| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 package CGI; 2 require 5.004; 3 use Carp 'croak'; 4 5 # See the bottom of this file for the POD documentation. Search for the 6 # string '=head'. 7 8 # You can run this file through either pod2man or pod2html to produce pretty 9 # documentation in manual or html file format (these utilities are part of the 10 # Perl 5 distribution). 11 12 # Copyright 1995-1998 Lincoln D. Stein. All rights reserved. 13 # It may be used and modified freely, but I do request that this copyright 14 # notice remain attached to the file. You may modify this module as you 15 # wish, but if you redistribute a modified version, please attach a note 16 # listing the modifications you have made. 17 18 # The most recent version and complete docs are available at: 19 # http://stein.cshl.org/WWW/software/CGI/ 20 21 $CGI::revision = '$Id: CGI.pm,v 1.234 2007/04/16 16:58:46 lstein Exp $'; 22 $CGI::VERSION='3.29'; 23 24 # HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES. 25 # UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING. 26 # $CGITempFile::TMPDIRECTORY = '/usr/tmp'; 27 use CGI::Util qw(rearrange make_attributes unescape escape expires ebcdic2ascii ascii2ebcdic); 28 29 #use constant XHTML_DTD => ['-//W3C//DTD XHTML Basic 1.0//EN', 30 # 'http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd']; 31 32 use constant XHTML_DTD => ['-//W3C//DTD XHTML 1.0 Transitional//EN', 33 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd']; 34 35 { 36 local $^W = 0; 37 $TAINTED = substr("$0$^X",0,0); 38 } 39 40 $MOD_PERL = 0; # no mod_perl by default 41 @SAVED_SYMBOLS = (); 42 43 44 # >>>>> Here are some globals that you might want to adjust <<<<<< 45 sub initialize_globals { 46 # Set this to 1 to enable copious autoloader debugging messages 47 $AUTOLOAD_DEBUG = 0; 48 49 # Set this to 1 to generate XTML-compatible output 50 $XHTML = 1; 51 52 # Change this to the preferred DTD to print in start_html() 53 # or use default_dtd('text of DTD to use'); 54 $DEFAULT_DTD = [ '-//W3C//DTD HTML 4.01 Transitional//EN', 55 'http://www.w3.org/TR/html4/loose.dtd' ] ; 56 57 # Set this to 1 to enable NOSTICKY scripts 58 # or: 59 # 1) use CGI qw(-nosticky) 60 # 2) $CGI::nosticky(1) 61 $NOSTICKY = 0; 62 63 # Set this to 1 to enable NPH scripts 64 # or: 65 # 1) use CGI qw(-nph) 66 # 2) CGI::nph(1) 67 # 3) print header(-nph=>1) 68 $NPH = 0; 69 70 # Set this to 1 to enable debugging from @ARGV 71 # Set to 2 to enable debugging from STDIN 72 $DEBUG = 1; 73 74 # Set this to 1 to make the temporary files created 75 # during file uploads safe from prying eyes 76 # or do... 77 # 1) use CGI qw(:private_tempfiles) 78 # 2) CGI::private_tempfiles(1); 79 $PRIVATE_TEMPFILES = 0; 80 81 # Set this to 1 to generate automatic tab indexes 82 $TABINDEX = 0; 83 84 # Set this to 1 to cause files uploaded in multipart documents 85 # to be closed, instead of caching the file handle 86 # or: 87 # 1) use CGI qw(:close_upload_files) 88 # 2) $CGI::close_upload_files(1); 89 # Uploads with many files run out of file handles. 90 # Also, for performance, since the file is already on disk, 91 # it can just be renamed, instead of read and written. 92 $CLOSE_UPLOAD_FILES = 0; 93 94 # Set this to a positive value to limit the size of a POSTing 95 # to a certain number of bytes: 96 $POST_MAX = -1; 97 98 # Change this to 1 to disable uploads entirely: 99 $DISABLE_UPLOADS = 0; 100 101 # Automatically determined -- don't change 102 $EBCDIC = 0; 103 104 # Change this to 1 to suppress redundant HTTP headers 105 $HEADERS_ONCE = 0; 106 107 # separate the name=value pairs by semicolons rather than ampersands 108 $USE_PARAM_SEMICOLONS = 1; 109 110 # Do not include undefined params parsed from query string 111 # use CGI qw(-no_undef_params); 112 $NO_UNDEF_PARAMS = 0; 113 114 # Other globals that you shouldn't worry about. 115 undef $Q; 116 $BEEN_THERE = 0; 117 $DTD_PUBLIC_IDENTIFIER = ""; 118 undef @QUERY_PARAM; 119 undef %EXPORT; 120 undef $QUERY_CHARSET; 121 undef %QUERY_FIELDNAMES; 122 undef %QUERY_TMPFILES; 123 124 # prevent complaints by mod_perl 125 1; 126 } 127 128 # ------------------ START OF THE LIBRARY ------------ 129 130 *end_form = \&endform; 131 132 # make mod_perlhappy 133 initialize_globals(); 134 135 # FIGURE OUT THE OS WE'RE RUNNING UNDER 136 # Some systems support the $^O variable. If not 137 # available then require() the Config library 138 unless ($OS) { 139 unless ($OS = $^O) { 140 require Config; 141 $OS = $Config::Config{'osname'}; 142 } 143 } 144 if ($OS =~ /^MSWin/i) { 145 $OS = 'WINDOWS'; 146 } elsif ($OS =~ /^VMS/i) { 147 $OS = 'VMS'; 148 } elsif ($OS =~ /^dos/i) { 149 $OS = 'DOS'; 150 } elsif ($OS =~ /^MacOS/i) { 151 $OS = 'MACINTOSH'; 152 } elsif ($OS =~ /^os2/i) { 153 $OS = 'OS2'; 154 } elsif ($OS =~ /^epoc/i) { 155 $OS = 'EPOC'; 156 } elsif ($OS =~ /^cygwin/i) { 157 $OS = 'CYGWIN'; 158 } else { 159 $OS = 'UNIX'; 160 } 161 162 # Some OS logic. Binary mode enabled on DOS, NT and VMS 163 $needs_binmode = $OS=~/^(WINDOWS|DOS|OS2|MSWin|CYGWIN)/; 164 165 # This is the default class for the CGI object to use when all else fails. 166 $DefaultClass = 'CGI' unless defined $CGI::DefaultClass; 167 168 # This is where to look for autoloaded routines. 169 $AutoloadClass = $DefaultClass unless defined $CGI::AutoloadClass; 170 171 # The path separator is a slash, backslash or semicolon, depending 172 # on the paltform. 173 $SL = { 174 UNIX => '/', OS2 => '\\', EPOC => '/', CYGWIN => '/', 175 WINDOWS => '\\', DOS => '\\', MACINTOSH => ':', VMS => '/' 176 }->{$OS}; 177 178 # This no longer seems to be necessary 179 # Turn on NPH scripts by default when running under IIS server! 180 # $NPH++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/; 181 $IIS++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/; 182 183 # Turn on special checking for Doug MacEachern's modperl 184 if (exists $ENV{MOD_PERL}) { 185 # mod_perl handlers may run system() on scripts using CGI.pm; 186 # Make sure so we don't get fooled by inherited $ENV{MOD_PERL} 187 if (exists $ENV{MOD_PERL_API_VERSION} && $ENV{MOD_PERL_API_VERSION} == 2) { 188 $MOD_PERL = 2; 189 require Apache2::Response; 190 require Apache2::RequestRec; 191 require Apache2::RequestUtil; 192 require Apache2::RequestIO; 193 require APR::Pool; 194 } else { 195 $MOD_PERL = 1; 196 require Apache; 197 } 198 } 199 200 # Turn on special checking for ActiveState's PerlEx 201 $PERLEX++ if defined($ENV{'GATEWAY_INTERFACE'}) && $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-PerlEx/; 202 203 # Define the CRLF sequence. I can't use a simple "\r\n" because the meaning 204 # of "\n" is different on different OS's (sometimes it generates CRLF, sometimes LF 205 # and sometimes CR). The most popular VMS web server 206 # doesn't accept CRLF -- instead it wants a LR. EBCDIC machines don't 207 # use ASCII, so \015\012 means something different. I find this all 208 # really annoying. 209 $EBCDIC = "\t" ne "\011"; 210 if ($OS eq 'VMS') { 211 $CRLF = "\n"; 212 } elsif ($EBCDIC) { 213 $CRLF= "\r\n"; 214 } else { 215 $CRLF = "\015\012"; 216 } 217 218 if ($needs_binmode) { 219 $CGI::DefaultClass->binmode(\*main::STDOUT); 220 $CGI::DefaultClass->binmode(\*main::STDIN); 221 $CGI::DefaultClass->binmode(\*main::STDERR); 222 } 223 224 %EXPORT_TAGS = ( 225 ':html2'=>['h1'..'h6',qw/p br hr ol ul li dl dt dd menu code var strong em 226 tt u i b blockquote pre img a address cite samp dfn html head 227 base body Link nextid title meta kbd start_html end_html 228 input Select option comment charset escapeHTML/], 229 ':html3'=>[qw/div table caption th td TR Tr sup Sub strike applet Param 230 embed basefont style span layer ilayer font frameset frame script small big Area Map/], 231 ':html4'=>[qw/abbr acronym bdo col colgroup del fieldset iframe 232 ins label legend noframes noscript object optgroup Q 233 thead tbody tfoot/], 234 ':netscape'=>[qw/blink fontsize center/], 235 ':form'=>[qw/textfield textarea filefield password_field hidden checkbox checkbox_group 236 submit reset defaults radio_group popup_menu button autoEscape 237 scrolling_list image_button start_form end_form startform endform 238 start_multipart_form end_multipart_form isindex tmpFileName uploadInfo URL_ENCODED MULTIPART/], 239 ':cgi'=>[qw/param upload path_info path_translated request_uri url self_url script_name 240 cookie Dump 241 raw_cookie request_method query_string Accept user_agent remote_host content_type 242 remote_addr referer server_name server_software server_port server_protocol virtual_port 243 virtual_host remote_ident auth_type http append 244 save_parameters restore_parameters param_fetch 245 remote_user user_name header redirect import_names put 246 Delete Delete_all url_param cgi_error/], 247 ':ssl' => [qw/https/], 248 ':cgi-lib' => [qw/ReadParse PrintHeader HtmlTop HtmlBot SplitParam Vars/], 249 ':html' => [qw/:html2 :html3 :html4 :netscape/], 250 ':standard' => [qw/:html2 :html3 :html4 :form :cgi/], 251 ':push' => [qw/multipart_init multipart_start multipart_end multipart_final/], 252 ':all' => [qw/:html2 :html3 :netscape :form :cgi :internal :html4/] 253 ); 254 255 # Custom 'can' method for both autoloaded and non-autoloaded subroutines. 256 # Author: Cees Hek <cees@sitesuite.com.au> 257 258 sub can { 259 my($class, $method) = @_; 260 261 # See if UNIVERSAL::can finds it. 262 263 if (my $func = $class -> SUPER::can($method) ){ 264 return $func; 265 } 266 267 # Try to compile the function. 268 269 eval { 270 # _compile looks at $AUTOLOAD for the function name. 271 272 local $AUTOLOAD = join "::", $class, $method; 273 &_compile; 274 }; 275 276 # Now that the function is loaded (if it exists) 277 # just use UNIVERSAL::can again to do the work. 278 279 return $class -> SUPER::can($method); 280 } 281 282 # to import symbols into caller 283 sub import { 284 my $self = shift; 285 286 # This causes modules to clash. 287 undef %EXPORT_OK; 288 undef %EXPORT; 289 290 $self->_setup_symbols(@_); 291 my ($callpack, $callfile, $callline) = caller; 292 293 # To allow overriding, search through the packages 294 # Till we find one in which the correct subroutine is defined. 295 my @packages = ($self,@{"$self\:\:ISA"}); 296 foreach $sym (keys %EXPORT) { 297 my $pck; 298 my $def = ${"$self\:\:AutoloadClass"} || $DefaultClass; 299 foreach $pck (@packages) { 300 if (defined(&{"$pck\:\:$sym"})) { 301 $def = $pck; 302 last; 303 } 304 } 305 *{"$callpack}::$sym"} = \&{"$def\:\:$sym"}; 306 } 307 } 308 309 sub compile { 310 my $pack = shift; 311 $pack->_setup_symbols('-compile',@_); 312 } 313 314 sub expand_tags { 315 my($tag) = @_; 316 return ("start_$1","end_$1") if $tag=~/^(?:\*|start_|end_)(.+)/; 317 my(@r); 318 return ($tag) unless $EXPORT_TAGS{$tag}; 319 foreach (@{$EXPORT_TAGS{$tag}}) { 320 push(@r,&expand_tags($_)); 321 } 322 return @r; 323 } 324 325 #### Method: new 326 # The new routine. This will check the current environment 327 # for an existing query string, and initialize itself, if so. 328 #### 329 sub new { 330 my($class,@initializer) = @_; 331 my $self = {}; 332 333 bless $self,ref $class || $class || $DefaultClass; 334 335 # always use a tempfile 336 $self->{'use_tempfile'} = 1; 337 338 if (ref($initializer[0]) 339 && (UNIVERSAL::isa($initializer[0],'Apache') 340 || 341 UNIVERSAL::isa($initializer[0],'Apache2::RequestRec') 342 )) { 343 $self->r(shift @initializer); 344 } 345 if (ref($initializer[0]) 346 && (UNIVERSAL::isa($initializer[0],'CODE'))) { 347 $self->upload_hook(shift @initializer, shift @initializer); 348 $self->{'use_tempfile'} = shift @initializer if (@initializer > 0); 349 } 350 if ($MOD_PERL) { 351 if ($MOD_PERL == 1) { 352 $self->r(Apache->request) unless $self->r; 353 my $r = $self->r; 354 $r->register_cleanup(\&CGI::_reset_globals); 355 } 356 else { 357 # XXX: once we have the new API 358 # will do a real PerlOptions -SetupEnv check 359 $self->r(Apache2::RequestUtil->request) unless $self->r; 360 my $r = $self->r; 361 $r->subprocess_env unless exists $ENV{REQUEST_METHOD}; 362 $r->pool->cleanup_register(\&CGI::_reset_globals); 363 } 364 undef $NPH; 365 } 366 $self->_reset_globals if $PERLEX; 367 $self->init(@initializer); 368 return $self; 369 } 370 371 # We provide a DESTROY method so that we can ensure that 372 # temporary files are closed (via Fh->DESTROY) before they 373 # are unlinked (via CGITempFile->DESTROY) because it is not 374 # possible to unlink an open file on Win32. We explicitly 375 # call DESTROY on each, rather than just undefing them and 376 # letting Perl DESTROY them by garbage collection, in case the 377 # user is still holding any reference to them as well. 378 sub DESTROY { 379 my $self = shift; 380 if ($OS eq 'WINDOWS') { 381 foreach my $href (values %{$self->{'.tmpfiles'}}) { 382 $href->{hndl}->DESTROY if defined $href->{hndl}; 383 $href->{name}->DESTROY if defined $href->{name}; 384 } 385 } 386 } 387 388 sub r { 389 my $self = shift; 390 my $r = $self->{'.r'}; 391 $self->{'.r'} = shift if @_; 392 $r; 393 } 394 395 sub upload_hook { 396 my $self; 397 if (ref $_[0] eq 'CODE') { 398 $CGI::Q = $self = $CGI::DefaultClass->new(@_); 399 } else { 400 $self = shift; 401 } 402 my ($hook,$data,$use_tempfile) = @_; 403 $self->{'.upload_hook'} = $hook; 404 $self->{'.upload_data'} = $data; 405 $self->{'use_tempfile'} = $use_tempfile if defined $use_tempfile; 406 } 407 408 #### Method: param 409 # Returns the value(s)of a named parameter. 410 # If invoked in a list context, returns the 411 # entire list. Otherwise returns the first 412 # member of the list. 413 # If name is not provided, return a list of all 414 # the known parameters names available. 415 # If more than one argument is provided, the 416 # second and subsequent arguments are used to 417 # set the value of the parameter. 418 #### 419 sub param { 420 my($self,@p) = self_or_default(@_); 421 return $self->all_parameters unless @p; 422 my($name,$value,@other); 423 424 # For compatibility between old calling style and use_named_parameters() style, 425 # we have to special case for a single parameter present. 426 if (@p > 1) { 427 ($name,$value,@other) = rearrange([NAME,[DEFAULT,VALUE,VALUES]],@p); 428 my(@values); 429 430 if (substr($p[0],0,1) eq '-') { 431 @values = defined($value) ? (ref($value) && ref($value) eq 'ARRAY' ? @{$value} : $value) : (); 432 } else { 433 foreach ($value,@other) { 434 push(@values,$_) if defined($_); 435 } 436 } 437 # If values is provided, then we set it. 438 if (@values or defined $value) { 439 $self->add_parameter($name); 440 $self->{$name}=[@values]; 441 } 442 } else { 443 $name = $p[0]; 444 } 445 446 return unless defined($name) && $self->{$name}; 447 448 my $charset = $self->charset || ''; 449 my $utf8 = $charset eq 'utf-8'; 450 if ($utf8) { 451 eval "require Encode; 1;" if $utf8 && !Encode->can('decode'); # bring in these functions 452 return wantarray ? map {Encode::decode(utf8=>$_) } @{$self->{$name}} 453 : Encode::decode(utf8=>$self->{$name}->[0]); 454 } else { 455 return wantarray ? @{$self->{$name}} : $self->{$name}->[0]; 456 } 457 } 458 459 sub self_or_default { 460 return @_ if defined($_[0]) && (!ref($_[0])) &&($_[0] eq 'CGI'); 461 unless (defined($_[0]) && 462 (ref($_[0]) eq 'CGI' || UNIVERSAL::isa($_[0],'CGI')) # slightly optimized for common case 463 ) { 464 $Q = $CGI::DefaultClass->new unless defined($Q); 465 unshift(@_,$Q); 466 } 467 return wantarray ? @_ : $Q; 468 } 469 470 sub self_or_CGI { 471 local $^W=0; # prevent a warning 472 if (defined($_[0]) && 473 (substr(ref($_[0]),0,3) eq 'CGI' 474 || UNIVERSAL::isa($_[0],'CGI'))) { 475 return @_; 476 } else { 477 return ($DefaultClass,@_); 478 } 479 } 480 481 ######################################## 482 # THESE METHODS ARE MORE OR LESS PRIVATE 483 # GO TO THE __DATA__ SECTION TO SEE MORE 484 # PUBLIC METHODS 485 ######################################## 486 487 # Initialize the query object from the environment. 488 # If a parameter list is found, this object will be set 489 # to an associative array in which parameter names are keys 490 # and the values are stored as lists 491 # If a keyword list is found, this method creates a bogus 492 # parameter list with the single parameter 'keywords'. 493 494 sub init { 495 my $self = shift; 496 my($query_string,$meth,$content_length,$fh,@lines) = ('','','',''); 497 498 my $is_xforms; 499 500 my $initializer = shift; # for backward compatibility 501 local($/) = "\n"; 502 503 # set autoescaping on by default 504 $self->{'escape'} = 1; 505 506 # if we get called more than once, we want to initialize 507 # ourselves from the original query (which may be gone 508 # if it was read from STDIN originally.) 509 if (defined(@QUERY_PARAM) && !defined($initializer)) { 510 for my $name (@QUERY_PARAM) { 511 my $val = $QUERY_PARAM{$name}; # always an arrayref; 512 $self->param('-name'=>$name,'-value'=> $val); 513 if (defined $val and ref $val eq 'ARRAY') { 514 for my $fh (grep {defined(fileno($_))} @$val) { 515 seek($fh,0,0); # reset the filehandle. 516 } 517 518 } 519 } 520 $self->charset($QUERY_CHARSET); 521 $self->{'.fieldnames'} = {%QUERY_FIELDNAMES}; 522 $self->{'.tmpfiles'} = {%QUERY_TMPFILES}; 523 return; 524 } 525 526 $meth=$ENV{'REQUEST_METHOD'} if defined($ENV{'REQUEST_METHOD'}); 527 $content_length = defined($ENV{'CONTENT_LENGTH'}) ? $ENV{'CONTENT_LENGTH'} : 0; 528 529 $fh = to_filehandle($initializer) if $initializer; 530 531 # set charset to the safe ISO-8859-1 532 $self->charset('ISO-8859-1'); 533 534 METHOD: { 535 536 # avoid unreasonably large postings 537 if (($POST_MAX > 0) && ($content_length > $POST_MAX)) { 538 #discard the post, unread 539 $self->cgi_error("413 Request entity too large"); 540 last METHOD; 541 } 542 543 # Process multipart postings, but only if the initializer is 544 # not defined. 545 if ($meth eq 'POST' 546 && defined($ENV{'CONTENT_TYPE'}) 547 && $ENV{'CONTENT_TYPE'}=~m|^multipart/form-data| 548 && !defined($initializer) 549 ) { 550 my($boundary) = $ENV{'CONTENT_TYPE'} =~ /boundary=\"?([^\";,]+)\"?/; 551 $self->read_multipart($boundary,$content_length); 552 last METHOD; 553 } 554 555 # Process XForms postings. We know that we have XForms in the 556 # following cases: 557 # method eq 'POST' && content-type eq 'application/xml' 558 # method eq 'POST' && content-type =~ /multipart\/related.+start=/ 559 # There are more cases, actually, but for now, we don't support other 560 # methods for XForm posts. 561 # In a XForm POST, the QUERY_STRING is parsed normally. 562 # If the content-type is 'application/xml', we just set the param 563 # XForms:Model (referring to the xml syntax) param containing the 564 # unparsed XML data. 565 # In the case of multipart/related we set XForms:Model as above, but 566 # the other parts are available as uploads with the Content-ID as the 567 # the key. 568 # See the URL below for XForms specs on this issue. 569 # http://www.w3.org/TR/2006/REC-xforms-20060314/slice11.html#submit-options 570 if ($meth eq 'POST' && defined($ENV{'CONTENT_TYPE'})) { 571 if ($ENV{'CONTENT_TYPE'} eq 'application/xml') { 572 my($param) = 'XForms:Model'; 573 my($value) = ''; 574 $self->add_parameter($param); 575 $self->read_from_client(\$value,$content_length,0) 576 if $content_length > 0; 577 push (@{$self->{$param}},$value); 578 $is_xforms = 1; 579 } elsif ($ENV{'CONTENT_TYPE'} =~ /multipart\/related.+boundary=\"?([^\";,]+)\"?.+start=\"?\<?([^\"\>]+)\>?\"?/) { 580 my($boundary,$start) = ($1,$2); 581 my($param) = 'XForms:Model'; 582 $self->add_parameter($param); 583 my($value) = $self->read_multipart_related($start,$boundary,$content_length,0); 584 push (@{$self->{$param}},$value); 585 if ($MOD_PERL) { 586 $query_string = $self->r->args; 587 } else { 588 $query_string = $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'}; 589 $query_string ||= $ENV{'REDIRECT_QUERY_STRING'} if defined $ENV{'REDIRECT_QUERY_STRING'}; 590 } 591 $is_xforms = 1; 592 } 593 } 594 595 596 # If initializer is defined, then read parameters 597 # from it. 598 if (!$is_xforms && defined($initializer)) { 599 if (UNIVERSAL::isa($initializer,'CGI')) { 600 $query_string = $initializer->query_string; 601 last METHOD; 602 } 603 if (ref($initializer) && ref($initializer) eq 'HASH') { 604 foreach (keys %$initializer) { 605 $self->param('-name'=>$_,'-value'=>$initializer->{$_}); 606 } 607 last METHOD; 608 } 609 610 if (defined($fh) && ($fh ne '')) { 611 while (<$fh>) { 612 chomp; 613 last if /^=/; 614 push(@lines,$_); 615 } 616 # massage back into standard format 617 if ("@lines" =~ /=/) { 618 $query_string=join("&",@lines); 619 } else { 620 $query_string=join("+",@lines); 621 } 622 last METHOD; 623 } 624 625 # last chance -- treat it as a string 626 $initializer = $$initializer if ref($initializer) eq 'SCALAR'; 627 $query_string = $initializer; 628 629 last METHOD; 630 } 631 632 # If method is GET or HEAD, fetch the query from 633 # the environment. 634 if ($is_xforms || $meth=~/^(GET|HEAD)$/) { 635 if ($MOD_PERL) { 636 $query_string = $self->r->args; 637 } else { 638 $query_string = $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'}; 639 $query_string ||= $ENV{'REDIRECT_QUERY_STRING'} if defined $ENV{'REDIRECT_QUERY_STRING'}; 640 } 641 last METHOD; 642 } 643 644 if ($meth eq 'POST') { 645 $self->read_from_client(\$query_string,$content_length,0) 646 if $content_length > 0; 647 # Some people want to have their cake and eat it too! 648 # Uncomment this line to have the contents of the query string 649 # APPENDED to the POST data. 650 # $query_string .= (length($query_string) ? '&' : '') . $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'}; 651 last METHOD; 652 } 653 654 # If $meth is not of GET, POST or HEAD, assume we're being debugged offline. 655 # Check the command line and then the standard input for data. 656 # We use the shellwords package in order to behave the way that 657 # UN*X programmers expect. 658 if ($DEBUG) 659 { 660 my $cmdline_ret = read_from_cmdline(); 661 $query_string = $cmdline_ret->{'query_string'}; 662 if (defined($cmdline_ret->{'subpath'})) 663 { 664 $self->path_info($cmdline_ret->{'subpath'}); 665 } 666 } 667 } 668 669 # YL: Begin Change for XML handler 10/19/2001 670 if (!$is_xforms && $meth eq 'POST' 671 && defined($ENV{'CONTENT_TYPE'}) 672 && $ENV{'CONTENT_TYPE'} !~ m|^application/x-www-form-urlencoded| 673 && $ENV{'CONTENT_TYPE'} !~ m|^multipart/form-data| ) { 674 my($param) = 'POSTDATA' ; 675 $self->add_parameter($param) ; 676 push (@{$self->{$param}},$query_string); 677 undef $query_string ; 678 } 679 # YL: End Change for XML handler 10/19/2001 680 681 # We now have the query string in hand. We do slightly 682 # different things for keyword lists and parameter lists. 683 if (defined $query_string && length $query_string) { 684 if ($query_string =~ /[&=;]/) { 685 $self->parse_params($query_string); 686 } else { 687 $self->add_parameter('keywords'); 688 $self->{'keywords'} = [$self->parse_keywordlist($query_string)]; 689 } 690 } 691 692 # Special case. Erase everything if there is a field named 693 # .defaults. 694 if ($self->param('.defaults')) { 695 $self->delete_all(); 696 } 697 698 # Associative array containing our defined fieldnames 699 $self->{'.fieldnames'} = {}; 700 foreach ($self->param('.cgifields')) { 701 $self->{'.fieldnames'}->{$_}++; 702 } 703 704 # Clear out our default submission button flag if present 705 $self->delete('.submit'); 706 $self->delete('.cgifields'); 707 708 $self->save_request unless defined $initializer; 709 } 710 711 # FUNCTIONS TO OVERRIDE: 712 # Turn a string into a filehandle 713 sub to_filehandle { 714 my $thingy = shift; 715 return undef unless $thingy; 716 return $thingy if UNIVERSAL::isa($thingy,'GLOB'); 717 return $thingy if UNIVERSAL::isa($thingy,'FileHandle'); 718 if (!ref($thingy)) { 719 my $caller = 1; 720 while (my $package = caller($caller++)) { 721 my($tmp) = $thingy=~/[\':]/ ? $thingy : "$package\:\:$thingy"; 722 return $tmp if defined(fileno($tmp)); 723 } 724 } 725 return undef; 726 } 727 728 # send output to the browser 729 sub put { 730 my($self,@p) = self_or_default(@_); 731 $self->print(@p); 732 } 733 734 # print to standard output (for overriding in mod_perl) 735 sub print { 736 shift; 737 CORE::print(@_); 738 } 739 740 # get/set last cgi_error 741 sub cgi_error { 742 my ($self,$err) = self_or_default(@_); 743 $self->{'.cgi_error'} = $err if defined $err; 744 return $self->{'.cgi_error'}; 745 } 746 747 sub save_request { 748 my($self) = @_; 749 # We're going to play with the package globals now so that if we get called 750 # again, we initialize ourselves in exactly the same way. This allows 751 # us to have several of these objects. 752 @QUERY_PARAM = $self->param; # save list of parameters 753 foreach (@QUERY_PARAM) { 754 next unless defined $_; 755 $QUERY_PARAM{$_}=$self->{$_}; 756 } 757 $QUERY_CHARSET = $self->charset; 758 %QUERY_FIELDNAMES = %{$self->{'.fieldnames'}}; 759 %QUERY_TMPFILES = %{ $self->{'.tmpfiles'} || {} }; 760 } 761 762 sub parse_params { 763 my($self,$tosplit) = @_; 764 my(@pairs) = split(/[&;]/,$tosplit); 765 my($param,$value); 766 foreach (@pairs) { 767 ($param,$value) = split('=',$_,2); 768 next unless defined $param; 769 next if $NO_UNDEF_PARAMS and not defined $value; 770 $value = '' unless defined $value; 771 $param = unescape($param); 772 $value = unescape($value); 773 $self->add_parameter($param); 774 push (@{$self->{$param}},$value); 775 } 776 } 777 778 sub add_parameter { 779 my($self,$param)=@_; 780 return unless defined $param; 781 push (@{$self->{'.parameters'}},$param) 782 unless defined($self->{$param}); 783 } 784 785 sub all_parameters { 786 my $self = shift; 787 return () unless defined($self) && $self->{'.parameters'}; 788 return () unless @{$self->{'.parameters'}}; 789 return @{$self->{'.parameters'}}; 790 } 791 792 # put a filehandle into binary mode (DOS) 793 sub binmode { 794 return unless defined($_[1]) && defined fileno($_[1]); 795 CORE::binmode($_[1]); 796 } 797 798 sub _make_tag_func { 799 my ($self,$tagname) = @_; 800 my $func = qq( 801 sub $tagname { 802 my (\$q,\$a,\@rest) = self_or_default(\@_); 803 my(\$attr) = ''; 804 if (ref(\$a) && ref(\$a) eq 'HASH') { 805 my(\@attr) = make_attributes(\$a,\$q->{'escape'}); 806 \$attr = " \@attr" if \@attr; 807 } else { 808 unshift \@rest,\$a if defined \$a; 809 } 810 ); 811 if ($tagname=~/start_(\w+)/i) { 812 $func .= qq! return "<\L$1\E\$attr>";} !; 813 } elsif ($tagname=~/end_(\w+)/i) { 814 $func .= qq! return "<\L/$1\E>"; } !; 815 } else { 816 $func .= qq# 817 return \$XHTML ? "\L<$tagname\E\$attr />" : "\L<$tagname\E\$attr>" unless \@rest; 818 my(\$tag,\$untag) = ("\L<$tagname\E\$attr>","\L</$tagname>\E"); 819 my \@result = map { "\$tag\$_\$untag" } 820 (ref(\$rest[0]) eq 'ARRAY') ? \@{\$rest[0]} : "\@rest"; 821 return "\@result"; 822 }#; 823 } 824 return $func; 825 } 826 827 sub AUTOLOAD { 828 print STDERR "CGI::AUTOLOAD for $AUTOLOAD\n" if $CGI::AUTOLOAD_DEBUG; 829 my $func = &_compile; 830 goto &$func; 831 } 832 833 sub _compile { 834 my($func) = $AUTOLOAD; 835 my($pack,$func_name); 836 { 837 local($1,$2); # this fixes an obscure variable suicide problem. 838 $func=~/(.+)::([^:]+)$/; 839 ($pack,$func_name) = ($1,$2); 840 $pack=~s/::SUPER$//; # fix another obscure problem 841 $pack = ${"$pack\:\:AutoloadClass"} || $CGI::DefaultClass 842 unless defined(${"$pack\:\:AUTOLOADED_ROUTINES"}); 843 844 my($sub) = \%{"$pack\:\:SUBS"}; 845 unless (%$sub) { 846 my($auto) = \${"$pack\:\:AUTOLOADED_ROUTINES"}; 847 local ($@,$!); 848 eval "package $pack; $$auto"; 849 croak("$AUTOLOAD: $@") if $@; 850 $$auto = ''; # Free the unneeded storage (but don't undef it!!!) 851 } 852 my($code) = $sub->{$func_name}; 853 854 $code = "sub $AUTOLOAD { }" if (!$code and $func_name eq 'DESTROY'); 855 if (!$code) { 856 (my $base = $func_name) =~ s/^(start_|end_)//i; 857 if ($EXPORT{':any'} || 858 $EXPORT{'-any'} || 859 $EXPORT{$base} || 860 (%EXPORT_OK || grep(++$EXPORT_OK{$_},&expand_tags(':html'))) 861 && $EXPORT_OK{$base}) { 862 $code = $CGI::DefaultClass->_make_tag_func($func_name); 863 } 864 } 865 croak("Undefined subroutine $AUTOLOAD\n") unless $code; 866 local ($@,$!); 867 eval "package $pack; $code"; 868 if ($@) { 869 $@ =~ s/ at .*\n//; 870 croak("$AUTOLOAD: $@"); 871 } 872 } 873 CORE::delete($sub->{$func_name}); #free storage 874 return "$pack\:\:$func_name"; 875 } 876 877 sub _selected { 878 my $self = shift; 879 my $value = shift; 880 return '' unless $value; 881 return $XHTML ? qq(selected="selected" ) : qq(selected ); 882 } 883 884 sub _checked { 885 my $self = shift; 886 my $value = shift; 887 return '' unless $value; 888 return $XHTML ? qq(checked="checked" ) : qq(checked ); 889 } 890 891 sub _reset_globals { initialize_globals(); } 892 893 sub _setup_symbols { 894 my $self = shift; 895 my $compile = 0; 896 897 # to avoid reexporting unwanted variables 898 undef %EXPORT; 899 900 foreach (@_) { 901 $HEADERS_ONCE++, next if /^[:-]unique_headers$/; 902 $NPH++, next if /^[:-]nph$/; 903 $NOSTICKY++, next if /^[:-]nosticky$/; 904 $DEBUG=0, next if /^[:-]no_?[Dd]ebug$/; 905 $DEBUG=2, next if /^[:-][Dd]ebug$/; 906 $USE_PARAM_SEMICOLONS++, next if /^[:-]newstyle_urls$/; 907 $XHTML++, next if /^[:-]xhtml$/; 908 $XHTML=0, next if /^[:-]no_?xhtml$/; 909 $USE_PARAM_SEMICOLONS=0, next if /^[:-]oldstyle_urls$/; 910 $PRIVATE_TEMPFILES++, next if /^[:-]private_tempfiles$/; 911 $TABINDEX++, next if /^[:-]tabindex$/; 912 $CLOSE_UPLOAD_FILES++, next if /^[:-]close_upload_files$/; 913 $EXPORT{$_}++, next if /^[:-]any$/; 914 $compile++, next if /^[:-]compile$/; 915 $NO_UNDEF_PARAMS++, next if /^[:-]no_undef_params$/; 916 917 # This is probably extremely evil code -- to be deleted some day. 918 if (/^[-]autoload$/) { 919 my($pkg) = caller(1); 920 *{"$pkg}::AUTOLOAD"} = sub { 921 my($routine) = $AUTOLOAD; 922 $routine =~ s/^.*::/CGI::/; 923 &$routine; 924 }; 925 next; 926 } 927 928 foreach (&expand_tags($_)) { 929 tr/a-zA-Z0-9_//cd; # don't allow weird function names 930 $EXPORT{$_}++; 931 } 932 } 933 _compile_all(keys %EXPORT) if $compile; 934 @SAVED_SYMBOLS = @_; 935 } 936 937 sub charset { 938 my ($self,$charset) = self_or_default(@_); 939 $self->{'.charset'} = $charset if defined $charset; 940 $self->{'.charset'}; 941 } 942 943 sub element_id { 944 my ($self,$new_value) = self_or_default(@_); 945 $self->{'.elid'} = $new_value if defined $new_value; 946 sprintf('%010d',$self->{'.elid'}++); 947 } 948 949 sub element_tab { 950 my ($self,$new_value) = self_or_default(@_); 951 $self->{'.etab'} ||= 1; 952 $self->{'.etab'} = $new_value if defined $new_value; 953 my $tab = $self->{'.etab'}++; 954 return '' unless $TABINDEX or defined $new_value; 955 return qq(tabindex="$tab" ); 956 } 957 958 ############################################################################### 959 ################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND #################### 960 ############################################################################### 961 $AUTOLOADED_ROUTINES = ''; # get rid of -w warning 962 $AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD'; 963 964 %SUBS = ( 965 966 'URL_ENCODED'=> <<'END_OF_FUNC', 967 sub URL_ENCODED { 'application/x-www-form-urlencoded'; } 968 END_OF_FUNC 969 970 'MULTIPART' => <<'END_OF_FUNC', 971 sub MULTIPART { 'multipart/form-data'; } 972 END_OF_FUNC 973 974 'SERVER_PUSH' => <<'END_OF_FUNC', 975 sub SERVER_PUSH { 'multipart/x-mixed-replace;boundary="' . shift() . '"'; } 976 END_OF_FUNC 977 978 'new_MultipartBuffer' => <<'END_OF_FUNC', 979 # Create a new multipart buffer 980 sub new_MultipartBuffer { 981 my($self,$boundary,$length) = @_; 982 return MultipartBuffer->new($self,$boundary,$length); 983 } 984 END_OF_FUNC 985 986 'read_from_client' => <<'END_OF_FUNC', 987 # Read data from a file handle 988 sub read_from_client { 989 my($self, $buff, $len, $offset) = @_; 990 local $^W=0; # prevent a warning 991 return $MOD_PERL 992 ? $self->r->read($$buff, $len, $offset) 993 : read(\*STDIN, $$buff, $len, $offset); 994 } 995 END_OF_FUNC 996 997 'delete' => <<'END_OF_FUNC', 998 #### Method: delete 999 # Deletes the named parameter entirely. 1000 #### 1001 sub delete { 1002 my($self,@p) = self_or_default(@_); 1003 my(@names) = rearrange([NAME],@p); 1004 my @to_delete = ref($names[0]) eq 'ARRAY' ? @$names[0] : @names; 1005 my %to_delete; 1006 foreach my $name (@to_delete) 1007 { 1008 CORE::delete $self->{$name}; 1009 CORE::delete $self->{'.fieldnames'}->{$name}; 1010 $to_delete{$name}++; 1011 } 1012 @{$self->{'.parameters'}}=grep { !exists($to_delete{$_}) } $self->param(); 1013 return; 1014 } 1015 END_OF_FUNC 1016 1017 #### Method: import_names 1018 # Import all parameters into the given namespace. 1019 # Assumes namespace 'Q' if not specified 1020 #### 1021 'import_names' => <<'END_OF_FUNC', 1022 sub import_names { 1023 my($self,$namespace,$delete) = self_or_default(@_); 1024 $namespace = 'Q' unless defined($namespace); 1025 die "Can't import names into \"main\"\n" if \%{"$namespace}::"} == \%::; 1026 if ($delete || $MOD_PERL || exists $ENV{'FCGI_ROLE'}) { 1027 # can anyone find an easier way to do this? 1028 foreach (keys %{"$namespace}::"}) { 1029 local *symbol = "$namespace}::$_}"; 1030 undef $symbol; 1031 undef @symbol; 1032 undef %symbol; 1033 } 1034 } 1035 my($param,@value,$var); 1036 foreach $param ($self->param) { 1037 # protect against silly names 1038 ($var = $param)=~tr/a-zA-Z0-9_/_/c; 1039 $var =~ s/^(?=\d)/_/; 1040 local *symbol = "$namespace}::$var"; 1041 @value = $self->param($param); 1042 @symbol = @value; 1043 $symbol = $value[0]; 1044 } 1045 } 1046 END_OF_FUNC 1047 1048 #### Method: keywords 1049 # Keywords acts a bit differently. Calling it in a list context 1050 # returns the list of keywords. 1051 # Calling it in a scalar context gives you the size of the list. 1052 #### 1053 'keywords' => <<'END_OF_FUNC', 1054 sub keywords { 1055 my($self,@values) = self_or_default(@_); 1056 # If values is provided, then we set it. 1057 $self->{'keywords'}=[@values] if @values; 1058 my(@result) = defined($self->{'keywords'}) ? @{$self->{'keywords'}} : (); 1059 @result; 1060 } 1061 END_OF_FUNC 1062 1063 # These are some tie() interfaces for compatibility 1064 # with Steve Brenner's cgi-lib.pl routines 1065 'Vars' => <<'END_OF_FUNC', 1066 sub Vars { 1067 my $q = shift; 1068 my %in; 1069 tie(%in,CGI,$q); 1070 return %in if wantarray; 1071 return \%in; 1072 } 1073 END_OF_FUNC 1074 1075 # These are some tie() interfaces for compatibility 1076 # with Steve Brenner's cgi-lib.pl routines 1077 'ReadParse' => <<'END_OF_FUNC', 1078 sub ReadParse { 1079 local(*in); 1080 if (@_) { 1081 *in = $_[0]; 1082 } else { 1083 my $pkg = caller(); 1084 *in=*{"$pkg}::in"}; 1085 } 1086 tie(%in,CGI); 1087 return scalar(keys %in); 1088 } 1089 END_OF_FUNC 1090 1091 'PrintHeader' => <<'END_OF_FUNC', 1092 sub PrintHeader { 1093 my($self) = self_or_default(@_); 1094 return $self->header(); 1095 } 1096 END_OF_FUNC 1097 1098 'HtmlTop' => <<'END_OF_FUNC', 1099 sub HtmlTop { 1100 my($self,@p) = self_or_default(@_); 1101 return $self->start_html(@p); 1102 } 1103 END_OF_FUNC 1104 1105 'HtmlBot' => <<'END_OF_FUNC', 1106 sub HtmlBot { 1107 my($self,@p) = self_or_default(@_); 1108 return $self->end_html(@p); 1109 } 1110 END_OF_FUNC 1111 1112 'SplitParam' => <<'END_OF_FUNC', 1113 sub SplitParam { 1114 my ($param) = @_; 1115 my (@params) = split ("\0", $param); 1116 return (wantarray ? @params : $params[0]); 1117 } 1118 END_OF_FUNC 1119 1120 'MethGet' => <<'END_OF_FUNC', 1121 sub MethGet { 1122 return request_method() eq 'GET'; 1123 } 1124 END_OF_FUNC 1125 1126 'MethPost' => <<'END_OF_FUNC', 1127 sub MethPost { 1128 return request_method() eq 'POST'; 1129 } 1130 END_OF_FUNC 1131 1132 'TIEHASH' => <<'END_OF_FUNC', 1133 sub TIEHASH { 1134 my $class = shift; 1135 my $arg = $_[0]; 1136 if (ref($arg) && UNIVERSAL::isa($arg,'CGI')) { 1137 return $arg; 1138 } 1139 return $Q ||= $class->new(@_); 1140 } 1141 END_OF_FUNC 1142 1143 'STORE' => <<'END_OF_FUNC', 1144 sub STORE { 1145 my $self = shift; 1146 my $tag = shift; 1147 my $vals = shift; 1148 my @vals = index($vals,"\0")!=-1 ? split("\0",$vals) : $vals; 1149 $self->param(-name=>$tag,-value=>\@vals); 1150 } 1151 END_OF_FUNC 1152 1153 'FETCH' => <<'END_OF_FUNC', 1154 sub FETCH { 1155 return $_[0] if $_[1] eq 'CGI'; 1156 return undef unless defined $_[0]->param($_[1]); 1157 return join("\0",$_[0]->param($_[1])); 1158 } 1159 END_OF_FUNC 1160 1161 'FIRSTKEY' => <<'END_OF_FUNC', 1162 sub FIRSTKEY { 1163 $_[0]->{'.iterator'}=0; 1164 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++]; 1165 } 1166 END_OF_FUNC 1167 1168 'NEXTKEY' => <<'END_OF_FUNC', 1169 sub NEXTKEY { 1170 $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++]; 1171 } 1172 END_OF_FUNC 1173 1174 'EXISTS' => <<'END_OF_FUNC', 1175 sub EXISTS { 1176 exists $_[0]->{$_[1]}; 1177 } 1178 END_OF_FUNC 1179 1180 'DELETE' => <<'END_OF_FUNC', 1181 sub DELETE { 1182 $_[0]->delete($_[1]); 1183 } 1184 END_OF_FUNC 1185 1186 'CLEAR' => <<'END_OF_FUNC', 1187 sub CLEAR { 1188 %{$_[0]}=(); 1189 } 1190 #### 1191 END_OF_FUNC 1192 1193 #### 1194 # Append a new value to an existing query 1195 #### 1196 'append' => <<'EOF', 1197 sub append { 1198 my($self,@p) = self_or_default(@_); 1199 my($name,$value) = rearrange([NAME,[VALUE,VALUES]],@p); 1200 my(@values) = defined($value) ? (ref($value) ? @{$value} : $value) : (); 1201 if (@values) { 1202 $self->add_parameter($name); 1203 push(@{$self->{$name}},@values); 1204 } 1205 return $self->param($name); 1206 } 1207 EOF 1208 1209 #### Method: delete_all 1210 # Delete all parameters 1211 #### 1212 'delete_all' => <<'EOF', 1213 sub delete_all { 1214 my($self) = self_or_default(@_); 1215 my @param = $self->param(); 1216 $self->delete(@param); 1217 } 1218 EOF 1219 1220 'Delete' => <<'EOF', 1221 sub Delete { 1222 my($self,@p) = self_or_default(@_); 1223 $self->delete(@p); 1224 } 1225 EOF 1226 1227 'Delete_all' => <<'EOF', 1228 sub Delete_all { 1229 my($self,@p) = self_or_default(@_); 1230 $self->delete_all(@p); 1231 } 1232 EOF 1233 1234 #### Method: autoescape 1235 # If you want to turn off the autoescaping features, 1236 # call this method with undef as the argument 1237 'autoEscape' => <<'END_OF_FUNC', 1238 sub autoEscape { 1239 my($self,$escape) = self_or_default(@_); 1240 my $d = $self->{'escape'}; 1241 $self->{'escape'} = $escape; 1242 $d; 1243 } 1244 END_OF_FUNC 1245 1246 1247 #### Method: version 1248 # Return the current version 1249 #### 1250 'version' => <<'END_OF_FUNC', 1251 sub version { 1252 return $VERSION; 1253 } 1254 END_OF_FUNC 1255 1256 #### Method: url_param 1257 # Return a parameter in the QUERY_STRING, regardless of 1258 # whether this was a POST or a GET 1259 #### 1260 'url_param' => <<'END_OF_FUNC', 1261 sub url_param { 1262 my ($self,@p) = self_or_default(@_); 1263 my $name = shift(@p); 1264 return undef unless exists($ENV{QUERY_STRING}); 1265 unless (exists($self->{'.url_param'})) { 1266 $self->{'.url_param'}={}; # empty hash 1267 if ($ENV{QUERY_STRING} =~ /=/) { 1268 my(@pairs) = split(/[&;]/,$ENV{QUERY_STRING}); 1269 my($param,$value); 1270 foreach (@pairs) { 1271 ($param,$value) = split('=',$_,2); 1272 $param = unescape($param); 1273 $value = unescape($value); 1274 push(@{$self->{'.url_param'}->{$param}},$value); 1275 } 1276 } else { 1277 $self->{'.url_param'}->{'keywords'} = [$self->parse_keywordlist($ENV{QUERY_STRING})]; 1278 } 1279 } 1280 return keys %{$self->{'.url_param'}} unless defined($name); 1281 return () unless $self->{'.url_param'}->{$name}; 1282 return wantarray ? @{$self->{'.url_param'}->{$name}} 1283 : $self->{'.url_param'}->{$name}->[0]; 1284 } 1285 END_OF_FUNC 1286 1287 #### Method: Dump 1288 # Returns a string in which all the known parameter/value 1289 # pairs are represented as nested lists, mainly for the purposes 1290 # of debugging. 1291 #### 1292 'Dump' => <<'END_OF_FUNC', 1293 sub Dump { 1294 my($self) = self_or_default(@_); 1295 my($param,$value,@result); 1296 return '<ul></ul>' unless $self->param; 1297 push(@result,"<ul>"); 1298 foreach $param ($self->param) { 1299 my($name)=$self->escapeHTML($param); 1300 push(@result,"<li><strong>$param</strong></li>"); 1301 push(@result,"<ul>"); 1302 foreach $value ($self->param($param)) { 1303 $value = $self->escapeHTML($value); 1304 $value =~ s/\n/<br \/>\n/g; 1305 push(@result,"<li>$value</li>"); 1306 } 1307 push(@result,"</ul>"); 1308 } 1309 push(@result,"</ul>"); 1310 return join("\n",@result); 1311 } 1312 END_OF_FUNC 1313 1314 #### Method as_string 1315 # 1316 # synonym for "dump" 1317 #### 1318 'as_string' => <<'END_OF_FUNC', 1319 sub as_string { 1320 &Dump(@_); 1321 } 1322 END_OF_FUNC 1323 1324 #### Method: save 1325 # Write values out to a filehandle in such a way that they can 1326 # be reinitialized by the filehandle form of the new() method 1327 #### 1328 'save' => <<'END_OF_FUNC', 1329 sub save { 1330 my($self,$filehandle) = self_or_default(@_); 1331 $filehandle = to_filehandle($filehandle); 1332 my($param); 1333 local($,) = ''; # set print field separator back to a sane value 1334 local($\) = ''; # set output line separator to a sane value 1335 foreach $param ($self->param) { 1336 my($escaped_param) = escape($param); 1337 my($value); 1338 foreach $value ($self->param($param)) { 1339 print $filehandle "$escaped_param=",escape("$value"),"\n"; 1340 } 1341 } 1342 foreach (keys %{$self->{'.fieldnames'}}) { 1343 print $filehandle ".cgifields=",escape("$_"),"\n"; 1344 } 1345 print $filehandle "=\n"; # end of record 1346 } 1347 END_OF_FUNC 1348 1349 1350 #### Method: save_parameters 1351 # An alias for save() that is a better name for exportation. 1352 # Only intended to be used with the function (non-OO) interface. 1353 #### 1354 'save_parameters' => <<'END_OF_FUNC', 1355 sub save_parameters { 1356 my $fh = shift; 1357 return save(to_filehandle($fh)); 1358 } 1359 END_OF_FUNC 1360 1361 #### Method: restore_parameters 1362 # A way to restore CGI parameters from an initializer. 1363 # Only intended to be used with the function (non-OO) interface. 1364 #### 1365 'restore_parameters' => <<'END_OF_FUNC', 1366 sub restore_parameters { 1367 $Q = $CGI::DefaultClass->new(@_); 1368 } 1369 END_OF_FUNC 1370 1371 #### Method: multipart_init 1372 # Return a Content-Type: style header for server-push 1373 # This has to be NPH on most web servers, and it is advisable to set $| = 1 1374 # 1375 # Many thanks to Ed Jordan <ed@fidalgo.net> for this 1376 # contribution, updated by Andrew Benham (adsb@bigfoot.com) 1377 #### 1378 'multipart_init' => <<'END_OF_FUNC', 1379 sub multipart_init { 1380 my($self,@p) = self_or_default(@_); 1381 my($boundary,@other) = rearrange([BOUNDARY],@p); 1382 $boundary = $boundary || '------- =_aaaaaaaaaa0'; 1383 $self->{'separator'} = "$CRLF--$boundary$CRLF"; 1384 $self->{'final_separator'} = "$CRLF--$boundary--$CRLF"; 1385 $type = SERVER_PUSH($boundary); 1386 return $self->header( 1387 -nph => 0, 1388 -type => $type, 1389 (map { split "=", $_, 2 } @other), 1390 ) . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $self->multipart_end; 1391 } 1392 END_OF_FUNC 1393 1394 1395 #### Method: multipart_start 1396 # Return a Content-Type: style header for server-push, start of section 1397 # 1398 # Many thanks to Ed Jordan <ed@fidalgo.net> for this 1399 # contribution, updated by Andrew Benham (adsb@bigfoot.com) 1400 #### 1401 'multipart_start' => <<'END_OF_FUNC', 1402 sub multipart_start { 1403 my(@header); 1404 my($self,@p) = self_or_default(@_); 1405 my($type,@other) = rearrange([TYPE],@p); 1406 $type = $type || 'text/html'; 1407 push(@header,"Content-Type: $type"); 1408 1409 # rearrange() was designed for the HTML portion, so we 1410 # need to fix it up a little. 1411 foreach (@other) { 1412 # Don't use \s because of perl bug 21951 1413 next unless my($header,$value) = /([^ \r\n\t=]+)=\"?(.+?)\"?$/; 1414 ($_ = $header) =~ s/^(\w)(.*)/$1 . lc ($2) . ': '.$self->unescapeHTML($value)/e; 1415 } 1416 push(@header,@other); 1417 my $header = join($CRLF,@header)."$CRLF}$CRLF}"; 1418 return $header; 1419 } 1420 END_OF_FUNC 1421 1422 1423 #### Method: multipart_end 1424 # Return a MIME boundary separator for server-push, end of section 1425 # 1426 # Many thanks to Ed Jordan <ed@fidalgo.net> for this 1427 # contribution 1428 #### 1429 'multipart_end' => <<'END_OF_FUNC', 1430 sub multipart_end { 1431 my($self,@p) = self_or_default(@_); 1432 return $self->{'separator'}; 1433 } 1434 END_OF_FUNC 1435 1436 1437 #### Method: multipart_final 1438 # Return a MIME boundary separator for server-push, end of all sections 1439 # 1440 # Contributed by Andrew Benham (adsb@bigfoot.com) 1441 #### 1442 'multipart_final' => <<'END_OF_FUNC', 1443 sub multipart_final { 1444 my($self,@p) = self_or_default(@_); 1445 return $self->{'final_separator'} . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $CRLF; 1446 } 1447 END_OF_FUNC 1448 1449 1450 #### Method: header 1451 # Return a Content-Type: style header 1452 # 1453 #### 1454 'header' => <<'END_OF_FUNC', 1455 sub header { 1456 my($self,@p) = self_or_default(@_); 1457 my(@header); 1458 1459 return "" if $self->{'.header_printed'}++ and $HEADERS_ONCE; 1460 1461 my($type,$status,$cookie,$target,$expires,$nph,$charset,$attachment,$p3p,@other) = 1462 rearrange([['TYPE','CONTENT_TYPE','CONTENT-TYPE'], 1463 'STATUS',['COOKIE','COOKIES'],'TARGET', 1464 'EXPIRES','NPH','CHARSET', 1465 'ATTACHMENT','P3P'],@p); 1466 1467 $nph ||= $NPH; 1468 1469 $type ||= 'text/html' unless defined($type); 1470 1471 if (defined $charset) { 1472 $self->charset($charset); 1473 } else { 1474 $charset = $self->charset if $type =~ /^text\//; 1475 } 1476 $charset ||= ''; 1477 1478 # rearrange() was designed for the HTML portion, so we 1479 # need to fix it up a little. 1480 foreach (@other) { 1481 # Don't use \s because of perl bug 21951 1482 next unless my($header,$value) = /([^ \r\n\t=]+)=\"?(.+?)\"?$/; 1483 ($_ = $header) =~ s/^(\w)(.*)/"\u$1\L$2" . ': '.$self->unescapeHTML($value)/e; 1484 } 1485 1486 $type .= "; charset=$charset" 1487 if $type ne '' 1488 and $type !~ /\bcharset\b/ 1489 and defined $charset 1490 and $charset ne ''; 1491 1492 # Maybe future compatibility. Maybe not. 1493 my $protocol = $ENV{SERVER_PROTOCOL} || 'HTTP/1.0'; 1494 push(@header,$protocol . ' ' . ($status || '200 OK')) if $nph; 1495 push(@header,"Server: " . &server_software()) if $nph; 1496 1497 push(@header,"Status: $status") if $status; 1498 push(@header,"Window-Target: $target") if $target; 1499 if ($p3p) { 1500 $p3p = join ' ',@$p3p if ref($p3p) eq 'ARRAY'; 1501 push(@header,qq(P3P: policyref="/w3c/p3p.xml", CP="$p3p")); 1502 } 1503 # push all the cookies -- there may be several 1504 if ($cookie) { 1505 my(@cookie) = ref($cookie) && ref($cookie) eq 'ARRAY' ? @{$cookie} : $cookie; 1506 foreach (@cookie) { 1507 my $cs = UNIVERSAL::isa($_,'CGI::Cookie') ? $_->as_string : $_; 1508 push(@header,"Set-Cookie: $cs") if $cs ne ''; 1509 } 1510 } 1511 # if the user indicates an expiration time, then we need 1512 # both an Expires and a Date header (so that the browser is 1513 # uses OUR clock) 1514 push(@header,"Expires: " . expires($expires,'http')) 1515 if $expires; 1516 push(@header,"Date: " . expires(0,'http')) if $expires || $cookie || $nph; 1517 push(@header,"Pragma: no-cache") if $self->cache(); 1518 push(@header,"Content-Disposition: attachment; filename=\"$attachment\"") if $attachment; 1519 push(@header,map {ucfirst $_} @other); 1520 push(@header,"Content-Type: $type") if $type ne ''; 1521 my $header = join($CRLF,@header)."$CRLF}$CRLF}"; 1522 if ($MOD_PERL and not $nph) { 1523 $self->r->send_cgi_header($header); 1524 return ''; 1525 } 1526 return $header; 1527 } 1528 END_OF_FUNC 1529 1530 1531 #### Method: cache 1532 # Control whether header() will produce the no-cache 1533 # Pragma directive. 1534 #### 1535 'cache' => <<'END_OF_FUNC', 1536 sub cache { 1537 my($self,$new_value) = self_or_default(@_); 1538 $new_value = '' unless $new_value; 1539 if ($new_value ne '') { 1540 $self->{'cache'} = $new_value; 1541 } 1542 return $self->{'cache'}; 1543 } 1544 END_OF_FUNC 1545 1546 1547 #### Method: redirect 1548 # Return a Location: style header 1549 # 1550 #### 1551 'redirect' => <<'END_OF_FUNC', 1552 sub redirect { 1553 my($self,@p) = self_or_default(@_); 1554 my($url,$target,$status,$cookie,$nph,@other) = 1555 rearrange([[LOCATION,URI,URL],TARGET,STATUS,['COOKIE','COOKIES'],NPH],@p); 1556 $status = '302 Found' unless defined $status; 1557 $url ||= $self->self_url; 1558 my(@o); 1559 foreach (@other) { tr/\"//d; push(@o,split("=",$_,2)); } 1560 unshift(@o, 1561 '-Status' => $status, 1562 '-Location'=> $url, 1563 '-nph' => $nph); 1564 unshift(@o,'-Target'=>$target) if $target; 1565 unshift(@o,'-Type'=>''); 1566 my @unescaped; 1567 unshift(@unescaped,'-Cookie'=>$cookie) if $cookie; 1568 return $self->header((map {$self->unescapeHTML($_)} @o),@unescaped); 1569 } 1570 END_OF_FUNC 1571 1572 1573 #### Method: start_html 1574 # Canned HTML header 1575 # 1576 # Parameters: 1577 # $title -> (optional) The title for this HTML document (-title) 1578 # $author -> (optional) e-mail address of the author (-author) 1579 # $base -> (optional) if set to true, will enter the BASE address of this document 1580 # for resolving relative references (-base) 1581 # $xbase -> (optional) alternative base at some remote location (-xbase) 1582 # $target -> (optional) target window to load all links into (-target) 1583 # $script -> (option) Javascript code (-script) 1584 # $no_script -> (option) Javascript <noscript> tag (-noscript) 1585 # $meta -> (optional) Meta information tags 1586 # $head -> (optional) any other elements you'd like to incorporate into the <head> tag 1587 # (a scalar or array ref) 1588 # $style -> (optional) reference to an external style sheet 1589 # @other -> (optional) any other named parameters you'd like to incorporate into 1590 # the <body> tag. 1591 #### 1592 'start_html' => <<'END_OF_FUNC', 1593 sub start_html { 1594 my($self,@p) = &self_or_default(@_); 1595 my($title,$author,$base,$xbase,$script,$noscript, 1596 $target,$meta,$head,$style,$dtd,$lang,$encoding,$declare_xml,@other) = 1597 rearrange([TITLE,AUTHOR,BASE,XBASE,SCRIPT,NOSCRIPT,TARGET, 1598 META,HEAD,STYLE,DTD,LANG,ENCODING,DECLARE_XML],@p); 1599 1600 $self->element_id(0); 1601 $self->element_tab(0); 1602 1603 $encoding = lc($self->charset) unless defined $encoding; 1604 1605 # Need to sort out the DTD before it's okay to call escapeHTML(). 1606 my(@result,$xml_dtd); 1607 if ($dtd) { 1608 if (defined(ref($dtd)) and (ref($dtd) eq 'ARRAY')) { 1609 $dtd = $DEFAULT_DTD unless $dtd->[0] =~ m|^-//|; 1610 } else { 1611 $dtd = $DEFAULT_DTD unless $dtd =~ m|^-//|; 1612 } 1613 } else { 1614 $dtd = $XHTML ? XHTML_DTD : $DEFAULT_DTD; 1615 } 1616 1617 $xml_dtd++ if ref($dtd) eq 'ARRAY' && $dtd->[0] =~ /\bXHTML\b/i; 1618 $xml_dtd++ if ref($dtd) eq '' && $dtd =~ /\bXHTML\b/i; 1619 push @result,qq(<?xml version="1.0" encoding="$encoding"?>) if $xml_dtd && $declare_xml; 1620 1621 if (ref($dtd) && ref($dtd) eq 'ARRAY') { 1622 push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd->[0]"\n\t "$dtd->[1]">)); 1623 $DTD_PUBLIC_IDENTIFIER = $dtd->[0]; 1624 } else { 1625 push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd">)); 1626 $DTD_PUBLIC_IDENTIFIER = $dtd; 1627 } 1628 1629 # Now that we know whether we're using the HTML 3.2 DTD or not, it's okay to 1630 # call escapeHTML(). Strangely enough, the title needs to be escaped as 1631 # HTML while the author needs to be escaped as a URL. 1632 $title = $self->escapeHTML($title || 'Untitled Document'); 1633 $author = $self->escape($author); 1634 1635 if ($DTD_PUBLIC_IDENTIFIER =~ /[^X]HTML (2\.0|3\.2)/i) { 1636 $lang = "" unless defined $lang; 1637 $XHTML = 0; 1638 } 1639 else { 1640 $lang = 'en-US' unless defined $lang; 1641 } 1642 1643 my $lang_bits = $lang ne '' ? qq( lang="$lang" xml:lang="$lang") : ''; 1644 my $meta_bits = qq(<meta http-equiv="Content-Type" content="text/html; charset=$encoding" />) 1645 if $XHTML && $encoding && !$declare_xml; 1646 1647 push(@result,$XHTML ? qq(<html xmlns="http://www.w3.org/1999/xhtml"$lang_bits>\n<head>\n<title>$title</title>) 1648 : ($lang ? qq(<html lang="$lang">) : "<html>") 1649 . "<head><title>$title</title>"); 1650 if (defined $author) { 1651 push(@result,$XHTML ? "<link rev=\"made\" href=\"mailto:$author\" />" 1652 : "<link rev=\"made\" href=\"mailto:$author\">"); 1653 } 1654 1655 if ($base || $xbase || $target) { 1656 my $href = $xbase || $self->url('-path'=>1); 1657 my $t = $target ? qq/ target="$target"/ : ''; 1658 push(@result,$XHTML ? qq(<base href="$href"$t />) : qq(<base href="$href"$t>)); 1659 } 1660 1661 if ($meta && ref($meta) && (ref($meta) eq 'HASH')) { 1662 foreach (keys %$meta) { push(@result,$XHTML ? qq(<meta name="$_" content="$meta->{$_}" />) 1663 : qq(<meta name="$_" content="$meta->{$_}">)); } 1664 } 1665 1666 push(@result,ref($head) ? @$head : $head) if $head; 1667 1668 # handle the infrequently-used -style and -script parameters 1669 push(@result,$self->_style($style)) if defined $style; 1670 push(@result,$self->_script($script)) if defined $script; 1671 push(@result,$meta_bits) if defined $meta_bits; 1672 1673 # handle -noscript parameter 1674 push(@result,<<END) if $noscript; 1675 <noscript> 1676 $noscript 1677 </noscript> 1678 END 1679 ; 1680 my($other) = @other ? " @other" : ''; 1681 push(@result,"</head>\n<body$other>\n"); 1682 return join("\n",@result); 1683 } 1684 END_OF_FUNC 1685 1686 ### Method: _style 1687 # internal method for generating a CSS style section 1688 #### 1689 '_style' => <<'END_OF_FUNC', 1690 sub _style { 1691 my ($self,$style) = @_; 1692 my (@result); 1693 1694 my $type = 'text/css'; 1695 my $rel = 'stylesheet'; 1696 1697 1698 my $cdata_start = $XHTML ? "\n<!--/* <![CDATA[ */" : "\n<!-- "; 1699 my $cdata_end = $XHTML ? "\n/* ]]> */-->\n" : " -->\n"; 1700 1701 my @s = ref($style) eq 'ARRAY' ? @$style : $style; 1702 1703 for my $s (@s) { 1704 if (ref($s)) { 1705 my($src,$code,$verbatim,$stype,$alternate,$foo,@other) = 1706 rearrange([qw(SRC CODE VERBATIM TYPE ALTERNATE FOO)], 1707 ('-foo'=>'bar', 1708 ref($s) eq 'ARRAY' ? @$s : %$s)); 1709 my $type = defined $stype ? $stype : 'text/css'; 1710 my $rel = $alternate ? 'alternate stylesheet' : 'stylesheet'; 1711 my $other = @other ? join ' ',@other : ''; 1712 1713 if (ref($src) eq "ARRAY") # Check to see if the $src variable is an array reference 1714 { # If it is, push a LINK tag for each one 1715 foreach $src (@$src) 1716 { 1717 push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>) 1718 : qq(<link rel="$rel" type="$type" href="$src"$other>)) if $src; 1719 } 1720 } 1721 else 1722 { # Otherwise, push the single -src, if it exists. 1723 push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>) 1724 : qq(<link rel="$rel" type="$type" href="$src"$other>) 1725 ) if $src; 1726 } 1727 if ($verbatim) { 1728 my @v = ref($verbatim) eq 'ARRAY' ? @$verbatim : $verbatim; 1729 push(@result, "<style type=\"text/css\">\n$_\n</style>") foreach @v; 1730 } 1731 my @c = ref($code) eq 'ARRAY' ? @$code : $code if $code; 1732 push(@result,style({'type'=>$type},"$cdata_start\n$_\n$cdata_end")) foreach @c; 1733 1734 } else { 1735 my $src = $s; 1736 push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>) 1737 : qq(<link rel="$rel" type="$type" href="$src"$other>)); 1738 } 1739 } 1740 @result; 1741 } 1742 END_OF_FUNC 1743 1744 '_script' => <<'END_OF_FUNC', 1745 sub _script { 1746 my ($self,$script) = @_; 1747 my (@result); 1748 1749 my (@scripts) = ref($script) eq 'ARRAY' ? @$script : ($script); 1750 foreach $script (@scripts) { 1751 my($src,$code,$language); 1752 if (ref($script)) { # script is a hash 1753 ($src,$code,$type) = 1754 rearrange(['SRC','CODE',['LANGUAGE','TYPE']], 1755 '-foo'=>'bar', # a trick to allow the '-' to be omitted 1756 ref($script) eq 'ARRAY' ? @$script : %$script); 1757 $type ||= 'text/javascript'; 1758 unless ($type =~ m!\w+/\w+!) { 1759 $type =~ s/[\d.]+$//; 1760 $type = "text/$type"; 1761 } 1762 } else { 1763 ($src,$code,$type) = ('',$script, 'text/javascript'); 1764 } 1765 1766 my $comment = '//'; # javascript by default 1767 $comment = '#' if $type=~/perl|tcl/i; 1768 $comment = "'" if $type=~/vbscript/i; 1769 1770 my ($cdata_start,$cdata_end); 1771 if ($XHTML) { 1772 $cdata_start = "$comment<![CDATA[\n"; 1773 $cdata_end .= "\n$comment]]>"; 1774 } else { 1775 $cdata_start = "\n<!-- Hide script\n"; 1776 $cdata_end = $comment; 1777 $cdata_end .= " End script hiding -->\n"; 1778 } 1779 my(@satts); 1780 push(@satts,'src'=>$src) if $src; 1781 push(@satts,'type'=>$type); 1782 $code = $cdata_start . $code . $cdata_end if defined $code; 1783 push(@result,$self->script({@satts},$code || '')); 1784 } 1785 @result; 1786 } 1787 END_OF_FUNC 1788 1789 #### Method: end_html 1790 # End an HTML document. 1791 # Trivial method for completeness. Just returns "</body>" 1792 #### 1793 'end_html' => <<'END_OF_FUNC', 1794 sub end_html { 1795 return "\n</body>\n</html>"; 1796 } 1797 END_OF_FUNC 1798 1799 1800 ################################ 1801 # METHODS USED IN BUILDING FORMS 1802 ################################ 1803 1804 #### Method: isindex 1805 # Just prints out the isindex tag. 1806 # Parameters: 1807 # $action -> optional URL of script to run 1808 # Returns: 1809 # A string containing a <isindex> tag 1810 'isindex' => <<'END_OF_FUNC', 1811 sub isindex { 1812 my($self,@p) = self_or_default(@_); 1813 my($action,@other) = rearrange([ACTION],@p); 1814 $action = qq/ action="$action"/ if $action; 1815 my($other) = @other ? " @other" : ''; 1816 return $XHTML ? "<isindex$action$other />" : "<isindex$action$other>"; 1817 } 1818 END_OF_FUNC 1819 1820 1821 #### Method: startform 1822 # Start a form 1823 # Parameters: 1824 # $method -> optional submission method to use (GET or POST) 1825 # $action -> optional URL of script to run 1826 # $enctype ->encoding to use (URL_ENCODED or MULTIPART) 1827 'startform' => <<'END_OF_FUNC', 1828 sub startform { 1829 my($self,@p) = self_or_default(@_); 1830 1831 my($method,$action,$enctype,@other) = 1832 rearrange([METHOD,ACTION,ENCTYPE],@p); 1833 1834 $method = $self->escapeHTML(lc($method) || 'post'); 1835 $enctype = $self->escapeHTML($enctype || &URL_ENCODED); 1836 if (defined $action) { 1837 $action = $self->escapeHTML($action); 1838 } 1839 else { 1840 $action = $self->escapeHTML($self->request_uri || $self->self_url); 1841 } 1842 $action = qq(action="$action"); 1843 my($other) = @other ? " @other" : ''; 1844 $self->{'.parametersToAdd'}={}; 1845 return qq/<form method="$method" $action enctype="$enctype"$other>\n/; 1846 } 1847 END_OF_FUNC 1848 1849 1850 #### Method: start_form 1851 # synonym for startform 1852 'start_form' => <<'END_OF_FUNC', 1853 sub start_form { 1854 $XHTML ? &start_multipart_form : &startform; 1855 } 1856 END_OF_FUNC 1857 1858 'end_multipart_form' => <<'END_OF_FUNC', 1859 sub end_multipart_form { 1860 &endform; 1861 } 1862 END_OF_FUNC 1863 1864 #### Method: start_multipart_form 1865 # synonym for startform 1866 'start_multipart_form' => <<'END_OF_FUNC', 1867 sub start_multipart_form { 1868 my($self,@p) = self_or_default(@_); 1869 if (defined($p[0]) && substr($p[0],0,1) eq '-') { 1870 return $self->startform(-enctype=>&MULTIPART,@p); 1871 } else { 1872 my($method,$action,@other) = 1873 rearrange([METHOD,ACTION],@p); 1874 return $self->startform($method,$action,&MULTIPART,@other); 1875 } 1876 } 1877 END_OF_FUNC 1878 1879 1880 #### Method: endform 1881 # End a form 1882 'endform' => <<'END_OF_FUNC', 1883 sub endform { 1884 my($self,@p) = self_or_default(@_); 1885 if ( $NOSTICKY ) { 1886 return wantarray ? ("</form>") : "\n</form>"; 1887 } else { 1888 if (my @fields = $self->get_fields) { 1889 return wantarray ? ("<div>",@fields,"</div>","</form>") 1890 : "<div>".(join '',@fields)."</div>\n</form>"; 1891 } else { 1892 return "</form>"; 1893 } 1894 } 1895 } 1896 END_OF_FUNC 1897 1898 1899 '_textfield' => <<'END_OF_FUNC', 1900 sub _textfield { 1901 my($self,$tag,@p) = self_or_default(@_); 1902 my($name,$default,$size,$maxlength,$override,$tabindex,@other) = 1903 rearrange([NAME,[DEFAULT,VALUE,VALUES],SIZE,MAXLENGTH,[OVERRIDE,FORCE],TABINDEX],@p); 1904 1905 my $current = $override ? $default : 1906 (defined($self->param($name)) ? $self->param($name) : $default); 1907 1908 $current = defined($current) ? $self->escapeHTML($current,1) : ''; 1909 $name = defined($name) ? $self->escapeHTML($name) : ''; 1910 my($s) = defined($size) ? qq/ size="$size"/ : ''; 1911 my($m) = defined($maxlength) ? qq/ maxlength="$maxlength"/ : ''; 1912 my($other) = @other ? " @other" : ''; 1913 # this entered at cristy's request to fix problems with file upload fields 1914 # and WebTV -- not sure it won't break stuff 1915 my($value) = $current ne '' ? qq(value="$current") : ''; 1916 $tabindex = $self->element_tab($tabindex); 1917 return $XHTML ? qq(<input type="$tag" name="$name" $tabindex$value$s$m$other />) 1918 : qq(<input type="$tag" name="$name" $value$s$m$other>); 1919 } 1920 END_OF_FUNC 1921 1922 #### Method: textfield 1923 # Parameters: 1924 # $name -> Name of the text field 1925 # $default -> Optional default value of the field if not 1926 # already defined. 1927 # $size -> Optional width of field in characaters. 1928 # $maxlength -> Optional maximum number of characters. 1929 # Returns: 1930 # A string containing a <input type="text"> field 1931 # 1932 'textfield' => <<'END_OF_FUNC', 1933 sub textfield { 1934 my($self,@p) = self_or_default(@_); 1935 $self->_textfield('text',@p); 1936 } 1937 END_OF_FUNC 1938 1939 1940 #### Method: filefield 1941 # Parameters: 1942 # $name -> Name of the file upload field 1943 # $size -> Optional width of field in characaters. 1944 # $maxlength -> Optional maximum number of characters. 1945 # Returns: 1946 # A string containing a <input type="file"> field 1947 # 1948 'filefield' => <<'END_OF_FUNC', 1949 sub filefield { 1950 my($self,@p) = self_or_default(@_); 1951 $self->_textfield('file',@p); 1952 } 1953 END_OF_FUNC 1954 1955 1956 #### Method: password 1957 # Create a "secret password" entry field 1958 # Parameters: 1959 # $name -> Name of the field 1960 # $default -> Optional default value of the field if not 1961 # already defined. 1962 # $size -> Optional width of field in characters. 1963 # $maxlength -> Optional maximum characters that can be entered. 1964 # Returns: 1965 # A string containing a <input type="password"> field 1966 # 1967 'password_field' => <<'END_OF_FUNC', 1968 sub password_field { 1969 my ($self,@p) = self_or_default(@_); 1970 $self->_textfield('password',@p); 1971 } 1972 END_OF_FUNC 1973 1974 #### Method: textarea 1975 # Parameters: 1976 # $name -> Name of the text field 1977 # $default -> Optional default value of the field if not 1978 # already defined. 1979 # $rows -> Optional number of rows in text area 1980 # $columns -> Optional number of columns in text area 1981 # Returns: 1982 # A string containing a <textarea></textarea> tag 1983 # 1984 'textarea' => <<'END_OF_FUNC', 1985 sub textarea { 1986 my($self,@p) = self_or_default(@_); 1987 my($name,$default,$rows,$cols,$override,$tabindex,@other) = 1988 rearrange([NAME,[DEFAULT,VALUE],ROWS,[COLS,COLUMNS],[OVERRIDE,FORCE],TABINDEX],@p); 1989 1990 my($current)= $override ? $default : 1991 (defined($self->param($name)) ? $self->param($name) : $default); 1992 1993 $name = defined($name) ? $self->escapeHTML($name) : ''; 1994 $current = defined($current) ? $self->escapeHTML($current) : ''; 1995 my($r) = $rows ? qq/ rows="$rows"/ : ''; 1996 my($c) = $cols ? qq/ cols="$cols"/ : ''; 1997 my($other) = @other ? " @other" : ''; 1998 $tabindex = $self->element_tab($tabindex); 1999 return qq{<textarea name="$name" $tabindex$r$c$other>$current</textarea>}; 2000 } 2001 END_OF_FUNC 2002 2003 2004 #### Method: button 2005 # Create a javascript button. 2006 # Parameters: 2007 # $name -> (optional) Name for the button. (-name) 2008 # $value -> (optional) Value of the button when selected (and visible name) (-value) 2009 # $onclick -> (optional) Text of the JavaScript to run when the button is 2010 # clicked. 2011 # Returns: 2012 # A string containing a <input type="button"> tag 2013 #### 2014 'button' => <<'END_OF_FUNC', 2015 sub button { 2016 my($self,@p) = self_or_default(@_); 2017 2018 my($label,$value,$script,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL], 2019 [ONCLICK,SCRIPT],TABINDEX],@p); 2020 2021 $label=$self->escapeHTML($label); 2022 $value=$self->escapeHTML($value,1); 2023 $script=$self->escapeHTML($script); 2024 2025 my($name) = ''; 2026 $name = qq/ name="$label"/ if $label; 2027 $value = $value || $label; 2028 my($val) = ''; 2029 $val = qq/ value="$value"/ if $value; 2030 $script = qq/ onclick="$script"/ if $script; 2031 my($other) = @other ? " @other" : ''; 2032 $tabindex = $self->element_tab($tabindex); 2033 return $XHTML ? qq(<input type="button" $tabindex$name$val$script$other />) 2034 : qq(<input type="button"$name$val$script$other>); 2035 } 2036 END_OF_FUNC 2037 2038 2039 #### Method: submit 2040 # Create a "submit query" button. 2041 # Parameters: 2042 # $name -> (optional) Name for the button. 2043 # $value -> (optional) Value of the button when selected (also doubles as label). 2044 # $label -> (optional) Label printed on the button(also doubles as the value). 2045 # Returns: 2046 # A string containing a <input type="submit"> tag 2047 #### 2048 'submit' => <<'END_OF_FUNC', 2049 sub submit { 2050 my($self,@p) = self_or_default(@_); 2051 2052 my($label,$value,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL],TABINDEX],@p); 2053 2054 $label=$self->escapeHTML($label); 2055 $value=$self->escapeHTML($value,1); 2056 2057 my $name = $NOSTICKY ? '' : 'name=".submit" '; 2058 $name = qq/name="$label" / if defined($label); 2059 $value = defined($value) ? $value : $label; 2060 my $val = ''; 2061 $val = qq/value="$value" / if defined($value); 2062 $tabindex = $self->element_tab($tabindex); 2063 my($other) = @other ? "@other " : ''; 2064 return $XHTML ? qq(<input type="submit" $tabindex$name$val$other/>) 2065 : qq(<input type="submit" $name$val$other>); 2066 } 2067 END_OF_FUNC 2068 2069 2070 #### Method: reset 2071 # Create a "reset" button. 2072 # Parameters: 2073 # $name -> (optional) Name for the button. 2074 # Returns: 2075 # A string containing a <input type="reset"> tag 2076 #### 2077 'reset' => <<'END_OF_FUNC', 2078 sub reset { 2079 my($self,@p) = self_or_default(@_); 2080 my($label,$value,$tabindex,@other) = rearrange(['NAME',['VALUE','LABEL'],TABINDEX],@p); 2081 $label=$self->escapeHTML($label); 2082 $value=$self->escapeHTML($value,1); 2083 my ($name) = ' name=".reset"'; 2084 $name = qq/ name="$label"/ if defined($label); 2085 $value = defined($value) ? $value : $label; 2086 my($val) = ''; 2087 $val = qq/ value="$value"/ if defined($value); 2088 my($other) = @other ? " @other" : ''; 2089 $tabindex = $self->element_tab($tabindex); 2090 return $XHTML ? qq(<input type="reset" $tabindex$name$val$other />) 2091 : qq(<input type="reset"$name$val$other>); 2092 } 2093 END_OF_FUNC 2094 2095 2096 #### Method: defaults 2097 # Create a "defaults" button. 2098 # Parameters: 2099 # $name -> (optional) Name for the button. 2100 # Returns: 2101 # A string containing a <input type="submit" name=".defaults"> tag 2102 # 2103 # Note: this button has a special meaning to the initialization script, 2104 # and tells it to ERASE the current query string so that your defaults 2105 # are used again! 2106 #### 2107 'defaults' => <<'END_OF_FUNC', 2108 sub defaults { 2109 my($self,@p) = self_or_default(@_); 2110 2111 my($label,$tabindex,@other) = rearrange([[NAME,VALUE],TABINDEX],@p); 2112 2113 $label=$self->escapeHTML($label,1); 2114 $label = $label || "Defaults"; 2115 my($value) = qq/ value="$label"/; 2116 my($other) = @other ? " @other" : ''; 2117 $tabindex = $self->element_tab($tabindex); 2118 return $XHTML ? qq(<input type="submit" name=".defaults" $tabindex$value$other />) 2119 : qq/<input type="submit" NAME=".defaults"$value$other>/; 2120 } 2121 END_OF_FUNC 2122 2123 2124 #### Method: comment 2125 # Create an HTML <!-- comment --> 2126 # Parameters: a string 2127 'comment' => <<'END_OF_FUNC', 2128 sub comment { 2129 my($self,@p) = self_or_CGI(@_); 2130 return "<!-- @p -->"; 2131 } 2132 END_OF_FUNC 2133 2134 #### Method: checkbox 2135 # Create a checkbox that is not logically linked to any others. 2136 # The field value is "on" when the button is checked. 2137 # Parameters: 2138 # $name -> Name of the checkbox 2139 # $checked -> (optional) turned on by default if true 2140 # $value -> (optional) value of the checkbox, 'on' by default 2141 # $label -> (optional) a user-readable label printed next to the box. 2142 # Otherwise the checkbox name is used. 2143 # Returns: 2144 # A string containing a <input type="checkbox"> field 2145 #### 2146 'checkbox' => <<'END_OF_FUNC', 2147 sub checkbox { 2148 my($self,@p) = self_or_default(@_); 2149 2150 my($name,$checked,$value,$label,$override,$tabindex,@other) = 2151 rearrange([NAME,[CHECKED,SELECTED,ON],VALUE,LABEL,[OVERRIDE,FORCE],TABINDEX],@p); 2152 2153 $value = defined $value ? $value : 'on'; 2154 2155 if (!$override && ($self->{'.fieldnames'}->{$name} || 2156 defined $self->param($name))) { 2157 $checked = grep($_ eq $value,$self->param($name)) ? $self->_checked(1) : ''; 2158 } else { 2159 $checked = $self->_checked($checked); 2160 } 2161 my($the_label) = defined $label ? $label : $name; 2162 $name = $self->escapeHTML($name); 2163 $value = $self->escapeHTML($value,1); 2164 $the_label = $self->escapeHTML($the_label); 2165 my($other) = @other ? "@other " : ''; 2166 $tabindex = $self->element_tab($tabindex); 2167 $self->register_parameter($name); 2168 return $XHTML ? CGI::label(qq{<input type="checkbox" name="$name" value="$value" $tabindex$checked$other/>$the_label}) 2169 : qq{<input type="checkbox" name="$name" value="$value"$checked$other>$the_label}; 2170 } 2171 END_OF_FUNC 2172 2173 2174 2175 # Escape HTML -- used internally 2176 'escapeHTML' => <<'END_OF_FUNC', 2177 sub escapeHTML { 2178 # hack to work around earlier hacks 2179 push @_,$_[0] if @_==1 && $_[0] eq 'CGI'; 2180 my ($self,$toencode,$newlinestoo) = CGI::self_or_default(@_); 2181 return undef unless defined($toencode); 2182 return $toencode if ref($self) && !$self->{'escape'}; 2183 $toencode =~ s{&}{&}gso; 2184 $toencode =~ s{<}{<}gso; 2185 $toencode =~ s{>}{>}gso; 2186 if ($DTD_PUBLIC_IDENTIFIER =~ /[^X]HTML 3\.2/i) { 2187 # $quot; was accidentally omitted from the HTML 3.2 DTD -- see 2188 # <http://validator.w3.org/docs/errors.html#bad-entity> / 2189 # <http://lists.w3.org/Archives/Public/www-html/1997Mar/0003.html>. 2190 $toencode =~ s{"}{"}gso; 2191 } 2192 else { 2193 $toencode =~ s{"}{"}gso; 2194 } 2195 my $latin = uc $self->{'.charset'} eq 'ISO-8859-1' || 2196 uc $self->{'.charset'} eq 'WINDOWS-1252'; 2197 if ($latin) { # bug in some browsers 2198 $toencode =~ s{'}{'}gso; 2199 $toencode =~ s{\x8b}{‹}gso; 2200 $toencode =~ s{\x9b}{›}gso; 2201 if (defined $newlinestoo && $newlinestoo) { 2202 $toencode =~ s{\012}{ }gso; 2203 $toencode =~ s{\015}{ }gso; 2204 } 2205 } 2206 return $toencode; 2207 } 2208 END_OF_FUNC 2209 2210 # unescape HTML -- used internally 2211 'unescapeHTML' => <<'END_OF_FUNC', 2212 sub unescapeHTML { 2213 # hack to work around earlier hacks 2214 push @_,$_[0] if @_==1 && $_[0] eq 'CGI'; 2215 my ($self,$string) = CGI::self_or_default(@_); 2216 return undef unless defined($string); 2217 my $latin = defined $self->{'.charset'} ? $self->{'.charset'} =~ /^(ISO-8859-1|WINDOWS-1252)$/i 2218 : 1; 2219 # thanks to Randal Schwartz for the correct solution to this one 2220 $string=~ s[&(.*?);]{ 2221 local $_ = $1; 2222 /^amp$/i ? "&" : 2223 /^quot$/i ? '"' : 2224 /^gt$/i ? ">" : 2225 /^lt$/i ? "<" : 2226 /^#(\d+)$/ && $latin ? chr($1) : 2227 /^#x([0-9a-f]+)$/i && $latin ? chr(hex($1)) : 2228 $_ 2229 }gex; 2230 return $string; 2231 } 2232 END_OF_FUNC 2233 2234 # Internal procedure - don't use 2235 '_tableize' => <<'END_OF_FUNC', 2236 sub _tableize { 2237 my($rows,$columns,$rowheaders,$colheaders,@elements) = @_; 2238 my @rowheaders = $rowheaders ? @$rowheaders : (); 2239 my @colheaders = $colheaders ? @$colheaders : (); 2240 my($result); 2241 2242 if (defined($columns)) { 2243 $rows = int(0.99 + @elements/$columns) unless defined($rows); 2244 } 2245 if (defined($rows)) { 2246 $columns = int(0.99 + @elements/$rows) unless defined($columns); 2247 } 2248 2249 # rearrange into a pretty table 2250 $result = "<table>"; 2251 my($row,$column); 2252 unshift(@colheaders,'') if @colheaders && @rowheaders; 2253 $result .= "<tr>" if @colheaders; 2254 foreach (@colheaders) { 2255 $result .= "<th>$_</th>"; 2256 } 2257 for ($row=0;$row<$rows;$row++) { 2258 $result .= "<tr>"; 2259 $result .= "<th>$rowheaders[$row]</th>" if @rowheaders; 2260 for ($column=0;$column<$columns;$column++) { 2261 $result .= "<td>" . $elements[$column*$rows + $row] . "</td>" 2262 if defined($elements[$column*$rows + $row]); 2263 } 2264 $result .= "</tr>"; 2265 } 2266 $result .= "</table>"; 2267 return $result; 2268 } 2269 END_OF_FUNC 2270 2271 2272 #### Method: radio_group 2273 # Create a list of logically-linked radio buttons. 2274 # Parameters: 2275 # $name -> Common name for all the buttons. 2276 # $values -> A pointer to a regular array containing the 2277 # values for each button in the group. 2278 # $default -> (optional) Value of the button to turn on by default. Pass '-' 2279 # to turn _nothing_ on. 2280 # $linebreak -> (optional) Set to true to place linebreaks 2281 # between the buttons. 2282 # $labels -> (optional) 2283 # A pointer to an associative array of labels to print next to each checkbox 2284 # in the form $label{'value'}="Long explanatory label". 2285 # Otherwise the provided values are used as the labels. 2286 # Returns: 2287 # An ARRAY containing a series of <input type="radio"> fields 2288 #### 2289 'radio_group' => <<'END_OF_FUNC', 2290 sub radio_group { 2291 my($self,@p) = self_or_default(@_); 2292 $self->_box_group('radio',@p); 2293 } 2294 END_OF_FUNC 2295 2296 #### Method: checkbox_group 2297 # Create a list of logically-linked checkboxes. 2298 # Parameters: 2299 # $name -> Common name for all the check boxes 2300 # $values -> A pointer to a regular array containing the 2301 # values for each checkbox in the group. 2302 # $defaults -> (optional) 2303 # 1. If a pointer to a regular array of checkbox values, 2304 # then this will be used to decide which 2305 # checkboxes to turn on by default. 2306 # 2. If a scalar, will be assumed to hold the 2307 # value of a single checkbox in the group to turn on. 2308 # $linebreak -> (optional) Set to true to place linebreaks 2309 # between the buttons. 2310 # $labels -> (optional) 2311 # A pointer to an associative array of labels to print next to each checkbox 2312 # in the form $label{'value'}="Long explanatory label". 2313 # Otherwise the provided values are used as the labels. 2314 # Returns: 2315 # An ARRAY containing a series of <input type="checkbox"> fields 2316 #### 2317 2318 'checkbox_group' => <<'END_OF_FUNC', 2319 sub checkbox_group { 2320 my($self,@p) = self_or_default(@_); 2321 $self->_box_group('checkbox',@p); 2322 } 2323 END_OF_FUNC 2324 2325 '_box_group' => <<'END_OF_FUNC', 2326 sub _box_group { 2327 my $self = shift; 2328 my $box_type = shift; 2329 2330 my($name,$values,$defaults,$linebreak,$labels,$attributes, 2331 $rows,$columns,$rowheaders,$colheaders, 2332 $override,$nolabels,$tabindex,$disabled,@other) = 2333 rearrange([ NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LINEBREAK,LABELS,ATTRIBUTES, 2334 ROWS,[COLUMNS,COLS],[ROWHEADERS,ROWHEADER],[COLHEADERS,COLHEADER], 2335 [OVERRIDE,FORCE],NOLABELS,TABINDEX,DISABLED 2336 ],@_); 2337 2338 my($result,$checked,@elements,@values); 2339 2340 @values = $self->_set_values_and_labels($values,\$labels,$name); 2341 my %checked = $self->previous_or_default($name,$defaults,$override); 2342 2343 # If no check array is specified, check the first by default 2344 $checked{$values[0]}++ if $box_type eq 'radio' && !%checked; 2345 2346 $name=$self->escapeHTML($name); 2347 2348 my %tabs = (); 2349 if ($TABINDEX && $tabindex) { 2350 if (!ref $tabindex) { 2351 $self->element_tab($tabindex); 2352 } elsif (ref $tabindex eq 'ARRAY') { 2353 %tabs = map {$_=>$self->element_tab} @$tabindex; 2354 } elsif (ref $tabindex eq 'HASH') { 2355 %tabs = %$tabindex; 2356 } 2357 } 2358 %tabs = map {$_=>$self->element_tab} @values unless %tabs; 2359 my $other = @other ? "@other " : ''; 2360 my $radio_checked; 2361 2362 # for disabling groups of radio/checkbox buttons 2363 my %disabled; 2364 foreach (@{$disabled}) { 2365 $disabled{$_}=1; 2366 } 2367 2368 foreach (@values) { 2369 my $disable=""; 2370 if ($disabled{$_}) { 2371 $disable="disabled='1'"; 2372 } 2373 2374 my $checkit = $self->_checked($box_type eq 'radio' ? ($checked{$_} && !$radio_checked++) 2375 : $checked{$_}); 2376 my($break); 2377 if ($linebreak) { 2378 $break = $XHTML ? "<br />" : "<br>"; 2379 } 2380 else { 2381 $break = ''; 2382 } 2383 my($label)=''; 2384 unless (defined($nolabels) && $nolabels) { 2385 $label = $_; 2386 $label = $labels->{$_} if defined($labels) && defined($labels->{$_}); 2387 $label = $self->escapeHTML($label,1); 2388 $label = "<span style=\"color:gray\">$label</span>" if $disabled{$_}; 2389 } 2390 my $attribs = $self->_set_attributes($_, $attributes); 2391 my $tab = $tabs{$_}; 2392 $_=$self->escapeHTML($_); 2393 2394 if ($XHTML) { 2395 push @elements, 2396 CGI::label( 2397 qq(<input type="$box_type" name="$name" value="$_" $checkit$other$tab$attribs$disable/>$label)).$break}; 2398 } else { 2399 push(@elements,qq/<input type="$box_type" name="$name" value="$_"$checkit$other$tab$attribs$disable>$label}$break}/); 2400 } 2401 } 2402 $self->register_parameter($name); 2403 return wantarray ? @elements : "@elements" 2404 unless defined($columns) || defined($rows); 2405 return _tableize($rows,$columns,$rowheaders,$colheaders,@elements); 2406 } 2407 END_OF_FUNC 2408 2409 2410 #### Method: popup_menu 2411 # Create a popup menu. 2412 # Parameters: 2413 # $name -> Name for all the menu 2414 # $values -> A pointer to a regular array containing the 2415 # text of each menu item. 2416 # $default -> (optional) Default item to display 2417 # $labels -> (optional) 2418 # A pointer to an associative array of labels to print next to each checkbox 2419 # in the form $label{'value'}="Long explanatory label". 2420 # Otherwise the provided values are used as the labels. 2421 # Returns: 2422 # A string containing the definition of a popup menu. 2423 #### 2424 'popup_menu' => <<'END_OF_FUNC', 2425 sub popup_menu { 2426 my($self,@p) = self_or_default(@_); 2427 2428 my($name,$values,$default,$labels,$attributes,$override,$tabindex,@other) = 2429 rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LABELS, 2430 ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p); 2431 my($result,$selected); 2432 2433 if (!$override && defined($self->param($name))) { 2434 $selected = $self->param($name); 2435 } else { 2436 $selected = $default; 2437 } 2438 $name=$self->escapeHTML($name); 2439 my($other) = @other ? " @other" : ''; 2440 2441 my(@values); 2442 @values = $self->_set_values_and_labels($values,\$labels,$name); 2443 $tabindex = $self->element_tab($tabindex); 2444 $result = qq/<select name="$name" $tabindex$other>\n/; 2445 foreach (@values) { 2446 if (/<optgroup/) { 2447 foreach (split(/\n/)) { 2448 my $selectit = $XHTML ? 'selected="selected"' : 'selected'; 2449 s/(value="$selected")/$selectit $1/ if defined $selected; 2450 $result .= "$_\n"; 2451 } 2452 } 2453 else { 2454 my $attribs = $self->_set_attributes($_, $attributes); 2455 my($selectit) = defined($selected) ? $self->_selected($selected eq $_) : ''; 2456 my($label) = $_; 2457 $label = $labels->{$_} if defined($labels) && defined($labels->{$_}); 2458 my($value) = $self->escapeHTML($_); 2459 $label=$self->escapeHTML($label,1); 2460 $result .= "<option$attribs} $selectit}value=\"$value\">$label</option>\n"; 2461 } 2462 } 2463 2464 $result .= "</select>"; 2465 return $result; 2466 } 2467 END_OF_FUNC 2468 2469 2470 #### Method: optgroup 2471 # Create a optgroup. 2472 # Parameters: 2473 # $name -> Label for the group 2474 # $values -> A pointer to a regular array containing the 2475 # values for each option line in the group. 2476 # $labels -> (optional) 2477 # A pointer to an associative array of labels to print next to each item 2478 # in the form $label{'value'}="Long explanatory label". 2479 # Otherwise the provided values are used as the labels. 2480 # $labeled -> (optional) 2481 # A true value indicates the value should be used as the label attribute 2482 # in the option elements. 2483 # The label attribute specifies the option label presented to the user. 2484 # This defaults to the content of the <option> element, but the label 2485 # attribute allows authors to more easily use optgroup without sacrificing 2486 # compatibility with browsers that do not support option groups. 2487 # $novals -> (optional) 2488 # A true value indicates to suppress the val attribute in the option elements 2489 # Returns: 2490 # A string containing the definition of an option group. 2491 #### 2492 'optgroup' => <<'END_OF_FUNC', 2493 sub optgroup { 2494 my($self,@p) = self_or_default(@_); 2495 my($name,$values,$attributes,$labeled,$noval,$labels,@other) 2496 = rearrange([NAME,[VALUES,VALUE],ATTRIBUTES,LABELED,NOVALS,LABELS],@p); 2497 2498 my($result,@values); 2499 @values = $self->_set_values_and_labels($values,\$labels,$name,$labeled,$novals); 2500 my($other) = @other ? " @other" : ''; 2501 2502 $name=$self->escapeHTML($name); 2503 $result = qq/<optgroup label="$name"$other>\n/; 2504 foreach (@values) { 2505 if (/<optgroup/) { 2506 foreach (split(/\n/)) { 2507 my $selectit = $XHTML ? 'selected="selected"' : 'selected'; 2508 s/(value="$selected")/$selectit $1/ if defined $selected; 2509 $result .= "$_\n"; 2510 } 2511 } 2512 else { 2513 my $attribs = $self->_set_attributes($_, $attributes); 2514 my($label) = $_; 2515 $label = $labels->{$_} if defined($labels) && defined($labels->{$_}); 2516 $label=$self->escapeHTML($label); 2517 my($value)=$self->escapeHTML($_,1); 2518 $result .= $labeled ? $novals ? "<option$attribs label=\"$value\">$label</option>\n" 2519 : "<option$attribs label=\"$value\" value=\"$value\">$label</option>\n" 2520 : $novals ? "<option$attribs>$label</option>\n" 2521 : "<option$attribs value=\"$value\">$label</option>\n"; 2522 } 2523 } 2524 $result .= "</optgroup>"; 2525 return $result; 2526 } 2527 END_OF_FUNC 2528 2529 2530 #### Method: scrolling_list 2531 # Create a scrolling list. 2532 # Parameters: 2533 # $name -> name for the list 2534 # $values -> A pointer to a regular array containing the 2535 # values for each option line in the list. 2536 # $defaults -> (optional) 2537 # 1. If a pointer to a regular array of options, 2538 # then this will be used to decide which 2539 # lines to turn on by default. 2540 # 2. Otherwise holds the value of the single line to turn on. 2541 # $size -> (optional) Size of the list. 2542 # $multiple -> (optional) If set, allow multiple selections. 2543 # $labels -> (optional) 2544 # A pointer to an associative array of labels to print next to each checkbox 2545 # in the form $label{'value'}="Long explanatory label". 2546 # Otherwise the provided values are used as the labels. 2547 # Returns: 2548 # A string containing the definition of a scrolling list. 2549 #### 2550 'scrolling_list' => <<'END_OF_FUNC', 2551 sub scrolling_list { 2552 my($self,@p) = self_or_default(@_); 2553 my($name,$values,$defaults,$size,$multiple,$labels,$attributes,$override,$tabindex,@other) 2554 = rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT], 2555 SIZE,MULTIPLE,LABELS,ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p); 2556 2557 my($result,@values); 2558 @values = $self->_set_values_and_labels($values,\$labels,$name); 2559 2560 $size = $size || scalar(@values); 2561 2562 my(%selected) = $self->previous_or_default($name,$defaults,$override); 2563 my($is_multiple) = $multiple ? qq/ multiple="multiple"/ : ''; 2564 my($has_size) = $size ? qq/ size="$size"/: ''; 2565 my($other) = @other ? " @other" : ''; 2566 2567 $name=$self->escapeHTML($name); 2568 $tabindex = $self->element_tab($tabindex); 2569 $result = qq/<select name="$name" $tabindex$has_size$is_multiple$other>\n/; 2570 foreach (@values) { 2571 my($selectit) = $self->_selected($selected{$_}); 2572 my($label) = $_; 2573 $label = $labels->{$_} if defined($labels) && defined($labels->{$_}); 2574 $label=$self->escapeHTML($label); 2575 my($value)=$self->escapeHTML($_,1); 2576 my $attribs = $self->_set_attributes($_, $attributes); 2577 $result .= "<option $selectit}$attribs}value=\"$value\">$label</option>\n"; 2578 } 2579 $result .= "</select>"; 2580 $self->register_parameter($name); 2581 return $result; 2582 } 2583 END_OF_FUNC 2584 2585 2586 #### Method: hidden 2587 # Parameters: 2588 # $name -> Name of the hidden field 2589 # @default -> (optional) Initial values of field (may be an array) 2590 # or 2591 # $default->[initial values of field] 2592 # Returns: 2593 # A string containing a <input type="hidden" name="name" value="value"> 2594 #### 2595 'hidden' => <<'END_OF_FUNC', 2596 sub hidden { 2597 my($self,@p) = self_or_default(@_); 2598 2599 # this is the one place where we departed from our standard 2600 # calling scheme, so we have to special-case (darn) 2601 my(@result,@value); 2602 my($name,$default,$override,@other) = 2603 rearrange([NAME,[DEFAULT,VALUE,VALUES],[OVERRIDE,FORCE]],@p); 2604 2605 my $do_override = 0; 2606 if ( ref($p[0]) || substr($p[0],0,1) eq '-') { 2607 @value = ref($default) ? @{$default} : $default; 2608 $do_override = $override; 2609 } else { 2610 foreach ($default,$override,@other) { 2611 push(@value,$_) if defined($_); 2612 } 2613 } 2614 2615 # use previous values if override is not set 2616 my @prev = $self->param($name); 2617 @value = @prev if !$do_override && @prev; 2618 2619 $name=$self->escapeHTML($name); 2620 foreach (@value) { 2621 $_ = defined($_) ? $self->escapeHTML($_,1) : ''; 2622 push @result,$XHTML ? qq(<input type="hidden" name="$name" value="$_" @other />) 2623 : qq(<input type="hidden" name="$name" value="$_" @other>); 2624 } 2625 return wantarray ? @result : join('',@result); 2626 } 2627 END_OF_FUNC 2628 2629 2630 #### Method: image_button 2631 # Parameters: 2632 # $name -> Name of the button 2633 # $src -> URL of the image source 2634 # $align -> Alignment style (TOP, BOTTOM or MIDDLE) 2635 # Returns: 2636 # A string containing a <input type="image" name="name" src="url" align="alignment"> 2637 #### 2638 'image_button' => <<'END_OF_FUNC', 2639 sub image_button { 2640 my($self,@p) = self_or_default(@_); 2641 2642 my($name,$src,$alignment,@other) = 2643 rearrange([NAME,SRC,ALIGN],@p); 2644 2645 my($align) = $alignment ? " align=\L\"$alignment\"" : ''; 2646 my($other) = @other ? " @other" : ''; 2647 $name=$self->escapeHTML($name); 2648 return $XHTML ? qq(<input type="image" name="$name" src="$src"$align$other />) 2649 : qq/<input type="image" name="$name" src="$src"$align$other>/; 2650 } 2651 END_OF_FUNC 2652 2653 2654 #### Method: self_url 2655 # Returns a URL containing the current script and all its 2656 # param/value pairs arranged as a query. You can use this 2657 # to create a link that, when selected, will reinvoke the 2658 # script with all its state information preserved. 2659 #### 2660 'self_url' => <<'END_OF_FUNC', 2661 sub self_url { 2662 my($self,@p) = self_or_default(@_); 2663 return $self->url('-path_info'=>1,'-query'=>1,'-full'=>1,@p); 2664 } 2665 END_OF_FUNC 2666 2667 2668 # This is provided as a synonym to self_url() for people unfortunate 2669 # enough to have incorporated it into their programs already! 2670 'state' => <<'END_OF_FUNC', 2671 sub state { 2672 &self_url; 2673 } 2674 END_OF_FUNC 2675 2676 2677 #### Method: url 2678 # Like self_url, but doesn't return the query string part of 2679 # the URL. 2680 #### 2681 'url' => <<'END_OF_FUNC', 2682 sub url { 2683 my($self,@p) = self_or_default(@_); 2684 my ($relative,$absolute,$full,$path_info,$query,$base,$rewrite) = 2685 rearrange(['RELATIVE','ABSOLUTE','FULL',['PATH','PATH_INFO'],['QUERY','QUERY_STRING'],'BASE','REWRITE'],@p); 2686 my $url = ''; 2687 $full++ if $base || !($relative || $absolute); 2688 $rewrite++ unless defined $rewrite; 2689 2690 my $path = $self->path_info; 2691 my $script_name = $self->script_name; 2692 my $request_uri = unescape($self->request_uri) || ''; 2693 my $query_str = $self->query_string; 2694 2695 my $rewrite_in_use = $request_uri && $request_uri !~ /^$script_name/; 2696 undef $path if $rewrite_in_use && $rewrite; # path not valid when rewriting active 2697 2698 my $uri = $rewrite && $request_uri ? $request_uri : $script_name; 2699 $uri =~ s/\?.*$//; # remove query string 2700 $uri =~ s/\Q$path\E$// if defined $path; # remove path 2701 2702 if ($full) { 2703 my $protocol = $self->protocol(); 2704 $url = "$protocol://"; 2705 my $vh = http('x_forwarded_host') || http('host') || ''; 2706 $vh =~ s/\:\d+$//; # some clients add the port number (incorrectly). Get rid of it. 2707 if ($vh) { 2708 $url .= $vh; 2709 } else { 2710 $url .= server_name(); 2711 } 2712 my $port = $self->server_port; 2713 $url .= ":" . $port 2714 unless (lc($protocol) eq 'http' && $port == 80) 2715 || (lc($protocol) eq 'https' && $port == 443); 2716 return $url if $base; 2717 $url .= $uri; 2718 } elsif ($relative) { 2719 ($url) = $uri =~ m!([^/]+)$!; 2720 } elsif ($absolute) { 2721 $url = $uri; 2722 } 2723 2724 $url .= $path if $path_info and defined $path; 2725 $url .= "?$query_str" if $query and $query_str ne ''; 2726 $url =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/sprintf("%%%02X",ord($1))/eg; 2727 return $url; 2728 } 2729 2730 END_OF_FUNC 2731 2732 #### Method: cookie 2733 # Set or read a cookie from the specified name. 2734 # Cookie can then be passed to header(). 2735 # Usual rules apply to the stickiness of -value. 2736 # Parameters: 2737 # -name -> name for this cookie (optional) 2738 # -value -> value of this cookie (scalar, array or hash) 2739 # -path -> paths for which this cookie is valid (optional) 2740 # -domain -> internet domain in which this cookie is valid (optional) 2741 # -secure -> if true, cookie only passed through secure channel (optional) 2742 # -expires -> expiry date in format Wdy, DD-Mon-YYYY HH:MM:SS GMT (optional) 2743 #### 2744 'cookie' => <<'END_OF_FUNC', 2745 sub cookie { 2746 my($self,@p) = self_or_default(@_); 2747 my($name,$value,$path,$domain,$secure,$expires,$httponly) = 2748 rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES,HTTPONLY],@p); 2749 2750 require CGI::Cookie; 2751 2752 # if no value is supplied, then we retrieve the 2753 # value of the cookie, if any. For efficiency, we cache the parsed 2754 # cookies in our state variables. 2755 unless ( defined($value) ) { 2756 $self->{'.cookies'} = CGI::Cookie->fetch 2757 unless $self->{'.cookies'}; 2758 2759 # If no name is supplied, then retrieve the names of all our cookies. 2760 return () unless $self->{'.cookies'}; 2761 return keys %{$self->{'.cookies'}} unless $name; 2762 return () unless $self->{'.cookies'}->{$name}; 2763 return $self->{'.cookies'}->{$name}->value if defined($name) && $name ne ''; 2764 } 2765 2766 # If we get here, we're creating a new cookie 2767 return undef unless defined($name) && $name ne ''; # this is an error 2768 2769 my @param; 2770 push(@param,'-name'=>$name); 2771 push(@param,'-value'=>$value); 2772 push(@param,'-domain'=>$domain) if $domain; 2773 push(@param,'-path'=>$path) if $path; 2774 push(@param,'-expires'=>$expires) if $expires; 2775 push(@param,'-secure'=>$secure) if $secure; 2776 push(@param,'-httponly'=>$httponly) if $httponly; 2777 2778 return new CGI::Cookie(@param); 2779 } 2780 END_OF_FUNC 2781 2782 'parse_keywordlist' => <<'END_OF_FUNC', 2783 sub parse_keywordlist { 2784 my($self,$tosplit) = @_; 2785 $tosplit = unescape($tosplit); # unescape the keywords 2786 $tosplit=~tr/+/ /; # pluses to spaces 2787 my(@keywords) = split(/\s+/,$tosplit); 2788 return @keywords; 2789 } 2790 END_OF_FUNC 2791 2792 'param_fetch' => <<'END_OF_FUNC', 2793 sub param_fetch { 2794 my($self,@p) = self_or_default(@_); 2795 my($name) = rearrange([NAME],@p); 2796 unless (exists($self->{$name})) { 2797 $self->add_parameter($name); 2798 $self->{$name} = []; 2799 } 2800 2801 return $self->{$name}; 2802 } 2803 END_OF_FUNC 2804 2805 ############################################### 2806 # OTHER INFORMATION PROVIDED BY THE ENVIRONMENT 2807 ############################################### 2808 2809 #### Method: path_info 2810 # Return the extra virtual path information provided 2811 # after the URL (if any) 2812 #### 2813 'path_info' => <<'END_OF_FUNC', 2814 sub path_info { 2815 my ($self,$info) = self_or_default(@_); 2816 if (defined($info)) { 2817 $info = "/$info" if $info ne '' && substr($info,0,1) ne '/'; 2818 $self->{'.path_info'} = $info; 2819 } elsif (! defined($self->{'.path_info'}) ) { 2820 my (undef,$path_info) = $self->_name_and_path_from_env; 2821 $self->{'.path_info'} = $path_info || ''; 2822 } 2823 return $self->{'.path_info'}; 2824 } 2825 END_OF_FUNC 2826 2827 # WE USE THIS TO COMPENSATE FOR A BUG IN APACHE 2 PRESENT AT LEAST UP THROUGH 2.0.54 2828 '_name_and_path_from_env' => <<'END_OF_FUNC', 2829 sub _name_and_path_from_env { 2830 my $self = shift; 2831 my $raw_script_name = $ENV{SCRIPT_NAME} || ''; 2832 my $raw_path_info = $ENV{PATH_INFO} || ''; 2833 my $uri = unescape($self->request_uri) || ''; 2834 2835 my $protected = quotemeta($raw_path_info); 2836 $raw_script_name =~ s/$protected$//; 2837 2838 my @uri_double_slashes = $uri =~ m^(/{2,}?)^g; 2839 my @path_double_slashes = "$raw_script_name $raw_path_info" =~ m^(/{2,}?)^g; 2840 2841 my $apache_bug = @uri_double_slashes != @path_double_slashes; 2842 return ($raw_script_name,$raw_path_info) unless $apache_bug; 2843 2844 my $path_info_search = quotemeta($raw_path_info); 2845 $path_info_search =~ s!/!/+!g; 2846 if ($uri =~ m/^(.+)($path_info_search)/) { 2847 return ($1,$2); 2848 } else { 2849 return ($raw_script_name,$raw_path_info); 2850 } 2851 } 2852 END_OF_FUNC 2853 2854 2855 #### Method: request_method 2856 # Returns 'POST', 'GET', 'PUT' or 'HEAD' 2857 #### 2858 'request_method' => <<'END_OF_FUNC', 2859 sub request_method { 2860 return $ENV{'REQUEST_METHOD'}; 2861 } 2862 END_OF_FUNC 2863 2864 #### Method: content_type 2865 # Returns the content_type string 2866 #### 2867 'content_type' => <<'END_OF_FUNC', 2868 sub content_type { 2869 return $ENV{'CONTENT_TYPE'}; 2870 } 2871 END_OF_FUNC 2872 2873 #### Method: path_translated 2874 # Return the physical path information provided 2875 # by the URL (if any) 2876 #### 2877 'path_translated' => <<'END_OF_FUNC', 2878 sub path_translated { 2879 return $ENV{'PATH_TRANSLATED'}; 2880 } 2881 END_OF_FUNC 2882 2883 2884 #### Method: request_uri 2885 # Return the literal request URI 2886 #### 2887 'request_uri' => <<'END_OF_FUNC', 2888 sub request_uri { 2889 return $ENV{'REQUEST_URI'}; 2890 } 2891 END_OF_FUNC 2892 2893 2894 #### Method: query_string 2895 # Synthesize a query string from our current 2896 # parameters 2897 #### 2898 'query_string' => <<'END_OF_FUNC', 2899 sub query_string { 2900 my($self) = self_or_default(@_); 2901 my($param,$value,@pairs); 2902 foreach $param ($self->param) { 2903 my($eparam) = escape($param); 2904 foreach $value ($self->param($param)) { 2905 $value = escape($value); 2906 next unless defined $value; 2907 push(@pairs,"$eparam=$value"); 2908 } 2909 } 2910 foreach (keys %{$self->{'.fieldnames'}}) { 2911 push(@pairs,".cgifields=".escape("$_")); 2912 } 2913 return join($USE_PARAM_SEMICOLONS ? ';' : '&',@pairs); 2914 } 2915 END_OF_FUNC 2916 2917 2918 #### Method: accept 2919 # Without parameters, returns an array of the 2920 # MIME types the browser accepts. 2921 # With a single parameter equal to a MIME 2922 # type, will return undef if the browser won't 2923 # accept it, 1 if the browser accepts it but 2924 # doesn't give a preference, or a floating point 2925 # value between 0.0 and 1.0 if the browser 2926 # declares a quantitative score for it. 2927 # This handles MIME type globs correctly. 2928 #### 2929 'Accept' => <<'END_OF_FUNC', 2930 sub Accept { 2931 my($self,$search) = self_or_CGI(@_); 2932 my(%prefs,$type,$pref,$pat); 2933 2934 my(@accept) = split(',',$self->http('accept')); 2935 2936 foreach (@accept) { 2937 ($pref) = /q=(\d\.\d+|\d+)/; 2938 ($type) = m#(\S+/[^;]+)#; 2939 next unless $type; 2940 $prefs{$type}=$pref || 1; 2941 } 2942 2943 return keys %prefs unless $search; 2944 2945 # if a search type is provided, we may need to 2946 # perform a pattern matching operation. 2947 # The MIME types use a glob mechanism, which 2948 # is easily translated into a perl pattern match 2949 2950 # First return the preference for directly supported 2951 # types: 2952 return $prefs{$search} if $prefs{$search}; 2953 2954 # Didn't get it, so try pattern matching. 2955 foreach (keys %prefs) { 2956 next unless /\*/; # not a pattern match 2957 ($pat = $_) =~ s/([^\w*])/\\$1/g; # escape meta characters 2958 $pat =~ s/\*/.*/g; # turn it into a pattern 2959 return $prefs{$_} if $search=~/$pat/; 2960 } 2961 } 2962 END_OF_FUNC 2963 2964 2965 #### Method: user_agent 2966 # If called with no parameters, returns the user agent. 2967 # If called with one parameter, does a pattern match (case 2968 # insensitive) on the user agent. 2969 #### 2970 'user_agent' => <<'END_OF_FUNC', 2971 sub user_agent { 2972 my($self,$match)=self_or_CGI(@_); 2973 return $self->http('user_agent') unless $match; 2974 return $self->http('user_agent') =~ /$match/i; 2975 } 2976 END_OF_FUNC 2977 2978 2979 #### Method: raw_cookie 2980 # Returns the magic cookies for the session. 2981 # The cookies are not parsed or altered in any way, i.e. 2982 # cookies are returned exactly as given in the HTTP 2983 # headers. If a cookie name is given, only that cookie's 2984 # value is returned, otherwise the entire raw cookie 2985 # is returned. 2986 #### 2987 'raw_cookie' => <<'END_OF_FUNC', 2988 sub raw_cookie { 2989 my($self,$key) = self_or_CGI(@_); 2990 2991 require CGI::Cookie; 2992 2993 if (defined($key)) { 2994 $self->{'.raw_cookies'} = CGI::Cookie->raw_fetch 2995 unless $self->{'.raw_cookies'}; 2996 2997 return () unless $self->{'.raw_cookies'}; 2998 return () unless $self->{'.raw_cookies'}->{$key}; 2999 return $self->{'.raw_cookies'}->{$key}; 3000 } 3001 return $self->http('cookie') || $ENV{'COOKIE'} || ''; 3002 } 3003 END_OF_FUNC 3004 3005 #### Method: virtual_host 3006 # Return the name of the virtual_host, which 3007 # is not always the same as the server 3008 ###### 3009 'virtual_host' => <<'END_OF_FUNC', 3010 sub virtual_host { 3011 my $vh = http('x_forwarded_host') || http('host') || server_name(); 3012 $vh =~ s/:\d+$//; # get rid of port number 3013 return $vh; 3014 } 3015 END_OF_FUNC 3016 3017 #### Method: remote_host 3018 # Return the name of the remote host, or its IP 3019 # address if unavailable. If this variable isn't 3020 # defined, it returns "localhost" for debugging 3021 # purposes. 3022 #### 3023 'remote_host' => <<'END_OF_FUNC', 3024 sub remote_host { 3025 return $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'} 3026 || 'localhost'; 3027 } 3028 END_OF_FUNC 3029 3030 3031 #### Method: remote_addr 3032 # Return the IP addr of the remote host. 3033 #### 3034 'remote_addr' => <<'END_OF_FUNC', 3035 sub remote_addr { 3036 return $ENV{'REMOTE_ADDR'} || '127.0.0.1'; 3037 } 3038 END_OF_FUNC 3039 3040 3041 #### Method: script_name 3042 # Return the partial URL to this script for 3043 # self-referencing scripts. Also see 3044 # self_url(), which returns a URL with all state information 3045 # preserved. 3046 #### 3047 'script_name' => <<'END_OF_FUNC', 3048 sub script_name { 3049 my ($self,@p) = self_or_default(@_); 3050 if (@p) { 3051 $self->{'.script_name'} = shift @p; 3052 } elsif (!exists $self->{'.script_name'}) { 3053 my ($script_name,$path_info) = $self->_name_and_path_from_env(); 3054 $self->{'.script_name'} = $script_name; 3055 } 3056 return $self->{'.script_name'}; 3057 } 3058 END_OF_FUNC 3059 3060 3061 #### Method: referer 3062 # Return the HTTP_REFERER: useful for generating 3063 # a GO BACK button. 3064 #### 3065 'referer' => <<'END_OF_FUNC', 3066 sub referer { 3067 my($self) = self_or_CGI(@_); 3068 return $self->http('referer'); 3069 } 3070 END_OF_FUNC 3071 3072 3073 #### Method: server_name 3074 # Return the name of the server 3075 #### 3076 'server_name' => <<'END_OF_FUNC', 3077 sub server_name { 3078 return $ENV{'SERVER_NAME'} || 'localhost'; 3079 } 3080 END_OF_FUNC 3081 3082 #### Method: server_software 3083 # Return the name of the server software 3084 #### 3085 'server_software' => <<'END_OF_FUNC', 3086 sub server_software { 3087 return $ENV{'SERVER_SOFTWARE'} || 'cmdline'; 3088 } 3089 END_OF_FUNC 3090 3091 #### Method: virtual_port 3092 # Return the server port, taking virtual hosts into account 3093 #### 3094 'virtual_port' => <<'END_OF_FUNC', 3095 sub virtual_port { 3096 my($self) = self_or_default(@_); 3097 my $vh = $self->http('x_forwarded_host') || $self->http('host'); 3098 my $protocol = $self->protocol; 3099 if ($vh) { 3100 return ($vh =~ /:(\d+)$/)[0] || ($protocol eq 'https' ? 443 : 80); 3101 } else { 3102 return $self->server_port(); 3103 } 3104 } 3105 END_OF_FUNC 3106 3107 #### Method: server_port 3108 # Return the tcp/ip port the server is running on 3109 #### 3110 'server_port' => <<'END_OF_FUNC', 3111 sub server_port { 3112 return $ENV{'SERVER_PORT'} || 80; # for debugging 3113 } 3114 END_OF_FUNC 3115 3116 #### Method: server_protocol 3117 # Return the protocol (usually HTTP/1.0) 3118 #### 3119 'server_protocol' => <<'END_OF_FUNC', 3120 sub server_protocol { 3121 return $ENV{'SERVER_PROTOCOL'} || 'HTTP/1.0'; # for debugging 3122 } 3123 END_OF_FUNC 3124 3125 #### Method: http 3126 # Return the value of an HTTP variable, or 3127 # the list of variables if none provided 3128 #### 3129 'http' => <<'END_OF_FUNC', 3130 sub http { 3131 my ($self,$parameter) = self_or_CGI(@_); 3132 return $ENV{$parameter} if $parameter=~/^HTTP/; 3133 $parameter =~ tr/-/_/; 3134 return $ENV{"HTTP_\U$parameter\E"} if $parameter; 3135 my(@p); 3136 foreach (keys %ENV) { 3137 push(@p,$_) if /^HTTP/; 3138 } 3139 return @p; 3140 } 3141 END_OF_FUNC 3142 3143 #### Method: https 3144 # Return the value of HTTPS 3145 #### 3146 'https' => <<'END_OF_FUNC', 3147 sub https { 3148 local($^W)=0; 3149 my ($self,$parameter) = self_or_CGI(@_); 3150 return $ENV{HTTPS} unless $parameter; 3151 return $ENV{$parameter} if $parameter=~/^HTTPS/; 3152 $parameter =~ tr/-/_/; 3153 return $ENV{"HTTPS_\U$parameter\E"} if $parameter; 3154 my(@p); 3155 foreach (keys %ENV) { 3156 push(@p,$_) if /^HTTPS/; 3157 } 3158 return @p; 3159 } 3160 END_OF_FUNC 3161 3162 #### Method: protocol 3163 # Return the protocol (http or https currently) 3164 #### 3165 'protocol' => <<'END_OF_FUNC', 3166 sub protocol { 3167 local($^W)=0; 3168 my $self = shift; 3169 return 'https' if uc($self->https()) eq 'ON'; 3170 return 'https' if $self->server_port == 443; 3171 my $prot = $self->server_protocol; 3172 my($protocol,$version) = split('/',$prot); 3173 return "\L$protocol\E"; 3174 } 3175 END_OF_FUNC 3176 3177 #### Method: remote_ident 3178 # Return the identity of the remote user 3179 # (but only if his host is running identd) 3180 #### 3181 'remote_ident' => <<'END_OF_FUNC', 3182 sub remote_ident { 3183 return $ENV{'REMOTE_IDENT'}; 3184 } 3185 END_OF_FUNC 3186 3187 3188 #### Method: auth_type 3189 # Return the type of use verification/authorization in use, if any. 3190 #### 3191 'auth_type' => <<'END_OF_FUNC', 3192 sub auth_type { 3193 return $ENV{'AUTH_TYPE'}; 3194 } 3195 END_OF_FUNC 3196 3197 3198 #### Method: remote_user 3199 # Return the authorization name used for user 3200 # verification. 3201 #### 3202 'remote_user' => <<'END_OF_FUNC', 3203 sub remote_user { 3204 return $ENV{'REMOTE_USER'}; 3205 } 3206 END_OF_FUNC 3207 3208 3209 #### Method: user_name 3210 # Try to return the remote user's name by hook or by 3211 # crook 3212 #### 3213 'user_name' => <<'END_OF_FUNC', 3214 sub user_name { 3215 my ($self) = self_or_CGI(@_); 3216 return $self->http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'}; 3217 } 3218 END_OF_FUNC 3219 3220 #### Method: nosticky 3221 # Set or return the NOSTICKY global flag 3222 #### 3223 'nosticky' => <<'END_OF_FUNC', 3224 sub nosticky { 3225 my ($self,$param) = self_or_CGI(@_); 3226 $CGI::NOSTICKY = $param if defined($param); 3227 return $CGI::NOSTICKY; 3228 } 3229 END_OF_FUNC 3230 3231 #### Method: nph 3232 # Set or return the NPH global flag 3233 #### 3234 'nph' => <<'END_OF_FUNC', 3235 sub nph { 3236 my ($self,$param) = self_or_CGI(@_); 3237 $CGI::NPH = $param if defined($param); 3238 return $CGI::NPH; 3239 } 3240 END_OF_FUNC 3241 3242 #### Method: private_tempfiles 3243 # Set or return the private_tempfiles global flag 3244 #### 3245 'private_tempfiles' => <<'END_OF_FUNC', 3246 sub private_tempfiles { 3247 my ($self,$param) = self_or_CGI(@_); 3248 $CGI::PRIVATE_TEMPFILES = $param if defined($param); 3249 return $CGI::PRIVATE_TEMPFILES; 3250 } 3251 END_OF_FUNC 3252 #### Method: close_upload_files 3253 # Set or return the close_upload_files global flag 3254 #### 3255 'close_upload_files' => <<'END_OF_FUNC', 3256 sub close_upload_files { 3257 my ($self,$param) = self_or_CGI(@_); 3258 $CGI::CLOSE_UPLOAD_FILES = $param if defined($param); 3259 return $CGI::CLOSE_UPLOAD_FILES; 3260 } 3261 END_OF_FUNC 3262 3263 3264 #### Method: default_dtd 3265 # Set or return the default_dtd global 3266 #### 3267 'default_dtd' => <<'END_OF_FUNC', 3268 sub default_dtd { 3269 my ($self,$param,$param2) = self_or_CGI(@_); 3270 if (defined $param2 && defined $param) { 3271 $CGI::DEFAULT_DTD = [ $param, $param2 ]; 3272 } elsif (defined $param) { 3273 $CGI::DEFAULT_DTD = $param; 3274 } 3275 return $CGI::DEFAULT_DTD; 3276 } 3277 END_OF_FUNC 3278 3279 # -------------- really private subroutines ----------------- 3280 'previous_or_default' => <<'END_OF_FUNC', 3281 sub previous_or_default { 3282 my($self,$name,$defaults,$override) = @_; 3283 my(%selected); 3284 3285 if (!$override && ($self->{'.fieldnames'}->{$name} || 3286 defined($self->param($name)) ) ) { 3287 grep($selected{$_}++,$self->param($name)); 3288 } elsif (defined($defaults) && ref($defaults) && 3289 (ref($defaults) eq 'ARRAY')) { 3290 grep($selected{$_}++,@{$defaults}); 3291 } else { 3292 $selected{$defaults}++ if defined($defaults); 3293 } 3294 3295 return %selected; 3296 } 3297 END_OF_FUNC 3298 3299 'register_parameter' => <<'END_OF_FUNC', 3300 sub register_parameter { 3301 my($self,$param) = @_; 3302 $self->{'.parametersToAdd'}->{$param}++; 3303 } 3304 END_OF_FUNC 3305 3306 'get_fields' => <<'END_OF_FUNC', 3307 sub get_fields { 3308 my($self) = @_; 3309 return $self->CGI::hidden('-name'=>'.cgifields', 3310 '-values'=>[keys %{$self->{'.parametersToAdd'}}], 3311 '-override'=>1); 3312 } 3313 END_OF_FUNC 3314 3315 'read_from_cmdline' => <<'END_OF_FUNC', 3316 sub read_from_cmdline { 3317 my($input,@words); 3318 my($query_string); 3319 my($subpath); 3320 if ($DEBUG && @ARGV) { 3321 @words = @ARGV; 3322 } elsif ($DEBUG > 1) { 3323 require "shellwords.pl"; 3324 print STDERR "(offline mode: enter name=value pairs on standard input; press ^D or ^Z when done)\n"; 3325 chomp(@lines = <STDIN>); # remove newlines 3326 $input = join(" ",@lines); 3327 @words = &shellwords($input); 3328 } 3329 foreach (@words) { 3330 s/\\=/%3D/g; 3331 s/\\&/%26/g; 3332 } 3333 3334 if ("@words"=~/=/) { 3335 $query_string = join('&',@words); 3336 } else { 3337 $query_string = join('+',@words); 3338 } 3339 if ($query_string =~ /^(.*?)\?(.*)$/) 3340 { 3341 $query_string = $2; 3342 $subpath = $1; 3343 } 3344 return { 'query_string' => $query_string, 'subpath' => $subpath }; 3345 } 3346 END_OF_FUNC 3347 3348 ##### 3349 # subroutine: read_multipart 3350 # 3351 # Read multipart data and store it into our parameters. 3352 # An interesting feature is that if any of the parts is a file, we 3353 # create a temporary file and open up a filehandle on it so that the 3354 # caller can read from it if necessary. 3355 ##### 3356 'read_multipart' => <<'END_OF_FUNC', 3357 sub read_multipart { 3358 my($self,$boundary,$length) = @_; 3359 my($buffer) = $self->new_MultipartBuffer($boundary,$length); 3360 return unless $buffer; 3361 my(%header,$body); 3362 my $filenumber = 0; 3363 while (!$buffer->eof) { 3364 %header = $buffer->readHeader; 3365 3366 unless (%header) { 3367 $self->cgi_error("400 Bad request (malformed multipart POST)"); 3368 return; 3369 } 3370 3371 my($param)= $header{'Content-Disposition'}=~/ name="([^"]*)"/; 3372 $param .= $TAINTED; 3373 3374 # Bug: Netscape doesn't escape quotation marks in file names!!! 3375 my($filename) = $header{'Content-Disposition'}=~/ filename="([^"]*)"/; 3376 # Test for Opera's multiple upload feature 3377 my($multipart) = ( defined( $header{'Content-Type'} ) && 3378 $header{'Content-Type'} =~ /multipart\/mixed/ ) ? 3379 1 : 0; 3380 3381 # add this parameter to our list 3382 $self->add_parameter($param); 3383 3384 # If no filename specified, then just read the data and assign it 3385 # to our parameter list. 3386 if ( ( !defined($filename) || $filename eq '' ) && !$multipart ) { 3387 my($value) = $buffer->readBody; 3388 $value .= $TAINTED; 3389 push(@{$self->{$param}},$value); 3390 next; 3391 } 3392 3393 my ($tmpfile,$tmp,$filehandle); 3394 UPLOADS: { 3395 # If we get here, then we are dealing with a potentially large 3396 # uploaded form. Save the data to a temporary file, then open 3397 # the file for reading. 3398 3399 # skip the file if uploads disabled 3400 if ($DISABLE_UPLOADS) { 3401 while (defined($data = $buffer->read)) { } 3402 last UPLOADS; 3403 } 3404 3405 # set the filename to some recognizable value 3406 if ( ( !defined($filename) || $filename eq '' ) && $multipart ) { 3407 $filename = "multipart/mixed"; 3408 } 3409 3410 # choose a relatively unpredictable tmpfile sequence number 3411 my $seqno = unpack("%16C*",join('',localtime,grep {defined $_} values %ENV)); 3412 for (my $cnt=10;$cnt>0;$cnt--) { 3413 next unless $tmpfile = new CGITempFile($seqno); 3414 $tmp = $tmpfile->as_string; 3415 last if defined($filehandle = Fh->new($filename,$tmp,$PRIVATE_TEMPFILES)); 3416 $seqno += int rand(100); 3417 } 3418 die "CGI open of tmpfile: $!\n" unless defined $filehandle; 3419 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode 3420 && defined fileno($filehandle); 3421 3422 # if this is an multipart/mixed attachment, save the header 3423 # together with the body for later parsing with an external 3424 # MIME parser module 3425 if ( $multipart ) { 3426 foreach ( keys %header ) { 3427 print $filehandle "$_: $header{$_}$CRLF}"; 3428 } 3429 print $filehandle "$CRLF}"; 3430 } 3431 3432 my ($data); 3433 local($\) = ''; 3434 my $totalbytes; 3435 while (defined($data = $buffer->read)) { 3436 if (defined $self->{'.upload_hook'}) 3437 { 3438 $totalbytes += length($data); 3439 &{$self->{'.upload_hook'}}($filename ,$data, $totalbytes, $self->{'.upload_data'}); 3440 } 3441 print $filehandle $data if ($self->{'use_tempfile'}); 3442 } 3443 3444 # back up to beginning of file 3445 seek($filehandle,0,0); 3446 3447 ## Close the filehandle if requested this allows a multipart MIME 3448 ## upload to contain many files, and we won't die due to too many 3449 ## open file handles. The user can access the files using the hash 3450 ## below. 3451 close $filehandle if $CLOSE_UPLOAD_FILES; 3452 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode; 3453 3454 # Save some information about the uploaded file where we can get 3455 # at it later. 3456 # Use the typeglob as the key, as this is guaranteed to be 3457 # unique for each filehandle. Don't use the file descriptor as 3458 # this will be re-used for each filehandle if the 3459 # close_upload_files feature is used. 3460 $self->{'.tmpfiles'}->{$$filehandle}= { 3461 hndl => $filehandle, 3462 name => $tmpfile, 3463 info => {%header}, 3464 }; 3465 push(@{$self->{$param}},$filehandle); 3466 } 3467 } 3468 } 3469 END_OF_FUNC 3470 3471 ##### 3472 # subroutine: read_multipart_related 3473 # 3474 # Read multipart/related data and store it into our parameters. The 3475 # first parameter sets the start of the data. The part identified by 3476 # this Content-ID will not be stored as a file upload, but will be 3477 # returned by this method. All other parts will be available as file 3478 # uploads accessible by their Content-ID 3479 ##### 3480 'read_multipart_related' => <<'END_OF_FUNC', 3481 sub read_multipart_related { 3482 my($self,$start,$boundary,$length) = @_; 3483 my($buffer) = $self->new_MultipartBuffer($boundary,$length); 3484 return unless $buffer; 3485 my(%header,$body); 3486 my $filenumber = 0; 3487 my $returnvalue; 3488 while (!$buffer->eof) { 3489 %header = $buffer->readHeader; 3490 3491 unless (%header) { 3492 $self->cgi_error("400 Bad request (malformed multipart POST)"); 3493 return; 3494 } 3495 3496 my($param) = $header{'Content-ID'}=~/\<([^\>]*)\>/; 3497 $param .= $TAINTED; 3498 3499 # If this is the start part, then just read the data and assign it 3500 # to our return variable. 3501 if ( $param eq $start ) { 3502 $returnvalue = $buffer->readBody; 3503 $returnvalue .= $TAINTED; 3504 next; 3505 } 3506 3507 # add this parameter to our list 3508 $self->add_parameter($param); 3509 3510 my ($tmpfile,$tmp,$filehandle); 3511 UPLOADS: { 3512 # If we get here, then we are dealing with a potentially large 3513 # uploaded form. Save the data to a temporary file, then open 3514 # the file for reading. 3515 3516 # skip the file if uploads disabled 3517 if ($DISABLE_UPLOADS) { 3518 while (defined($data = $buffer->read)) { } 3519 last UPLOADS; 3520 } 3521 3522 # choose a relatively unpredictable tmpfile sequence number 3523 my $seqno = unpack("%16C*",join('',localtime,grep {defined $_} values %ENV)); 3524 for (my $cnt=10;$cnt>0;$cnt--) { 3525 next unless $tmpfile = new CGITempFile($seqno); 3526 $tmp = $tmpfile->as_string; 3527 last if defined($filehandle = Fh->new($param,$tmp,$PRIVATE_TEMPFILES)); 3528 $seqno += int rand(100); 3529 } 3530 die "CGI open of tmpfile: $!\n" unless defined $filehandle; 3531 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode 3532 && defined fileno($filehandle); 3533 3534 my ($data); 3535 local($\) = ''; 3536 my $totalbytes; 3537 while (defined($data = $buffer->read)) { 3538 if (defined $self->{'.upload_hook'}) 3539 { 3540 $totalbytes += length($data); 3541 &{$self->{'.upload_hook'}}($param ,$data, $totalbytes, $self->{'.upload_data'}); 3542 } 3543 print $filehandle $data if ($self->{'use_tempfile'}); 3544 } 3545 3546 # back up to beginning of file 3547 seek($filehandle,0,0); 3548 3549 ## Close the filehandle if requested this allows a multipart MIME 3550 ## upload to contain many files, and we won't die due to too many 3551 ## open file handles. The user can access the files using the hash 3552 ## below. 3553 close $filehandle if $CLOSE_UPLOAD_FILES; 3554 $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode; 3555 3556 # Save some information about the uploaded file where we can get 3557 # at it later. 3558 # Use the typeglob as the key, as this is guaranteed to be 3559 # unique for each filehandle. Don't use the file descriptor as 3560 # this will be re-used for each filehandle if the 3561 # close_upload_files feature is used. 3562 $self->{'.tmpfiles'}->{$$filehandle}= { 3563 hndl => $filehandle, 3564 name => $tmpfile, 3565 info => {%header}, 3566 }; 3567 push(@{$self->{$param}},$filehandle); 3568 } 3569 } 3570 return $returnvalue; 3571 } 3572 END_OF_FUNC 3573 3574 3575 'upload' =><<'END_OF_FUNC', 3576 sub upload { 3577 my($self,$param_name) = self_or_default(@_); 3578 my @param = grep {ref($_) && defined(fileno($_))} $self->param($param_name); 3579 return unless @param; 3580 return wantarray ? @param : $param[0]; 3581 } 3582 END_OF_FUNC 3583 3584 'tmpFileName' => <<'END_OF_FUNC', 3585 sub tmpFileName { 3586 my($self,$filename) = self_or_default(@_); 3587 return $self->{'.tmpfiles'}->{$$filename}->{name} ? 3588 $self->{'.tmpfiles'}->{$$filename}->{name}->as_string 3589 : ''; 3590 } 3591 END_OF_FUNC 3592 3593 'uploadInfo' => <<'END_OF_FUNC', 3594 sub uploadInfo { 3595 my($self,$filename) = self_or_default(@_); 3596 return $self->{'.tmpfiles'}->{$$filename}->{info}; 3597 } 3598 END_OF_FUNC 3599 3600 # internal routine, don't use 3601 '_set_values_and_labels' => <<'END_OF_FUNC', 3602 sub _set_values_and_labels { 3603 my $self = shift; 3604 my ($v,$l,$n) = @_; 3605 $$l = $v if ref($v) eq 'HASH' && !ref($$l); 3606 return $self->param($n) if !defined($v); 3607 return $v if !ref($v); 3608 return ref($v) eq 'HASH' ? keys %$v : @$v; 3609 } 3610 END_OF_FUNC 3611 3612 # internal routine, don't use 3613 '_set_attributes' => <<'END_OF_FUNC', 3614 sub _set_attributes { 3615 my $self = shift; 3616 my($element, $attributes) = @_; 3617 return '' unless defined($attributes->{$element}); 3618 $attribs = ' '; 3619 foreach my $attrib (keys %{$attributes->{$element}}) { 3620 (my $clean_attrib = $attrib) =~ s/^-//; 3621 $attribs .= "@{[lc($clean_attrib)]}=\"$attributes->{$element}{$attrib}\" "; 3622 } 3623 $attribs =~ s/ $//; 3624 return $attribs; 3625 } 3626 END_OF_FUNC 3627 3628 '_compile_all' => <<'END_OF_FUNC', 3629 sub _compile_all { 3630 foreach (@_) { 3631 next if defined(&$_); 3632 $AUTOLOAD = "CGI::$_"; 3633 _compile(); 3634 } 3635 } 3636 END_OF_FUNC 3637 3638 ); 3639 END_OF_AUTOLOAD 3640 ; 3641 3642 ######################################################### 3643 # Globals and stubs for other packages that we use. 3644 ######################################################### 3645 3646 ################### Fh -- lightweight filehandle ############### 3647 package Fh; 3648 use overload 3649 '""' => \&asString, 3650 'cmp' => \&compare, 3651 'fallback'=>1; 3652 3653 $FH='fh00000'; 3654 3655 *Fh::AUTOLOAD = \&CGI::AUTOLOAD; 3656 3657 sub DESTROY { 3658 my $self = shift; 3659 close $self; 3660 } 3661 3662 $AUTOLOADED_ROUTINES = ''; # prevent -w error 3663 $AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD'; 3664 %SUBS = ( 3665 'asString' => <<'END_OF_FUNC', 3666 sub asString { 3667 my $self = shift; 3668 # get rid of package name 3669 (my $i = $$self) =~ s/^\*(\w+::fh\d{5})+//; 3670 $i =~ s/%(..)/ chr(hex($1)) /eg; 3671 return $i.$CGI::TAINTED; 3672 # BEGIN DEAD CODE 3673 # This was an extremely clever patch that allowed "use strict refs". 3674 # Unfortunately it relied on another bug that caused leaky file descriptors. 3675 # The underlying bug has been fixed, so this no longer works. However 3676 # "strict refs" still works for some reason. 3677 # my $self = shift; 3678 # return ${*{$self}{SCALAR}}; 3679 # END DEAD CODE 3680 } 3681 END_OF_FUNC 3682 3683 'compare' => <<'END_OF_FUNC', 3684 sub compare { 3685 my $self = shift; 3686 my $value = shift; 3687 return "$self" cmp $value; 3688 } 3689 END_OF_FUNC 3690 3691 'new' => <<'END_OF_FUNC', 3692 sub new { 3693 my($pack,$name,$file,$delete) = @_; 3694 _setup_symbols(@SAVED_SYMBOLS) if @SAVED_SYMBOLS; 3695 require Fcntl unless defined &Fcntl::O_RDWR; 3696 (my $safename = $name) =~ s/([':%])/ sprintf '%%%02X', ord $1 /eg; 3697 my $fv = ++$FH . $safename; 3698 my $ref = \*{"Fh::$fv"}; 3699 $file =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return; 3700 my $safe = $1; 3701 sysopen($ref,$safe,Fcntl::O_RDWR()|Fcntl::O_CREAT()|Fcntl::O_EXCL(),0600) || return; 3702 unlink($safe) if $delete; 3703 CORE::delete $Fh::{$fv}; 3704 return bless $ref,$pack; 3705 } 3706 END_OF_FUNC 3707 3708 ); 3709 END_OF_AUTOLOAD 3710 3711 ######################## MultipartBuffer #################### 3712 package MultipartBuffer; 3713 3714 use constant DEBUG => 0; 3715 3716 # how many bytes to read at a time. We use 3717 # a 4K buffer by default. 3718 $INITIAL_FILLUNIT = 1024 * 4; 3719 $TIMEOUT = 240*60; # 4 hour timeout for big files 3720 $SPIN_LOOP_MAX = 2000; # bug fix for some Netscape servers 3721 $CRLF=$CGI::CRLF; 3722 3723 #reuse the autoload function 3724 *MultipartBuffer::AUTOLOAD = \&CGI::AUTOLOAD; 3725 3726 # avoid autoloader warnings 3727 sub DESTROY {} 3728 3729 ############################################################################### 3730 ################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND #################### 3731 ############################################################################### 3732 $AUTOLOADED_ROUTINES = ''; # prevent -w error 3733 $AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD'; 3734 %SUBS = ( 3735 3736 'new' => <<'END_OF_FUNC', 3737 sub new { 3738 my($package,$interface,$boundary,$length) = @_; 3739 $FILLUNIT = $INITIAL_FILLUNIT; 3740 $CGI::DefaultClass->binmode($IN); # if $CGI::needs_binmode; # just do it always 3741 3742 # If the user types garbage into the file upload field, 3743 # then Netscape passes NOTHING to the server (not good). 3744 # We may hang on this read in that case. So we implement 3745 # a read timeout. If nothing is ready to read 3746 # by then, we return. 3747 3748 # Netscape seems to be a little bit unreliable 3749 # about providing boundary strings. 3750 my $boundary_read = 0; 3751 if ($boundary) { 3752 3753 # Under the MIME spec, the boundary consists of the 3754 # characters "--" PLUS the Boundary string 3755 3756 # BUG: IE 3.01 on the Macintosh uses just the boundary -- not 3757 # the two extra hyphens. We do a special case here on the user-agent!!!! 3758 $boundary = "--$boundary" unless CGI::user_agent('MSIE\s+3\.0[12];\s*Mac|DreamPassport'); 3759 3760 } else { # otherwise we find it ourselves 3761 my($old); 3762 ($old,$/) = ($/,$CRLF); # read a CRLF-delimited line 3763 $boundary = <STDIN>; # BUG: This won't work correctly under mod_perl 3764 $length -= length($boundary); 3765 chomp($boundary); # remove the CRLF 3766 $/ = $old; # restore old line separator 3767 $boundary_read++; 3768 } 3769 3770 my $self = {LENGTH=>$length, 3771 CHUNKED=>!defined $length, 3772 BOUNDARY=>$boundary, 3773 INTERFACE=>$interface, 3774 BUFFER=>'', 3775 }; 3776 3777 $FILLUNIT = length($boundary) 3778 if length($boundary) > $FILLUNIT; 3779 3780 my $retval = bless $self,ref $package || $package; 3781 3782 # Read the preamble and the topmost (boundary) line plus the CRLF. 3783 unless ($boundary_read) { 3784 while ($self->read(0)) { } 3785 } 3786 die "Malformed multipart POST: data truncated\n" if $self->eof; 3787 3788 return $retval; 3789 } 3790 END_OF_FUNC 3791 3792 'readHeader' => <<'END_OF_FUNC', 3793 sub readHeader { 3794 my($self) = @_; 3795 my($end); 3796 my($ok) = 0; 3797 my($bad) = 0; 3798 3799 local($CRLF) = "\015\012" if $CGI::OS eq 'VMS' || $CGI::EBCDIC; 3800 3801 do { 3802 $self->fillBuffer($FILLUNIT); 3803 $ok++ if ($end = index($self->{BUFFER},"$CRLF}$CRLF}")) >= 0; 3804 $ok++ if $self->{BUFFER} eq ''; 3805 $bad++ if !$ok && $self->{LENGTH} <= 0; 3806 # this was a bad idea 3807 # $FILLUNIT *= 2 if length($self->{BUFFER}) >= $FILLUNIT; 3808 } until $ok || $bad; 3809 return () if $bad; 3810 3811 #EBCDIC NOTE: translate header into EBCDIC, but watch out for continuation lines! 3812 3813 my($header) = substr($self->{BUFFER},0,$end+2); 3814 substr($self->{BUFFER},0,$end+4) = ''; 3815 my %return; 3816 3817 if ($CGI::EBCDIC) { 3818 warn "untranslated header=$header\n" if DEBUG; 3819 $header = CGI::Util::ascii2ebcdic($header); 3820 warn "translated header=$header\n" if DEBUG; 3821 } 3822 3823 # See RFC 2045 Appendix A and RFC 822 sections 3.4.8 3824 # (Folding Long Header Fields), 3.4.3 (Comments) 3825 # and 3.4.5 (Quoted-Strings). 3826 3827 my $token = '[-\w!\#$%&\'*+.^_\`|{}~]'; 3828 $header=~s/$CRLF\s+/ /og; # merge continuation lines 3829 3830 while ($header=~/($token+):\s+([^$CRLF]*)/mgox) { 3831 my ($field_name,$field_value) = ($1,$2); 3832 $field_name =~ s/\b(\w)/uc($1)/eg; #canonicalize 3833 $return{$field_name}=$field_value; 3834 } 3835 return %return; 3836 } 3837 END_OF_FUNC 3838 3839 # This reads and returns the body as a single scalar value. 3840 'readBody' => <<'END_OF_FUNC', 3841 sub readBody { 3842 my($self) = @_; 3843 my($data); 3844 my($returnval)=''; 3845 3846 #EBCDIC NOTE: want to translate returnval into EBCDIC HERE 3847 3848 while (defined($data = $self->read)) { 3849 $returnval .= $data; 3850 } 3851 3852 if ($CGI::EBCDIC) { 3853 warn "untranslated body=$returnval\n" if DEBUG; 3854 $returnval = CGI::Util::ascii2ebcdic($returnval); 3855 warn "translated body=$returnval\n" if DEBUG; 3856 } 3857 return $returnval; 3858 } 3859 END_OF_FUNC 3860 3861 # This will read $bytes or until the boundary is hit, whichever happens 3862 # first. After the boundary is hit, we return undef. The next read will 3863 # skip over the boundary and begin reading again; 3864 'read' => <<'END_OF_FUNC', 3865 sub read { 3866 my($self,$bytes) = @_; 3867 3868 # default number of bytes to read 3869 $bytes = $bytes || $FILLUNIT; 3870 3871 # Fill up our internal buffer in such a way that the boundary 3872 # is never split between reads. 3873 $self->fillBuffer($bytes); 3874 3875 my $boundary_start = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY}) : $self->{BOUNDARY}; 3876 my $boundary_end = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY}.'--') : $self->{BOUNDARY}.'--'; 3877 3878 # Find the boundary in the buffer (it may not be there). 3879 my $start = index($self->{BUFFER},$boundary_start); 3880 3881 warn "boundary=$self->{BOUNDARY} length=$self->{LENGTH} start=$start\n" if DEBUG; 3882 3883 # protect against malformed multipart POST operations 3884 die "Malformed multipart POST\n" unless $self->{CHUNKED} || ($start >= 0 || $self->{LENGTH} > 0); 3885 3886 #EBCDIC NOTE: want to translate boundary search into ASCII here. 3887 3888 # If the boundary begins the data, then skip past it 3889 # and return undef. 3890 if ($start == 0) { 3891 3892 # clear us out completely if we've hit the last boundary. 3893 if (index($self->{BUFFER},$boundary_end)==0) { 3894 $self->{BUFFER}=''; 3895 $self->{LENGTH}=0; 3896 return undef; 3897 } 3898 3899 # just remove the boundary. 3900 substr($self->{BUFFER},0,length($boundary_start))=''; 3901 $self->{BUFFER} =~ s/^\012\015?//; 3902 return undef; 3903 } 3904 3905 my $bytesToReturn; 3906 if ($start > 0) { # read up to the boundary 3907 $bytesToReturn = $start-2 > $bytes ? $bytes : $start; 3908 } else { # read the requested number of bytes 3909 # leave enough bytes in the buffer to allow us to read 3910 # the boundary. Thanks to Kevin Hendrick for finding 3911 # this one. 3912 $bytesToReturn = $bytes - (length($boundary_start)+1); 3913 } 3914 3915 my $returnval=substr($self->{BUFFER},0,$bytesToReturn); 3916 substr($self->{BUFFER},0,$bytesToReturn)=''; 3917 3918 # If we hit the boundary, remove the CRLF from the end. 3919 return ($bytesToReturn==$start) 3920 ? substr($returnval,0,-2) : $returnval; 3921 } 3922 END_OF_FUNC 3923 3924 3925 # This fills up our internal buffer in such a way that the 3926 # boundary is never split between reads 3927 'fillBuffer' => <<'END_OF_FUNC', 3928 sub fillBuffer { 3929 my($self,$bytes) = @_; 3930 return unless $self->{CHUNKED} || $self->{LENGTH}; 3931 3932 my($boundaryLength) = length($self->{BOUNDARY}); 3933 my($bufferLength) = length($self->{BUFFER}); 3934 my($bytesToRead) = $bytes - $bufferLength + $boundaryLength + 2; 3935 $bytesToRead = $self->{LENGTH} if !$self->{CHUNKED} && $self->{LENGTH} < $bytesToRead; 3936 3937 # Try to read some data. We may hang here if the browser is screwed up. 3938 my $bytesRead = $self->{INTERFACE}->read_from_client(\$self->{BUFFER}, 3939 $bytesToRead, 3940 $bufferLength); 3941 warn "bytesToRead=$bytesToRead, bufferLength=$bufferLength, buffer=$self->{BUFFER}\n" if DEBUG; 3942 $self->{BUFFER} = '' unless defined $self->{BUFFER}; 3943 3944 # An apparent bug in the Apache server causes the read() 3945 # to return zero bytes repeatedly without blocking if the 3946 # remote user aborts during a file transfer. I don't know how 3947 # they manage this, but the workaround is to abort if we get 3948 # more than SPIN_LOOP_MAX consecutive zero reads. 3949 if ($bytesRead <= 0) { 3950 die "CGI.pm: Server closed socket during multipart read (client aborted?).\n" 3951 if ($self->{ZERO_LOOP_COUNTER}++ >= $SPIN_LOOP_MAX); 3952 } else { 3953 $self->{ZERO_LOOP_COUNTER}=0; 3954 } 3955 3956 $self->{LENGTH} -= $bytesRead if !$self->{CHUNKED} && $bytesRead; 3957 } 3958 END_OF_FUNC 3959 3960 3961 # Return true when we've finished reading 3962 'eof' => <<'END_OF_FUNC' 3963 sub eof { 3964 my($self) = @_; 3965 return 1 if (length($self->{BUFFER}) == 0) 3966 && ($self->{LENGTH} <= 0); 3967 undef; 3968 } 3969 END_OF_FUNC 3970 3971 ); 3972 END_OF_AUTOLOAD 3973 3974 #################################################################################### 3975 ################################## TEMPORARY FILES ################################# 3976 #################################################################################### 3977 package CGITempFile; 3978 3979 sub find_tempdir { 3980 $SL = $CGI::SL; 3981 $MAC = $CGI::OS eq 'MACINTOSH'; 3982 my ($vol) = $MAC ? MacPerl::Volumes() =~ /:(.*)/ : ""; 3983 unless (defined $TMPDIRECTORY) { 3984 @TEMP=("$SL}usr$SL}tmp","$SL}var$SL}tmp", 3985 "C:$SL}temp","$SL}tmp","$SL}temp", 3986 "$vol}$SL}Temporary Items", 3987 "$SL}WWW_ROOT", "$SL}SYS\$SCRATCH", 3988 "C:$SL}system$SL}temp"); 3989 unshift(@TEMP,$ENV{'TMPDIR'}) if defined $ENV{'TMPDIR'}; 3990 3991 # this feature was supposed to provide per-user tmpfiles, but 3992 # it is problematic. 3993 # unshift(@TEMP,(getpwuid($<))[7].'/tmp') if $CGI::OS eq 'UNIX'; 3994 # Rob: getpwuid() is unfortunately UNIX specific. On brain dead OS'es this 3995 # : can generate a 'getpwuid() not implemented' exception, even though 3996 # : it's never called. Found under DOS/Win with the DJGPP perl port. 3997 # : Refer to getpwuid() only at run-time if we're fortunate and have UNIX. 3998 # unshift(@TEMP,(eval {(getpwuid($>))[7]}).'/tmp') if $CGI::OS eq 'UNIX' and $> != 0; 3999 4000 foreach (@TEMP) { 4001 do {$TMPDIRECTORY = $_; last} if -d $_ && -w _; 4002 } 4003 } 4004 $TMPDIRECTORY = $MAC ? "" : "." unless $TMPDIRECTORY; 4005 } 4006 4007 find_tempdir(); 4008 4009 $MAXTRIES = 5000; 4010 4011 # cute feature, but overload implementation broke it 4012 # %OVERLOAD = ('""'=>'as_string'); 4013 *CGITempFile::AUTOLOAD = \&CGI::AUTOLOAD; 4014 4015 sub DESTROY { 4016 my($self) = @_; 4017 $$self =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return; 4018 my $safe = $1; # untaint operation 4019 unlink $safe; # get rid of the file 4020 } 4021 4022 ############################################################################### 4023 ################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND #################### 4024 ############################################################################### 4025 $AUTOLOADED_ROUTINES = ''; # prevent -w error 4026 $AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD'; 4027 %SUBS = ( 4028 4029 'new' => <<'END_OF_FUNC', 4030 sub new { 4031 my($package,$sequence) = @_; 4032 my $filename; 4033 find_tempdir() unless -w $TMPDIRECTORY; 4034 for (my $i = 0; $i < $MAXTRIES; $i++) { 4035 last if ! -f ($filename = sprintf("$TMPDIRECTORY}$SL}CGItemp%d",$sequence++)); 4036 } 4037 # check that it is a more-or-less valid filename 4038 return unless $filename =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$!; 4039 # this used to untaint, now it doesn't 4040 # $filename = $1; 4041 return bless \$filename; 4042 } 4043 END_OF_FUNC 4044 4045 'as_string' => <<'END_OF_FUNC' 4046 sub as_string { 4047 my($self) = @_; 4048 return $$self; 4049 } 4050 END_OF_FUNC 4051 4052 ); 4053 END_OF_AUTOLOAD 4054 4055 package CGI; 4056 4057 # We get a whole bunch of warnings about "possibly uninitialized variables" 4058 # when running with the -w switch. Touch them all once to get rid of the 4059 # warnings. This is ugly and I hate it. 4060 if ($^W) { 4061 $CGI::CGI = ''; 4062 $CGI::CGI=<<EOF; 4063 $CGI::VERSION; 4064 $MultipartBuffer::SPIN_LOOP_MAX; 4065 $MultipartBuffer::CRLF; 4066 $MultipartBuffer::TIMEOUT; 4067 $MultipartBuffer::INITIAL_FILLUNIT; 4068 EOF 4069 ; 4070 } 4071 4072 1; 4073 4074 __END__ 4075 4076 =head1 NAME 4077 4078 CGI - Simple Common Gateway Interface Class 4079 4080 =head1 SYNOPSIS 4081 4082 # CGI script that creates a fill-out form 4083 # and echoes back its values. 4084 4085 use CGI qw/:standard/; 4086 print header, 4087 start_html('A Simple Example'), 4088 h1('A Simple Example'), 4089 start_form, 4090 "What's your name? ",textfield('name'),p, 4091 "What's the combination?", p, 4092 checkbox_group(-name=>'words', 4093 -values=>['eenie','meenie','minie','moe'], 4094 -defaults=>['eenie','minie']), p, 4095 "What's your favorite color? ", 4096 popup_menu(-name=>'color', 4097 -values=>['red','green','blue','chartreuse']),p, 4098 submit, 4099 end_form, 4100 hr; 4101 4102 if (param()) { 4103 my $name = param('name'); 4104 my $keywords = join ', ',param('words'); 4105 my $color = param('color'); 4106 print "Your name is",em(escapeHTML($name)),p, 4107 "The keywords are: ",em(escapeHTML($keywords)),p, 4108 "Your favorite color is ",em(escapeHTML($color)), 4109 hr; 4110 } 4111 4112 =head1 ABSTRACT 4113 4114 This perl library uses perl5 objects to make it easy to create Web 4115 fill-out forms and parse their contents. This package defines CGI 4116 objects, entities that contain the values of the current query string 4117 and other state variables. Using a CGI object's methods, you can 4118 examine keywords and parameters passed to your script, and create 4119 forms whose initial values are taken from the current query (thereby 4120 preserving state information). The module provides shortcut functions 4121 that produce boilerplate HTML, reducing typing and coding errors. It 4122 also provides functionality for some of the more advanced features of 4123 CGI scripting, including support for file uploads, cookies, cascading 4124 style sheets, server push, and frames. 4125 4126 CGI.pm also provides a simple function-oriented programming style for 4127 those who don't need its object-oriented features. 4128 4129 The current version of CGI.pm is available at 4130 4131 http://www.genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html 4132 ftp://ftp-genome.wi.mit.edu/pub/software/WWW/ 4133 4134 =head1 DESCRIPTION 4135 4136 =head2 PROGRAMMING STYLE 4137 4138 There are two styles of programming with CGI.pm, an object-oriented 4139 style and a function-oriented style. In the object-oriented style you 4140 create one or more CGI objects and then use object methods to create 4141 the various elements of the page. Each CGI object starts out with the 4142 list of named parameters that were passed to your CGI script by the 4143 server. You can modify the objects, save them to a file or database 4144 and recreate them. Because each object corresponds to the "state" of 4145 the CGI script, and because each object's parameter list is 4146 independent of the others, this allows you to save the state of the 4147 script and restore it later. 4148 4149 For example, using the object oriented style, here is how you create 4150 a simple "Hello World" HTML page: 4151 4152 #!/usr/local/bin/perl -w 4153 use CGI; # load CGI routines 4154 $q = new CGI; # create new CGI object 4155 print $q->header, # create the HTTP header 4156 $q->start_html('hello world'), # start the HTML 4157 $q->h1('hello world'), # level 1 header 4158 $q->end_html; # end the HTML 4159 4160 In the function-oriented style, there is one default CGI object that 4161 you rarely deal with directly. Instead you just call functions to 4162 retrieve CGI parameters, create HTML tags, manage cookies, and so 4163 on. This provides you with a cleaner programming interface, but 4164 limits you to using one CGI object at a time. The following example 4165 prints the same page, but uses the function-oriented interface. 4166 The main differences are that we now need to import a set of functions 4167 into our name space (usually the "standard" functions), and we don't 4168 need to create the CGI object. 4169 4170 #!/usr/local/bin/perl 4171 use CGI qw/:standard/; # load standard CGI routines 4172 print header, # create the HTTP header 4173 start_html('hello world'), # start the HTML 4174 h1('hello world'), # level 1 header 4175 end_html; # end the HTML 4176 4177 The examples in this document mainly use the object-oriented style. 4178 See HOW TO IMPORT FUNCTIONS for important information on 4179 function-oriented programming in CGI.pm 4180 4181 =head2 CALLING CGI.PM ROUTINES 4182 4183 Most CGI.pm routines accept several arguments, sometimes as many as 20 4184 optional ones! To simplify this interface, all routines use a named 4185 argument calling style that looks like this: 4186 4187 print $q->header(-type=>'image/gif',-expires=>'+3d'); 4188 4189 Each argument name is preceded by a dash. Neither case nor order 4190 matters in the argument list. -type, -Type, and -TYPE are all 4191 acceptable. In fact, only the first argument needs to begin with a 4192 dash. If a dash is present in the first argument, CGI.pm assumes 4193 dashes for the subsequent ones. 4194 4195 Several routines are commonly called with just one argument. In the 4196 case of these routines you can provide the single argument without an 4197 argument name. header() happens to be one of these routines. In this 4198 case, the single argument is the document type. 4199 4200 print $q->header('text/html'); 4201 4202 Other such routines are documented below. 4203 4204 Sometimes named arguments expect a scalar, sometimes a reference to an 4205 array, and sometimes a reference to a hash. Often, you can pass any 4206 type of argument and the routine will do whatever is most appropriate. 4207 For example, the param() routine is used to set a CGI parameter to a 4208 single or a multi-valued value. The two cases are shown below: 4209 4210 $q->param(-name=>'veggie',-value=>'tomato'); 4211 $q->param(-name=>'veggie',-value=>['tomato','tomahto','potato','potahto']); 4212 4213 A large number of routines in CGI.pm actually aren't specifically 4214 defined in the module, but are generated automatically as needed. 4215 These are the "HTML shortcuts," routines that generate HTML tags for 4216 use in dynamically-generated pages. HTML tags have both attributes 4217 (the attribute="value" pairs within the tag itself) and contents (the 4218 part between the opening and closing pairs.) To distinguish between 4219 attributes and contents, CGI.pm uses the convention of passing HTML 4220 attributes as a hash reference as the first argument, and the 4221 contents, if any, as any subsequent arguments. It works out like 4222 this: 4223 4224 Code Generated HTML 4225 ---- -------------- 4226 h1() <h1> 4227 h1('some','contents'); <h1>some contents</h1> 4228 h1({-align=>left}); <h1 align="LEFT"> 4229 h1({-align=>left},'contents'); <h1 align="LEFT">contents</h1> 4230 4231 HTML tags are described in more detail later. 4232 4233 Many newcomers to CGI.pm are puzzled by the difference between the 4234 calling conventions for the HTML shortcuts, which require curly braces 4235 around the HTML tag attributes, and the calling conventions for other 4236 routines, which manage to generate attributes without the curly 4237 brackets. Don't be confused. As a convenience the curly braces are 4238 optional in all but the HTML shortcuts. If you like, you can use 4239 curly braces when calling any routine that takes named arguments. For 4240 example: 4241 4242 print $q->header( {-type=>'image/gif',-expires=>'+3d'} ); 4243 4244 If you use the B<-w> switch, you will be warned that some CGI.pm argument 4245 names conflict with built-in Perl functions. The most frequent of 4246 these is the -values argument, used to create multi-valued menus, 4247 radio button clusters and the like. To get around this warning, you 4248 have several choices: 4249 4250 =over 4 4251 4252 =item 1. 4253 4254 Use another name for the argument, if one is available. 4255 For example, -value is an alias for -values. 4256 4257 =item 2. 4258 4259 Change the capitalization, e.g. -Values 4260 4261 =item 3. 4262 4263 Put quotes around the argument name, e.g. '-values' 4264 4265 =back 4266 4267 Many routines will do something useful with a named argument that it 4268 doesn't recognize. For example, you can produce non-standard HTTP 4269 header fields by providing them as named arguments: 4270 4271 print $q->header(-type => 'text/html', 4272 -cost => 'Three smackers', 4273 -annoyance_level => 'high', 4274 -complaints_to => 'bit bucket'); 4275 4276 This will produce the following nonstandard HTTP header: 4277 4278 HTTP/1.0 200 OK 4279 Cost: Three smackers 4280 Annoyance-level: high 4281 Complaints-to: bit bucket 4282 Content-type: text/html 4283 4284 Notice the way that underscores are translated automatically into 4285 hyphens. HTML-generating routines perform a different type of 4286 translation. 4287 4288 This feature allows you to keep up with the rapidly changing HTTP and 4289 HTML "standards". 4290 4291 =head2 CREATING A NEW QUERY OBJECT (OBJECT-ORIENTED STYLE): 4292 4293 $query = new CGI; 4294 4295 This will parse the input (from both POST and GET methods) and store 4296 it into a perl5 object called $query. 4297 4298 Any filehandles from file uploads will have their position reset to 4299 the beginning of the file. 4300 4301 =head2 CREATING A NEW QUERY OBJECT FROM AN INPUT FILE 4302 4303 $query = new CGI(INPUTFILE); 4304 4305 If you provide a file handle to the new() method, it will read 4306 parameters from the file (or STDIN, or whatever). The file can be in 4307 any of the forms describing below under debugging (i.e. a series of 4308 newline delimited TAG=VALUE pairs will work). Conveniently, this type 4309 of file is created by the save() method (see below). Multiple records 4310 can be saved and restored. 4311 4312 Perl purists will be pleased to know that this syntax accepts 4313 references to file handles, or even references to filehandle globs, 4314 which is the "official" way to pass a filehandle: 4315 4316 $query = new CGI(\*STDIN); 4317 4318 You can also initialize the CGI object with a FileHandle or IO::File 4319 object. 4320 4321 If you are using the function-oriented interface and want to 4322 initialize CGI state from a file handle, the way to do this is with 4323 B<restore_parameters()>. This will (re)initialize the 4324 default CGI object from the indicated file handle. 4325 4326 open (IN,"test.in") || die; 4327 restore_parameters(IN); 4328 close IN; 4329 4330 You can also initialize the query object from an associative array 4331 reference: 4332 4333 $query = new CGI( {'dinosaur'=>'barney', 4334 'song'=>'I love you', 4335 'friends'=>[qw/Jessica George Nancy/]} 4336 ); 4337 4338 or from a properly formatted, URL-escaped query string: 4339 4340 $query = new CGI('dinosaur=barney&color=purple'); 4341 4342 or from a previously existing CGI object (currently this clones the 4343 parameter list, but none of the other object-specific fields, such as 4344 autoescaping): 4345 4346 $old_query = new CGI; 4347 $new_query = new CGI($old_query); 4348 4349 To create an empty query, initialize it from an empty string or hash: 4350 4351 $empty_query = new CGI(""); 4352 4353 -or- 4354 4355 $empty_query = new CGI({}); 4356 4357 =head2 FETCHING A LIST OF KEYWORDS FROM THE QUERY: 4358 4359 @keywords = $query->keywords 4360 4361 If the script was invoked as the result of an <ISINDEX> search, the 4362 parsed keywords can be obtained as an array using the keywords() method. 4363 4364 =head2 FETCHING THE NAMES OF ALL THE PARAMETERS PASSED TO YOUR SCRIPT: 4365 4366 @names = $query->param 4367 4368 If the script was invoked with a parameter list 4369 (e.g. "name1=value1&name2=value2&name3=value3"), the param() method 4370 will return the parameter names as a list. If the script was invoked 4371 as an <ISINDEX> script and contains a string without ampersands 4372 (e.g. "value1+value2+value3") , there will be a single parameter named 4373 "keywords" containing the "+"-delimited keywords. 4374 4375 NOTE: As of version 1.5, the array of parameter names returned will 4376 be in the same order as they were submitted by the browser. 4377 Usually this order is the same as the order in which the 4378 parameters are defined in the form (however, this isn't part 4379 of the spec, and so isn't guaranteed). 4380 4381 =head2 FETCHING THE VALUE OR VALUES OF A SINGLE NAMED PARAMETER: 4382 4383 @values = $query->param('foo'); 4384 4385 -or- 4386 4387 $value = $query->param('foo'); 4388 4389 Pass the param() method a single argument to fetch the value of the 4390 named parameter. If the parameter is multivalued (e.g. from multiple 4391 selections in a scrolling list), you can ask to receive an array. Otherwise 4392 the method will return a single value. 4393 4394 If a value is not given in the query string, as in the queries 4395 "name1=&name2=" or "name1&name2", it will be returned as an empty 4396 string. This feature is new in 2.63. 4397 4398 4399 If the parameter does not exist at all, then param() will return undef 4400 in a scalar context, and the empty list in a list context. 4401 4402 4403 =head2 SETTING THE VALUE(S) OF A NAMED PARAMETER: 4404 4405 $query->param('foo','an','array','of','values'); 4406 4407 This sets the value for the named parameter 'foo' to an array of 4408 values. This is one way to change the value of a field AFTER 4409 the script has been invoked once before. (Another way is with 4410 the -override parameter accepted by all methods that generate 4411 form elements.) 4412 4413 param() also recognizes a named parameter style of calling described 4414 in more detail later: 4415 4416 $query->param(-name=>'foo',-values=>['an','array','of','values']); 4417 4418 -or- 4419 4420 $query->param(-name=>'foo',-value=>'the value'); 4421 4422 =head2 APPENDING ADDITIONAL VALUES TO A NAMED PARAMETER: 4423 4424 $query->append(-name=>'foo',-values=>['yet','more','values']); 4425 4426 This adds a value or list of values to the named parameter. The 4427 values are appended to the end of the parameter if it already exists. 4428 Otherwise the parameter is created. Note that this method only 4429 recognizes the named argument calling syntax. 4430 4431 =head2 IMPORTING ALL PARAMETERS INTO A NAMESPACE: 4432 4433 $query->import_names('R'); 4434 4435 This creates a series of variables in the 'R' namespace. For example, 4436 $R::foo, @R:foo. For keyword lists, a variable @R::keywords will appear. 4437 If no namespace is given, this method will assume 'Q'. 4438 WARNING: don't import anything into 'main'; this is a major security 4439 risk!!!! 4440 4441 NOTE 1: Variable names are transformed as necessary into legal Perl 4442 variable names. All non-legal characters are transformed into 4443 underscores. If you need to keep the original names, you should use 4444 the param() method instead to access CGI variables by name. 4445 4446 NOTE 2: In older versions, this method was called B<import()>. As of version 2.20, 4447 this name has been removed completely to avoid conflict with the built-in 4448 Perl module B<import> operator. 4449 4450 =head2 DELETING A PARAMETER COMPLETELY: 4451 4452 $query->delete('foo','bar','baz'); 4453 4454 This completely clears a list of parameters. It sometimes useful for 4455 resetting parameters that you don't want passed down between script 4456 invocations. 4457 4458 If you are using the function call interface, use "Delete()" instead 4459 to avoid conflicts with Perl's built-in delete operator. 4460 4461 =head2 DELETING ALL PARAMETERS: 4462 4463 $query->delete_all(); 4464 4465 This clears the CGI object completely. It might be useful to ensure 4466 that all the defaults are taken when you create a fill-out form. 4467 4468 Use Delete_all() instead if you are using the function call interface. 4469 4470 =head2 HANDLING NON-URLENCODED ARGUMENTS 4471 4472 4473 If POSTed data is not of type application/x-www-form-urlencoded or 4474 multipart/form-data, then the POSTed data will not be processed, but 4475 instead be returned as-is in a parameter named POSTDATA. To retrieve 4476 it, use code like this: 4477 4478 my $data = $query->param('POSTDATA'); 4479 4480 (If you don't know what the preceding means, don't worry about it. It 4481 only affects people trying to use CGI for XML processing and other 4482 specialized tasks.) 4483 4484 4485 =head2 DIRECT ACCESS TO THE PARAMETER LIST: 4486 4487 $q->param_fetch('address')->[1] = '1313 Mockingbird Lane'; 4488 unshift @{$q->param_fetch(-name=>'address')},'George Munster'; 4489 4490 If you need access to the parameter list in a way that isn't covered 4491 by the methods above, you can obtain a direct reference to it by 4492 calling the B<param_fetch()> method with the name of the . This 4493 will return an array reference to the named parameters, which you then 4494 can manipulate in any way you like. 4495 4496 You can also use a named argument style using the B<-name> argument. 4497 4498 =head2 FETCHING THE PARAMETER LIST AS A HASH: 4499 4500 $params = $q->Vars; 4501 print $params->{'address'}; 4502 @foo = split("\0",$params->{'foo'}); 4503 %params = $q->Vars; 4504 4505 use CGI ':cgi-lib'; 4506 $params = Vars; 4507 4508 Many people want to fetch the entire parameter list as a hash in which 4509 the keys are the names of the CGI parameters, and the values are the 4510 parameters' values. The Vars() method does this. Called in a scalar 4511 context, it returns the parameter list as a tied hash reference. 4512 Changing a key changes the value of the parameter in the underlying 4513 CGI parameter list. Called in a list context, it returns the 4514 parameter list as an ordinary hash. This allows you to read the 4515 contents of the parameter list, but not to change it. 4516 4517 When using this, the thing you must watch out for are multivalued CGI 4518 parameters. Because a hash cannot distinguish between scalar and 4519 list context, multivalued parameters will be returned as a packed 4520 string, separated by the "\0" (null) character. You must split this 4521 packed string in order to get at the individual values. This is the 4522 convention introduced long ago by Steve Brenner in his cgi-lib.pl 4523 module for Perl version 4. 4524 4525 If you wish to use Vars() as a function, import the I<:cgi-lib> set of 4526 function calls (also see the section on CGI-LIB compatibility). 4527 4528 =head2 SAVING THE STATE OF THE SCRIPT TO A FILE: 4529 4530 $query->save(\*FILEHANDLE) 4531 4532 This will write the current state of the form to the provided 4533 filehandle. You can read it back in by providing a filehandle 4534 to the new() method. Note that the filehandle can be a file, a pipe, 4535 or whatever! 4536 4537 The format of the saved file is: 4538 4539 NAME1=VALUE1 4540 NAME1=VALUE1' 4541 NAME2=VALUE2 4542 NAME3=VALUE3 4543 = 4544 4545 Both name and value are URL escaped. Multi-valued CGI parameters are 4546 represented as repeated names. A session record is delimited by a 4547 single = symbol. You can write out multiple records and read them 4548 back in with several calls to B<new>. You can do this across several 4549 sessions by opening the file in append mode, allowing you to create 4550 primitive guest books, or to keep a history of users' queries. Here's 4551 a short example of creating multiple session records: 4552 4553 use CGI; 4554 4555 open (OUT,">>test.out") || die; 4556 $records = 5; 4557 foreach (0..$records) { 4558 my $q = new CGI; 4559 $q->param(-name=>'counter',-value=>$_); 4560 $q->save(\*OUT); 4561 } 4562 close OUT; 4563 4564 # reopen for reading 4565 open (IN,"test.out") || die; 4566 while (!eof(IN)) { 4567 my $q = new CGI(\*IN); 4568 print $q->param('counter'),"\n"; 4569 } 4570 4571 The file format used for save/restore is identical to that used by the 4572 Whitehead Genome Center's data exchange format "Boulderio", and can be 4573 manipulated and even databased using Boulderio utilities. See 4574 4575 http://stein.cshl.org/boulder/ 4576 4577 for further details. 4578 4579 If you wish to use this method from the function-oriented (non-OO) 4580 interface, the exported name for this method is B<save_parameters()>. 4581 4582 =head2 RETRIEVING CGI ERRORS 4583 4584 Errors can occur while processing user input, particularly when 4585 processing uploaded files. When these errors occur, CGI will stop 4586 processing and return an empty parameter list. You can test for 4587 the existence and nature of errors using the I<cgi_error()> function. 4588 The error messages are formatted as HTTP status codes. You can either 4589 incorporate the error text into an HTML page, or use it as the value 4590 of the HTTP status: 4591 4592 my $error = $q->cgi_error; 4593 if ($error) { 4594 print $q->header(-status=>$error), 4595 $q->start_html('Problems'), 4596 $q->h2('Request not processed'), 4597 $q->strong($error); 4598 exit 0; 4599 } 4600 4601 When using the function-oriented interface (see the next section), 4602 errors may only occur the first time you call I<param()>. Be ready 4603 for this! 4604 4605 =head2 USING THE FUNCTION-ORIENTED INTERFACE 4606 4607 To use the function-oriented interface, you must specify which CGI.pm 4608 routines or sets of routines to import into your script's namespace. 4609 There is a small overhead associated with this importation, but it 4610 isn't much. 4611 4612 use CGI <list of methods>; 4613 4614 The listed methods will be imported into the current package; you can 4615 call them directly without creating a CGI object first. This example 4616 shows how to import the B<param()> and B<header()> 4617 methods, and then use them directly: 4618 4619 use CGI 'param','header'; 4620 print header('text/plain'); 4621 $zipcode = param('zipcode'); 4622 4623 More frequently, you'll import common sets of functions by referring 4624 to the groups by name. All function sets are preceded with a ":" 4625 character as in ":html3" (for tags defined in the HTML 3 standard). 4626 4627 Here is a list of the function sets you can import: 4628 4629 =over 4 4630 4631 =item B<:cgi> 4632 4633 Import all CGI-handling methods, such as B<param()>, B<path_info()> 4634 and the like. 4635 4636 =item B<:form> 4637 4638 Import all fill-out form generating methods, such as B<textfield()>. 4639 4640 =item B<:html2> 4641 4642 Import all methods that generate HTML 2.0 standard elements. 4643 4644 =item B<:html3> 4645 4646 Import all methods that generate HTML 3.0 elements (such as 4647 <table>, <super> and <sub>). 4648 4649 =item B<:html4> 4650 4651 Import all methods that generate HTML 4 elements (such as 4652 <abbrev>, <acronym> and <thead>). 4653 4654 =item B<:netscape> 4655 4656 Import all methods that generate Netscape-specific HTML extensions. 4657 4658 =item B<:html> 4659 4660 Import all HTML-generating shortcuts (i.e. 'html2' + 'html3' + 4661 'netscape')... 4662 4663 =item B<:standard> 4664 4665 Import "standard" features, 'html2', 'html3', 'html4', 'form' and 'cgi'. 4666 4667 =item B<:all> 4668 4669 Import all the available methods. For the full list, see the CGI.pm 4670 code, where the variable %EXPORT_TAGS is defined. 4671 4672 =back 4673 4674 If you import a function name that is not part of CGI.pm, the module 4675 will treat it as a new HTML tag and generate the appropriate 4676 subroutine. You can then use it like any other HTML tag. This is to 4677 provide for the rapidly-evolving HTML "standard." For example, say 4678 Microsoft comes out with a new tag called <gradient> (which causes the 4679 user's desktop to be flooded with a rotating gradient fill until his 4680 machine reboots). You don't need to wait for a new version of CGI.pm 4681 to start using it immediately: 4682 4683 use CGI qw/:standard :html3 gradient/; 4684 print gradient({-start=>'red',-end=>'blue'}); 4685 4686 Note that in the interests of execution speed CGI.pm does B<not> use 4687 the standard L<Exporter> syntax for specifying load symbols. This may 4688 change in the future. 4689 4690 If you import any of the state-maintaining CGI or form-generating 4691 methods, a default CGI object will be created and initialized 4692 automatically the first time you use any of the methods that require 4693 one to be present. This includes B<param()>, B<textfield()>, 4694 B<submit()> and the like. (If you need direct access to the CGI 4695 object, you can find it in the global variable B<$CGI::Q>). By 4696 importing CGI.pm methods, you can create visually elegant scripts: 4697 4698 use CGI qw/:standard/; 4699 print 4700 header, 4701 start_html('Simple Script'), 4702 h1('Simple Script'), 4703 start_form, 4704 "What's your name? ",textfield('name'),p, 4705 "What's the combination?", 4706 checkbox_group(-name=>'words', 4707 -values=>['eenie','meenie','minie','moe'], 4708 -defaults=>['eenie','moe']),p, 4709 "What's your favorite color?", 4710 popup_menu(-name=>'color', 4711 -values=>['red','green','blue','chartreuse']),p, 4712 submit, 4713 end_form, 4714 hr,"\n"; 4715 4716 if (param) { 4717 print 4718 "Your name is ",em(param('name')),p, 4719 "The keywords are: ",em(join(", ",param('words'))),p, 4720 "Your favorite color is ",em(param('color')),".\n"; 4721 } 4722 print end_html; 4723 4724 =head2 PRAGMAS 4725 4726 In addition to the function sets, there are a number of pragmas that 4727 you can import. Pragmas, which are always preceded by a hyphen, 4728 change the way that CGI.pm functions in various ways. Pragmas, 4729 function sets, and individual functions can all be imported in the 4730 same use() line. For example, the following use statement imports the 4731 standard set of functions and enables debugging mode (pragma 4732 -debug): 4733 4734 use CGI qw/:standard -debug/; 4735 4736 The current list of pragmas is as follows: 4737 4738 =over 4 4739 4740 =item -any 4741 4742 When you I<use CGI -any>, then any method that the query object 4743 doesn't recognize will be interpreted as a new HTML tag. This allows 4744 you to support the next I<ad hoc> Netscape or Microsoft HTML 4745 extension. This lets you go wild with new and unsupported tags: 4746 4747 use CGI qw(-any); 4748 $q=new CGI; 4749 print $q->gradient({speed=>'fast',start=>'red',end=>'blue'}); 4750 4751 Since using <cite>any</cite> causes any mistyped method name 4752 to be interpreted as an HTML tag, use it with care or not at 4753 all. 4754 4755 =item -compile 4756 4757 This causes the indicated autoloaded methods to be compiled up front, 4758 rather than deferred to later. This is useful for scripts that run 4759 for an extended period of time under FastCGI or mod_perl, and for 4760 those destined to be crunched by Malcolm Beattie's Perl compiler. Use 4761 it in conjunction with the methods or method families you plan to use. 4762 4763 use CGI qw(-compile :standard :html3); 4764 4765 or even 4766 4767 use CGI qw(-compile :all); 4768 4769 Note that using the -compile pragma in this way will always have 4770 the effect of importing the compiled functions into the current 4771 namespace. If you want to compile without importing use the 4772 compile() method instead: 4773 4774 use CGI(); 4775 CGI->compile(); 4776 4777 This is particularly useful in a mod_perl environment, in which you 4778 might want to precompile all CGI routines in a startup script, and 4779 then import the functions individually in each mod_perl script. 4780 4781 =item -nosticky 4782 4783 By default the CGI module implements a state-preserving behavior 4784 called "sticky" fields. The way this works is that if you are 4785 regenerating a form, the methods that generate the form field values 4786 will interrogate param() to see if similarly-named parameters are 4787 present in the query string. If they find a like-named parameter, they 4788 will use it to set their default values. 4789 4790 Sometimes this isn't what you want. The B<-nosticky> pragma prevents 4791 this behavior. You can also selectively change the sticky behavior in 4792 each element that you generate. 4793 4794 =item -tabindex 4795 4796 Automatically add tab index attributes to each form field. With this 4797 option turned off, you can still add tab indexes manually by passing a 4798 -tabindex option to each field-generating method. 4799 4800 =item -no_undef_params 4801 4802 This keeps CGI.pm from including undef params in the parameter list. 4803 4804 =item -no_xhtml 4805 4806 By default, CGI.pm versions 2.69 and higher emit XHTML 4807 (http://www.w3.org/TR/xhtml1/). The -no_xhtml pragma disables this 4808 feature. Thanks to Michalis Kabrianis <kabrianis@hellug.gr> for this 4809 feature. 4810 4811 If start_html()'s -dtd parameter specifies an HTML 2.0 or 3.2 DTD, 4812 XHTML will automatically be disabled without needing to use this 4813 pragma. 4814 4815 =item -nph 4816 4817 This makes CGI.pm produce a header appropriate for an NPH (no 4818 parsed header) script. You may need to do other things as well 4819 to tell the server that the script is NPH. See the discussion 4820 of NPH scripts below. 4821 4822 =item -newstyle_urls 4823 4824 Separate the name=value pairs in CGI parameter query strings with 4825 semicolons rather than ampersands. For example: 4826 4827 ?name=fred;age=24;favorite_color=3 4828 4829 Semicolon-delimited query strings are always accepted, but will not be 4830 emitted by self_url() and query_string() unless the -newstyle_urls 4831 pragma is specified. 4832 4833 This became the default in version 2.64. 4834 4835 =item -oldstyle_urls 4836 4837 Separate the name=value pairs in CGI parameter query strings with 4838 ampersands rather than semicolons. This is no longer the default. 4839 4840 =item -autoload 4841 4842 This overrides the autoloader so that any function in your program 4843 that is not recognized is referred to CGI.pm for possible evaluation. 4844 This allows you to use all the CGI.pm functions without adding them to 4845 your symbol table, which is of concern for mod_perl users who are 4846 worried about memory consumption. I<Warning:> when 4847 I<-autoload> is in effect, you cannot use "poetry mode" 4848 (functions without the parenthesis). Use I<hr()> rather 4849 than I<hr>, or add something like I<use subs qw/hr p header/> 4850 to the top of your script. 4851 4852 =item -no_debug 4853 4854 This turns off the command-line processing features. If you want to 4855 run a CGI.pm script from the command line to produce HTML, and you 4856 don't want it to read CGI parameters from the command line or STDIN, 4857 then use this pragma: 4858 4859 use CGI qw(-no_debug :standard); 4860 4861 =item -debug 4862 4863 This turns on full debugging. In addition to reading CGI arguments 4864 from the command-line processing, CGI.pm will pause and try to read 4865 arguments from STDIN, producing the message "(offline mode: enter 4866 name=value pairs on standard input)" features. 4867 4868 See the section on debugging for more details. 4869 4870 =item -private_tempfiles 4871 4872 CGI.pm can process uploaded file. Ordinarily it spools the uploaded 4873 file to a temporary directory, then deletes the file when done. 4874 However, this opens the risk of eavesdropping as described in the file 4875 upload section. Another CGI script author could peek at this data 4876 during the upload, even if it is confidential information. On Unix 4877 systems, the -private_tempfiles pragma will cause the temporary file 4878 to be unlinked as soon as it is opened and before any data is written 4879 into it, reducing, but not eliminating the risk of eavesdropping 4880 (there is still a potential race condition). To make life harder for 4881 the attacker, the program chooses tempfile names by calculating a 32 4882 bit checksum of the incoming HTTP headers. 4883 4884 To ensure that the temporary file cannot be read by other CGI scripts, 4885 use suEXEC or a CGI wrapper program to run your script. The temporary 4886 file is created with mode 0600 (neither world nor group readable). 4887 4888 The temporary directory is selected using the following algorithm: 4889 4890 1. if the current user (e.g. "nobody") has a directory named 4891 "tmp" in its home directory, use that (Unix systems only). 4892 4893 2. if the environment variable TMPDIR exists, use the location 4894 indicated. 4895 4896 3. Otherwise try the locations /usr/tmp, /var/tmp, C:\temp, 4897 /tmp, /temp, ::Temporary Items, and \WWW_ROOT. 4898 4899 Each of these locations is checked that it is a directory and is 4900 writable. If not, the algorithm tries the next choice. 4901 4902 =back 4903 4904 =head2 SPECIAL FORMS FOR IMPORTING HTML-TAG FUNCTIONS 4905 4906 Many of the methods generate HTML tags. As described below, tag 4907 functions automatically generate both the opening and closing tags. 4908 For example: 4909 4910 print h1('Level 1 Header'); 4911 4912 produces 4913 4914 <h1>Level 1 Header</h1> 4915 4916 There will be some times when you want to produce the start and end 4917 tags yourself. In this case, you can use the form start_I<tag_name> 4918 and end_I<tag_name>, as in: 4919 4920 print start_h1,'Level 1 Header',end_h1; 4921 4922 With a few exceptions (described below), start_I<tag_name> and 4923 end_I<tag_name> functions are not generated automatically when you 4924 I<use CGI>. However, you can specify the tags you want to generate 4925 I<start/end> functions for by putting an asterisk in front of their 4926 name, or, alternatively, requesting either "start_I<tag_name>" or 4927 "end_I<tag_name>" in the import list. 4928 4929 Example: 4930 4931 use CGI qw/:standard *table start_ul/; 4932 4933 In this example, the following functions are generated in addition to 4934 the standard ones: 4935 4936 =over 4 4937 4938 =item 1. start_table() (generates a <table> tag) 4939 4940 =item 2. end_table() (generates a </table> tag) 4941 4942 =item 3. start_ul() (generates a <ul> tag) 4943 4944 =item 4. end_ul() (generates a </ul> tag) 4945 4946 =back 4947 4948 =head1 GENERATING DYNAMIC DOCUMENTS 4949 4950 Most of CGI.pm's functions deal with creating documents on the fly. 4951 Generally you will produce the HTTP header first, followed by the 4952 document itself. CGI.pm provides functions for generating HTTP 4953 headers of various types as well as for generating HTML. For creating 4954 GIF images, see the GD.pm module. 4955 4956 Each of these functions produces a fragment of HTML or HTTP which you 4957 can print out directly so that it displays in the browser window, 4958 append to a string, or save to a file for later use. 4959 4960 =head2 CREATING A STANDARD HTTP HEADER: 4961 4962 Normally the first thing you will do in any CGI script is print out an 4963 HTTP header. This tells the browser what type of document to expect, 4964 and gives other optional information, such as the language, expiration 4965 date, and whether to cache the document. The header can also be 4966 manipulated for special purposes, such as server push and pay per view 4967 pages. 4968 4969 print header; 4970 4971 -or- 4972 4973 print header('image/gif'); 4974 4975 -or- 4976 4977 print header('text/html','204 No response'); 4978 4979 -or- 4980 4981 print header(-type=>'image/gif', 4982 -nph=>1, 4983 -status=>'402 Payment required', 4984 -expires=>'+3d', 4985 -cookie=>$cookie, 4986 -charset=>'utf-7', 4987 -attachment=>'foo.gif', 4988 -Cost=>'$2.00'); 4989 4990 header() returns the Content-type: header. You can provide your own 4991 MIME type if you choose, otherwise it defaults to text/html. An 4992 optional second parameter specifies the status code and a human-readable 4993 message. For example, you can specify 204, "No response" to create a 4994 script that tells the browser to do nothing at all. 4995 4996 The last example shows the named argument style for passing arguments 4997 to the CGI methods using named parameters. Recognized parameters are 4998 B<-type>, B<-status>, B<-expires>, and B<-cookie>. Any other named 4999 parameters will be stripped of their initial hyphens and turned into 5000 header fields, allowing you to specify any HTTP header you desire. 5001 Internal underscores will be turned into hyphens: 5002 5003 print header(-Content_length=>3002); 5004 5005 Most browsers will not cache the output from CGI scripts. Every time 5006 the browser reloads the page, the script is invoked anew. You can 5007 change this behavior with the B<-expires> parameter. When you specify 5008 an absolute or relative expiration interval with this parameter, some 5009 browsers and proxy servers will cache the script's output until the 5010 indicated expiration date. The following forms are all valid for the 5011 -expires field: 5012 5013 +30s 30 seconds from now 5014 +10m ten minutes from now 5015 +1h one hour from now 5016 -1d yesterday (i.e. "ASAP!") 5017 now immediately 5018 +3M in three months 5019 +10y in ten years time 5020 Thursday, 25-Apr-1999 00:40:33 GMT at the indicated time & date 5021 5022 The B<-cookie> parameter generates a header that tells the browser to provide 5023 a "magic cookie" during all subsequent transactions with your script. 5024 Netscape cookies have a special format that includes interesting attributes 5025 such as expiration time. Use the cookie() method to create and retrieve 5026 session cookies. 5027 5028 The B<-nph> parameter, if set to a true value, will issue the correct 5029 headers to work with a NPH (no-parse-header) script. This is important 5030 to use with certain servers that expect all their scripts to be NPH. 5031 5032 The B<-charset> parameter can be used to control the character set 5033 sent to the browser. If not provided, defaults to ISO-8859-1. As a 5034 side effect, this sets the charset() method as well. 5035 5036 The B<-attachment> parameter can be used to turn the page into an 5037 attachment. Instead of displaying the page, some browsers will prompt 5038 the user to save it to disk. The value of the argument is the 5039 suggested name for the saved file. In order for this to work, you may 5040 have to set the B<-type> to "application/octet-stream". 5041 5042 The B<-p3p> parameter will add a P3P tag to the outgoing header. The 5043 parameter can be an arrayref or a space-delimited string of P3P tags. 5044 For example: 5045 5046 print header(-p3p=>[qw(CAO DSP LAW CURa)]); 5047 print header(-p3p=>'CAO DSP LAW CURa'); 5048 5049 In either case, the outgoing header will be formatted as: 5050 5051 P3P: policyref="/w3c/p3p.xml" cp="CAO DSP LAW CURa" 5052 5053 =head2 GENERATING A REDIRECTION HEADER 5054 5055 print redirect('http://somewhere.else/in/movie/land'); 5056 5057 Sometimes you don't want to produce a document yourself, but simply 5058 redirect the browser elsewhere, perhaps choosing a URL based on the 5059 time of day or the identity of the user. 5060 5061 The redirect() function redirects the browser to a different URL. If 5062 you use redirection like this, you should B<not> print out a header as 5063 well. 5064 5065 You should always use full URLs (including the http: or ftp: part) in 5066 redirection requests. Relative URLs will not work correctly. 5067 5068 You can also use named arguments: 5069 5070 print redirect(-uri=>'http://somewhere.else/in/movie/land', 5071 -nph=>1, 5072 -status=>301); 5073 5074 The B<-nph> parameter, if set to a true value, will issue the correct 5075 headers to work with a NPH (no-parse-header) script. This is important 5076 to use with certain servers, such as Microsoft IIS, which 5077 expect all their scripts to be NPH. 5078 5079 The B<-status> parameter will set the status of the redirect. HTTP 5080 defines three different possible redirection status codes: 5081 5082 301 Moved Permanently 5083 302 Found 5084 303 See Other 5085 5086 The default if not specified is 302, which means "moved temporarily." 5087 You may change the status to another status code if you wish. Be 5088 advised that changing the status to anything other than 301, 302 or 5089 303 will probably break redirection. 5090 5091 =head2 CREATING THE HTML DOCUMENT HEADER 5092 5093 print start_html(-title=>'Secrets of the Pyramids', 5094 -author=>'fred@capricorn.org', 5095 -base=>'true', 5096 -target=>'_blank', 5097 -meta=>{'keywords'=>'pharaoh secret mummy', 5098 'copyright'=>'copyright 1996 King Tut'}, 5099 -style=>{'src'=>'/styles/style1.css'}, 5100 -BGCOLOR=>'blue'); 5101 5102 After creating the HTTP header, most CGI scripts will start writing 5103 out an HTML document. The start_html() routine creates the top of the 5104 page, along with a lot of optional information that controls the 5105 page's appearance and behavior. 5106 5107 This method returns a canned HTML header and the opening <body> tag. 5108 All parameters are optional. In the named parameter form, recognized 5109 parameters are -title, -author, -base, -xbase, -dtd, -lang and -target 5110 (see below for the explanation). Any additional parameters you 5111 provide, such as the Netscape unofficial BGCOLOR attribute, are added 5112 to the <body> tag. Additional parameters must be proceeded by a 5113 hyphen. 5114 5115 The argument B<-xbase> allows you to provide an HREF for the <base> tag 5116 different from the current location, as in 5117 5118 -xbase=>"http://home.mcom.com/" 5119 5120 All relative links will be interpreted relative to this tag. 5121 5122 The argument B<-target> allows you to provide a default target frame 5123 for all the links and fill-out forms on the page. B<This is a 5124 non-standard HTTP feature which only works with Netscape browsers!> 5125 See the Netscape documentation on frames for details of how to 5126 manipulate this. 5127 5128 -target=>"answer_window" 5129 5130 All relative links will be interpreted relative to this tag. 5131 You add arbitrary meta information to the header with the B<-meta> 5132 argument. This argument expects a reference to an associative array 5133 containing name/value pairs of meta information. These will be turned 5134 into a series of header <meta> tags that look something like this: 5135 5136 <meta name="keywords" content="pharaoh secret mummy"> 5137 <meta name="description" content="copyright 1996 King Tut"> 5138 5139 To create an HTTP-EQUIV type of <meta> tag, use B<-head>, described 5140 below. 5141 5142 The B<-style> argument is used to incorporate cascading stylesheets 5143 into your code. See the section on CASCADING STYLESHEETS for more 5144 information. 5145 5146 The B<-lang> argument is used to incorporate a language attribute into 5147 the <html> tag. For example: 5148 5149 print $q->start_html(-lang=>'fr-CA'); 5150 5151 The default if not specified is "en-US" for US English, unless the 5152 -dtd parameter specifies an HTML 2.0 or 3.2 DTD, in which case the 5153 lang attribute is left off. You can force the lang attribute to left 5154 off in other cases by passing an empty string (-lang=>''). 5155 5156 The B<-encoding> argument can be used to specify the character set for 5157 XHTML. It defaults to iso-8859-1 if not specified. 5158 5159 The B<-declare_xml> argument, when used in conjunction with XHTML, 5160 will put a <?xml> declaration at the top of the HTML header. The sole 5161 purpose of this declaration is to declare the character set 5162 encoding. In the absence of -declare_xml, the output HTML will contain 5163 a <meta> tag that specifies the encoding, allowing the HTML to pass 5164 most validators. The default for -declare_xml is false. 5165 5166 You can place other arbitrary HTML elements to the <head> section with the 5167 B<-head> tag. For example, to place the rarely-used <link> element in the 5168 head section, use this: 5169 5170 print start_html(-head=>Link({-rel=>'next', 5171 -href=>'http://www.capricorn.com/s2.html'})); 5172 5173 To incorporate multiple HTML elements into the <head> section, just pass an 5174 array reference: 5175 5176 print start_html(-head=>[ 5177 Link({-rel=>'next', 5178 -href=>'http://www.capricorn.com/s2.html'}), 5179 Link({-rel=>'previous', 5180 -href=>'http://www.capricorn.com/s1.html'}) 5181 ] 5182 ); 5183 5184 And here's how to create an HTTP-EQUIV <meta> tag: 5185 5186 print start_html(-head=>meta({-http_equiv => 'Content-Type', 5187 -content => 'text/html'})) 5188 5189 5190 JAVASCRIPTING: The B<-script>, B<-noScript>, B<-onLoad>, 5191 B<-onMouseOver>, B<-onMouseOut> and B<-onUnload> parameters are used 5192 to add Netscape JavaScript calls to your pages. B<-script> should 5193 point to a block of text containing JavaScript function definitions. 5194 This block will be placed within a <script> block inside the HTML (not 5195 HTTP) header. The block is placed in the header in order to give your 5196 page a fighting chance of having all its JavaScript functions in place 5197 even if the user presses the stop button before the page has loaded 5198 completely. CGI.pm attempts to format the script in such a way that 5199 JavaScript-naive browsers will not choke on the code: unfortunately 5200 there are some browsers, such as Chimera for Unix, that get confused 5201 by it nevertheless. 5202 5203 The B<-onLoad> and B<-onUnload> parameters point to fragments of JavaScript 5204 code to execute when the page is respectively opened and closed by the 5205 browser. Usually these parameters are calls to functions defined in the 5206 B<-script> field: 5207 5208 $query = new CGI; 5209 print header; 5210 $JSCRIPT=<<END; 5211 // Ask a silly question 5212 function riddle_me_this() { 5213 var r = prompt("What walks on four legs in the morning, " + 5214 "two legs in the afternoon, " + 5215 "and three legs in the evening?"); 5216 response(r); 5217 } 5218 // Get a silly answer 5219 function response(answer) { 5220 if (answer == "man") 5221 alert("Right you are!"); 5222 else 5223 alert("Wrong! Guess again."); 5224 } 5225 END 5226 print start_html(-title=>'The Riddle of the Sphinx', 5227 -script=>$JSCRIPT); 5228 5229 Use the B<-noScript> parameter to pass some HTML text that will be displayed on 5230 browsers that do not have JavaScript (or browsers where JavaScript is turned 5231 off). 5232 5233 The <script> tag, has several attributes including "type" and src. 5234 The latter is particularly interesting, as it allows you to keep the 5235 JavaScript code in a file or CGI script rather than cluttering up each 5236 page with the source. To use these attributes pass a HASH reference 5237 in the B<-script> parameter containing one or more of -type, -src, or 5238 -code: 5239 5240 print $q->start_html(-title=>'The Riddle of the Sphinx', 5241 -script=>{-type=>'JAVASCRIPT', 5242 -src=>'/javascript/sphinx.js'} 5243 ); 5244 5245 print $q->(-title=>'The Riddle of the Sphinx', 5246 -script=>{-type=>'PERLSCRIPT', 5247 -code=>'print "hello world!\n;"'} 5248 ); 5249 5250 5251 A final feature allows you to incorporate multiple <script> sections into the 5252 header. Just pass the list of script sections as an array reference. 5253 this allows you to specify different source files for different dialects 5254 of JavaScript. Example: 5255 5256 print $q->start_html(-title=>'The Riddle of the Sphinx', 5257 -script=>[ 5258 { -type => 'text/javascript', 5259 -src => '/javascript/utilities10.js' 5260 }, 5261 { -type => 'text/javascript', 5262 -src => '/javascript/utilities11.js' 5263 }, 5264 { -type => 'text/jscript', 5265 -src => '/javascript/utilities12.js' 5266 }, 5267 { -type => 'text/ecmascript', 5268 -src => '/javascript/utilities219.js' 5269 } 5270 ] 5271 ); 5272 5273 The option "-language" is a synonym for -type, and is supported for 5274 backwad compatibility. 5275 5276 The old-style positional parameters are as follows: 5277 5278 =over 4 5279 5280 =item B<Parameters:> 5281 5282 =item 1. 5283 5284 The title 5285 5286 =item 2. 5287 5288 The author's e-mail address (will create a <link rev="MADE"> tag if present 5289 5290 =item 3. 5291 5292 A 'true' flag if you want to include a <base> tag in the header. This 5293 helps resolve relative addresses to absolute ones when the document is moved, 5294 but makes the document hierarchy non-portable. Use with care! 5295 5296 =item 4, 5, 6... 5297 5298 Any other parameters you want to include in the <body> tag. This is a good 5299 place to put Netscape extensions, such as colors and wallpaper patterns. 5300 5301 =back 5302 5303 =head2 ENDING THE HTML DOCUMENT: 5304 5305 print end_html 5306 5307 This ends an HTML document by printing the </body></html> tags. 5308 5309 =head2 CREATING A SELF-REFERENCING URL THAT PRESERVES STATE INFORMATION: 5310 5311 $myself = self_url; 5312 print q(<a href="$myself">I'm talking to myself.</a>); 5313 5314 self_url() will return a URL, that, when selected, will reinvoke 5315 this script with all its state information intact. This is most 5316 useful when you want to jump around within the document using 5317 internal anchors but you don't want to disrupt the current contents 5318 of the form(s). Something like this will do the trick. 5319 5320 $myself = self_url; 5321 print "<a href=\"$myself#table1\">See table 1</a>"; 5322 print "<a href=\"$myself#table2\">See table 2</a>"; 5323 print "<a href=\"$myself#yourself\">See for yourself</a>"; 5324 5325 If you want more control over what's returned, using the B<url()> 5326 method instead. 5327 5328 You can also retrieve the unprocessed query string with query_string(): 5329 5330 $the_string = query_string; 5331 5332 =head2 OBTAINING THE SCRIPT'S URL 5333 5334 $full_url = url(); 5335 $full_url = url(-full=>1); #alternative syntax 5336 $relative_url = url(-relative=>1); 5337 $absolute_url = url(-absolute=>1); 5338 $url_with_path = url(-path_info=>1); 5339 $url_with_path_and_query = url(-path_info=>1,-query=>1); 5340 $netloc = url(-base => 1); 5341 5342 B<url()> returns the script's URL in a variety of formats. Called 5343 without any arguments, it returns the full form of the URL, including 5344 host name and port number 5345 5346 http://your.host.com/path/to/script.cgi 5347 5348 You can modify this format with the following named arguments: 5349 5350 =over 4 5351 5352 =item B<-absolute> 5353 5354 If true, produce an absolute URL, e.g. 5355 5356 /path/to/script.cgi 5357 5358 =item B<-relative> 5359 5360 Produce a relative URL. This is useful if you want to reinvoke your 5361 script with different parameters. For example: 5362 5363 script.cgi 5364 5365 =item B<-full> 5366 5367 Produce the full URL, exactly as if called without any arguments. 5368 This overrides the -relative and -absolute arguments. 5369 5370 =item B<-path> (B<-path_info>) 5371 5372 Append the additional path information to the URL. This can be 5373 combined with B<-full>, B<-absolute> or B<-relative>. B<-path_info> 5374 is provided as a synonym. 5375 5376 =item B<-query> (B<-query_string>) 5377 5378 Append the query string to the URL. This can be combined with 5379 B<-full>, B<-absolute> or B<-relative>. B<-query_string> is provided 5380 as a synonym. 5381 5382 =item B<-base> 5383 5384 Generate just the protocol and net location, as in http://www.foo.com:8000 5385 5386 =item B<-rewrite> 5387 5388 If Apache's mod_rewrite is turned on, then the script name and path 5389 info probably won't match the request that the user sent. Set 5390 -rewrite=>1 (default) to return URLs that match what the user sent 5391 (the original request URI). Set -rewrite->0 to return URLs that match 5392 the URL after mod_rewrite's rules have run. Because the additional 5393 path information only makes sense in the context of the rewritten URL, 5394 -rewrite is set to false when you request path info in the URL. 5395 5396 =back 5397 5398 =head2 MIXING POST AND URL PARAMETERS 5399 5400 $color = url_param('color'); 5401 5402 It is possible for a script to receive CGI parameters in the URL as 5403 well as in the fill-out form by creating a form that POSTs to a URL 5404 containing a query string (a "?" mark followed by arguments). The 5405 B<param()> method will always return the contents of the POSTed 5406 fill-out form, ignoring the URL's query string. To retrieve URL 5407 parameters, call the B<url_param()> method. Use it in the same way as 5408 B<param()>. The main difference is that it allows you to read the 5409 parameters, but not set them. 5410 5411 5412 Under no circumstances will the contents of the URL query string 5413 interfere with similarly-named CGI parameters in POSTed forms. If you 5414 try to mix a URL query string with a form submitted with the GET 5415 method, the results will not be what you expect. 5416 5417 =head1 CREATING STANDARD HTML ELEMENTS: 5418 5419 CGI.pm defines general HTML shortcut methods for most, if not all of 5420 the HTML 3 and HTML 4 tags. HTML shortcuts are named after a single 5421 HTML element and return a fragment of HTML text that you can then 5422 print or manipulate as you like. Each shortcut returns a fragment of 5423 HTML code that you can append to a string, save to a file, or, most 5424 commonly, print out so that it displays in the browser window. 5425 5426 This example shows how to use the HTML methods: 5427 5428 print $q->blockquote( 5429 "Many years ago on the island of", 5430 $q->a({href=>"http://crete.org/"},"Crete"), 5431 "there lived a Minotaur named", 5432 $q->strong("Fred."), 5433 ), 5434 $q->hr; 5435 5436 This results in the following HTML code (extra newlines have been 5437 added for readability): 5438 5439 <blockquote> 5440 Many years ago on the island of 5441 <a href="http://crete.org/">Crete</a> there lived 5442 a minotaur named <strong>Fred.</strong> 5443 </blockquote> 5444 <hr> 5445 5446 If you find the syntax for calling the HTML shortcuts awkward, you can 5447 import them into your namespace and dispense with the object syntax 5448 completely (see the next section for more details): 5449 5450 use CGI ':standard'; 5451 print blockquote( 5452 "Many years ago on the island of", 5453 a({href=>"http://crete.org/"},"Crete"), 5454 "there lived a minotaur named", 5455 strong("Fred."), 5456 ), 5457 hr; 5458 5459 =head2 PROVIDING ARGUMENTS TO HTML SHORTCUTS 5460 5461 The HTML methods will accept zero, one or multiple arguments. If you 5462 provide no arguments, you get a single tag: 5463 5464 print hr; # <hr> 5465 5466 If you provide one or more string arguments, they are concatenated 5467 together with spaces and placed between opening and closing tags: 5468 5469 print h1("Chapter","1"); # <h1>Chapter 1</h1>" 5470 5471 If the first argument is an associative array reference, then the keys 5472 and values of the associative array become the HTML tag's attributes: 5473 5474 print a({-href=>'fred.html',-target=>'_new'}, 5475 "Open a new frame"); 5476 5477 <a href="fred.html",target="_new">Open a new frame</a> 5478 5479 You may dispense with the dashes in front of the attribute names if 5480 you prefer: 5481 5482 print img {src=>'fred.gif',align=>'LEFT'}; 5483 5484 <img align="LEFT" src="fred.gif"> 5485 5486 Sometimes an HTML tag attribute has no argument. For example, ordered 5487 lists can be marked as COMPACT. The syntax for this is an argument that 5488 that points to an undef string: 5489 5490 print ol({compact=>undef},li('one'),li('two'),li('three')); 5491 5492 Prior to CGI.pm version 2.41, providing an empty ('') string as an 5493 attribute argument was the same as providing undef. However, this has 5494 changed in order to accommodate those who want to create tags of the form 5495 <img alt="">. The difference is shown in these two pieces of code: 5496 5497 CODE RESULT 5498 img({alt=>undef}) <img alt> 5499 img({alt=>''}) <img alt=""> 5500 5501 =head2 THE DISTRIBUTIVE PROPERTY OF HTML SHORTCUTS 5502 5503 One of the cool features of the HTML shortcuts is that they are 5504 distributive. If you give them an argument consisting of a 5505 B<reference> to a list, the tag will be distributed across each 5506 element of the list. For example, here's one way to make an ordered 5507 list: 5508 5509 print ul( 5510 li({-type=>'disc'},['Sneezy','Doc','Sleepy','Happy']) 5511 ); 5512 5513 This example will result in HTML output that looks like this: 5514 5515 <ul> 5516 <li type="disc">Sneezy</li> 5517 <li type="disc">Doc</li> 5518 <li type="disc">Sleepy</li> 5519 <li type="disc">Happy</li> 5520 </ul> 5521 5522 This is extremely useful for creating tables. For example: 5523 5524 print table({-border=>undef}, 5525 caption('When Should You Eat Your Vegetables?'), 5526 Tr({-align=>CENTER,-valign=>TOP}, 5527 [ 5528 th(['Vegetable', 'Breakfast','Lunch','Dinner']), 5529 td(['Tomatoes' , 'no', 'yes', 'yes']), 5530 td(['Broccoli' , 'no', 'no', 'yes']), 5531 td(['Onions' , 'yes','yes', 'yes']) 5532 ] 5533 ) 5534 ); 5535 5536 =head2 HTML SHORTCUTS AND LIST INTERPOLATION 5537 5538 Consider this bit of code: 5539 5540 print blockquote(em('Hi'),'mom!')); 5541 5542 It will ordinarily return the string that you probably expect, namely: 5543 5544 <blockquote><em>Hi</em> mom!</blockquote> 5545 5546 Note the space between the element "Hi" and the element "mom!". 5547 CGI.pm puts the extra space there using array interpolation, which is 5548 controlled by the magic $" variable. Sometimes this extra space is 5549 not what you want, for example, when you are trying to align a series 5550 of images. In this case, you can simply change the value of $" to an 5551 empty string. 5552 5553 { 5554 local($") = ''; 5555 print blockquote(em('Hi'),'mom!')); 5556 } 5557 5558 I suggest you put the code in a block as shown here. Otherwise the 5559 change to $" will affect all subsequent code until you explicitly 5560 reset it. 5561 5562 =head2 NON-STANDARD HTML SHORTCUTS 5563 5564 A few HTML tags don't follow the standard pattern for various 5565 reasons. 5566 5567 B<comment()> generates an HTML comment (<!-- comment -->). Call it 5568 like 5569 5570 print comment('here is my comment'); 5571 5572 Because of conflicts with built-in Perl functions, the following functions 5573 begin with initial caps: 5574 5575 Select 5576 Tr 5577 Link 5578 Delete 5579 Accept 5580 Sub 5581 5582 In addition, start_html(), end_html(), start_form(), end_form(), 5583 start_multipart_form() and all the fill-out form tags are special. 5584 See their respective sections. 5585 5586 =head2 AUTOESCAPING HTML 5587 5588 By default, all HTML that is emitted by the form-generating functions 5589 is passed through a function called escapeHTML(): 5590 5591 =over 4 5592 5593 =item $escaped_string = escapeHTML("unescaped string"); 5594 5595 Escape HTML formatting characters in a string. 5596 5597 =back 5598 5599 Provided that you have specified a character set of ISO-8859-1 (the 5600 default), the standard HTML escaping rules will be used. The "<" 5601 character becomes "<", ">" becomes ">", "&" becomes "&", and 5602 the quote character becomes """. In addition, the hexadecimal 5603 0x8b and 0x9b characters, which some browsers incorrectly interpret 5604 as the left and right angle-bracket characters, are replaced by their 5605 numeric character entities ("‹" and "›"). If you manually change 5606 the charset, either by calling the charset() method explicitly or by 5607 passing a -charset argument to header(), then B<all> characters will 5608 be replaced by their numeric entities, since CGI.pm has no lookup 5609 table for all the possible encodings. 5610 5611 The automatic escaping does not apply to other shortcuts, such as 5612 h1(). You should call escapeHTML() yourself on untrusted data in 5613 order to protect your pages against nasty tricks that people may enter 5614 into guestbooks, etc.. To change the character set, use charset(). 5615 To turn autoescaping off completely, use autoEscape(0): 5616 5617 =over 4 5618 5619 =item $charset = charset([$charset]); 5620 5621 Get or set the current character set. 5622 5623 =item $flag = autoEscape([$flag]); 5624 5625 Get or set the value of the autoescape flag. 5626 5627 =back 5628 5629 =head2 PRETTY-PRINTING HTML 5630 5631 By default, all the HTML produced by these functions comes out as one 5632 long line without carriage returns or indentation. This is yuck, but 5633 it does reduce the size of the documents by 10-20%. To get 5634 pretty-printed output, please use L<CGI::Pretty>, a subclass 5635 contributed by Brian Paulsen. 5636 5637 =head1 CREATING FILL-OUT FORMS: 5638 5639 I<General note> The various form-creating methods all return strings 5640 to the caller, containing the tag or tags that will create the requested 5641 form element. You are responsible for actually printing out these strings. 5642 It's set up this way so that you can place formatting tags 5643 around the form elements. 5644 5645 I<Another note> The default values that you specify for the forms are only 5646 used the B<first> time the script is invoked (when there is no query 5647 string). On subsequent invocations of the script (when there is a query 5648 string), the former values are used even if they are blank. 5649 5650 If you want to change the value of a field from its previous value, you have two 5651 choices: 5652 5653 (1) call the param() method to set it. 5654 5655 (2) use the -override (alias -force) parameter (a new feature in version 2.15). 5656 This forces the default value to be used, regardless of the previous value: 5657 5658 print textfield(-name=>'field_name', 5659 -default=>'starting value', 5660 -override=>1, 5661 -size=>50, 5662 -maxlength=>80); 5663 5664 I<Yet another note> By default, the text and labels of form elements are 5665 escaped according to HTML rules. This means that you can safely use 5666 "<CLICK ME>" as the label for a button. However, it also interferes with 5667 your ability to incorporate special HTML character sequences, such as Á, 5668 into your fields. If you wish to turn off automatic escaping, call the 5669 autoEscape() method with a false value immediately after creating the CGI object: 5670 5671 $query = new CGI; 5672 autoEscape(undef); 5673 5674 I<A Lurking Trap!> Some of the form-element generating methods return 5675 multiple tags. In a scalar context, the tags will be concatenated 5676 together with spaces, or whatever is the current value of the $" 5677 global. In a list context, the methods will return a list of 5678 elements, allowing you to modify them if you wish. Usually you will 5679 not notice this behavior, but beware of this: 5680 5681 printf("%s\n",end_form()) 5682 5683 end_form() produces several tags, and only the first of them will be 5684 printed because the format only expects one value. 5685 5686 <p> 5687 5688 5689 =head2 CREATING AN ISINDEX TAG 5690 5691 print isindex(-action=>$action); 5692 5693 -or- 5694 5695 print isindex($action); 5696 5697 Prints out an <isindex> tag. Not very exciting. The parameter 5698 -action specifies the URL of the script to process the query. The 5699 default is to process the query with the current script. 5700 5701 =head2 STARTING AND ENDING A FORM 5702 5703 print start_form(-method=>$method, 5704 -action=>$action, 5705 -enctype=>$encoding); 5706 <... various form stuff ...> 5707 print endform; 5708 5709 -or- 5710 5711 print start_form($method,$action,$encoding); 5712 <... various form stuff ...> 5713 print endform; 5714 5715 start_form() will return a <form> tag with the optional method, 5716 action and form encoding that you specify. The defaults are: 5717 5718 method: POST 5719 action: this script 5720 enctype: application/x-www-form-urlencoded 5721 5722 endform() returns the closing </form> tag. 5723 5724 Start_form()'s enctype argument tells the browser how to package the various 5725 fields of the form before sending the form to the server. Two 5726 values are possible: 5727 5728 B<Note:> This method was previously named startform(), and startform() 5729 is still recognized as an alias. 5730 5731 =over 4 5732 5733 =item B<application/x-www-form-urlencoded> 5734 5735 This is the older type of encoding used by all browsers prior to 5736 Netscape 2.0. It is compatible with many CGI scripts and is 5737 suitable for short fields containing text data. For your 5738 convenience, CGI.pm stores the name of this encoding 5739 type in B<&CGI::URL_ENCODED>. 5740 5741 =item B<multipart/form-data> 5742 5743 This is the newer type of encoding introduced by Netscape 2.0. 5744 It is suitable for forms that contain very large fields or that 5745 are intended for transferring binary data. Most importantly, 5746 it enables the "file upload" feature of Netscape 2.0 forms. For 5747 your convenience, CGI.pm stores the name of this encoding type 5748 in B<&CGI::MULTIPART> 5749 5750 Forms that use this type of encoding are not easily interpreted 5751 by CGI scripts unless they use CGI.pm or another library designed 5752 to handle them. 5753 5754 If XHTML is activated (the default), then forms will be automatically 5755 created using this type of encoding. 5756 5757 =back 5758 5759 For compatibility, the start_form() method uses the older form of 5760 encoding by default. If you want to use the newer form of encoding 5761 by default, you can call B<start_multipart_form()> instead of 5762 B<start_form()>. 5763 5764 JAVASCRIPTING: The B<-name> and B<-onSubmit> parameters are provided 5765 for use with JavaScript. The -name parameter gives the 5766 form a name so that it can be identified and manipulated by 5767 JavaScript functions. -onSubmit should point to a JavaScript 5768 function that will be executed just before the form is submitted to your 5769 server. You can use this opportunity to check the contents of the form 5770 for consistency and completeness. If you find something wrong, you 5771 can put up an alert box or maybe fix things up yourself. You can 5772 abort the submission by returning false from this function. 5773 5774 Usually the bulk of JavaScript functions are defined in a <script> 5775 block in the HTML header and -onSubmit points to one of these function 5776 call. See start_html() for details. 5777 5778 =head2 FORM ELEMENTS 5779 5780 After starting a form, you will typically create one or more 5781 textfields, popup menus, radio groups and other form elements. Each 5782 of these elements takes a standard set of named arguments. Some 5783 elements also have optional arguments. The standard arguments are as 5784 follows: 5785 5786 =over 4 5787 5788 =item B<-name> 5789 5790 The name of the field. After submission this name can be used to 5791 retrieve the field's value using the param() method. 5792 5793 =item B<-value>, B<-values> 5794 5795 The initial value of the field which will be returned to the script 5796 after form submission. Some form elements, such as text fields, take 5797 a single scalar -value argument. Others, such as popup menus, take a 5798 reference to an array of values. The two arguments are synonyms. 5799 5800 =item B<-tabindex> 5801 5802 A numeric value that sets the order in which the form element receives 5803 focus when the user presses the tab key. Elements with lower values 5804 receive focus first. 5805 5806 =item B<-id> 5807 5808 A string identifier that can be used to identify this element to 5809 JavaScript and DHTML. 5810 5811 =item B<-override> 5812 5813 A boolean, which, if true, forces the element to take on the value 5814 specified by B<-value>, overriding the sticky behavior described 5815 earlier for the B<-no_sticky> pragma. 5816 5817 =item B<-onChange>, B<-onFocus>, B<-onBlur>, B<-onMouseOver>, B<-onMouseOut>, B<-onSelect> 5818 5819 These are used to assign JavaScript event handlers. See the 5820 JavaScripting section for more details. 5821 5822 =back 5823 5824 Other common arguments are described in the next section. In addition 5825 to these, all attributes described in the HTML specifications are 5826 supported. 5827 5828 =head2 CREATING A TEXT FIELD 5829 5830 print textfield(-name=>'field_name', 5831 -value=>'starting value', 5832 -size=>50, 5833 -maxlength=>80); 5834 -or- 5835 5836 print textfield('field_name','starting value',50,80); 5837 5838 textfield() will return a text input field. 5839 5840 =over 4 5841 5842 =item B<Parameters> 5843 5844 =item 1. 5845 5846 The first parameter is the required name for the field (-name). 5847 5848 =item 2. 5849 5850 The optional second parameter is the default starting value for the field 5851 contents (-value, formerly known as -default). 5852 5853 =item 3. 5854 5855 The optional third parameter is the size of the field in 5856 characters (-size). 5857 5858 =item 4. 5859 5860 The optional fourth parameter is the maximum number of characters the 5861 field will accept (-maxlength). 5862 5863 =back 5864 5865 As with all these methods, the field will be initialized with its 5866 previous contents from earlier invocations of the script. 5867 When the form is processed, the value of the text field can be 5868 retrieved with: 5869 5870 $value = param('foo'); 5871 5872 If you want to reset it from its initial value after the script has been 5873 called once, you can do so like this: 5874 5875 param('foo',"I'm taking over this value!"); 5876 5877 =head2 CREATING A BIG TEXT FIELD 5878 5879 print textarea(-name=>'foo', 5880 -default=>'starting value', 5881 -rows=>10, 5882 -columns=>50); 5883 5884 -or 5885 5886 print textarea('foo','starting value',10,50); 5887 5888 textarea() is just like textfield, but it allows you to specify 5889 rows and columns for a multiline text entry box. You can provide 5890 a starting value for the field, which can be long and contain 5891 multiple lines. 5892 5893 =head2 CREATING A PASSWORD FIELD 5894 5895 print password_field(-name=>'secret', 5896 -value=>'starting value', 5897 -size=>50, 5898 -maxlength=>80); 5899 -or- 5900 5901 print password_field('secret','starting value',50,80); 5902 5903 password_field() is identical to textfield(), except that its contents 5904 will be starred out on the web page. 5905 5906 =head2 CREATING A FILE UPLOAD FIELD 5907 5908 print filefield(-name=>'uploaded_file', 5909 -default=>'starting value', 5910 -size=>50, 5911 -maxlength=>80); 5912 -or- 5913 5914 print filefield('uploaded_file','starting value',50,80); 5915 5916 filefield() will return a file upload field for Netscape 2.0 browsers. 5917 In order to take full advantage of this I<you must use the new 5918 multipart encoding scheme> for the form. You can do this either 5919 by calling B<start_form()> with an encoding type of B<&CGI::MULTIPART>, 5920 or by calling the new method B<start_multipart_form()> instead of 5921 vanilla B<start_form()>. 5922 5923 =over 4 5924 5925 =item B<Parameters> 5926 5927 =item 1. 5928 5929 The first parameter is the required name for the field (-name). 5930 5931 =item 2. 5932 5933 The optional second parameter is the starting value for the field contents 5934 to be used as the default file name (-default). 5935 5936 For security reasons, browsers don't pay any attention to this field, 5937 and so the starting value will always be blank. Worse, the field 5938 loses its "sticky" behavior and forgets its previous contents. The 5939 starting value field is called for in the HTML specification, however, 5940 and possibly some browser will eventually provide support for it. 5941 5942 =item 3. 5943 5944 The optional third parameter is the size of the field in 5945 characters (-size). 5946 5947 =item 4. 5948 5949 The optional fourth parameter is the maximum number of characters the 5950 field will accept (-maxlength). 5951 5952 =back 5953 5954 When the form is processed, you can retrieve the entered filename 5955 by calling param(): 5956 5957 $filename = param('uploaded_file'); 5958 5959 Different browsers will return slightly different things for the 5960 name. Some browsers return the filename only. Others return the full 5961 path to the file, using the path conventions of the user's machine. 5962 Regardless, the name returned is always the name of the file on the 5963 I<user's> machine, and is unrelated to the name of the temporary file 5964 that CGI.pm creates during upload spooling (see below). 5965 5966 The filename returned is also a file handle. You can read the contents 5967 of the file using standard Perl file reading calls: 5968 5969 # Read a text file and print it out 5970 while (<$filename>) { 5971 print; 5972 } 5973 5974 # Copy a binary file to somewhere safe 5975 open (OUTFILE,">>/usr/local/web/users/feedback"); 5976 while ($bytesread=read($filename,$buffer,1024)) { 5977 print OUTFILE $buffer; 5978 } 5979 5980 However, there are problems with the dual nature of the upload fields. 5981 If you C<use strict>, then Perl will complain when you try to use a 5982 string as a filehandle. You can get around this by placing the file 5983 reading code in a block containing the C<no strict> pragma. More 5984 seriously, it is possible for the remote user to type garbage into the 5985 upload field, in which case what you get from param() is not a 5986 filehandle at all, but a string. 5987 5988 To be safe, use the I<upload()> function (new in version 2.47). When 5989 called with the name of an upload field, I<upload()> returns a 5990 filehandle, or undef if the parameter is not a valid filehandle. 5991 5992 $fh = upload('uploaded_file'); 5993 while (<$fh>) { 5994 print; 5995 } 5996 5997 In an list context, upload() will return an array of filehandles. 5998 This makes it possible to create forms that use the same name for 5999 multiple upload fields. 6000 6001 This is the recommended idiom. 6002 6003 For robust code, consider reseting the file handle position to beginning of the 6004 file. Inside of larger frameworks, other code may have already used the query 6005 object and changed the filehandle postion: 6006 6007 seek($fh,0,0); # reset postion to beginning of file. 6008 6009 When a file is uploaded the browser usually sends along some 6010 information along with it in the format of headers. The information 6011 usually includes the MIME content type. Future browsers may send 6012 other information as well (such as modification date and size). To 6013 retrieve this information, call uploadInfo(). It returns a reference to 6014 an associative array containing all the document headers. 6015 6016 $filename = param('uploaded_file'); 6017 $type = uploadInfo($filename)->{'Content-Type'}; 6018 unless ($type eq 'text/html') { 6019 die "HTML FILES ONLY!"; 6020 } 6021 6022 If you are using a machine that recognizes "text" and "binary" data 6023 modes, be sure to understand when and how to use them (see the Camel book). 6024 Otherwise you may find that binary files are corrupted during file 6025 uploads. 6026 6027 There are occasionally problems involving parsing the uploaded file. 6028 This usually happens when the user presses "Stop" before the upload is 6029 finished. In this case, CGI.pm will return undef for the name of the 6030 uploaded file and set I<cgi_error()> to the string "400 Bad request 6031 (malformed multipart POST)". This error message is designed so that 6032 you can incorporate it into a status code to be sent to the browser. 6033 Example: 6034 6035 $file = upload('uploaded_file'); 6036 if (!$file && cgi_error) { 6037 print header(-status=>cgi_error); 6038 exit 0; 6039 } 6040 6041 You are free to create a custom HTML page to complain about the error, 6042 if you wish. 6043 6044 You can set up a callback that will be called whenever a file upload 6045 is being read during the form processing. This is much like the 6046 UPLOAD_HOOK facility available in Apache::Request, with the exception 6047 that the first argument to the callback is an Apache::Upload object, 6048 here it's the remote filename. 6049 6050 $q = CGI->new(\&hook [,$data [,$use_tempfile]]); 6051 6052 sub hook 6053 { 6054 my ($filename, $buffer, $bytes_read, $data) = @_; 6055 print "Read $bytes_read bytes of $filename\n"; 6056 } 6057 6058 The $data field is optional; it lets you pass configuration 6059 information (e.g. a database handle) to your hook callback. 6060 6061 The $use_tempfile field is a flag that lets you turn on and off 6062 CGI.pm's use of a temporary disk-based file during file upload. If you 6063 set this to a FALSE value (default true) then param('uploaded_file') 6064 will no longer work, and the only way to get at the uploaded data is 6065 via the hook you provide. 6066 6067 If using the function-oriented interface, call the CGI::upload_hook() 6068 method before calling param() or any other CGI functions: 6069 6070 CGI::upload_hook(\&hook [,$data [,$use_tempfile]]); 6071 6072 This method is not exported by default. You will have to import it 6073 explicitly if you wish to use it without the CGI:: prefix. 6074 6075 If you are using CGI.pm on a Windows platform and find that binary 6076 files get slightly larger when uploaded but that text files remain the 6077 same, then you have forgotten to activate binary mode on the output 6078 filehandle. Be sure to call binmode() on any handle that you create 6079 to write the uploaded file to disk. 6080 6081 JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur>, 6082 B<-onMouseOver>, B<-onMouseOut> and B<-onSelect> parameters are 6083 recognized. See textfield() for details. 6084 6085 =head2 CREATING A POPUP MENU 6086 6087 print popup_menu('menu_name', 6088 ['eenie','meenie','minie'], 6089 'meenie'); 6090 6091 -or- 6092 6093 %labels = ('eenie'=>'your first choice', 6094 'meenie'=>'your second choice', 6095 'minie'=>'your third choice'); 6096 %attributes = ('eenie'=>{'class'=>'class of first choice'}); 6097 print popup_menu('menu_name', 6098 ['eenie','meenie','minie'], 6099 'meenie',\%labels,\%attributes); 6100 6101 -or (named parameter style)- 6102 6103 print popup_menu(-name=>'menu_name', 6104 -values=>['eenie','meenie','minie'], 6105 -default=>'meenie', 6106 -labels=>\%labels, 6107 -attributes=>\%attributes); 6108 6109 popup_menu() creates a menu. 6110 6111 =over 4 6112 6113 =item 1. 6114 6115 The required first argument is the menu's name (-name). 6116 6117 =item 2. 6118 6119 The required second argument (-values) is an array B<reference> 6120 containing the list of menu items in the menu. You can pass the 6121 method an anonymous array, as shown in the example, or a reference to 6122 a named array, such as "\@foo". 6123 6124 =item 3. 6125 6126 The optional third parameter (-default) is the name of the default 6127 menu choice. If not specified, the first item will be the default. 6128 The values of the previous choice will be maintained across queries. 6129 6130 =item 4. 6131 6132 The optional fourth parameter (-labels) is provided for people who 6133 want to use different values for the user-visible label inside the 6134 popup menu and the value returned to your script. It's a pointer to an 6135 associative array relating menu values to user-visible labels. If you 6136 leave this parameter blank, the menu values will be displayed by 6137 default. (You can also leave a label undefined if you want to). 6138 6139 =item 5. 6140 6141 The optional fifth parameter (-attributes) is provided to assign 6142 any of the common HTML attributes to an individual menu item. It's 6143 a pointer to an associative array relating menu values to another 6144 associative array with the attribute's name as the key and the 6145 attribute's value as the value. 6146 6147 =back 6148 6149 When the form is processed, the selected value of the popup menu can 6150 be retrieved using: 6151 6152 $popup_menu_value = param('menu_name'); 6153 6154 =head2 CREATING AN OPTION GROUP 6155 6156 Named parameter style 6157 6158 print popup_menu(-name=>'menu_name', 6159 -values=>[qw/eenie meenie minie/, 6160 optgroup(-name=>'optgroup_name', 6161 -values => ['moe','catch'], 6162 -attributes=>{'catch'=>{'class'=>'red'}})], 6163 -labels=>{'eenie'=>'one', 6164 'meenie'=>'two', 6165 'minie'=>'three'}, 6166 -default=>'meenie'); 6167 6168 Old style 6169 print popup_menu('menu_name', 6170 ['eenie','meenie','minie', 6171 optgroup('optgroup_name', ['moe', 'catch'], 6172 {'catch'=>{'class'=>'red'}})],'meenie', 6173 {'eenie'=>'one','meenie'=>'two','minie'=>'three'}); 6174 6175 optgroup() creates an option group within a popup menu. 6176 6177 =over 4 6178 6179 =item 1. 6180 6181 The required first argument (B<-name>) is the label attribute of the 6182 optgroup and is B<not> inserted in the parameter list of the query. 6183 6184 =item 2. 6185 6186 The required second argument (B<-values>) is an array reference 6187 containing the list of menu items in the menu. You can pass the 6188 method an anonymous array, as shown in the example, or a reference 6189 to a named array, such as \@foo. If you pass a HASH reference, 6190 the keys will be used for the menu values, and the values will be 6191 used for the menu labels (see -labels below). 6192 6193 =item 3. 6194 6195 The optional third parameter (B<-labels>) allows you to pass a reference 6196 to an associative array containing user-visible labels for one or more 6197 of the menu items. You can use this when you want the user to see one 6198 menu string, but have the browser return your program a different one. 6199 If you don't specify this, the value string will be used instead 6200 ("eenie", "meenie" and "minie" in this example). This is equivalent 6201 to using a hash reference for the -values parameter. 6202 6203 =item 4. 6204 6205 An optional fourth parameter (B<-labeled>) can be set to a true value 6206 and indicates that the values should be used as the label attribute 6207 for each option element within the optgroup. 6208 6209 =item 5. 6210 6211 An optional fifth parameter (-novals) can be set to a true value and 6212 indicates to suppress the val attribute in each option element within 6213 the optgroup. 6214 6215 See the discussion on optgroup at W3C 6216 (http://www.w3.org/TR/REC-html40/interact/forms.html#edef-OPTGROUP) 6217 for details. 6218 6219 =item 6. 6220 6221 An optional sixth parameter (-attributes) is provided to assign 6222 any of the common HTML attributes to an individual menu item. It's 6223 a pointer to an associative array relating menu values to another 6224 associative array with the attribute's name as the key and the 6225 attribute's value as the value. 6226 6227 =back 6228 6229 =head2 CREATING A SCROLLING LIST 6230 6231 print scrolling_list('list_name', 6232 ['eenie','meenie','minie','moe'], 6233 ['eenie','moe'],5,'true',{'moe'=>{'class'=>'red'}}); 6234 -or- 6235 6236 print scrolling_list('list_name', 6237 ['eenie','meenie','minie','moe'], 6238 ['eenie','moe'],5,'true', 6239 \%labels,%attributes); 6240 6241 -or- 6242 6243 print scrolling_list(-name=>'list_name', 6244 -values=>['eenie','meenie','minie','moe'], 6245 -default=>['eenie','moe'], 6246 -size=>5, 6247 -multiple=>'true', 6248 -labels=>\%labels, 6249 -attributes=>\%attributes); 6250 6251 scrolling_list() creates a scrolling list. 6252 6253 =over 4 6254 6255 =item B<Parameters:> 6256 6257 =item 1. 6258 6259 The first and second arguments are the list name (-name) and values 6260 (-values). As in the popup menu, the second argument should be an 6261 array reference. 6262 6263 =item 2. 6264 6265 The optional third argument (-default) can be either a reference to a 6266 list containing the values to be selected by default, or can be a 6267 single value to select. If this argument is missing or undefined, 6268 then nothing is selected when the list first appears. In the named 6269 parameter version, you can use the synonym "-defaults" for this 6270 parameter. 6271 6272 =item 3. 6273 6274 The optional fourth argument is the size of the list (-size). 6275 6276 =item 4. 6277 6278 The optional fifth argument can be set to true to allow multiple 6279 simultaneous selections (-multiple). Otherwise only one selection 6280 will be allowed at a time. 6281 6282 =item 5. 6283 6284 The optional sixth argument is a pointer to an associative array 6285 containing long user-visible labels for the list items (-labels). 6286 If not provided, the values will be displayed. 6287 6288 =item 6. 6289 6290 The optional sixth parameter (-attributes) is provided to assign 6291 any of the common HTML attributes to an individual menu item. It's 6292 a pointer to an associative array relating menu values to another 6293 associative array with the attribute's name as the key and the 6294 attribute's value as the value. 6295 6296 When this form is processed, all selected list items will be returned as 6297 a list under the parameter name 'list_name'. The values of the 6298 selected items can be retrieved with: 6299 6300 @selected = param('list_name'); 6301 6302 =back 6303 6304 =head2 CREATING A GROUP OF RELATED CHECKBOXES 6305 6306 print checkbox_group(-name=>'group_name', 6307 -values=>['eenie','meenie','minie','moe'], 6308 -default=>['eenie','moe'], 6309 -linebreak=>'true', 6310 -disabled => ['moe'], 6311 -labels=>\%labels, 6312 -attributes=>\%attributes); 6313 6314 print checkbox_group('group_name', 6315 ['eenie','meenie','minie','moe'], 6316 ['eenie','moe'],'true',\%labels, 6317 {'moe'=>{'class'=>'red'}}); 6318 6319 HTML3-COMPATIBLE BROWSERS ONLY: 6320 6321 print checkbox_group(-name=>'group_name', 6322 -values=>['eenie','meenie','minie','moe'], 6323 -rows=2,-columns=>2); 6324 6325 6326 checkbox_group() creates a list of checkboxes that are related 6327 by the same name. 6328 6329 =over 4 6330 6331 =item B<Parameters:> 6332 6333 =item 1. 6334 6335 The first and second arguments are the checkbox name and values, 6336 respectively (-name and -values). As in the popup menu, the second 6337 argument should be an array reference. These values are used for the 6338 user-readable labels printed next to the checkboxes as well as for the 6339 values passed to your script in the query string. 6340 6341 =item 2. 6342 6343 The optional third argument (-default) can be either a reference to a 6344 list containing the values to be checked by default, or can be a 6345 single value to checked. If this argument is missing or undefined, 6346 then nothing is selected when the list first appears. 6347 6348 =item 3. 6349 6350 The optional fourth argument (-linebreak) can be set to true to place 6351 line breaks between the checkboxes so that they appear as a vertical 6352 list. Otherwise, they will be strung together on a horizontal line. 6353 6354 =back 6355 6356 6357 The optional b<-labels> argument is a pointer to an associative array 6358 relating the checkbox values to the user-visible labels that will be 6359 printed next to them. If not provided, the values will be used as the 6360 default. 6361 6362 6363 The optional parameters B<-rows>, and B<-columns> cause 6364 checkbox_group() to return an HTML3 compatible table containing the 6365 checkbox group formatted with the specified number of rows and 6366 columns. You can provide just the -columns parameter if you wish; 6367 checkbox_group will calculate the correct number of rows for you. 6368 6369 The option b<-disabled> takes an array of checkbox values and disables 6370 them by greying them out (this may not be supported by all browsers). 6371 6372 The optional B<-attributes> argument is provided to assign any of the 6373 common HTML attributes to an individual menu item. It's a pointer to 6374 an associative array relating menu values to another associative array 6375 with the attribute's name as the key and the attribute's value as the 6376 value. 6377 6378 The optional B<-tabindex> argument can be used to control the order in which 6379 radio buttons receive focus when the user presses the tab button. If 6380 passed a scalar numeric value, the first element in the group will 6381 receive this tab index and subsequent elements will be incremented by 6382 one. If given a reference to an array of radio button values, then 6383 the indexes will be jiggered so that the order specified in the array 6384 will correspond to the tab order. You can also pass a reference to a 6385 hash in which the hash keys are the radio button values and the values 6386 are the tab indexes of each button. Examples: 6387 6388 -tabindex => 100 # this group starts at index 100 and counts up 6389 -tabindex => ['moe','minie','eenie','meenie'] # tab in this order 6390 -tabindex => {meenie=>100,moe=>101,minie=>102,eenie=>200} # tab in this order 6391 6392 When the form is processed, all checked boxes will be returned as 6393 a list under the parameter name 'group_name'. The values of the 6394 "on" checkboxes can be retrieved with: 6395 6396 @turned_on = param('group_name'); 6397 6398 The value returned by checkbox_group() is actually an array of button 6399 elements. You can capture them and use them within tables, lists, 6400 or in other creative ways: 6401 6402 @h = checkbox_group(-name=>'group_name',-values=>\@values); 6403 &use_in_creative_way(@h); 6404 6405 =head2 CREATING A STANDALONE CHECKBOX 6406 6407 print checkbox(-name=>'checkbox_name', 6408 -checked=>1, 6409 -value=>'ON', 6410 -label=>'CLICK ME'); 6411 6412 -or- 6413 6414 print checkbox('checkbox_name','checked','ON','CLICK ME'); 6415 6416 checkbox() is used to create an isolated checkbox that isn't logically 6417 related to any others. 6418 6419 =over 4 6420 6421 =item B<Parameters:> 6422 6423 =item 1. 6424 6425 The first parameter is the required name for the checkbox (-name). It 6426 will also be used for the user-readable label printed next to the 6427 checkbox. 6428 6429 =item 2. 6430 6431 The optional second parameter (-checked) specifies that the checkbox 6432 is turned on by default. Synonyms are -selected and -on. 6433 6434 =item 3. 6435 6436 The optional third parameter (-value) specifies the value of the 6437 checkbox when it is checked. If not provided, the word "on" is 6438 assumed. 6439 6440 =item 4. 6441 6442 The optional fourth parameter (-label) is the user-readable label to 6443 be attached to the checkbox. If not provided, the checkbox name is 6444 used. 6445 6446 =back 6447 6448 The value of the checkbox can be retrieved using: 6449 6450 $turned_on = param('checkbox_name'); 6451 6452 =head2 CREATING A RADIO BUTTON GROUP 6453 6454 print radio_group(-name=>'group_name', 6455 -values=>['eenie','meenie','minie'], 6456 -default=>'meenie', 6457 -linebreak=>'true', 6458 -labels=>\%labels, 6459 -attributes=>\%attributes); 6460 6461 -or- 6462 6463 print radio_group('group_name',['eenie','meenie','minie'], 6464 'meenie','true',\%labels,\%attributes); 6465 6466 6467 HTML3-COMPATIBLE BROWSERS ONLY: 6468 6469 print radio_group(-name=>'group_name', 6470 -values=>['eenie','meenie','minie','moe'], 6471 -rows=2,-columns=>2); 6472 6473 radio_group() creates a set of logically-related radio buttons 6474 (turning one member of the group on turns the others off) 6475 6476 =over 4 6477 6478 =item B<Parameters:> 6479 6480 =item 1. 6481 6482 The first argument is the name of the group and is required (-name). 6483 6484 =item 2. 6485 6486 The second argument (-values) is the list of values for the radio 6487 buttons. The values and the labels that appear on the page are 6488 identical. Pass an array I<reference> in the second argument, either 6489 using an anonymous array, as shown, or by referencing a named array as 6490 in "\@foo". 6491 6492 =item 3. 6493 6494 The optional third parameter (-default) is the name of the default 6495 button to turn on. If not specified, the first item will be the 6496 default. You can provide a nonexistent button name, such as "-" to 6497 start up with no buttons selected. 6498 6499 =item 4. 6500 6501 The optional fourth parameter (-linebreak) can be set to 'true' to put 6502 line breaks between the buttons, creating a vertical list. 6503 6504 =item 5. 6505 6506 The optional fifth parameter (-labels) is a pointer to an associative 6507 array relating the radio button values to user-visible labels to be 6508 used in the display. If not provided, the values themselves are 6509 displayed. 6510 6511 =back 6512 6513 6514 All modern browsers can take advantage of the optional parameters 6515 B<-rows>, and B<-columns>. These parameters cause radio_group() to 6516 return an HTML3 compatible table containing the radio group formatted 6517 with the specified number of rows and columns. You can provide just 6518 the -columns parameter if you wish; radio_group will calculate the 6519 correct number of rows for you. 6520 6521 To include row and column headings in the returned table, you 6522 can use the B<-rowheaders> and B<-colheaders> parameters. Both 6523 of these accept a pointer to an array of headings to use. 6524 The headings are just decorative. They don't reorganize the 6525 interpretation of the radio buttons -- they're still a single named 6526 unit. 6527 6528 The optional B<-tabindex> argument can be used to control the order in which 6529 radio buttons receive focus when the user presses the tab button. If 6530 passed a scalar numeric value, the first element in the group will 6531 receive this tab index and subsequent elements will be incremented by 6532 one. If given a reference to an array of radio button values, then 6533 the indexes will be jiggered so that the order specified in the array 6534 will correspond to the tab order. You can also pass a reference to a 6535 hash in which the hash keys are the radio button values and the values 6536 are the tab indexes of each button. Examples: 6537 6538 -tabindex => 100 # this group starts at index 100 and counts up 6539 -tabindex => ['moe','minie','eenie','meenie'] # tab in this order 6540 -tabindex => {meenie=>100,moe=>101,minie=>102,eenie=>200} # tab in this order 6541 6542 6543 The optional B<-attributes> argument is provided to assign any of the 6544 common HTML attributes to an individual menu item. It's a pointer to 6545 an associative array relating menu values to another associative array 6546 with the attribute's name as the key and the attribute's value as the 6547 value. 6548 6549 When the form is processed, the selected radio button can 6550 be retrieved using: 6551 6552 $which_radio_button = param('group_name'); 6553 6554 The value returned by radio_group() is actually an array of button 6555 elements. You can capture them and use them within tables, lists, 6556 or in other creative ways: 6557 6558 @h = radio_group(-name=>'group_name',-values=>\@values); 6559 &use_in_creative_way(@h); 6560 6561 =head2 CREATING A SUBMIT BUTTON 6562 6563 print submit(-name=>'button_name', 6564 -value=>'value'); 6565 6566 -or- 6567 6568 print submit('button_name','value'); 6569 6570 submit() will create the query submission button. Every form 6571 should have one of these. 6572 6573 =over 4 6574 6575 =item B<Parameters:> 6576 6577 =item 1. 6578 6579 The first argument (-name) is optional. You can give the button a 6580 name if you have several submission buttons in your form and you want 6581 to distinguish between them. 6582 6583 =item 2. 6584 6585 The second argument (-value) is also optional. This gives the button 6586 a value that will be passed to your script in the query string. The 6587 name will also be used as the user-visible label. 6588 6589 =item 3. 6590 6591 You can use -label as an alias for -value. I always get confused 6592 about which of -name and -value changes the user-visible label on the 6593 button. 6594 6595 =back 6596 6597 You can figure out which button was pressed by using different 6598 values for each one: 6599 6600 $which_one = param('button_name'); 6601 6602 =head2 CREATING A RESET BUTTON 6603 6604 print reset 6605 6606 reset() creates the "reset" button. Note that it restores the 6607 form to its value from the last time the script was called, 6608 NOT necessarily to the defaults. 6609 6610 Note that this conflicts with the Perl reset() built-in. Use 6611 CORE::reset() to get the original reset function. 6612 6613 =head2 CREATING A DEFAULT BUTTON 6614 6615 print defaults('button_label') 6616 6617 defaults() creates a button that, when invoked, will cause the 6618 form to be completely reset to its defaults, wiping out all the 6619 changes the user ever made. 6620 6621 =head2 CREATING A HIDDEN FIELD 6622 6623 print hidden(-name=>'hidden_name', 6624 -default=>['value1','value2'...]); 6625 6626 -or- 6627 6628 print hidden('hidden_name','value1','value2'...); 6629 6630 hidden() produces a text field that can't be seen by the user. It 6631 is useful for passing state variable information from one invocation 6632 of the script to the next. 6633 6634 =over 4 6635 6636 =item B<Parameters:> 6637 6638 =item 1. 6639 6640 The first argument is required and specifies the name of this 6641 field (-name). 6642 6643 =item 2. 6644 6645 The second argument is also required and specifies its value 6646 (-default). In the named parameter style of calling, you can provide 6647 a single value here or a reference to a whole list 6648 6649 =back 6650 6651 Fetch the value of a hidden field this way: 6652 6653 $hidden_value = param('hidden_name'); 6654 6655 Note, that just like all the other form elements, the value of a 6656 hidden field is "sticky". If you want to replace a hidden field with 6657 some other values after the script has been called once you'll have to 6658 do it manually: 6659 6660 param('hidden_name','new','values','here'); 6661 6662 =head2 CREATING A CLICKABLE IMAGE BUTTON 6663 6664 print image_button(-name=>'button_name', 6665 -src=>'/source/URL', 6666 -align=>'MIDDLE'); 6667 6668 -or- 6669 6670 print image_button('button_name','/source/URL','MIDDLE'); 6671 6672 image_button() produces a clickable image. When it's clicked on the 6673 position of the click is returned to your script as "button_name.x" 6674 and "button_name.y", where "button_name" is the name you've assigned 6675 to it. 6676 6677 =over 4 6678 6679 =item B<Parameters:> 6680 6681 =item 1. 6682 6683 The first argument (-name) is required and specifies the name of this 6684 field. 6685 6686 =item 2. 6687 6688 The second argument (-src) is also required and specifies the URL 6689 6690 =item 3. 6691 The third option (-align, optional) is an alignment type, and may be 6692 TOP, BOTTOM or MIDDLE 6693 6694 =back 6695 6696 Fetch the value of the button this way: 6697 $x = param('button_name.x'); 6698 $y = param('button_name.y'); 6699 6700 =head2 CREATING A JAVASCRIPT ACTION BUTTON 6701 6702 print button(-name=>'button_name', 6703 -value=>'user visible label', 6704 -onClick=>"do_something()"); 6705 6706 -or- 6707 6708 print button('button_name',"do_something()"); 6709 6710 button() produces a button that is compatible with Netscape 2.0's 6711 JavaScript. When it's pressed the fragment of JavaScript code 6712 pointed to by the B<-onClick> parameter will be executed. On 6713 non-Netscape browsers this form element will probably not even 6714 display. 6715 6716 =head1 HTTP COOKIES 6717 6718 Netscape browsers versions 1.1 and higher, and all versions of 6719 Internet Explorer, support a so-called "cookie" designed to help 6720 maintain state within a browser session. CGI.pm has several methods 6721 that support cookies. 6722 6723 A cookie is a name=value pair much like the named parameters in a CGI 6724 query string. CGI scripts create one or more cookies and send 6725 them to the browser in the HTTP header. The browser maintains a list 6726 of cookies that belong to a particular Web server, and returns them 6727 to the CGI script during subsequent interactions. 6728 6729 In addition to the required name=value pair, each cookie has several 6730 optional attributes: 6731 6732 =over 4 6733 6734 =item 1. an expiration time 6735 6736 This is a time/date string (in a special GMT format) that indicates 6737 when a cookie expires. The cookie will be saved and returned to your 6738 script until this expiration date is reached if the user exits 6739 the browser and restarts it. If an expiration date isn't specified, the cookie 6740 will remain active until the user quits the browser. 6741 6742 =item 2. a domain 6743 6744 This is a partial or complete domain name for which the cookie is 6745 valid. The browser will return the cookie to any host that matches 6746 the partial domain name. For example, if you specify a domain name 6747 of ".capricorn.com", then the browser will return the cookie to 6748 Web servers running on any of the machines "www.capricorn.com", 6749 "www2.capricorn.com", "feckless.capricorn.com", etc. Domain names 6750 must contain at least two periods to prevent attempts to match 6751 on top level domains like ".edu". If no domain is specified, then 6752 the browser will only return the cookie to servers on the host the 6753 cookie originated from. 6754 6755 =item 3. a path 6756 6757 If you provide a cookie path attribute, the browser will check it 6758 against your script's URL before returning the cookie. For example, 6759 if you specify the path "/cgi-bin", then the cookie will be returned 6760 to each of the scripts "/cgi-bin/tally.pl", "/cgi-bin/order.pl", 6761 and "/cgi-bin/customer_service/complain.pl", but not to the script 6762 "/cgi-private/site_admin.pl". By default, path is set to "/", which 6763 causes the cookie to be sent to any CGI script on your site. 6764 6765 =item 4. a "secure" flag 6766 6767 If the "secure" attribute is set, the cookie will only be sent to your 6768 script if the CGI request is occurring on a secure channel, such as SSL. 6769 6770 =back 6771 6772 The interface to HTTP cookies is the B<cookie()> method: 6773 6774 $cookie = cookie(-name=>'sessionID', 6775 -value=>'xyzzy', 6776 -expires=>'+1h', 6777 -path=>'/cgi-bin/database', 6778 -domain=>'.capricorn.org', 6779 -secure=>1); 6780 print header(-cookie=>$cookie); 6781 6782 B<cookie()> creates a new cookie. Its parameters include: 6783 6784 =over 4 6785 6786 =item B<-name> 6787 6788 The name of the cookie (required). This can be any string at all. 6789 Although browsers limit their cookie names to non-whitespace 6790 alphanumeric characters, CGI.pm removes this restriction by escaping 6791 and unescaping cookies behind the scenes. 6792 6793 =item B<-value> 6794 6795 The value of the cookie. This can be any scalar value, 6796 array reference, or even associative array reference. For example, 6797 you can store an entire associative array into a cookie this way: 6798 6799 $cookie=cookie(-name=>'family information', 6800 -value=>\%childrens_ages); 6801 6802 =item B<-path> 6803 6804 The optional partial path for which this cookie will be valid, as described 6805 above. 6806 6807 =item B<-domain> 6808 6809 The optional partial domain for which this cookie will be valid, as described 6810 above. 6811 6812 =item B<-expires> 6813 6814 The optional expiration date for this cookie. The format is as described 6815 in the section on the B<header()> method: 6816 6817 "+1h" one hour from now 6818 6819 =item B<-secure> 6820 6821 If set to true, this cookie will only be used within a secure 6822 SSL session. 6823 6824 =back 6825 6826 The cookie created by cookie() must be incorporated into the HTTP 6827 header within the string returned by the header() method: 6828 6829 use CGI ':standard'; 6830 print header(-cookie=>$my_cookie); 6831 6832 To create multiple cookies, give header() an array reference: 6833 6834 $cookie1 = cookie(-name=>'riddle_name', 6835 -value=>"The Sphynx's Question"); 6836 $cookie2 = cookie(-name=>'answers', 6837 -value=>\%answers); 6838 print header(-cookie=>[$cookie1,$cookie2]); 6839 6840 To retrieve a cookie, request it by name by calling cookie() method 6841 without the B<-value> parameter. This example uses the object-oriented 6842 form: 6843 6844 use CGI; 6845 $query = new CGI; 6846 $riddle = $query->cookie('riddle_name'); 6847 %answers = $query->cookie('answers'); 6848 6849 Cookies created with a single scalar value, such as the "riddle_name" 6850 cookie, will be returned in that form. Cookies with array and hash 6851 values can also be retrieved. 6852 6853 The cookie and CGI namespaces are separate. If you have a parameter 6854 named 'answers' and a cookie named 'answers', the values retrieved by 6855 param() and cookie() are independent of each other. However, it's 6856 simple to turn a CGI parameter into a cookie, and vice-versa: 6857 6858 # turn a CGI parameter into a cookie 6859 $c=cookie(-name=>'answers',-value=>[param('answers')]); 6860 # vice-versa 6861 param(-name=>'answers',-value=>[cookie('answers')]); 6862 6863 If you call cookie() without any parameters, it will return a list of 6864 the names of all cookies passed to your script: 6865 6866 @cookies = cookie(); 6867 6868 See the B<cookie.cgi> example script for some ideas on how to use 6869 cookies effectively. 6870 6871 =head1 WORKING WITH FRAMES 6872 6873 It's possible for CGI.pm scripts to write into several browser panels 6874 and windows using the HTML 4 frame mechanism. There are three 6875 techniques for defining new frames programmatically: 6876 6877 =over 4 6878 6879 =item 1. Create a <Frameset> document 6880 6881 After writing out the HTTP header, instead of creating a standard 6882 HTML document using the start_html() call, create a <frameset> 6883 document that defines the frames on the page. Specify your script(s) 6884 (with appropriate parameters) as the SRC for each of the frames. 6885 6886 There is no specific support for creating <frameset> sections 6887 in CGI.pm, but the HTML is very simple to write. See the frame 6888 documentation in Netscape's home pages for details 6889 6890 http://wp.netscape.com/assist/net_sites/frames.html 6891 6892 =item 2. Specify the destination for the document in the HTTP header 6893 6894 You may provide a B<-target> parameter to the header() method: 6895 6896 print header(-target=>'ResultsWindow'); 6897 6898 This will tell the browser to load the output of your script into the 6899 frame named "ResultsWindow". If a frame of that name doesn't already 6900 exist, the browser will pop up a new window and load your script's 6901 document into that. There are a number of magic names that you can 6902 use for targets. See the frame documents on Netscape's home pages for 6903 details. 6904 6905 =item 3. Specify the destination for the document in the <form> tag 6906 6907 You can specify the frame to load in the FORM tag itself. With 6908 CGI.pm it looks like this: 6909 6910 print start_form(-target=>'ResultsWindow'); 6911 6912 When your script is reinvoked by the form, its output will be loaded 6913 into the frame named "ResultsWindow". If one doesn't already exist 6914 a new window will be created. 6915 6916 =back 6917 6918 The script "frameset.cgi" in the examples directory shows one way to 6919 create pages in which the fill-out form and the response live in 6920 side-by-side frames. 6921 6922 =head1 SUPPORT FOR JAVASCRIPT 6923 6924 Netscape versions 2.0 and higher incorporate an interpreted language 6925 called JavaScript. Internet Explorer, 3.0 and higher, supports a 6926 closely-related dialect called JScript. JavaScript isn't the same as 6927 Java, and certainly isn't at all the same as Perl, which is a great 6928 pity. JavaScript allows you to programmatically change the contents of 6929 fill-out forms, create new windows, and pop up dialog box from within 6930 Netscape itself. From the point of view of CGI scripting, JavaScript 6931 is quite useful for validating fill-out forms prior to submitting 6932 them. 6933 6934 You'll need to know JavaScript in order to use it. There are many good 6935 sources in bookstores and on the web. 6936 6937 The usual way to use JavaScript is to define a set of functions in a 6938 <SCRIPT> block inside the HTML header and then to register event 6939 handlers in the various elements of the page. Events include such 6940 things as the mouse passing over a form element, a button being 6941 clicked, the contents of a text field changing, or a form being 6942 submitted. When an event occurs that involves an element that has 6943 registered an event handler, its associated JavaScript code gets 6944 called. 6945 6946 The elements that can register event handlers include the <BODY> of an 6947 HTML document, hypertext links, all the various elements of a fill-out 6948 form, and the form itself. There are a large number of events, and 6949 each applies only to the elements for which it is relevant. Here is a 6950 partial list: 6951 6952 =over 4 6953 6954 =item B<onLoad> 6955 6956 The browser is loading the current document. Valid in: 6957 6958 + The HTML <BODY> section only. 6959 6960 =item B<onUnload> 6961 6962 The browser is closing the current page or frame. Valid for: 6963 6964 + The HTML <BODY> section only. 6965 6966 =item B<onSubmit> 6967 6968 The user has pressed the submit button of a form. This event happens 6969 just before the form is submitted, and your function can return a 6970 value of false in order to abort the submission. Valid for: 6971 6972 + Forms only. 6973 6974 =item B<onClick> 6975 6976 The mouse has clicked on an item in a fill-out form. Valid for: 6977 6978 + Buttons (including submit, reset, and image buttons) 6979 + Checkboxes 6980 + Radio buttons 6981 6982 =item B<onChange> 6983 6984 The user has changed the contents of a field. Valid for: 6985 6986 + Text fields 6987 + Text areas 6988 + Password fields 6989 + File fields 6990 + Popup Menus 6991 + Scrolling lists 6992 6993 =item B<onFocus> 6994 6995 The user has selected a field to work with. Valid for: 6996 6997 + Text fields 6998 + Text areas 6999 + Password fields 7000 + File fields 7001 + Popup Menus 7002 + Scrolling lists 7003 7004 =item B<onBlur> 7005 7006 The user has deselected a field (gone to work somewhere else). Valid 7007 for: 7008 7009 + Text fields 7010 + Text areas 7011 + Password fields 7012 + File fields 7013 + Popup Menus 7014 + Scrolling lists 7015 7016 =item B<onSelect> 7017 7018 The user has changed the part of a text field that is selected. Valid 7019 for: 7020 7021 + Text fields 7022 + Text areas 7023 + Password fields 7024 + File fields 7025 7026 =item B<onMouseOver> 7027 7028 The mouse has moved over an element. 7029 7030 + Text fields 7031 + Text areas 7032 + Password fields 7033 + File fields 7034 + Popup Menus 7035 + Scrolling lists 7036 7037 =item B<onMouseOut> 7038 7039 The mouse has moved off an element. 7040 7041 + Text fields 7042 + Text areas 7043 + Password fields 7044 + File fields 7045 + Popup Menus 7046 + Scrolling lists 7047 7048 =back 7049 7050 In order to register a JavaScript event handler with an HTML element, 7051 just use the event name as a parameter when you call the corresponding 7052 CGI method. For example, to have your validateAge() JavaScript code 7053 executed every time the textfield named "age" changes, generate the 7054 field like this: 7055 7056 print textfield(-name=>'age',-onChange=>"validateAge(this)"); 7057 7058 This example assumes that you've already declared the validateAge() 7059 function by incorporating it into a <SCRIPT> block. The CGI.pm 7060 start_html() method provides a convenient way to create this section. 7061 7062 Similarly, you can create a form that checks itself over for 7063 consistency and alerts the user if some essential value is missing by 7064 creating it this way: 7065 print startform(-onSubmit=>"validateMe(this)"); 7066 7067 See the javascript.cgi script for a demonstration of how this all 7068 works. 7069 7070 7071 =head1 LIMITED SUPPORT FOR CASCADING STYLE SHEETS 7072 7073 CGI.pm has limited support for HTML3's cascading style sheets (css). 7074 To incorporate a stylesheet into your document, pass the 7075 start_html() method a B<-style> parameter. The value of this 7076 parameter may be a scalar, in which case it is treated as the source 7077 URL for the stylesheet, or it may be a hash reference. In the latter 7078 case you should provide the hash with one or more of B<-src> or 7079 B<-code>. B<-src> points to a URL where an externally-defined 7080 stylesheet can be found. B<-code> points to a scalar value to be 7081 incorporated into a <style> section. Style definitions in B<-code> 7082 override similarly-named ones in B<-src>, hence the name "cascading." 7083 7084 You may also specify the type of the stylesheet by adding the optional 7085 B<-type> parameter to the hash pointed to by B<-style>. If not 7086 specified, the style defaults to 'text/css'. 7087 7088 To refer to a style within the body of your document, add the 7089 B<-class> parameter to any HTML element: 7090 7091 print h1({-class=>'Fancy'},'Welcome to the Party'); 7092 7093 Or define styles on the fly with the B<-style> parameter: 7094 7095 print h1({-style=>'Color: red;'},'Welcome to Hell'); 7096 7097 You may also use the new B<span()> element to apply a style to a 7098 section of text: 7099 7100 print span({-style=>'Color: red;'}, 7101 h1('Welcome to Hell'), 7102 "Where did that handbasket get to?" 7103 ); 7104 7105 Note that you must import the ":html3" definitions to have the 7106 B<span()> method available. Here's a quick and dirty example of using 7107 CSS's. See the CSS specification at 7108 http://www.w3.org/pub/WWW/TR/Wd-css-1.html for more information. 7109 7110 use CGI qw/:standard :html3/; 7111 7112 #here's a stylesheet incorporated directly into the page 7113 $newStyle=<<END; 7114 <!-- 7115 P.Tip { 7116 margin-right: 50pt; 7117 margin-left: 50pt; 7118 color: red; 7119 } 7120 P.Alert { 7121 font-size: 30pt; 7122 font-family: sans-serif; 7123 color: red; 7124 } 7125 --> 7126 END 7127 print header(); 7128 print start_html( -title=>'CGI with Style', 7129 -style=>{-src=>'http://www.capricorn.com/style/st1.css', 7130 -code=>$newStyle} 7131 ); 7132 print h1('CGI with Style'), 7133 p({-class=>'Tip'}, 7134 "Better read the cascading style sheet spec before playing with this!"), 7135 span({-style=>'color: magenta'}, 7136 "Look Mom, no hands!", 7137 p(), 7138 "Whooo wee!" 7139 ); 7140 print end_html; 7141 7142 Pass an array reference to B<-code> or B<-src> in order to incorporate 7143 multiple stylesheets into your document. 7144 7145 Should you wish to incorporate a verbatim stylesheet that includes 7146 arbitrary formatting in the header, you may pass a -verbatim tag to 7147 the -style hash, as follows: 7148 7149 print start_html (-style => {-verbatim => '@import url("/server-common/css/'.$cssFile.'");', 7150 -src => '/server-common/css/core.css'}); 7151 7152 7153 This will generate an HTML header that contains this: 7154 7155 <link rel="stylesheet" type="text/css" href="/server-common/css/core.css"> 7156 <style type="text/css"> 7157 @import url("/server-common/css/main.css"); 7158 </style> 7159 7160 Any additional arguments passed in the -style value will be 7161 incorporated into the <link> tag. For example: 7162 7163 start_html(-style=>{-src=>['/styles/print.css','/styles/layout.css'], 7164 -media => 'all'}); 7165 7166 This will give: 7167 7168 <link rel="stylesheet" type="text/css" href="/styles/print.css" media="all"/> 7169 <link rel="stylesheet" type="text/css" href="/styles/layout.css" media="all"/> 7170 7171 <p> 7172 7173 To make more complicated <link> tags, use the Link() function 7174 and pass it to start_html() in the -head argument, as in: 7175 7176 @h = (Link({-rel=>'stylesheet',-type=>'text/css',-src=>'/ss/ss.css',-media=>'all'}), 7177 Link({-rel=>'stylesheet',-type=>'text/css',-src=>'/ss/fred.css',-media=>'paper'})); 7178 print start_html({-head=>\@h}) 7179 7180 To create primary and "alternate" stylesheet, use the B<-alternate> option: 7181 7182 start_html(-style=>{-src=>[ 7183 {-src=>'/styles/print.css'}, 7184 {-src=>'/styles/alt.css',-alternate=>1} 7185 ] 7186 }); 7187 7188 =head1 DEBUGGING 7189 7190 If you are running the script from the command line or in the perl 7191 debugger, you can pass the script a list of keywords or 7192 parameter=value pairs on the command line or from standard input (you 7193 don't have to worry about tricking your script into reading from 7194 environment variables). You can pass keywords like this: 7195 7196 your_script.pl keyword1 keyword2 keyword3 7197 7198 or this: 7199 7200 your_script.pl keyword1+keyword2+keyword3 7201 7202 or this: 7203 7204 your_script.pl name1=value1 name2=value2 7205 7206 or this: 7207 7208 your_script.pl name1=value1&name2=value2 7209 7210 To turn off this feature, use the -no_debug pragma. 7211 7212 To test the POST method, you may enable full debugging with the -debug 7213 pragma. This will allow you to feed newline-delimited name=value 7214 pairs to the script on standard input. 7215 7216 When debugging, you can use quotes and backslashes to escape 7217 characters in the familiar shell manner, letting you place 7218 spaces and other funny characters in your parameter=value 7219 pairs: 7220 7221 your_script.pl "name1='I am a long value'" "name2=two\ words" 7222 7223 Finally, you can set the path info for the script by prefixing the first 7224 name/value parameter with the path followed by a question mark (?): 7225 7226 your_script.pl /your/path/here?name1=value1&name2=value2 7227 7228 =head2 DUMPING OUT ALL THE NAME/VALUE PAIRS 7229 7230 The Dump() method produces a string consisting of all the query's 7231 name/value pairs formatted nicely as a nested list. This is useful 7232 for debugging purposes: 7233 7234 print Dump 7235 7236 7237 Produces something that looks like: 7238 7239 <ul> 7240 <li>name1 7241 <ul> 7242 <li>value1 7243 <li>value2 7244 </ul> 7245 <li>name2 7246 <ul> 7247 <li>value1 7248 </ul> 7249 </ul> 7250 7251 As a shortcut, you can interpolate the entire CGI object into a string 7252 and it will be replaced with the a nice HTML dump shown above: 7253 7254 $query=new CGI; 7255 print "<h2>Current Values</h2> $query\n"; 7256 7257 =head1 FETCHING ENVIRONMENT VARIABLES 7258 7259 Some of the more useful environment variables can be fetched 7260 through this interface. The methods are as follows: 7261 7262 =over 4 7263 7264 =item B<Accept()> 7265 7266 Return a list of MIME types that the remote browser accepts. If you 7267 give this method a single argument corresponding to a MIME type, as in 7268 Accept('text/html'), it will return a floating point value 7269 corresponding to the browser's preference for this type from 0.0 7270 (don't want) to 1.0. Glob types (e.g. text/*) in the browser's accept 7271 list are handled correctly. 7272 7273 Note that the capitalization changed between version 2.43 and 2.44 in 7274 order to avoid conflict with Perl's accept() function. 7275 7276 =item B<raw_cookie()> 7277 7278 Returns the HTTP_COOKIE variable, an HTTP extension implemented by 7279 Netscape browsers version 1.1 and higher, and all versions of Internet 7280 Explorer. Cookies have a special format, and this method call just 7281 returns the raw form (?cookie dough). See cookie() for ways of 7282 setting and retrieving cooked cookies. 7283 7284 Called with no parameters, raw_cookie() returns the packed cookie 7285 structure. You can separate it into individual cookies by splitting 7286 on the character sequence "; ". Called with the name of a cookie, 7287 retrieves the B<unescaped> form of the cookie. You can use the 7288 regular cookie() method to get the names, or use the raw_fetch() 7289 method from the CGI::Cookie module. 7290 7291 =item B<user_agent()> 7292 7293 Returns the HTTP_USER_AGENT variable. If you give 7294 this method a single argument, it will attempt to 7295 pattern match on it, allowing you to do something 7296 like user_agent(netscape); 7297 7298 =item B<path_info()> 7299 7300 Returns additional path information from the script URL. 7301 E.G. fetching /cgi-bin/your_script/additional/stuff will result in 7302 path_info() returning "/additional/stuff". 7303 7304 NOTE: The Microsoft Internet Information Server 7305 is broken with respect to additional path information. If 7306 you use the Perl DLL library, the IIS server will attempt to 7307 execute the additional path information as a Perl script. 7308 If you use the ordinary file associations mapping, the 7309 path information will be present in the environment, 7310 but incorrect. The best thing to do is to avoid using additional 7311 path information in CGI scripts destined for use with IIS. 7312 7313 =item B<path_translated()> 7314 7315 As per path_info() but returns the additional 7316 path information translated into a physical path, e.g. 7317 "/usr/local/etc/httpd/htdocs/additional/stuff". 7318 7319 The Microsoft IIS is broken with respect to the translated 7320 path as well. 7321 7322 =item B<remote_host()> 7323 7324 Returns either the remote host name or IP address. 7325 if the former is unavailable. 7326 7327 =item B<script_name()> 7328 Return the script name as a partial URL, for self-refering 7329 scripts. 7330 7331 =item B<referer()> 7332 7333 Return the URL of the page the browser was viewing 7334 prior to fetching your script. Not available for all 7335 browsers. 7336 7337 =item B<auth_type ()> 7338 7339 Return the authorization/verification method in use for this 7340 script, if any. 7341 7342 =item B<server_name ()> 7343 7344 Returns the name of the server, usually the machine's host 7345 name. 7346 7347 =item B<virtual_host ()> 7348 7349 When using virtual hosts, returns the name of the host that 7350 the browser attempted to contact 7351 7352 =item B<server_port ()> 7353 7354 Return the port that the server is listening on. 7355 7356 =item B<virtual_port ()> 7357 7358 Like server_port() except that it takes virtual hosts into account. 7359 Use this when running with virtual hosts. 7360 7361 =item B<server_software ()> 7362 7363 Returns the server software and version number. 7364 7365 =item B<remote_user ()> 7366 7367 Return the authorization/verification name used for user 7368 verification, if this script is protected. 7369 7370 =item B<user_name ()> 7371 7372 Attempt to obtain the remote user's name, using a variety of different 7373 techniques. This only works with older browsers such as Mosaic. 7374 Newer browsers do not report the user name for privacy reasons! 7375 7376 =item B<request_method()> 7377 7378 Returns the method used to access your script, usually 7379 one of 'POST', 'GET' or 'HEAD'. 7380 7381 =item B<content_type()> 7382 7383 Returns the content_type of data submitted in a POST, generally 7384 multipart/form-data or application/x-www-form-urlencoded 7385 7386 =item B<http()> 7387 7388 Called with no arguments returns the list of HTTP environment 7389 variables, including such things as HTTP_USER_AGENT, 7390 HTTP_ACCEPT_LANGUAGE, and HTTP_ACCEPT_CHARSET, corresponding to the 7391 like-named HTTP header fields in the request. Called with the name of 7392 an HTTP header field, returns its value. Capitalization and the use 7393 of hyphens versus underscores are not significant. 7394 7395 For example, all three of these examples are equivalent: 7396 7397 $requested_language = http('Accept-language'); 7398 $requested_language = http('Accept_language'); 7399 $requested_language = http('HTTP_ACCEPT_LANGUAGE'); 7400 7401 =item B<https()> 7402 7403 The same as I<http()>, but operates on the HTTPS environment variables 7404 present when the SSL protocol is in effect. Can be used to determine 7405 whether SSL is turned on. 7406 7407 =back 7408 7409 =head1 USING NPH SCRIPTS 7410 7411 NPH, or "no-parsed-header", scripts bypass the server completely by 7412 sending the complete HTTP header directly to the browser. This has 7413 slight performance benefits, but is of most use for taking advantage 7414 of HTTP extensions that are not directly supported by your server, 7415 such as server push and PICS headers. 7416 7417 Servers use a variety of conventions for designating CGI scripts as 7418 NPH. Many Unix servers look at the beginning of the script's name for 7419 the prefix "nph-". The Macintosh WebSTAR server and Microsoft's 7420 Internet Information Server, in contrast, try to decide whether a 7421 program is an NPH script by examining the first line of script output. 7422 7423 7424 CGI.pm supports NPH scripts with a special NPH mode. When in this 7425 mode, CGI.pm will output the necessary extra header information when 7426 the header() and redirect() methods are 7427 called. 7428 7429 The Microsoft Internet Information Server requires NPH mode. As of 7430 version 2.30, CGI.pm will automatically detect when the script is 7431 running under IIS and put itself into this mode. You do not need to 7432 do this manually, although it won't hurt anything if you do. However, 7433 note that if you have applied Service Pack 6, much of the 7434 functionality of NPH scripts, including the ability to redirect while 7435 setting a cookie, b<do not work at all> on IIS without a special patch 7436 from Microsoft. See 7437 http://support.microsoft.com/support/kb/articles/Q280/3/41.ASP: 7438 Non-Parsed Headers Stripped From CGI Applications That Have nph- 7439 Prefix in Name. 7440 7441 =over 4 7442 7443 =item In the B<use> statement 7444 7445 Simply add the "-nph" pragmato the list of symbols to be imported into 7446 your script: 7447 7448 use CGI qw(:standard -nph) 7449 7450 =item By calling the B<nph()> method: 7451 7452 Call B<nph()> with a non-zero parameter at any point after using CGI.pm in your program. 7453 7454 CGI->nph(1) 7455 7456 =item By using B<-nph> parameters 7457 7458 in the B<header()> and B<redirect()> statements: 7459 7460 print header(-nph=>1); 7461 7462 =back 7463 7464 =head1 Server Push 7465 7466 CGI.pm provides four simple functions for producing multipart 7467 documents of the type needed to implement server push. These 7468 functions were graciously provided by Ed Jordan <ed@fidalgo.net>. To 7469 import these into your namespace, you must import the ":push" set. 7470 You are also advised to put the script into NPH mode and to set $| to 7471 1 to avoid buffering problems. 7472 7473 Here is a simple script that demonstrates server push: 7474 7475 #!/usr/local/bin/perl 7476 use CGI qw/:push -nph/; 7477 $| = 1; 7478 print multipart_init(-boundary=>'----here we go!'); 7479 foreach (0 .. 4) { 7480 print multipart_start(-type=>'text/plain'), 7481 "The current time is ",scalar(localtime),"\n"; 7482 if ($_ < 4) { 7483 print multipart_end; 7484 } else { 7485 print multipart_final; 7486 } 7487 sleep 1; 7488 } 7489 7490 This script initializes server push by calling B<multipart_init()>. 7491 It then enters a loop in which it begins a new multipart section by 7492 calling B<multipart_start()>, prints the current local time, 7493 and ends a multipart section with B<multipart_end()>. It then sleeps 7494 a second, and begins again. On the final iteration, it ends the 7495 multipart section with B<multipart_final()> rather than with 7496 B<multipart_end()>. 7497 7498 =over 4 7499 7500 =item multipart_init() 7501 7502 multipart_init(-boundary=>$boundary); 7503 7504 Initialize the multipart system. The -boundary argument specifies 7505 what MIME boundary string to use to separate parts of the document. 7506 If not provided, CGI.pm chooses a reasonable boundary for you. 7507 7508 =item multipart_start() 7509 7510 multipart_start(-type=>$type) 7511 7512 Start a new part of the multipart document using the specified MIME 7513 type. If not specified, text/html is assumed. 7514 7515 =item multipart_end() 7516 7517 multipart_end() 7518 7519 End a part. You must remember to call multipart_end() once for each 7520 multipart_start(), except at the end of the last part of the multipart 7521 document when multipart_final() should be called instead of multipart_end(). 7522 7523 =item multipart_final() 7524 7525 multipart_final() 7526 7527 End all parts. You should call multipart_final() rather than 7528 multipart_end() at the end of the last part of the multipart document. 7529 7530 =back 7531 7532 Users interested in server push applications should also have a look 7533 at the CGI::Push module. 7534 7535 Only Netscape Navigator supports server push. Internet Explorer 7536 browsers do not. 7537 7538 =head1 Avoiding Denial of Service Attacks 7539 7540 A potential problem with CGI.pm is that, by default, it attempts to 7541 process form POSTings no matter how large they are. A wily hacker 7542 could attack your site by sending a CGI script a huge POST of many 7543 megabytes. CGI.pm will attempt to read the entire POST into a 7544 variable, growing hugely in size until it runs out of memory. While 7545 the script attempts to allocate the memory the system may slow down 7546 dramatically. This is a form of denial of service attack. 7547 7548 Another possible attack is for the remote user to force CGI.pm to 7549 accept a huge file upload. CGI.pm will accept the upload and store it 7550 in a temporary directory even if your script doesn't expect to receive 7551 an uploaded file. CGI.pm will delete the file automatically when it 7552 terminates, but in the meantime the remote user may have filled up the 7553 server's disk space, causing problems for other programs. 7554 7555 The best way to avoid denial of service attacks is to limit the amount 7556 of memory, CPU time and disk space that CGI scripts can use. Some Web 7557 servers come with built-in facilities to accomplish this. In other 7558 cases, you can use the shell I<limit> or I<ulimit> 7559 commands to put ceilings on CGI resource usage. 7560 7561 7562 CGI.pm also has some simple built-in protections against denial of 7563 service attacks, but you must activate them before you can use them. 7564 These take the form of two global variables in the CGI name space: 7565 7566 =over 4 7567 7568 =item B<$CGI::POST_MAX> 7569 7570 If set to a non-negative integer, this variable puts a ceiling 7571 on the size of POSTings, in bytes. If CGI.pm detects a POST 7572 that is greater than the ceiling, it will immediately exit with an error 7573 message. This value will affect both ordinary POSTs and 7574 multipart POSTs, meaning that it limits the maximum size of file 7575 uploads as well. You should set this to a reasonably high 7576 value, such as 1 megabyte. 7577 7578 =item B<$CGI::DISABLE_UPLOADS> 7579 7580 If set to a non-zero value, this will disable file uploads 7581 completely. Other fill-out form values will work as usual. 7582 7583 =back 7584 7585 You can use these variables in either of two ways. 7586 7587 =over 4 7588 7589 =item B<1. On a script-by-script basis> 7590 7591 Set the variable at the top of the script, right after the "use" statement: 7592 7593 use CGI qw/:standard/; 7594 use CGI::Carp 'fatalsToBrowser'; 7595 $CGI::POST_MAX=1024 * 100; # max 100K posts 7596 $CGI::DISABLE_UPLOADS = 1; # no uploads 7597 7598 =item B<2. Globally for all scripts> 7599 7600 Open up CGI.pm, find the definitions for $POST_MAX and 7601 $DISABLE_UPLOADS, and set them to the desired values. You'll 7602 find them towards the top of the file in a subroutine named 7603 initialize_globals(). 7604 7605 =back 7606 7607 An attempt to send a POST larger than $POST_MAX bytes will cause 7608 I<param()> to return an empty CGI parameter list. You can test for 7609 this event by checking I<cgi_error()>, either after you create the CGI 7610 object or, if you are using the function-oriented interface, call 7611 <param()> for the first time. If the POST was intercepted, then 7612 cgi_error() will return the message "413 POST too large". 7613 7614 This error message is actually defined by the HTTP protocol, and is 7615 designed to be returned to the browser as the CGI script's status 7616 code. For example: 7617 7618 $uploaded_file = param('upload'); 7619 if (!$uploaded_file && cgi_error()) { 7620 print header(-status=>cgi_error()); 7621 exit 0; 7622 } 7623 7624 However it isn't clear that any browser currently knows what to do 7625 with this status code. It might be better just to create an 7626 HTML page that warns the user of the problem. 7627 7628 =head1 COMPATIBILITY WITH CGI-LIB.PL 7629 7630 To make it easier to port existing programs that use cgi-lib.pl the 7631 compatibility routine "ReadParse" is provided. Porting is simple: 7632 7633 OLD VERSION 7634 require "cgi-lib.pl"; 7635 &ReadParse; 7636 print "The value of the antique is $in{antique}.\n"; 7637 7638 NEW VERSION 7639 use CGI; 7640 CGI::ReadParse(); 7641 print "The value of the antique is $in{antique}.\n"; 7642 7643 CGI.pm's ReadParse() routine creates a tied variable named %in, 7644 which can be accessed to obtain the query variables. Like 7645 ReadParse, you can also provide your own variable. Infrequently 7646 used features of ReadParse, such as the creation of @in and $in 7647 variables, are not supported. 7648 7649 Once you use ReadParse, you can retrieve the query object itself 7650 this way: 7651 7652 $q = $in{CGI}; 7653 print textfield(-name=>'wow', 7654 -value=>'does this really work?'); 7655 7656 This allows you to start using the more interesting features 7657 of CGI.pm without rewriting your old scripts from scratch. 7658 7659 =head1 AUTHOR INFORMATION 7660 7661 Copyright 1995-1998, Lincoln D. Stein. All rights reserved. 7662 7663 This library is free software; you can redistribute it and/or modify 7664 it under the same terms as Perl itself. 7665 7666 Address bug reports and comments to: lstein@cshl.org. When sending 7667 bug reports, please provide the version of CGI.pm, the version of 7668 Perl, the name and version of your Web server, and the name and 7669 version of the operating system you are using. If the problem is even 7670 remotely browser dependent, please provide information about the 7671 affected browers as well. 7672 7673 =head1 CREDITS 7674 7675 Thanks very much to: 7676 7677 =over 4 7678 7679 =item Matt Heffron (heffron@falstaff.css.beckman.com) 7680 7681 =item James Taylor (james.taylor@srs.gov) 7682 7683 =item Scott Anguish <sanguish@digifix.com> 7684 7685 =item Mike Jewell (mlj3u@virginia.edu) 7686 7687 =item Timothy Shimmin (tes@kbs.citri.edu.au) 7688 7689 =item Joergen Haegg (jh@axis.se) 7690 7691 =item Laurent Delfosse (delfosse@delfosse.com) 7692 7693 =item Richard Resnick (applepi1@aol.com) 7694 7695 =item Craig Bishop (csb@barwonwater.vic.gov.au) 7696 7697 =item Tony Curtis (tc@vcpc.univie.ac.at) 7698 7699 =item Tim Bunce (Tim.Bunce@ig.co.uk) 7700 7701 =item Tom Christiansen (tchrist@convex.com) 7702 7703 =item Andreas Koenig (k@franz.ww.TU-Berlin.DE) 7704 7705 =item Tim MacKenzie (Tim.MacKenzie@fulcrum.com.au) 7706 7707 =item Kevin B. Hendricks (kbhend@dogwood.tyler.wm.edu) 7708 7709 =item Stephen Dahmen (joyfire@inxpress.net) 7710 7711 =item Ed Jordan (ed@fidalgo.net) 7712 7713 =item David Alan Pisoni (david@cnation.com) 7714 7715 =item Doug MacEachern (dougm@opengroup.org) 7716 7717 =item Robin Houston (robin@oneworld.org) 7718 7719 =item ...and many many more... 7720 7721 for suggestions and bug fixes. 7722 7723 =back 7724 7725 =head1 A COMPLETE EXAMPLE OF A SIMPLE FORM-BASED SCRIPT 7726 7727 7728 #!/usr/local/bin/perl 7729 7730 use CGI ':standard'; 7731 7732 print header; 7733 print start_html("Example CGI.pm Form"); 7734 print "<h1> Example CGI.pm Form</h1>\n"; 7735 print_prompt(); 7736 do_work(); 7737 print_tail(); 7738 print end_html; 7739 7740 sub print_prompt { 7741 print start_form; 7742 print "<em>What's your name?</em><br>"; 7743 print textfield('name'); 7744 print checkbox('Not my real name'); 7745 7746 print "<p><em>Where can you find English Sparrows?</em><br>"; 7747 print checkbox_group( 7748 -name=>'Sparrow locations', 7749 -values=>[England,France,Spain,Asia,Hoboken], 7750 -linebreak=>'yes', 7751 -defaults=>[England,Asia]); 7752 7753 print "<p><em>How far can they fly?</em><br>", 7754 radio_group( 7755 -name=>'how far', 7756 -values=>['10 ft','1 mile','10 miles','real far'], 7757 -default=>'1 mile'); 7758 7759 print "<p><em>What's your favorite color?</em> "; 7760 print popup_menu(-name=>'Color', 7761 -values=>['black','brown','red','yellow'], 7762 -default=>'red'); 7763 7764 print hidden('Reference','Monty Python and the Holy Grail'); 7765 7766 print "<p><em>What have you got there?</em><br>"; 7767 print scrolling_list( 7768 -name=>'possessions', 7769 -values=>['A Coconut','A Grail','An Icon', 7770 'A Sword','A Ticket'], 7771 -size=>5, 7772 -multiple=>'true'); 7773 7774 print "<p><em>Any parting comments?</em><br>"; 7775 print textarea(-name=>'Comments', 7776 -rows=>10, 7777 -columns=>50); 7778 7779 print "<p>",reset; 7780 print submit('Action','Shout'); 7781 print submit('Action','Scream'); 7782 print endform; 7783 print "<hr>\n"; 7784 } 7785 7786 sub do_work { 7787 my(@values,$key); 7788 7789 print "<h2>Here are the current settings in this form</h2>"; 7790 7791 foreach $key (param) { 7792 print "<strong>$key</strong> -> "; 7793 @values = param($key); 7794 print join(", ",@values),"<br>\n"; 7795 } 7796 } 7797 7798 sub print_tail { 7799 print <<END; 7800 <hr> 7801 <address>Lincoln D. Stein</address><br> 7802 <a href="/">Home Page</a> 7803 END 7804 } 7805 7806 =head1 BUGS 7807 7808 Please report them. 7809 7810 =head1 SEE ALSO 7811 7812 L<CGI::Carp>, L<CGI::Fast>, L<CGI::Pretty> 7813 7814 =cut 7815
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Mar 17 22:47:18 2015 | Cross-referenced by PHPXref 0.7.1 |