 4873 file to a temporary directory, then deletes the file when done. 4874 However, this opens the risk of eavesdropping as described in the file 4875 upload section. Another CGI script author could peek at this data 4876 during the upload, even if it is confidential information. On Unix 4877 systems, the -private_tempfiles pragma will cause the temporary file 4878 to be unlinked as soon as it is opened and before any data is written 4879 into it, reducing, but not eliminating the risk of eavesdropping 4880 (there is still a potential race condition). To make life harder for 4881 the attacker, the program chooses tempfile names by calculating a 32 4882 bit checksum of the incoming HTTP headers. 4883 4884 To ensure that the temporary file cannot be read by other CGI scripts, 4885 use suEXEC or a CGI wrapper program to run your script. The temporary 4886 file is created with mode 0600 (neither world nor group readable). 4887 4888 The temporary directory is selected using the following algorithm: 4889 4890 1. if the current user (e.g. "nobody") has a directory named 4891 "tmp" in its home directory, use that (Unix systems only). 4892 4893 2. if the environment variable TMPDIR exists, use the location 4894 indicated. 4895 4896 3. Otherwise try the locations /usr/tmp, /var/tmp, C:\temp, 4897 /tmp, /temp, ::Temporary Items, and \WWW_ROOT. 4898 4899 Each of these locations is checked that it is a directory and is 4900 writable. If not, the algorithm tries the next choice. 4901 4902 =back 4903 4904 =head2 SPECIAL FORMS FOR IMPORTING HTML-TAG FUNCTIONS 4905 4906 Many of the methods generate HTML tags. As described below, tag 4907 functions automatically generate both the opening and closing tags. 4908 For example: 4909 4910 print h1('Level 1 Header'); 4911 4912 produces 4913 4914 <h1>Level 1 Header</h1> 4915 4916 There will be some times when you want to produce the start and end 4917 tags yourself. In this case, you can use the form start_I<tag_name> 4918 and end_I<tag_name>, as in: 4919 4920 print start_h1,'Level 1 Header',end_h1; 4921 4922 With a few exceptions (described below), start_I<tag_name> and 4923 end_I<tag_name> functions are not generated automatically when you 4924 I<use CGI>. However, you can specify the tags you want to generate 4925 I<start/end> functions for by putting an asterisk in front of their 4926 name, or, alternatively, requesting either "start_I<tag_name>" or 4927 "end_I<tag_name>" in the import list. 4928 4929 Example: 4930 4931 use CGI qw/:standard *table start_ul/; 4932 4933 In this example, the following functions are generated in addition to 4934 the standard ones: 4935 4936 =over 4 4937 4938 =item 1. start_table() (generates a <table> tag) 4939 4940 =item 2. end_table() (generates a </table> tag) 4941 4942 =item 3. start_ul() (generates a <ul> tag) 4943 4944 =item 4. end_ul() (generates a </ul> tag) 4945 4946 =back 4947 4948 =head1 GENERATING DYNAMIC DOCUMENTS 4949 4950 Most of CGI.pm's functions deal with creating documents on the fly. 4951 Generally you will produce the HTTP header first, followed by the 4952 document itself. CGI.pm provides functions for generating HTTP 4953 headers of various types as well as for generating HTML. For creating 4954 GIF images, see the GD.pm module. 4955 4956 Each of these functions produces a fragment of HTML or HTTP which you 4957 can print out directly so that it displays in the browser window, 4958 append to a string, or save to a file for later use. 4959 4960 =head2 CREATING A STANDARD HTTP HEADER: 4961 4962 Normally the first thing you will do in any CGI script is print out an 4963 HTTP header. This tells the browser what type of document to expect, 4964 and gives other optional information, such as the language, expiration 4965 date, and whether to cache the document. The header can also be 4966 manipulated for special purposes, such as server push and pay per view 4967 pages. 4968 4969 print header; 4970 4971 -or- 4972 4973 print header('image/gif'); 4974 4975 -or- 4976 4977 print header('text/html','204 No response'); 4978 4979 -or- 4980 4981 print header(-type=>'image/gif', 4982 -nph=>1, 4983 -status=>'402 Payment required', 4984 -expires=>'+3d', 4985 -cookie=>$cookie, 4986 -charset=>'utf-7', 4987 -attachment=>'foo.gif', 4988 -Cost=>'$2.00'); 4989 4990 header() returns the Content-type: header. You can provide your own 4991 MIME type if you choose, otherwise it defaults to text/html. An 4992 optional second parameter specifies the status code and a human-readable 4993 message. For example, you can specify 204, "No response&qu