[ Index ]

PHP Cross Reference of Unnamed Project

title

Body

[close]

/se3-unattended/var/se3/unattended/install/linuxaux/opt/perl/lib/5.10.0/ -> CGI.pm (source)

   1  package CGI;
   2  require 5.004;
   3  use Carp 'croak';
   4  
   5  # See the bottom of this file for the POD documentation.  Search for the
   6  # string '=head'.
   7  
   8  # You can run this file through either pod2man or pod2html to produce pretty
   9  # documentation in manual or html file format (these utilities are part of the
  10  # Perl 5 distribution).
  11  
  12  # Copyright 1995-1998 Lincoln D. Stein.  All rights reserved.
  13  # It may be used and modified freely, but I do request that this copyright
  14  # notice remain attached to the file.  You may modify this module as you 
  15  # wish, but if you redistribute a modified version, please attach a note
  16  # listing the modifications you have made.
  17  
  18  # The most recent version and complete docs are available at:
  19  #   http://stein.cshl.org/WWW/software/CGI/
  20  
  21  $CGI::revision = '$Id: CGI.pm,v 1.234 2007/04/16 16:58:46 lstein Exp $';
  22  $CGI::VERSION='3.29';
  23  
  24  # HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
  25  # UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
  26  # $CGITempFile::TMPDIRECTORY = '/usr/tmp';
  27  use CGI::Util qw(rearrange make_attributes unescape escape expires ebcdic2ascii ascii2ebcdic);
  28  
  29  #use constant XHTML_DTD => ['-//W3C//DTD XHTML Basic 1.0//EN',
  30  #                           'http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd'];
  31  
  32  use constant XHTML_DTD => ['-//W3C//DTD XHTML 1.0 Transitional//EN',
  33                             'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'];
  34  
  35  {
  36    local $^W = 0;
  37    $TAINTED = substr("$0$^X",0,0);
  38  }
  39  
  40  $MOD_PERL = 0; # no mod_perl by default
  41  @SAVED_SYMBOLS = ();
  42  
  43  
  44  # >>>>> Here are some globals that you might want to adjust <<<<<<
  45  sub initialize_globals {
  46      # Set this to 1 to enable copious autoloader debugging messages
  47      $AUTOLOAD_DEBUG = 0;
  48  
  49      # Set this to 1 to generate XTML-compatible output
  50      $XHTML = 1;
  51  
  52      # Change this to the preferred DTD to print in start_html()
  53      # or use default_dtd('text of DTD to use');
  54      $DEFAULT_DTD = [ '-//W3C//DTD HTML 4.01 Transitional//EN',
  55               'http://www.w3.org/TR/html4/loose.dtd' ] ;
  56  
  57      # Set this to 1 to enable NOSTICKY scripts
  58      # or: 
  59      #    1) use CGI qw(-nosticky)
  60      #    2) $CGI::nosticky(1)
  61      $NOSTICKY = 0;
  62  
  63      # Set this to 1 to enable NPH scripts
  64      # or: 
  65      #    1) use CGI qw(-nph)
  66      #    2) CGI::nph(1)
  67      #    3) print header(-nph=>1)
  68      $NPH = 0;
  69  
  70      # Set this to 1 to enable debugging from @ARGV
  71      # Set to 2 to enable debugging from STDIN
  72      $DEBUG = 1;
  73  
  74      # Set this to 1 to make the temporary files created
  75      # during file uploads safe from prying eyes
  76      # or do...
  77      #    1) use CGI qw(:private_tempfiles)
  78      #    2) CGI::private_tempfiles(1);
  79      $PRIVATE_TEMPFILES = 0;
  80  
  81      # Set this to 1 to generate automatic tab indexes
  82      $TABINDEX = 0;
  83  
  84      # Set this to 1 to cause files uploaded in multipart documents
  85      # to be closed, instead of caching the file handle
  86      # or:
  87      #    1) use CGI qw(:close_upload_files)
  88      #    2) $CGI::close_upload_files(1);
  89      # Uploads with many files run out of file handles.
  90      # Also, for performance, since the file is already on disk,
  91      # it can just be renamed, instead of read and written.
  92      $CLOSE_UPLOAD_FILES = 0;
  93  
  94      # Set this to a positive value to limit the size of a POSTing
  95      # to a certain number of bytes:
  96      $POST_MAX = -1;
  97  
  98      # Change this to 1 to disable uploads entirely:
  99      $DISABLE_UPLOADS = 0;
 100  
 101      # Automatically determined -- don't change
 102      $EBCDIC = 0;
 103  
 104      # Change this to 1 to suppress redundant HTTP headers
 105      $HEADERS_ONCE = 0;
 106  
 107      # separate the name=value pairs by semicolons rather than ampersands
 108      $USE_PARAM_SEMICOLONS = 1;
 109  
 110      # Do not include undefined params parsed from query string
 111      # use CGI qw(-no_undef_params);
 112      $NO_UNDEF_PARAMS = 0;
 113  
 114      # Other globals that you shouldn't worry about.
 115      undef $Q;
 116      $BEEN_THERE = 0;
 117      $DTD_PUBLIC_IDENTIFIER = "";
 118      undef @QUERY_PARAM;
 119      undef %EXPORT;
 120      undef $QUERY_CHARSET;
 121      undef %QUERY_FIELDNAMES;
 122      undef %QUERY_TMPFILES;
 123  
 124      # prevent complaints by mod_perl
 125      1;
 126  }
 127  
 128  # ------------------ START OF THE LIBRARY ------------
 129  
 130  *end_form = \&endform;
 131  
 132  # make mod_perlhappy
 133  initialize_globals();
 134  
 135  # FIGURE OUT THE OS WE'RE RUNNING UNDER
 136  # Some systems support the $^O variable.  If not
 137  # available then require() the Config library
 138  unless ($OS) {
 139      unless ($OS = $^O) {
 140      require Config;
 141      $OS = $Config::Config{'osname'};
 142      }
 143  }
 144  if ($OS =~ /^MSWin/i) {
 145    $OS = 'WINDOWS';
 146  } elsif ($OS =~ /^VMS/i) {
 147    $OS = 'VMS';
 148  } elsif ($OS =~ /^dos/i) {
 149    $OS = 'DOS';
 150  } elsif ($OS =~ /^MacOS/i) {
 151      $OS = 'MACINTOSH';
 152  } elsif ($OS =~ /^os2/i) {
 153      $OS = 'OS2';
 154  } elsif ($OS =~ /^epoc/i) {
 155      $OS = 'EPOC';
 156  } elsif ($OS =~ /^cygwin/i) {
 157      $OS = 'CYGWIN';
 158  } else {
 159      $OS = 'UNIX';
 160  }
 161  
 162  # Some OS logic.  Binary mode enabled on DOS, NT and VMS
 163  $needs_binmode = $OS=~/^(WINDOWS|DOS|OS2|MSWin|CYGWIN)/;
 164  
 165  # This is the default class for the CGI object to use when all else fails.
 166  $DefaultClass = 'CGI' unless defined $CGI::DefaultClass;
 167  
 168  # This is where to look for autoloaded routines.
 169  $AutoloadClass = $DefaultClass unless defined $CGI::AutoloadClass;
 170  
 171  # The path separator is a slash, backslash or semicolon, depending
 172  # on the paltform.
 173  $SL = {
 174       UNIX    => '/',  OS2 => '\\', EPOC      => '/', CYGWIN => '/',
 175       WINDOWS => '\\', DOS => '\\', MACINTOSH => ':', VMS    => '/'
 176      }->{$OS};
 177  
 178  # This no longer seems to be necessary
 179  # Turn on NPH scripts by default when running under IIS server!
 180  # $NPH++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/;
 181  $IIS++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/;
 182  
 183  # Turn on special checking for Doug MacEachern's modperl
 184  if (exists $ENV{MOD_PERL}) {
 185    # mod_perl handlers may run system() on scripts using CGI.pm;
 186    # Make sure so we don't get fooled by inherited $ENV{MOD_PERL}
 187    if (exists $ENV{MOD_PERL_API_VERSION} && $ENV{MOD_PERL_API_VERSION} == 2) {
 188      $MOD_PERL = 2;
 189      require Apache2::Response;
 190      require Apache2::RequestRec;
 191      require Apache2::RequestUtil;
 192      require Apache2::RequestIO;
 193      require APR::Pool;
 194    } else {
 195      $MOD_PERL = 1;
 196      require Apache;
 197    }
 198  }
 199  
 200  # Turn on special checking for ActiveState's PerlEx
 201  $PERLEX++ if defined($ENV{'GATEWAY_INTERFACE'}) && $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-PerlEx/;
 202  
 203  # Define the CRLF sequence.  I can't use a simple "\r\n" because the meaning
 204  # of "\n" is different on different OS's (sometimes it generates CRLF, sometimes LF
 205  # and sometimes CR).  The most popular VMS web server
 206  # doesn't accept CRLF -- instead it wants a LR.  EBCDIC machines don't
 207  # use ASCII, so \015\012 means something different.  I find this all 
 208  # really annoying.
 209  $EBCDIC = "\t" ne "\011";
 210  if ($OS eq 'VMS') {
 211    $CRLF = "\n";
 212  } elsif ($EBCDIC) {
 213    $CRLF= "\r\n";
 214  } else {
 215    $CRLF = "\015\012";
 216  }
 217  
 218  if ($needs_binmode) {
 219      $CGI::DefaultClass->binmode(\*main::STDOUT);
 220      $CGI::DefaultClass->binmode(\*main::STDIN);
 221      $CGI::DefaultClass->binmode(\*main::STDERR);
 222  }
 223  
 224  %EXPORT_TAGS = (
 225          ':html2'=>['h1'..'h6',qw/p br hr ol ul li dl dt dd menu code var strong em
 226                 tt u i b blockquote pre img a address cite samp dfn html head
 227                 base body Link nextid title meta kbd start_html end_html
 228                 input Select option comment charset escapeHTML/],
 229          ':html3'=>[qw/div table caption th td TR Tr sup Sub strike applet Param 
 230                 embed basefont style span layer ilayer font frameset frame script small big Area Map/],
 231                  ':html4'=>[qw/abbr acronym bdo col colgroup del fieldset iframe
 232                              ins label legend noframes noscript object optgroup Q 
 233                              thead tbody tfoot/], 
 234          ':netscape'=>[qw/blink fontsize center/],
 235          ':form'=>[qw/textfield textarea filefield password_field hidden checkbox checkbox_group 
 236                submit reset defaults radio_group popup_menu button autoEscape
 237                scrolling_list image_button start_form end_form startform endform
 238                start_multipart_form end_multipart_form isindex tmpFileName uploadInfo URL_ENCODED MULTIPART/],
 239          ':cgi'=>[qw/param upload path_info path_translated request_uri url self_url script_name 
 240               cookie Dump
 241               raw_cookie request_method query_string Accept user_agent remote_host content_type
 242               remote_addr referer server_name server_software server_port server_protocol virtual_port
 243               virtual_host remote_ident auth_type http append
 244               save_parameters restore_parameters param_fetch
 245               remote_user user_name header redirect import_names put 
 246               Delete Delete_all url_param cgi_error/],
 247          ':ssl' => [qw/https/],
 248          ':cgi-lib' => [qw/ReadParse PrintHeader HtmlTop HtmlBot SplitParam Vars/],
 249          ':html' => [qw/:html2 :html3 :html4 :netscape/],
 250          ':standard' => [qw/:html2 :html3 :html4 :form :cgi/],
 251          ':push' => [qw/multipart_init multipart_start multipart_end multipart_final/],
 252          ':all' => [qw/:html2 :html3 :netscape :form :cgi :internal :html4/]
 253          );
 254  
 255  # Custom 'can' method for both autoloaded and non-autoloaded subroutines.
 256  # Author: Cees Hek <cees@sitesuite.com.au>
 257  
 258  sub can {
 259      my($class, $method) = @_;
 260  
 261      # See if UNIVERSAL::can finds it.
 262  
 263      if (my $func = $class -> SUPER::can($method) ){
 264          return $func;
 265      }
 266  
 267      # Try to compile the function.
 268  
 269      eval {
 270          # _compile looks at $AUTOLOAD for the function name.
 271  
 272          local $AUTOLOAD = join "::", $class, $method;
 273          &_compile;
 274      };
 275  
 276      # Now that the function is loaded (if it exists)
 277      # just use UNIVERSAL::can again to do the work.
 278  
 279      return $class -> SUPER::can($method);
 280  }
 281  
 282  # to import symbols into caller
 283  sub import {
 284      my $self = shift;
 285  
 286      # This causes modules to clash.
 287      undef %EXPORT_OK;
 288      undef %EXPORT;
 289  
 290      $self->_setup_symbols(@_);
 291      my ($callpack, $callfile, $callline) = caller;
 292  
 293      # To allow overriding, search through the packages
 294      # Till we find one in which the correct subroutine is defined.
 295      my @packages = ($self,@{"$self\:\:ISA"});
 296      foreach $sym (keys %EXPORT) {
 297      my $pck;
 298      my $def = ${"$self\:\:AutoloadClass"} || $DefaultClass;
 299      foreach $pck (@packages) {
 300          if (defined(&{"$pck\:\:$sym"})) {
 301          $def = $pck;
 302          last;
 303          }
 304      }
 305      *{"$callpack}::$sym"} = \&{"$def\:\:$sym"};
 306      }
 307  }
 308  
 309  sub compile {
 310      my $pack = shift;
 311      $pack->_setup_symbols('-compile',@_);
 312  }
 313  
 314  sub expand_tags {
 315      my($tag) = @_;
 316      return ("start_$1","end_$1") if $tag=~/^(?:\*|start_|end_)(.+)/;
 317      my(@r);
 318      return ($tag) unless $EXPORT_TAGS{$tag};
 319      foreach (@{$EXPORT_TAGS{$tag}}) {
 320      push(@r,&expand_tags($_));
 321      }
 322      return @r;
 323  }
 324  
 325  #### Method: new
 326  # The new routine.  This will check the current environment
 327  # for an existing query string, and initialize itself, if so.
 328  ####
 329  sub new {
 330    my($class,@initializer) = @_;
 331    my $self = {};
 332  
 333    bless $self,ref $class || $class || $DefaultClass;
 334  
 335    # always use a tempfile
 336    $self->{'use_tempfile'} = 1;
 337  
 338    if (ref($initializer[0])
 339        && (UNIVERSAL::isa($initializer[0],'Apache')
 340        ||
 341        UNIVERSAL::isa($initializer[0],'Apache2::RequestRec')
 342       )) {
 343      $self->r(shift @initializer);
 344    }
 345   if (ref($initializer[0]) 
 346       && (UNIVERSAL::isa($initializer[0],'CODE'))) {
 347      $self->upload_hook(shift @initializer, shift @initializer);
 348      $self->{'use_tempfile'} = shift @initializer if (@initializer > 0);
 349    }
 350    if ($MOD_PERL) {
 351      if ($MOD_PERL == 1) {
 352        $self->r(Apache->request) unless $self->r;
 353        my $r = $self->r;
 354        $r->register_cleanup(\&CGI::_reset_globals);
 355      }
 356      else {
 357        # XXX: once we have the new API
 358        # will do a real PerlOptions -SetupEnv check
 359        $self->r(Apache2::RequestUtil->request) unless $self->r;
 360        my $r = $self->r;
 361        $r->subprocess_env unless exists $ENV{REQUEST_METHOD};
 362        $r->pool->cleanup_register(\&CGI::_reset_globals);
 363      }
 364      undef $NPH;
 365    }
 366    $self->_reset_globals if $PERLEX;
 367    $self->init(@initializer);
 368    return $self;
 369  }
 370  
 371  # We provide a DESTROY method so that we can ensure that
 372  # temporary files are closed (via Fh->DESTROY) before they
 373  # are unlinked (via CGITempFile->DESTROY) because it is not
 374  # possible to unlink an open file on Win32. We explicitly
 375  # call DESTROY on each, rather than just undefing them and
 376  # letting Perl DESTROY them by garbage collection, in case the
 377  # user is still holding any reference to them as well.
 378  sub DESTROY {
 379    my $self = shift;
 380    if ($OS eq 'WINDOWS') {
 381      foreach my $href (values %{$self->{'.tmpfiles'}}) {
 382        $href->{hndl}->DESTROY if defined $href->{hndl};
 383        $href->{name}->DESTROY if defined $href->{name};
 384      }
 385    }
 386  }
 387  
 388  sub r {
 389    my $self = shift;
 390    my $r = $self->{'.r'};
 391    $self->{'.r'} = shift if @_;
 392    $r;
 393  }
 394  
 395  sub upload_hook {
 396    my $self;
 397    if (ref $_[0] eq 'CODE') {
 398      $CGI::Q = $self = $CGI::DefaultClass->new(@_);
 399    } else {
 400      $self = shift;
 401    }
 402    my ($hook,$data,$use_tempfile) = @_;
 403    $self->{'.upload_hook'} = $hook;
 404    $self->{'.upload_data'} = $data;
 405    $self->{'use_tempfile'} = $use_tempfile if defined $use_tempfile;
 406  }
 407  
 408  #### Method: param
 409  # Returns the value(s)of a named parameter.
 410  # If invoked in a list context, returns the
 411  # entire list.  Otherwise returns the first
 412  # member of the list.
 413  # If name is not provided, return a list of all
 414  # the known parameters names available.
 415  # If more than one argument is provided, the
 416  # second and subsequent arguments are used to
 417  # set the value of the parameter.
 418  ####
 419  sub param {
 420      my($self,@p) = self_or_default(@_);
 421      return $self->all_parameters unless @p;
 422      my($name,$value,@other);
 423  
 424      # For compatibility between old calling style and use_named_parameters() style, 
 425      # we have to special case for a single parameter present.
 426      if (@p > 1) {
 427      ($name,$value,@other) = rearrange([NAME,[DEFAULT,VALUE,VALUES]],@p);
 428      my(@values);
 429  
 430      if (substr($p[0],0,1) eq '-') {
 431          @values = defined($value) ? (ref($value) && ref($value) eq 'ARRAY' ? @{$value} : $value) : ();
 432      } else {
 433          foreach ($value,@other) {
 434          push(@values,$_) if defined($_);
 435          }
 436      }
 437      # If values is provided, then we set it.
 438      if (@values or defined $value) {
 439          $self->add_parameter($name);
 440          $self->{$name}=[@values];
 441      }
 442      } else {
 443      $name = $p[0];
 444      }
 445  
 446      return unless defined($name) && $self->{$name};
 447  
 448      my $charset = $self->charset || '';
 449      my $utf8    = $charset eq 'utf-8';
 450      if ($utf8) {
 451        eval "require Encode; 1;" if $utf8 && !Encode->can('decode'); # bring in these functions
 452        return wantarray ? map {Encode::decode(utf8=>$_) } @{$self->{$name}} 
 453                         : Encode::decode(utf8=>$self->{$name}->[0]);
 454      } else {
 455        return wantarray ? @{$self->{$name}} : $self->{$name}->[0];
 456      }
 457  }
 458  
 459  sub self_or_default {
 460      return @_ if defined($_[0]) && (!ref($_[0])) &&($_[0] eq 'CGI');
 461      unless (defined($_[0]) && 
 462          (ref($_[0]) eq 'CGI' || UNIVERSAL::isa($_[0],'CGI')) # slightly optimized for common case
 463          ) {
 464      $Q = $CGI::DefaultClass->new unless defined($Q);
 465      unshift(@_,$Q);
 466      }
 467      return wantarray ? @_ : $Q;
 468  }
 469  
 470  sub self_or_CGI {
 471      local $^W=0;                # prevent a warning
 472      if (defined($_[0]) &&
 473      (substr(ref($_[0]),0,3) eq 'CGI' 
 474       || UNIVERSAL::isa($_[0],'CGI'))) {
 475      return @_;
 476      } else {
 477      return ($DefaultClass,@_);
 478      }
 479  }
 480  
 481  ########################################
 482  # THESE METHODS ARE MORE OR LESS PRIVATE
 483  # GO TO THE __DATA__ SECTION TO SEE MORE
 484  # PUBLIC METHODS
 485  ########################################
 486  
 487  # Initialize the query object from the environment.
 488  # If a parameter list is found, this object will be set
 489  # to an associative array in which parameter names are keys
 490  # and the values are stored as lists
 491  # If a keyword list is found, this method creates a bogus
 492  # parameter list with the single parameter 'keywords'.
 493  
 494  sub init {
 495    my $self = shift;
 496    my($query_string,$meth,$content_length,$fh,@lines) = ('','','','');
 497  
 498    my $is_xforms;
 499  
 500    my $initializer = shift;  # for backward compatibility
 501    local($/) = "\n";
 502  
 503      # set autoescaping on by default
 504      $self->{'escape'} = 1;
 505  
 506      # if we get called more than once, we want to initialize
 507      # ourselves from the original query (which may be gone
 508      # if it was read from STDIN originally.)
 509      if (defined(@QUERY_PARAM) && !defined($initializer)) {
 510          for my $name (@QUERY_PARAM) {
 511              my $val = $QUERY_PARAM{$name}; # always an arrayref;
 512              $self->param('-name'=>$name,'-value'=> $val);
 513              if (defined $val and ref $val eq 'ARRAY') {
 514                  for my $fh (grep {defined(fileno($_))} @$val) {
 515                     seek($fh,0,0); # reset the filehandle.  
 516                  }
 517  
 518              }
 519          }
 520          $self->charset($QUERY_CHARSET);
 521          $self->{'.fieldnames'} = {%QUERY_FIELDNAMES};
 522          $self->{'.tmpfiles'}   = {%QUERY_TMPFILES};
 523          return;
 524      }
 525  
 526      $meth=$ENV{'REQUEST_METHOD'} if defined($ENV{'REQUEST_METHOD'});
 527      $content_length = defined($ENV{'CONTENT_LENGTH'}) ? $ENV{'CONTENT_LENGTH'} : 0;
 528  
 529      $fh = to_filehandle($initializer) if $initializer;
 530  
 531      # set charset to the safe ISO-8859-1
 532      $self->charset('ISO-8859-1');
 533  
 534    METHOD: {
 535  
 536        # avoid unreasonably large postings
 537        if (($POST_MAX > 0) && ($content_length > $POST_MAX)) {
 538      #discard the post, unread
 539      $self->cgi_error("413 Request entity too large");
 540      last METHOD;
 541        }
 542  
 543        # Process multipart postings, but only if the initializer is
 544        # not defined.
 545        if ($meth eq 'POST'
 546        && defined($ENV{'CONTENT_TYPE'})
 547        && $ENV{'CONTENT_TYPE'}=~m|^multipart/form-data|
 548        && !defined($initializer)
 549        ) {
 550        my($boundary) = $ENV{'CONTENT_TYPE'} =~ /boundary=\"?([^\";,]+)\"?/;
 551        $self->read_multipart($boundary,$content_length);
 552        last METHOD;
 553        } 
 554  
 555        # Process XForms postings. We know that we have XForms in the
 556        # following cases:
 557        # method eq 'POST' && content-type eq 'application/xml'
 558        # method eq 'POST' && content-type =~ /multipart\/related.+start=/
 559        # There are more cases, actually, but for now, we don't support other
 560        # methods for XForm posts.
 561        # In a XForm POST, the QUERY_STRING is parsed normally.
 562        # If the content-type is 'application/xml', we just set the param
 563        # XForms:Model (referring to the xml syntax) param containing the
 564        # unparsed XML data.
 565        # In the case of multipart/related we set XForms:Model as above, but
 566        # the other parts are available as uploads with the Content-ID as the
 567        # the key.
 568        # See the URL below for XForms specs on this issue.
 569        # http://www.w3.org/TR/2006/REC-xforms-20060314/slice11.html#submit-options
 570        if ($meth eq 'POST' && defined($ENV{'CONTENT_TYPE'})) {
 571                if ($ENV{'CONTENT_TYPE'} eq 'application/xml') {
 572                        my($param) = 'XForms:Model';
 573                        my($value) = '';
 574                        $self->add_parameter($param);
 575                        $self->read_from_client(\$value,$content_length,0)
 576                          if $content_length > 0;
 577                        push (@{$self->{$param}},$value);
 578                        $is_xforms = 1;
 579                } elsif ($ENV{'CONTENT_TYPE'} =~ /multipart\/related.+boundary=\"?([^\";,]+)\"?.+start=\"?\<?([^\"\>]+)\>?\"?/) {
 580                        my($boundary,$start) = ($1,$2);
 581                        my($param) = 'XForms:Model';
 582                        $self->add_parameter($param);
 583                        my($value) = $self->read_multipart_related($start,$boundary,$content_length,0);
 584                        push (@{$self->{$param}},$value);
 585                        if ($MOD_PERL) {
 586                                $query_string = $self->r->args;
 587                        } else {
 588                                $query_string = $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
 589                                $query_string ||= $ENV{'REDIRECT_QUERY_STRING'} if defined $ENV{'REDIRECT_QUERY_STRING'};
 590                        }
 591                        $is_xforms = 1;
 592                }
 593        }
 594  
 595  
 596        # If initializer is defined, then read parameters
 597        # from it.
 598        if (!$is_xforms && defined($initializer)) {
 599        if (UNIVERSAL::isa($initializer,'CGI')) {
 600            $query_string = $initializer->query_string;
 601            last METHOD;
 602        }
 603        if (ref($initializer) && ref($initializer) eq 'HASH') {
 604            foreach (keys %$initializer) {
 605            $self->param('-name'=>$_,'-value'=>$initializer->{$_});
 606            }
 607            last METHOD;
 608        }
 609  
 610            if (defined($fh) && ($fh ne '')) {
 611                while (<$fh>) {
 612                    chomp;
 613                    last if /^=/;
 614                    push(@lines,$_);
 615                }
 616                # massage back into standard format
 617                if ("@lines" =~ /=/) {
 618                    $query_string=join("&",@lines);
 619                } else {
 620                    $query_string=join("+",@lines);
 621                }
 622                last METHOD;
 623            }
 624  
 625        # last chance -- treat it as a string
 626        $initializer = $$initializer if ref($initializer) eq 'SCALAR';
 627        $query_string = $initializer;
 628  
 629        last METHOD;
 630        }
 631  
 632        # If method is GET or HEAD, fetch the query from
 633        # the environment.
 634        if ($is_xforms || $meth=~/^(GET|HEAD)$/) {
 635        if ($MOD_PERL) {
 636          $query_string = $self->r->args;
 637        } else {
 638            $query_string = $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
 639            $query_string ||= $ENV{'REDIRECT_QUERY_STRING'} if defined $ENV{'REDIRECT_QUERY_STRING'};
 640        }
 641        last METHOD;
 642        }
 643  
 644        if ($meth eq 'POST') {
 645        $self->read_from_client(\$query_string,$content_length,0)
 646            if $content_length > 0;
 647        # Some people want to have their cake and eat it too!
 648        # Uncomment this line to have the contents of the query string
 649        # APPENDED to the POST data.
 650        # $query_string .= (length($query_string) ? '&' : '') . $ENV{'QUERY_STRING'} if defined $ENV{'QUERY_STRING'};
 651        last METHOD;
 652        }
 653  
 654        # If $meth is not of GET, POST or HEAD, assume we're being debugged offline.
 655        # Check the command line and then the standard input for data.
 656        # We use the shellwords package in order to behave the way that
 657        # UN*X programmers expect.
 658        if ($DEBUG)
 659        {
 660            my $cmdline_ret = read_from_cmdline();
 661            $query_string = $cmdline_ret->{'query_string'};
 662            if (defined($cmdline_ret->{'subpath'}))
 663            {
 664                $self->path_info($cmdline_ret->{'subpath'});
 665            }
 666        }
 667    }
 668  
 669  # YL: Begin Change for XML handler 10/19/2001
 670      if (!$is_xforms && $meth eq 'POST'
 671          && defined($ENV{'CONTENT_TYPE'})
 672          && $ENV{'CONTENT_TYPE'} !~ m|^application/x-www-form-urlencoded|
 673      && $ENV{'CONTENT_TYPE'} !~ m|^multipart/form-data| ) {
 674          my($param) = 'POSTDATA' ;
 675          $self->add_parameter($param) ;
 676        push (@{$self->{$param}},$query_string);
 677        undef $query_string ;
 678      }
 679  # YL: End Change for XML handler 10/19/2001
 680  
 681      # We now have the query string in hand.  We do slightly
 682      # different things for keyword lists and parameter lists.
 683      if (defined $query_string && length $query_string) {
 684      if ($query_string =~ /[&=;]/) {
 685          $self->parse_params($query_string);
 686      } else {
 687          $self->add_parameter('keywords');
 688          $self->{'keywords'} = [$self->parse_keywordlist($query_string)];
 689      }
 690      }
 691  
 692      # Special case.  Erase everything if there is a field named
 693      # .defaults.
 694      if ($self->param('.defaults')) {
 695        $self->delete_all();
 696      }
 697  
 698      # Associative array containing our defined fieldnames
 699      $self->{'.fieldnames'} = {};
 700      foreach ($self->param('.cgifields')) {
 701      $self->{'.fieldnames'}->{$_}++;
 702      }
 703      
 704      # Clear out our default submission button flag if present
 705      $self->delete('.submit');
 706      $self->delete('.cgifields');
 707  
 708      $self->save_request unless defined $initializer;
 709  }
 710  
 711  # FUNCTIONS TO OVERRIDE:
 712  # Turn a string into a filehandle
 713  sub to_filehandle {
 714      my $thingy = shift;
 715      return undef unless $thingy;
 716      return $thingy if UNIVERSAL::isa($thingy,'GLOB');
 717      return $thingy if UNIVERSAL::isa($thingy,'FileHandle');
 718      if (!ref($thingy)) {
 719      my $caller = 1;
 720      while (my $package = caller($caller++)) {
 721          my($tmp) = $thingy=~/[\':]/ ? $thingy : "$package\:\:$thingy"; 
 722          return $tmp if defined(fileno($tmp));
 723      }
 724      }
 725      return undef;
 726  }
 727  
 728  # send output to the browser
 729  sub put {
 730      my($self,@p) = self_or_default(@_);
 731      $self->print(@p);
 732  }
 733  
 734  # print to standard output (for overriding in mod_perl)
 735  sub print {
 736      shift;
 737      CORE::print(@_);
 738  }
 739  
 740  # get/set last cgi_error
 741  sub cgi_error {
 742      my ($self,$err) = self_or_default(@_);
 743      $self->{'.cgi_error'} = $err if defined $err;
 744      return $self->{'.cgi_error'};
 745  }
 746  
 747  sub save_request {
 748      my($self) = @_;
 749      # We're going to play with the package globals now so that if we get called
 750      # again, we initialize ourselves in exactly the same way.  This allows
 751      # us to have several of these objects.
 752      @QUERY_PARAM = $self->param; # save list of parameters
 753      foreach (@QUERY_PARAM) {
 754        next unless defined $_;
 755        $QUERY_PARAM{$_}=$self->{$_};
 756      }
 757      $QUERY_CHARSET = $self->charset;
 758      %QUERY_FIELDNAMES = %{$self->{'.fieldnames'}};
 759      %QUERY_TMPFILES   = %{ $self->{'.tmpfiles'} || {} };
 760  }
 761  
 762  sub parse_params {
 763      my($self,$tosplit) = @_;
 764      my(@pairs) = split(/[&;]/,$tosplit);
 765      my($param,$value);
 766      foreach (@pairs) {
 767      ($param,$value) = split('=',$_,2);
 768      next unless defined $param;
 769      next if $NO_UNDEF_PARAMS and not defined $value;
 770      $value = '' unless defined $value;
 771      $param = unescape($param);
 772      $value = unescape($value);
 773      $self->add_parameter($param);
 774      push (@{$self->{$param}},$value);
 775      }
 776  }
 777  
 778  sub add_parameter {
 779      my($self,$param)=@_;
 780      return unless defined $param;
 781      push (@{$self->{'.parameters'}},$param) 
 782      unless defined($self->{$param});
 783  }
 784  
 785  sub all_parameters {
 786      my $self = shift;
 787      return () unless defined($self) && $self->{'.parameters'};
 788      return () unless @{$self->{'.parameters'}};
 789      return @{$self->{'.parameters'}};
 790  }
 791  
 792  # put a filehandle into binary mode (DOS)
 793  sub binmode {
 794      return unless defined($_[1]) && defined fileno($_[1]);
 795      CORE::binmode($_[1]);
 796  }
 797  
 798  sub _make_tag_func {
 799      my ($self,$tagname) = @_;
 800      my $func = qq(
 801      sub $tagname {
 802           my (\$q,\$a,\@rest) = self_or_default(\@_);
 803           my(\$attr) = '';
 804       if (ref(\$a) && ref(\$a) eq 'HASH') {
 805          my(\@attr) = make_attributes(\$a,\$q->{'escape'});
 806          \$attr = " \@attr" if \@attr;
 807        } else {
 808          unshift \@rest,\$a if defined \$a;
 809        }
 810      );
 811      if ($tagname=~/start_(\w+)/i) {
 812      $func .= qq! return "<\L$1\E\$attr>";} !;
 813      } elsif ($tagname=~/end_(\w+)/i) {
 814      $func .= qq! return "<\L/$1\E>"; } !;
 815      } else {
 816      $func .= qq#
 817          return \$XHTML ? "\L<$tagname\E\$attr />" : "\L<$tagname\E\$attr>" unless \@rest;
 818          my(\$tag,\$untag) = ("\L<$tagname\E\$attr>","\L</$tagname>\E");
 819          my \@result = map { "\$tag\$_\$untag" } 
 820                                (ref(\$rest[0]) eq 'ARRAY') ? \@{\$rest[0]} : "\@rest";
 821          return "\@result";
 822              }#;
 823      }
 824  return $func;
 825  }
 826  
 827  sub AUTOLOAD {
 828      print STDERR "CGI::AUTOLOAD for $AUTOLOAD\n" if $CGI::AUTOLOAD_DEBUG;
 829      my $func = &_compile;
 830      goto &$func;
 831  }
 832  
 833  sub _compile {
 834      my($func) = $AUTOLOAD;
 835      my($pack,$func_name);
 836      {
 837      local($1,$2); # this fixes an obscure variable suicide problem.
 838      $func=~/(.+)::([^:]+)$/;
 839      ($pack,$func_name) = ($1,$2);
 840      $pack=~s/::SUPER$//;    # fix another obscure problem
 841      $pack = ${"$pack\:\:AutoloadClass"} || $CGI::DefaultClass
 842          unless defined(${"$pack\:\:AUTOLOADED_ROUTINES"});
 843  
 844          my($sub) = \%{"$pack\:\:SUBS"};
 845          unless (%$sub) {
 846         my($auto) = \${"$pack\:\:AUTOLOADED_ROUTINES"};
 847         local ($@,$!);
 848         eval "package $pack; $$auto";
 849         croak("$AUTOLOAD: $@") if $@;
 850             $$auto = '';  # Free the unneeded storage (but don't undef it!!!)
 851         }
 852         my($code) = $sub->{$func_name};
 853  
 854         $code = "sub $AUTOLOAD { }" if (!$code and $func_name eq 'DESTROY');
 855         if (!$code) {
 856         (my $base = $func_name) =~ s/^(start_|end_)//i;
 857         if ($EXPORT{':any'} || 
 858             $EXPORT{'-any'} ||
 859             $EXPORT{$base} || 
 860             (%EXPORT_OK || grep(++$EXPORT_OK{$_},&expand_tags(':html')))
 861                 && $EXPORT_OK{$base}) {
 862             $code = $CGI::DefaultClass->_make_tag_func($func_name);
 863         }
 864         }
 865         croak("Undefined subroutine $AUTOLOAD\n") unless $code;
 866         local ($@,$!);
 867         eval "package $pack; $code";
 868         if ($@) {
 869         $@ =~ s/ at .*\n//;
 870         croak("$AUTOLOAD: $@");
 871         }
 872      }       
 873      CORE::delete($sub->{$func_name});  #free storage
 874      return "$pack\:\:$func_name";
 875  }
 876  
 877  sub _selected {
 878    my $self = shift;
 879    my $value = shift;
 880    return '' unless $value;
 881    return $XHTML ? qq(selected="selected" ) : qq(selected );
 882  }
 883  
 884  sub _checked {
 885    my $self = shift;
 886    my $value = shift;
 887    return '' unless $value;
 888    return $XHTML ? qq(checked="checked" ) : qq(checked );
 889  }
 890  
 891  sub _reset_globals { initialize_globals(); }
 892  
 893  sub _setup_symbols {
 894      my $self = shift;
 895      my $compile = 0;
 896  
 897      # to avoid reexporting unwanted variables
 898      undef %EXPORT;
 899  
 900      foreach (@_) {
 901      $HEADERS_ONCE++,         next if /^[:-]unique_headers$/;
 902      $NPH++,                  next if /^[:-]nph$/;
 903      $NOSTICKY++,             next if /^[:-]nosticky$/;
 904      $DEBUG=0,                next if /^[:-]no_?[Dd]ebug$/;
 905      $DEBUG=2,                next if /^[:-][Dd]ebug$/;
 906      $USE_PARAM_SEMICOLONS++, next if /^[:-]newstyle_urls$/;
 907      $XHTML++,                next if /^[:-]xhtml$/;
 908      $XHTML=0,                next if /^[:-]no_?xhtml$/;
 909      $USE_PARAM_SEMICOLONS=0, next if /^[:-]oldstyle_urls$/;
 910      $PRIVATE_TEMPFILES++,    next if /^[:-]private_tempfiles$/;
 911      $TABINDEX++,             next if /^[:-]tabindex$/;
 912      $CLOSE_UPLOAD_FILES++,   next if /^[:-]close_upload_files$/;
 913      $EXPORT{$_}++,           next if /^[:-]any$/;
 914      $compile++,              next if /^[:-]compile$/;
 915      $NO_UNDEF_PARAMS++,      next if /^[:-]no_undef_params$/;
 916      
 917      # This is probably extremely evil code -- to be deleted some day.
 918      if (/^[-]autoload$/) {
 919          my($pkg) = caller(1);
 920          *{"$pkg}::AUTOLOAD"} = sub { 
 921          my($routine) = $AUTOLOAD;
 922          $routine =~ s/^.*::/CGI::/;
 923          &$routine;
 924          };
 925          next;
 926      }
 927  
 928      foreach (&expand_tags($_)) {
 929          tr/a-zA-Z0-9_//cd;  # don't allow weird function names
 930          $EXPORT{$_}++;
 931      }
 932      }
 933      _compile_all(keys %EXPORT) if $compile;
 934      @SAVED_SYMBOLS = @_;
 935  }
 936  
 937  sub charset {
 938    my ($self,$charset) = self_or_default(@_);
 939    $self->{'.charset'} = $charset if defined $charset;
 940    $self->{'.charset'};
 941  }
 942  
 943  sub element_id {
 944    my ($self,$new_value) = self_or_default(@_);
 945    $self->{'.elid'} = $new_value if defined $new_value;
 946    sprintf('%010d',$self->{'.elid'}++);
 947  }
 948  
 949  sub element_tab {
 950    my ($self,$new_value) = self_or_default(@_);
 951    $self->{'.etab'} ||= 1;
 952    $self->{'.etab'} = $new_value if defined $new_value;
 953    my $tab = $self->{'.etab'}++;
 954    return '' unless $TABINDEX or defined $new_value;
 955    return qq(tabindex="$tab" );
 956  }
 957  
 958  ###############################################################################
 959  ################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
 960  ###############################################################################
 961  $AUTOLOADED_ROUTINES = '';      # get rid of -w warning
 962  $AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
 963  
 964  %SUBS = (
 965  
 966  'URL_ENCODED'=> <<'END_OF_FUNC',
 967  sub URL_ENCODED { 'application/x-www-form-urlencoded'; }
 968  END_OF_FUNC
 969  
 970  'MULTIPART' => <<'END_OF_FUNC',
 971  sub MULTIPART {  'multipart/form-data'; }
 972  END_OF_FUNC
 973  
 974  'SERVER_PUSH' => <<'END_OF_FUNC',
 975  sub SERVER_PUSH { 'multipart/x-mixed-replace;boundary="' . shift() . '"'; }
 976  END_OF_FUNC
 977  
 978  'new_MultipartBuffer' => <<'END_OF_FUNC',
 979  # Create a new multipart buffer
 980  sub new_MultipartBuffer {
 981      my($self,$boundary,$length) = @_;
 982      return MultipartBuffer->new($self,$boundary,$length);
 983  }
 984  END_OF_FUNC
 985  
 986  'read_from_client' => <<'END_OF_FUNC',
 987  # Read data from a file handle
 988  sub read_from_client {
 989      my($self, $buff, $len, $offset) = @_;
 990      local $^W=0;                # prevent a warning
 991      return $MOD_PERL
 992          ? $self->r->read($$buff, $len, $offset)
 993          : read(\*STDIN, $$buff, $len, $offset);
 994  }
 995  END_OF_FUNC
 996  
 997  'delete' => <<'END_OF_FUNC',
 998  #### Method: delete
 999  # Deletes the named parameter entirely.
1000  ####
1001  sub delete {
1002      my($self,@p) = self_or_default(@_);
1003      my(@names) = rearrange([NAME],@p);
1004      my @to_delete = ref($names[0]) eq 'ARRAY' ? @$names[0] : @names;
1005      my %to_delete;
1006      foreach my $name (@to_delete)
1007      {
1008          CORE::delete $self->{$name};
1009          CORE::delete $self->{'.fieldnames'}->{$name};
1010          $to_delete{$name}++;
1011      }
1012      @{$self->{'.parameters'}}=grep { !exists($to_delete{$_}) } $self->param();
1013      return;
1014  }
1015  END_OF_FUNC
1016  
1017  #### Method: import_names
1018  # Import all parameters into the given namespace.
1019  # Assumes namespace 'Q' if not specified
1020  ####
1021  'import_names' => <<'END_OF_FUNC',
1022  sub import_names {
1023      my($self,$namespace,$delete) = self_or_default(@_);
1024      $namespace = 'Q' unless defined($namespace);
1025      die "Can't import names into \"main\"\n" if \%{"$namespace}::"} == \%::;
1026      if ($delete || $MOD_PERL || exists $ENV{'FCGI_ROLE'}) {
1027      # can anyone find an easier way to do this?
1028      foreach (keys %{"$namespace}::"}) {
1029          local *symbol = "$namespace}::$_}";
1030          undef $symbol;
1031          undef @symbol;
1032          undef %symbol;
1033      }
1034      }
1035      my($param,@value,$var);
1036      foreach $param ($self->param) {
1037      # protect against silly names
1038      ($var = $param)=~tr/a-zA-Z0-9_/_/c;
1039      $var =~ s/^(?=\d)/_/;
1040      local *symbol = "$namespace}::$var";
1041      @value = $self->param($param);
1042      @symbol = @value;
1043      $symbol = $value[0];
1044      }
1045  }
1046  END_OF_FUNC
1047  
1048  #### Method: keywords
1049  # Keywords acts a bit differently.  Calling it in a list context
1050  # returns the list of keywords.  
1051  # Calling it in a scalar context gives you the size of the list.
1052  ####
1053  'keywords' => <<'END_OF_FUNC',
1054  sub keywords {
1055      my($self,@values) = self_or_default(@_);
1056      # If values is provided, then we set it.
1057      $self->{'keywords'}=[@values] if @values;
1058      my(@result) = defined($self->{'keywords'}) ? @{$self->{'keywords'}} : ();
1059      @result;
1060  }
1061  END_OF_FUNC
1062  
1063  # These are some tie() interfaces for compatibility
1064  # with Steve Brenner's cgi-lib.pl routines
1065  'Vars' => <<'END_OF_FUNC',
1066  sub Vars {
1067      my $q = shift;
1068      my %in;
1069      tie(%in,CGI,$q);
1070      return %in if wantarray;
1071      return \%in;
1072  }
1073  END_OF_FUNC
1074  
1075  # These are some tie() interfaces for compatibility
1076  # with Steve Brenner's cgi-lib.pl routines
1077  'ReadParse' => <<'END_OF_FUNC',
1078  sub ReadParse {
1079      local(*in);
1080      if (@_) {
1081      *in = $_[0];
1082      } else {
1083      my $pkg = caller();
1084      *in=*{"$pkg}::in"};
1085      }
1086      tie(%in,CGI);
1087      return scalar(keys %in);
1088  }
1089  END_OF_FUNC
1090  
1091  'PrintHeader' => <<'END_OF_FUNC',
1092  sub PrintHeader {
1093      my($self) = self_or_default(@_);
1094      return $self->header();
1095  }
1096  END_OF_FUNC
1097  
1098  'HtmlTop' => <<'END_OF_FUNC',
1099  sub HtmlTop {
1100      my($self,@p) = self_or_default(@_);
1101      return $self->start_html(@p);
1102  }
1103  END_OF_FUNC
1104  
1105  'HtmlBot' => <<'END_OF_FUNC',
1106  sub HtmlBot {
1107      my($self,@p) = self_or_default(@_);
1108      return $self->end_html(@p);
1109  }
1110  END_OF_FUNC
1111  
1112  'SplitParam' => <<'END_OF_FUNC',
1113  sub SplitParam {
1114      my ($param) = @_;
1115      my (@params) = split ("\0", $param);
1116      return (wantarray ? @params : $params[0]);
1117  }
1118  END_OF_FUNC
1119  
1120  'MethGet' => <<'END_OF_FUNC',
1121  sub MethGet {
1122      return request_method() eq 'GET';
1123  }
1124  END_OF_FUNC
1125  
1126  'MethPost' => <<'END_OF_FUNC',
1127  sub MethPost {
1128      return request_method() eq 'POST';
1129  }
1130  END_OF_FUNC
1131  
1132  'TIEHASH' => <<'END_OF_FUNC',
1133  sub TIEHASH {
1134      my $class = shift;
1135      my $arg   = $_[0];
1136      if (ref($arg) && UNIVERSAL::isa($arg,'CGI')) {
1137         return $arg;
1138      }
1139      return $Q ||= $class->new(@_);
1140  }
1141  END_OF_FUNC
1142  
1143  'STORE' => <<'END_OF_FUNC',
1144  sub STORE {
1145      my $self = shift;
1146      my $tag  = shift;
1147      my $vals = shift;
1148      my @vals = index($vals,"\0")!=-1 ? split("\0",$vals) : $vals;
1149      $self->param(-name=>$tag,-value=>\@vals);
1150  }
1151  END_OF_FUNC
1152  
1153  'FETCH' => <<'END_OF_FUNC',
1154  sub FETCH {
1155      return $_[0] if $_[1] eq 'CGI';
1156      return undef unless defined $_[0]->param($_[1]);
1157      return join("\0",$_[0]->param($_[1]));
1158  }
1159  END_OF_FUNC
1160  
1161  'FIRSTKEY' => <<'END_OF_FUNC',
1162  sub FIRSTKEY {
1163      $_[0]->{'.iterator'}=0;
1164      $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++];
1165  }
1166  END_OF_FUNC
1167  
1168  'NEXTKEY' => <<'END_OF_FUNC',
1169  sub NEXTKEY {
1170      $_[0]->{'.parameters'}->[$_[0]->{'.iterator'}++];
1171  }
1172  END_OF_FUNC
1173  
1174  'EXISTS' => <<'END_OF_FUNC',
1175  sub EXISTS {
1176      exists $_[0]->{$_[1]};
1177  }
1178  END_OF_FUNC
1179  
1180  'DELETE' => <<'END_OF_FUNC',
1181  sub DELETE {
1182      $_[0]->delete($_[1]);
1183  }
1184  END_OF_FUNC
1185  
1186  'CLEAR' => <<'END_OF_FUNC',
1187  sub CLEAR {
1188      %{$_[0]}=();
1189  }
1190  ####
1191  END_OF_FUNC
1192  
1193  ####
1194  # Append a new value to an existing query
1195  ####
1196  'append' => <<'EOF',
1197  sub append {
1198      my($self,@p) = self_or_default(@_);
1199      my($name,$value) = rearrange([NAME,[VALUE,VALUES]],@p);
1200      my(@values) = defined($value) ? (ref($value) ? @{$value} : $value) : ();
1201      if (@values) {
1202      $self->add_parameter($name);
1203      push(@{$self->{$name}},@values);
1204      }
1205      return $self->param($name);
1206  }
1207  EOF
1208  
1209  #### Method: delete_all
1210  # Delete all parameters
1211  ####
1212  'delete_all' => <<'EOF',
1213  sub delete_all {
1214      my($self) = self_or_default(@_);
1215      my @param = $self->param();
1216      $self->delete(@param);
1217  }
1218  EOF
1219  
1220  'Delete' => <<'EOF',
1221  sub Delete {
1222      my($self,@p) = self_or_default(@_);
1223      $self->delete(@p);
1224  }
1225  EOF
1226  
1227  'Delete_all' => <<'EOF',
1228  sub Delete_all {
1229      my($self,@p) = self_or_default(@_);
1230      $self->delete_all(@p);
1231  }
1232  EOF
1233  
1234  #### Method: autoescape
1235  # If you want to turn off the autoescaping features,
1236  # call this method with undef as the argument
1237  'autoEscape' => <<'END_OF_FUNC',
1238  sub autoEscape {
1239      my($self,$escape) = self_or_default(@_);
1240      my $d = $self->{'escape'};
1241      $self->{'escape'} = $escape;
1242      $d;
1243  }
1244  END_OF_FUNC
1245  
1246  
1247  #### Method: version
1248  # Return the current version
1249  ####
1250  'version' => <<'END_OF_FUNC',
1251  sub version {
1252      return $VERSION;
1253  }
1254  END_OF_FUNC
1255  
1256  #### Method: url_param
1257  # Return a parameter in the QUERY_STRING, regardless of
1258  # whether this was a POST or a GET
1259  ####
1260  'url_param' => <<'END_OF_FUNC',
1261  sub url_param {
1262      my ($self,@p) = self_or_default(@_);
1263      my $name = shift(@p);
1264      return undef unless exists($ENV{QUERY_STRING});
1265      unless (exists($self->{'.url_param'})) {
1266      $self->{'.url_param'}={}; # empty hash
1267      if ($ENV{QUERY_STRING} =~ /=/) {
1268          my(@pairs) = split(/[&;]/,$ENV{QUERY_STRING});
1269          my($param,$value);
1270          foreach (@pairs) {
1271          ($param,$value) = split('=',$_,2);
1272          $param = unescape($param);
1273          $value = unescape($value);
1274          push(@{$self->{'.url_param'}->{$param}},$value);
1275          }
1276      } else {
1277          $self->{'.url_param'}->{'keywords'} = [$self->parse_keywordlist($ENV{QUERY_STRING})];
1278      }
1279      }
1280      return keys %{$self->{'.url_param'}} unless defined($name);
1281      return () unless $self->{'.url_param'}->{$name};
1282      return wantarray ? @{$self->{'.url_param'}->{$name}}
1283                       : $self->{'.url_param'}->{$name}->[0];
1284  }
1285  END_OF_FUNC
1286  
1287  #### Method: Dump
1288  # Returns a string in which all the known parameter/value 
1289  # pairs are represented as nested lists, mainly for the purposes 
1290  # of debugging.
1291  ####
1292  'Dump' => <<'END_OF_FUNC',
1293  sub Dump {
1294      my($self) = self_or_default(@_);
1295      my($param,$value,@result);
1296      return '<ul></ul>' unless $self->param;
1297      push(@result,"<ul>");
1298      foreach $param ($self->param) {
1299      my($name)=$self->escapeHTML($param);
1300      push(@result,"<li><strong>$param</strong></li>");
1301      push(@result,"<ul>");
1302      foreach $value ($self->param($param)) {
1303          $value = $self->escapeHTML($value);
1304              $value =~ s/\n/<br \/>\n/g;
1305          push(@result,"<li>$value</li>");
1306      }
1307      push(@result,"</ul>");
1308      }
1309      push(@result,"</ul>");
1310      return join("\n",@result);
1311  }
1312  END_OF_FUNC
1313  
1314  #### Method as_string
1315  #
1316  # synonym for "dump"
1317  ####
1318  'as_string' => <<'END_OF_FUNC',
1319  sub as_string {
1320      &Dump(@_);
1321  }
1322  END_OF_FUNC
1323  
1324  #### Method: save
1325  # Write values out to a filehandle in such a way that they can
1326  # be reinitialized by the filehandle form of the new() method
1327  ####
1328  'save' => <<'END_OF_FUNC',
1329  sub save {
1330      my($self,$filehandle) = self_or_default(@_);
1331      $filehandle = to_filehandle($filehandle);
1332      my($param);
1333      local($,) = '';  # set print field separator back to a sane value
1334      local($\) = '';  # set output line separator to a sane value
1335      foreach $param ($self->param) {
1336      my($escaped_param) = escape($param);
1337      my($value);
1338      foreach $value ($self->param($param)) {
1339          print $filehandle "$escaped_param=",escape("$value"),"\n";
1340      }
1341      }
1342      foreach (keys %{$self->{'.fieldnames'}}) {
1343            print $filehandle ".cgifields=",escape("$_"),"\n";
1344      }
1345      print $filehandle "=\n";    # end of record
1346  }
1347  END_OF_FUNC
1348  
1349  
1350  #### Method: save_parameters
1351  # An alias for save() that is a better name for exportation.
1352  # Only intended to be used with the function (non-OO) interface.
1353  ####
1354  'save_parameters' => <<'END_OF_FUNC',
1355  sub save_parameters {
1356      my $fh = shift;
1357      return save(to_filehandle($fh));
1358  }
1359  END_OF_FUNC
1360  
1361  #### Method: restore_parameters
1362  # A way to restore CGI parameters from an initializer.
1363  # Only intended to be used with the function (non-OO) interface.
1364  ####
1365  'restore_parameters' => <<'END_OF_FUNC',
1366  sub restore_parameters {
1367      $Q = $CGI::DefaultClass->new(@_);
1368  }
1369  END_OF_FUNC
1370  
1371  #### Method: multipart_init
1372  # Return a Content-Type: style header for server-push
1373  # This has to be NPH on most web servers, and it is advisable to set $| = 1
1374  #
1375  # Many thanks to Ed Jordan <ed@fidalgo.net> for this
1376  # contribution, updated by Andrew Benham (adsb@bigfoot.com)
1377  ####
1378  'multipart_init' => <<'END_OF_FUNC',
1379  sub multipart_init {
1380      my($self,@p) = self_or_default(@_);
1381      my($boundary,@other) = rearrange([BOUNDARY],@p);
1382      $boundary = $boundary || '------- =_aaaaaaaaaa0';
1383      $self->{'separator'} = "$CRLF--$boundary$CRLF";
1384      $self->{'final_separator'} = "$CRLF--$boundary--$CRLF";
1385      $type = SERVER_PUSH($boundary);
1386      return $self->header(
1387      -nph => 0,
1388      -type => $type,
1389      (map { split "=", $_, 2 } @other),
1390      ) . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $self->multipart_end;
1391  }
1392  END_OF_FUNC
1393  
1394  
1395  #### Method: multipart_start
1396  # Return a Content-Type: style header for server-push, start of section
1397  #
1398  # Many thanks to Ed Jordan <ed@fidalgo.net> for this
1399  # contribution, updated by Andrew Benham (adsb@bigfoot.com)
1400  ####
1401  'multipart_start' => <<'END_OF_FUNC',
1402  sub multipart_start {
1403      my(@header);
1404      my($self,@p) = self_or_default(@_);
1405      my($type,@other) = rearrange([TYPE],@p);
1406      $type = $type || 'text/html';
1407      push(@header,"Content-Type: $type");
1408  
1409      # rearrange() was designed for the HTML portion, so we
1410      # need to fix it up a little.
1411      foreach (@other) {
1412          # Don't use \s because of perl bug 21951
1413          next unless my($header,$value) = /([^ \r\n\t=]+)=\"?(.+?)\"?$/;
1414      ($_ = $header) =~ s/^(\w)(.*)/$1 . lc ($2) . ': '.$self->unescapeHTML($value)/e;
1415      }
1416      push(@header,@other);
1417      my $header = join($CRLF,@header)."$CRLF}$CRLF}";
1418      return $header;
1419  }
1420  END_OF_FUNC
1421  
1422  
1423  #### Method: multipart_end
1424  # Return a MIME boundary separator for server-push, end of section
1425  #
1426  # Many thanks to Ed Jordan <ed@fidalgo.net> for this
1427  # contribution
1428  ####
1429  'multipart_end' => <<'END_OF_FUNC',
1430  sub multipart_end {
1431      my($self,@p) = self_or_default(@_);
1432      return $self->{'separator'};
1433  }
1434  END_OF_FUNC
1435  
1436  
1437  #### Method: multipart_final
1438  # Return a MIME boundary separator for server-push, end of all sections
1439  #
1440  # Contributed by Andrew Benham (adsb@bigfoot.com)
1441  ####
1442  'multipart_final' => <<'END_OF_FUNC',
1443  sub multipart_final {
1444      my($self,@p) = self_or_default(@_);
1445      return $self->{'final_separator'} . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $CRLF;
1446  }
1447  END_OF_FUNC
1448  
1449  
1450  #### Method: header
1451  # Return a Content-Type: style header
1452  #
1453  ####
1454  'header' => <<'END_OF_FUNC',
1455  sub header {
1456      my($self,@p) = self_or_default(@_);
1457      my(@header);
1458  
1459      return "" if $self->{'.header_printed'}++ and $HEADERS_ONCE;
1460  
1461      my($type,$status,$cookie,$target,$expires,$nph,$charset,$attachment,$p3p,@other) = 
1462      rearrange([['TYPE','CONTENT_TYPE','CONTENT-TYPE'],
1463                  'STATUS',['COOKIE','COOKIES'],'TARGET',
1464                              'EXPIRES','NPH','CHARSET',
1465                              'ATTACHMENT','P3P'],@p);
1466  
1467      $nph     ||= $NPH;
1468  
1469      $type ||= 'text/html' unless defined($type);
1470  
1471      if (defined $charset) {
1472        $self->charset($charset);
1473      } else {
1474        $charset = $self->charset if $type =~ /^text\//;
1475      }
1476     $charset ||= '';
1477  
1478      # rearrange() was designed for the HTML portion, so we
1479      # need to fix it up a little.
1480      foreach (@other) {
1481          # Don't use \s because of perl bug 21951
1482          next unless my($header,$value) = /([^ \r\n\t=]+)=\"?(.+?)\"?$/;
1483          ($_ = $header) =~ s/^(\w)(.*)/"\u$1\L$2" . ': '.$self->unescapeHTML($value)/e;
1484      }
1485  
1486      $type .= "; charset=$charset"
1487        if     $type ne ''
1488           and $type !~ /\bcharset\b/
1489           and defined $charset
1490           and $charset ne '';
1491  
1492      # Maybe future compatibility.  Maybe not.
1493      my $protocol = $ENV{SERVER_PROTOCOL} || 'HTTP/1.0';
1494      push(@header,$protocol . ' ' . ($status || '200 OK')) if $nph;
1495      push(@header,"Server: " . &server_software()) if $nph;
1496  
1497      push(@header,"Status: $status") if $status;
1498      push(@header,"Window-Target: $target") if $target;
1499      if ($p3p) {
1500         $p3p = join ' ',@$p3p if ref($p3p) eq 'ARRAY';
1501         push(@header,qq(P3P: policyref="/w3c/p3p.xml", CP="$p3p"));
1502      }
1503      # push all the cookies -- there may be several
1504      if ($cookie) {
1505      my(@cookie) = ref($cookie) && ref($cookie) eq 'ARRAY' ? @{$cookie} : $cookie;
1506      foreach (@cookie) {
1507              my $cs = UNIVERSAL::isa($_,'CGI::Cookie') ? $_->as_string : $_;
1508          push(@header,"Set-Cookie: $cs") if $cs ne '';
1509      }
1510      }
1511      # if the user indicates an expiration time, then we need
1512      # both an Expires and a Date header (so that the browser is
1513      # uses OUR clock)
1514      push(@header,"Expires: " . expires($expires,'http'))
1515      if $expires;
1516      push(@header,"Date: " . expires(0,'http')) if $expires || $cookie || $nph;
1517      push(@header,"Pragma: no-cache") if $self->cache();
1518      push(@header,"Content-Disposition: attachment; filename=\"$attachment\"") if $attachment;
1519      push(@header,map {ucfirst $_} @other);
1520      push(@header,"Content-Type: $type") if $type ne '';
1521      my $header = join($CRLF,@header)."$CRLF}$CRLF}";
1522      if ($MOD_PERL and not $nph) {
1523          $self->r->send_cgi_header($header);
1524          return '';
1525      }
1526      return $header;
1527  }
1528  END_OF_FUNC
1529  
1530  
1531  #### Method: cache
1532  # Control whether header() will produce the no-cache
1533  # Pragma directive.
1534  ####
1535  'cache' => <<'END_OF_FUNC',
1536  sub cache {
1537      my($self,$new_value) = self_or_default(@_);
1538      $new_value = '' unless $new_value;
1539      if ($new_value ne '') {
1540      $self->{'cache'} = $new_value;
1541      }
1542      return $self->{'cache'};
1543  }
1544  END_OF_FUNC
1545  
1546  
1547  #### Method: redirect
1548  # Return a Location: style header
1549  #
1550  ####
1551  'redirect' => <<'END_OF_FUNC',
1552  sub redirect {
1553      my($self,@p) = self_or_default(@_);
1554      my($url,$target,$status,$cookie,$nph,@other) = 
1555           rearrange([[LOCATION,URI,URL],TARGET,STATUS,['COOKIE','COOKIES'],NPH],@p);
1556      $status = '302 Found' unless defined $status;
1557      $url ||= $self->self_url;
1558      my(@o);
1559      foreach (@other) { tr/\"//d; push(@o,split("=",$_,2)); }
1560      unshift(@o,
1561       '-Status'  => $status,
1562       '-Location'=> $url,
1563       '-nph'     => $nph);
1564      unshift(@o,'-Target'=>$target) if $target;
1565      unshift(@o,'-Type'=>'');
1566      my @unescaped;
1567      unshift(@unescaped,'-Cookie'=>$cookie) if $cookie;
1568      return $self->header((map {$self->unescapeHTML($_)} @o),@unescaped);
1569  }
1570  END_OF_FUNC
1571  
1572  
1573  #### Method: start_html
1574  # Canned HTML header
1575  #
1576  # Parameters:
1577  # $title -> (optional) The title for this HTML document (-title)
1578  # $author -> (optional) e-mail address of the author (-author)
1579  # $base -> (optional) if set to true, will enter the BASE address of this document
1580  #          for resolving relative references (-base) 
1581  # $xbase -> (optional) alternative base at some remote location (-xbase)
1582  # $target -> (optional) target window to load all links into (-target)
1583  # $script -> (option) Javascript code (-script)
1584  # $no_script -> (option) Javascript <noscript> tag (-noscript)
1585  # $meta -> (optional) Meta information tags
1586  # $head -> (optional) any other elements you'd like to incorporate into the <head> tag
1587  #           (a scalar or array ref)
1588  # $style -> (optional) reference to an external style sheet
1589  # @other -> (optional) any other named parameters you'd like to incorporate into
1590  #           the <body> tag.
1591  ####
1592  'start_html' => <<'END_OF_FUNC',
1593  sub start_html {
1594      my($self,@p) = &self_or_default(@_);
1595      my($title,$author,$base,$xbase,$script,$noscript,
1596          $target,$meta,$head,$style,$dtd,$lang,$encoding,$declare_xml,@other) = 
1597      rearrange([TITLE,AUTHOR,BASE,XBASE,SCRIPT,NOSCRIPT,TARGET,
1598                     META,HEAD,STYLE,DTD,LANG,ENCODING,DECLARE_XML],@p);
1599  
1600      $self->element_id(0);
1601      $self->element_tab(0);
1602  
1603      $encoding = lc($self->charset) unless defined $encoding;
1604  
1605      # Need to sort out the DTD before it's okay to call escapeHTML().
1606      my(@result,$xml_dtd);
1607      if ($dtd) {
1608          if (defined(ref($dtd)) and (ref($dtd) eq 'ARRAY')) {
1609              $dtd = $DEFAULT_DTD unless $dtd->[0] =~ m|^-//|;
1610          } else {
1611              $dtd = $DEFAULT_DTD unless $dtd =~ m|^-//|;
1612          }
1613      } else {
1614          $dtd = $XHTML ? XHTML_DTD : $DEFAULT_DTD;
1615      }
1616  
1617      $xml_dtd++ if ref($dtd) eq 'ARRAY' && $dtd->[0] =~ /\bXHTML\b/i;
1618      $xml_dtd++ if ref($dtd) eq '' && $dtd =~ /\bXHTML\b/i;
1619      push @result,qq(<?xml version="1.0" encoding="$encoding"?>) if $xml_dtd && $declare_xml;
1620  
1621      if (ref($dtd) && ref($dtd) eq 'ARRAY') {
1622          push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd->[0]"\n\t "$dtd->[1]">));
1623      $DTD_PUBLIC_IDENTIFIER = $dtd->[0];
1624      } else {
1625          push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd">));
1626      $DTD_PUBLIC_IDENTIFIER = $dtd;
1627      }
1628  
1629      # Now that we know whether we're using the HTML 3.2 DTD or not, it's okay to
1630      # call escapeHTML().  Strangely enough, the title needs to be escaped as
1631      # HTML while the author needs to be escaped as a URL.
1632      $title = $self->escapeHTML($title || 'Untitled Document');
1633      $author = $self->escape($author);
1634  
1635      if ($DTD_PUBLIC_IDENTIFIER =~ /[^X]HTML (2\.0|3\.2)/i) {
1636      $lang = "" unless defined $lang;
1637      $XHTML = 0;
1638      }
1639      else {
1640      $lang = 'en-US' unless defined $lang;
1641      }
1642  
1643      my $lang_bits = $lang ne '' ? qq( lang="$lang" xml:lang="$lang") : '';
1644      my $meta_bits = qq(<meta http-equiv="Content-Type" content="text/html; charset=$encoding" />) 
1645                      if $XHTML && $encoding && !$declare_xml;
1646  
1647      push(@result,$XHTML ? qq(<html xmlns="http://www.w3.org/1999/xhtml"$lang_bits>\n<head>\n<title>$title</title>)
1648                          : ($lang ? qq(<html lang="$lang">) : "<html>")
1649                        . "<head><title>$title</title>");
1650      if (defined $author) {
1651      push(@result,$XHTML ? "<link rev=\"made\" href=\"mailto:$author\" />"
1652              : "<link rev=\"made\" href=\"mailto:$author\">");
1653      }
1654  
1655      if ($base || $xbase || $target) {
1656      my $href = $xbase || $self->url('-path'=>1);
1657      my $t = $target ? qq/ target="$target"/ : '';
1658      push(@result,$XHTML ? qq(<base href="$href"$t />) : qq(<base href="$href"$t>));
1659      }
1660  
1661      if ($meta && ref($meta) && (ref($meta) eq 'HASH')) {
1662      foreach (keys %$meta) { push(@result,$XHTML ? qq(<meta name="$_" content="$meta->{$_}" />) 
1663              : qq(<meta name="$_" content="$meta->{$_}">)); }
1664      }
1665  
1666      push(@result,ref($head) ? @$head : $head) if $head;
1667  
1668      # handle the infrequently-used -style and -script parameters
1669      push(@result,$self->_style($style))   if defined $style;
1670      push(@result,$self->_script($script)) if defined $script;
1671      push(@result,$meta_bits)              if defined $meta_bits;
1672  
1673      # handle -noscript parameter
1674      push(@result,<<END) if $noscript;
1675  <noscript>
1676  $noscript
1677  </noscript>
1678  END
1679      ;
1680      my($other) = @other ? " @other" : '';
1681      push(@result,"</head>\n<body$other>\n");
1682      return join("\n",@result);
1683  }
1684  END_OF_FUNC
1685  
1686  ### Method: _style
1687  # internal method for generating a CSS style section
1688  ####
1689  '_style' => <<'END_OF_FUNC',
1690  sub _style {
1691      my ($self,$style) = @_;
1692      my (@result);
1693  
1694      my $type = 'text/css';
1695      my $rel  = 'stylesheet';
1696  
1697  
1698      my $cdata_start = $XHTML ? "\n<!--/* <![CDATA[ */" : "\n<!-- ";
1699      my $cdata_end   = $XHTML ? "\n/* ]]> */-->\n" : " -->\n";
1700  
1701      my @s = ref($style) eq 'ARRAY' ? @$style : $style;
1702  
1703      for my $s (@s) {
1704        if (ref($s)) {
1705         my($src,$code,$verbatim,$stype,$alternate,$foo,@other) =
1706             rearrange([qw(SRC CODE VERBATIM TYPE ALTERNATE FOO)],
1707                        ('-foo'=>'bar',
1708                         ref($s) eq 'ARRAY' ? @$s : %$s));
1709         my $type = defined $stype ? $stype : 'text/css';
1710         my $rel  = $alternate ? 'alternate stylesheet' : 'stylesheet';
1711         my $other = @other ? join ' ',@other : '';
1712  
1713         if (ref($src) eq "ARRAY") # Check to see if the $src variable is an array reference
1714         { # If it is, push a LINK tag for each one
1715             foreach $src (@$src)
1716           {
1717             push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>)
1718                               : qq(<link rel="$rel" type="$type" href="$src"$other>)) if $src;
1719           }
1720         }
1721         else
1722         { # Otherwise, push the single -src, if it exists.
1723           push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>)
1724                               : qq(<link rel="$rel" type="$type" href="$src"$other>)
1725                ) if $src;
1726          }
1727       if ($verbatim) {
1728             my @v = ref($verbatim) eq 'ARRAY' ? @$verbatim : $verbatim;
1729             push(@result, "<style type=\"text/css\">\n$_\n</style>") foreach @v;
1730        }
1731        my @c = ref($code) eq 'ARRAY' ? @$code : $code if $code;
1732        push(@result,style({'type'=>$type},"$cdata_start\n$_\n$cdata_end")) foreach @c;
1733  
1734        } else {
1735             my $src = $s;
1736             push(@result,$XHTML ? qq(<link rel="$rel" type="$type" href="$src" $other/>)
1737                                 : qq(<link rel="$rel" type="$type" href="$src"$other>));
1738        }
1739      }
1740      @result;
1741  }
1742  END_OF_FUNC
1743  
1744  '_script' => <<'END_OF_FUNC',
1745  sub _script {
1746      my ($self,$script) = @_;
1747      my (@result);
1748  
1749      my (@scripts) = ref($script) eq 'ARRAY' ? @$script : ($script);
1750      foreach $script (@scripts) {
1751      my($src,$code,$language);
1752      if (ref($script)) { # script is a hash
1753          ($src,$code,$type) =
1754          rearrange(['SRC','CODE',['LANGUAGE','TYPE']],
1755                   '-foo'=>'bar',    # a trick to allow the '-' to be omitted
1756                   ref($script) eq 'ARRAY' ? @$script : %$script);
1757              $type ||= 'text/javascript';
1758              unless ($type =~ m!\w+/\w+!) {
1759                  $type =~ s/[\d.]+$//;
1760                  $type = "text/$type";
1761              }
1762      } else {
1763          ($src,$code,$type) = ('',$script, 'text/javascript');
1764      }
1765  
1766      my $comment = '//';  # javascript by default
1767      $comment = '#' if $type=~/perl|tcl/i;
1768      $comment = "'" if $type=~/vbscript/i;
1769  
1770      my ($cdata_start,$cdata_end);
1771      if ($XHTML) {
1772         $cdata_start    = "$comment<![CDATA[\n";
1773         $cdata_end     .= "\n$comment]]>";
1774      } else {
1775         $cdata_start  =  "\n<!-- Hide script\n";
1776         $cdata_end    = $comment;
1777         $cdata_end   .= " End script hiding -->\n";
1778     }
1779       my(@satts);
1780       push(@satts,'src'=>$src) if $src;
1781       push(@satts,'type'=>$type);
1782       $code = $cdata_start . $code . $cdata_end if defined $code;
1783       push(@result,$self->script({@satts},$code || ''));
1784      }
1785      @result;
1786  }
1787  END_OF_FUNC
1788  
1789  #### Method: end_html
1790  # End an HTML document.
1791  # Trivial method for completeness.  Just returns "</body>"
1792  ####
1793  'end_html' => <<'END_OF_FUNC',
1794  sub end_html {
1795      return "\n</body>\n</html>";
1796  }
1797  END_OF_FUNC
1798  
1799  
1800  ################################
1801  # METHODS USED IN BUILDING FORMS
1802  ################################
1803  
1804  #### Method: isindex
1805  # Just prints out the isindex tag.
1806  # Parameters:
1807  #  $action -> optional URL of script to run
1808  # Returns:
1809  #   A string containing a <isindex> tag
1810  'isindex' => <<'END_OF_FUNC',
1811  sub isindex {
1812      my($self,@p) = self_or_default(@_);
1813      my($action,@other) = rearrange([ACTION],@p);
1814      $action = qq/ action="$action"/ if $action;
1815      my($other) = @other ? " @other" : '';
1816      return $XHTML ? "<isindex$action$other />" : "<isindex$action$other>";
1817  }
1818  END_OF_FUNC
1819  
1820  
1821  #### Method: startform
1822  # Start a form
1823  # Parameters:
1824  #   $method -> optional submission method to use (GET or POST)
1825  #   $action -> optional URL of script to run
1826  #   $enctype ->encoding to use (URL_ENCODED or MULTIPART)
1827  'startform' => <<'END_OF_FUNC',
1828  sub startform {
1829      my($self,@p) = self_or_default(@_);
1830  
1831      my($method,$action,$enctype,@other) = 
1832      rearrange([METHOD,ACTION,ENCTYPE],@p);
1833  
1834      $method  = $self->escapeHTML(lc($method) || 'post');
1835      $enctype = $self->escapeHTML($enctype || &URL_ENCODED);
1836      if (defined $action) {
1837         $action = $self->escapeHTML($action);
1838      }
1839      else {
1840         $action = $self->escapeHTML($self->request_uri || $self->self_url);
1841      }
1842      $action = qq(action="$action");
1843      my($other) = @other ? " @other" : '';
1844      $self->{'.parametersToAdd'}={};
1845      return qq/<form method="$method" $action enctype="$enctype"$other>\n/;
1846  }
1847  END_OF_FUNC
1848  
1849  
1850  #### Method: start_form
1851  # synonym for startform
1852  'start_form' => <<'END_OF_FUNC',
1853  sub start_form {
1854      $XHTML ? &start_multipart_form : &startform;
1855  }
1856  END_OF_FUNC
1857  
1858  'end_multipart_form' => <<'END_OF_FUNC',
1859  sub end_multipart_form {
1860      &endform;
1861  }
1862  END_OF_FUNC
1863  
1864  #### Method: start_multipart_form
1865  # synonym for startform
1866  'start_multipart_form' => <<'END_OF_FUNC',
1867  sub start_multipart_form {
1868      my($self,@p) = self_or_default(@_);
1869      if (defined($p[0]) && substr($p[0],0,1) eq '-') {
1870        return $self->startform(-enctype=>&MULTIPART,@p);
1871      } else {
1872      my($method,$action,@other) = 
1873          rearrange([METHOD,ACTION],@p);
1874      return $self->startform($method,$action,&MULTIPART,@other);
1875      }
1876  }
1877  END_OF_FUNC
1878  
1879  
1880  #### Method: endform
1881  # End a form
1882  'endform' => <<'END_OF_FUNC',
1883  sub endform {
1884      my($self,@p) = self_or_default(@_);
1885      if ( $NOSTICKY ) {
1886      return wantarray ? ("</form>") : "\n</form>";
1887      } else {
1888        if (my @fields = $self->get_fields) {
1889           return wantarray ? ("<div>",@fields,"</div>","</form>")
1890                            : "<div>".(join '',@fields)."</div>\n</form>";
1891        } else {
1892           return "</form>";
1893        }
1894      }
1895  }
1896  END_OF_FUNC
1897  
1898  
1899  '_textfield' => <<'END_OF_FUNC',
1900  sub _textfield {
1901      my($self,$tag,@p) = self_or_default(@_);
1902      my($name,$default,$size,$maxlength,$override,$tabindex,@other) = 
1903      rearrange([NAME,[DEFAULT,VALUE,VALUES],SIZE,MAXLENGTH,[OVERRIDE,FORCE],TABINDEX],@p);
1904  
1905      my $current = $override ? $default : 
1906      (defined($self->param($name)) ? $self->param($name) : $default);
1907  
1908      $current = defined($current) ? $self->escapeHTML($current,1) : '';
1909      $name = defined($name) ? $self->escapeHTML($name) : '';
1910      my($s) = defined($size) ? qq/ size="$size"/ : '';
1911      my($m) = defined($maxlength) ? qq/ maxlength="$maxlength"/ : '';
1912      my($other) = @other ? " @other" : '';
1913      # this entered at cristy's request to fix problems with file upload fields
1914      # and WebTV -- not sure it won't break stuff
1915      my($value) = $current ne '' ? qq(value="$current") : '';
1916      $tabindex = $self->element_tab($tabindex);
1917      return $XHTML ? qq(<input type="$tag" name="$name" $tabindex$value$s$m$other />) 
1918                    : qq(<input type="$tag" name="$name" $value$s$m$other>);
1919  }
1920  END_OF_FUNC
1921  
1922  #### Method: textfield
1923  # Parameters:
1924  #   $name -> Name of the text field
1925  #   $default -> Optional default value of the field if not
1926  #                already defined.
1927  #   $size ->  Optional width of field in characaters.
1928  #   $maxlength -> Optional maximum number of characters.
1929  # Returns:
1930  #   A string containing a <input type="text"> field
1931  #
1932  'textfield' => <<'END_OF_FUNC',
1933  sub textfield {
1934      my($self,@p) = self_or_default(@_);
1935      $self->_textfield('text',@p);
1936  }
1937  END_OF_FUNC
1938  
1939  
1940  #### Method: filefield
1941  # Parameters:
1942  #   $name -> Name of the file upload field
1943  #   $size ->  Optional width of field in characaters.
1944  #   $maxlength -> Optional maximum number of characters.
1945  # Returns:
1946  #   A string containing a <input type="file"> field
1947  #
1948  'filefield' => <<'END_OF_FUNC',
1949  sub filefield {
1950      my($self,@p) = self_or_default(@_);
1951      $self->_textfield('file',@p);
1952  }
1953  END_OF_FUNC
1954  
1955  
1956  #### Method: password
1957  # Create a "secret password" entry field
1958  # Parameters:
1959  #   $name -> Name of the field
1960  #   $default -> Optional default value of the field if not
1961  #                already defined.
1962  #   $size ->  Optional width of field in characters.
1963  #   $maxlength -> Optional maximum characters that can be entered.
1964  # Returns:
1965  #   A string containing a <input type="password"> field
1966  #
1967  'password_field' => <<'END_OF_FUNC',
1968  sub password_field {
1969      my ($self,@p) = self_or_default(@_);
1970      $self->_textfield('password',@p);
1971  }
1972  END_OF_FUNC
1973  
1974  #### Method: textarea
1975  # Parameters:
1976  #   $name -> Name of the text field
1977  #   $default -> Optional default value of the field if not
1978  #                already defined.
1979  #   $rows ->  Optional number of rows in text area
1980  #   $columns -> Optional number of columns in text area
1981  # Returns:
1982  #   A string containing a <textarea></textarea> tag
1983  #
1984  'textarea' => <<'END_OF_FUNC',
1985  sub textarea {
1986      my($self,@p) = self_or_default(@_);
1987      my($name,$default,$rows,$cols,$override,$tabindex,@other) =
1988      rearrange([NAME,[DEFAULT,VALUE],ROWS,[COLS,COLUMNS],[OVERRIDE,FORCE],TABINDEX],@p);
1989  
1990      my($current)= $override ? $default :
1991      (defined($self->param($name)) ? $self->param($name) : $default);
1992  
1993      $name = defined($name) ? $self->escapeHTML($name) : '';
1994      $current = defined($current) ? $self->escapeHTML($current) : '';
1995      my($r) = $rows ? qq/ rows="$rows"/ : '';
1996      my($c) = $cols ? qq/ cols="$cols"/ : '';
1997      my($other) = @other ? " @other" : '';
1998      $tabindex = $self->element_tab($tabindex);
1999      return qq{<textarea name="$name" $tabindex$r$c$other>$current</textarea>};
2000  }
2001  END_OF_FUNC
2002  
2003  
2004  #### Method: button
2005  # Create a javascript button.
2006  # Parameters:
2007  #   $name ->  (optional) Name for the button. (-name)
2008  #   $value -> (optional) Value of the button when selected (and visible name) (-value)
2009  #   $onclick -> (optional) Text of the JavaScript to run when the button is
2010  #                clicked.
2011  # Returns:
2012  #   A string containing a <input type="button"> tag
2013  ####
2014  'button' => <<'END_OF_FUNC',
2015  sub button {
2016      my($self,@p) = self_or_default(@_);
2017  
2018      my($label,$value,$script,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL],
2019                                      [ONCLICK,SCRIPT],TABINDEX],@p);
2020  
2021      $label=$self->escapeHTML($label);
2022      $value=$self->escapeHTML($value,1);
2023      $script=$self->escapeHTML($script);
2024  
2025      my($name) = '';
2026      $name = qq/ name="$label"/ if $label;
2027      $value = $value || $label;
2028      my($val) = '';
2029      $val = qq/ value="$value"/ if $value;
2030      $script = qq/ onclick="$script"/ if $script;
2031      my($other) = @other ? " @other" : '';
2032      $tabindex = $self->element_tab($tabindex);
2033      return $XHTML ? qq(<input type="button" $tabindex$name$val$script$other />)
2034                    : qq(<input type="button"$name$val$script$other>);
2035  }
2036  END_OF_FUNC
2037  
2038  
2039  #### Method: submit
2040  # Create a "submit query" button.
2041  # Parameters:
2042  #   $name ->  (optional) Name for the button.
2043  #   $value -> (optional) Value of the button when selected (also doubles as label).
2044  #   $label -> (optional) Label printed on the button(also doubles as the value).
2045  # Returns:
2046  #   A string containing a <input type="submit"> tag
2047  ####
2048  'submit' => <<'END_OF_FUNC',
2049  sub submit {
2050      my($self,@p) = self_or_default(@_);
2051  
2052      my($label,$value,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL],TABINDEX],@p);
2053  
2054      $label=$self->escapeHTML($label);
2055      $value=$self->escapeHTML($value,1);
2056  
2057      my $name = $NOSTICKY ? '' : 'name=".submit" ';
2058      $name = qq/name="$label" / if defined($label);
2059      $value = defined($value) ? $value : $label;
2060      my $val = '';
2061      $val = qq/value="$value" / if defined($value);
2062      $tabindex = $self->element_tab($tabindex);
2063      my($other) = @other ? "@other " : '';
2064      return $XHTML ? qq(<input type="submit" $tabindex$name$val$other/>)
2065                    : qq(<input type="submit" $name$val$other>);
2066  }
2067  END_OF_FUNC
2068  
2069  
2070  #### Method: reset
2071  # Create a "reset" button.
2072  # Parameters:
2073  #   $name -> (optional) Name for the button.
2074  # Returns:
2075  #   A string containing a <input type="reset"> tag
2076  ####
2077  'reset' => <<'END_OF_FUNC',
2078  sub reset {
2079      my($self,@p) = self_or_default(@_);
2080      my($label,$value,$tabindex,@other) = rearrange(['NAME',['VALUE','LABEL'],TABINDEX],@p);
2081      $label=$self->escapeHTML($label);
2082      $value=$self->escapeHTML($value,1);
2083      my ($name) = ' name=".reset"';
2084      $name = qq/ name="$label"/ if defined($label);
2085      $value = defined($value) ? $value : $label;
2086      my($val) = '';
2087      $val = qq/ value="$value"/ if defined($value);
2088      my($other) = @other ? " @other" : '';
2089      $tabindex = $self->element_tab($tabindex);
2090      return $XHTML ? qq(<input type="reset" $tabindex$name$val$other />)
2091                    : qq(<input type="reset"$name$val$other>);
2092  }
2093  END_OF_FUNC
2094  
2095  
2096  #### Method: defaults
2097  # Create a "defaults" button.
2098  # Parameters:
2099  #   $name -> (optional) Name for the button.
2100  # Returns:
2101  #   A string containing a <input type="submit" name=".defaults"> tag
2102  #
2103  # Note: this button has a special meaning to the initialization script,
2104  # and tells it to ERASE the current query string so that your defaults
2105  # are used again!
2106  ####
2107  'defaults' => <<'END_OF_FUNC',
2108  sub defaults {
2109      my($self,@p) = self_or_default(@_);
2110  
2111      my($label,$tabindex,@other) = rearrange([[NAME,VALUE],TABINDEX],@p);
2112  
2113      $label=$self->escapeHTML($label,1);
2114      $label = $label || "Defaults";
2115      my($value) = qq/ value="$label"/;
2116      my($other) = @other ? " @other" : '';
2117      $tabindex = $self->element_tab($tabindex);
2118      return $XHTML ? qq(<input type="submit" name=".defaults" $tabindex$value$other />)
2119                    : qq/<input type="submit" NAME=".defaults"$value$other>/;
2120  }
2121  END_OF_FUNC
2122  
2123  
2124  #### Method: comment
2125  # Create an HTML <!-- comment -->
2126  # Parameters: a string
2127  'comment' => <<'END_OF_FUNC',
2128  sub comment {
2129      my($self,@p) = self_or_CGI(@_);
2130      return "<!-- @p -->";
2131  }
2132  END_OF_FUNC
2133  
2134  #### Method: checkbox
2135  # Create a checkbox that is not logically linked to any others.
2136  # The field value is "on" when the button is checked.
2137  # Parameters:
2138  #   $name -> Name of the checkbox
2139  #   $checked -> (optional) turned on by default if true
2140  #   $value -> (optional) value of the checkbox, 'on' by default
2141  #   $label -> (optional) a user-readable label printed next to the box.
2142  #             Otherwise the checkbox name is used.
2143  # Returns:
2144  #   A string containing a <input type="checkbox"> field
2145  ####
2146  'checkbox' => <<'END_OF_FUNC',
2147  sub checkbox {
2148      my($self,@p) = self_or_default(@_);
2149  
2150      my($name,$checked,$value,$label,$override,$tabindex,@other) = 
2151      rearrange([NAME,[CHECKED,SELECTED,ON],VALUE,LABEL,[OVERRIDE,FORCE],TABINDEX],@p);
2152  
2153      $value = defined $value ? $value : 'on';
2154  
2155      if (!$override && ($self->{'.fieldnames'}->{$name} || 
2156                 defined $self->param($name))) {
2157      $checked = grep($_ eq $value,$self->param($name)) ? $self->_checked(1) : '';
2158      } else {
2159      $checked = $self->_checked($checked);
2160      }
2161      my($the_label) = defined $label ? $label : $name;
2162      $name = $self->escapeHTML($name);
2163      $value = $self->escapeHTML($value,1);
2164      $the_label = $self->escapeHTML($the_label);
2165      my($other) = @other ? "@other " : '';
2166      $tabindex = $self->element_tab($tabindex);
2167      $self->register_parameter($name);
2168      return $XHTML ? CGI::label(qq{<input type="checkbox" name="$name" value="$value" $tabindex$checked$other/>$the_label})
2169                    : qq{<input type="checkbox" name="$name" value="$value"$checked$other>$the_label};
2170  }
2171  END_OF_FUNC
2172  
2173  
2174  
2175  # Escape HTML -- used internally
2176  'escapeHTML' => <<'END_OF_FUNC',
2177  sub escapeHTML {
2178           # hack to work around  earlier hacks
2179           push @_,$_[0] if @_==1 && $_[0] eq 'CGI';
2180           my ($self,$toencode,$newlinestoo) = CGI::self_or_default(@_);
2181           return undef unless defined($toencode);
2182           return $toencode if ref($self) && !$self->{'escape'};
2183           $toencode =~ s{&}{&amp;}gso;
2184           $toencode =~ s{<}{&lt;}gso;
2185           $toencode =~ s{>}{&gt;}gso;
2186       if ($DTD_PUBLIC_IDENTIFIER =~ /[^X]HTML 3\.2/i) {
2187           # $quot; was accidentally omitted from the HTML 3.2 DTD -- see
2188           # <http://validator.w3.org/docs/errors.html#bad-entity> /
2189           # <http://lists.w3.org/Archives/Public/www-html/1997Mar/0003.html>.
2190           $toencode =~ s{"}{&#34;}gso;
2191           }
2192           else {
2193           $toencode =~ s{"}{&quot;}gso;
2194           }
2195           my $latin = uc $self->{'.charset'} eq 'ISO-8859-1' ||
2196                       uc $self->{'.charset'} eq 'WINDOWS-1252';
2197           if ($latin) {  # bug in some browsers
2198                  $toencode =~ s{'}{&#39;}gso;
2199                  $toencode =~ s{\x8b}{&#8249;}gso;
2200                  $toencode =~ s{\x9b}{&#8250;}gso;
2201                  if (defined $newlinestoo && $newlinestoo) {
2202                       $toencode =~ s{\012}{&#10;}gso;
2203                       $toencode =~ s{\015}{&#13;}gso;
2204                  }
2205           }
2206           return $toencode;
2207  }
2208  END_OF_FUNC
2209  
2210  # unescape HTML -- used internally
2211  'unescapeHTML' => <<'END_OF_FUNC',
2212  sub unescapeHTML {
2213      # hack to work around  earlier hacks
2214      push @_,$_[0] if @_==1 && $_[0] eq 'CGI';
2215      my ($self,$string) = CGI::self_or_default(@_);
2216      return undef unless defined($string);
2217      my $latin = defined $self->{'.charset'} ? $self->{'.charset'} =~ /^(ISO-8859-1|WINDOWS-1252)$/i
2218                                              : 1;
2219      # thanks to Randal Schwartz for the correct solution to this one
2220      $string=~ s[&(.*?);]{
2221      local $_ = $1;
2222      /^amp$/i    ? "&" :
2223      /^quot$/i    ? '"' :
2224          /^gt$/i        ? ">" :
2225      /^lt$/i        ? "<" :
2226      /^#(\d+)$/ && $latin         ? chr($1) :
2227      /^#x([0-9a-f]+)$/i && $latin ? chr(hex($1)) :
2228      $_
2229      }gex;
2230      return $string;
2231  }
2232  END_OF_FUNC
2233  
2234  # Internal procedure - don't use
2235  '_tableize' => <<'END_OF_FUNC',
2236  sub _tableize {
2237      my($rows,$columns,$rowheaders,$colheaders,@elements) = @_;
2238      my @rowheaders = $rowheaders ? @$rowheaders : ();
2239      my @colheaders = $colheaders ? @$colheaders : ();
2240      my($result);
2241  
2242      if (defined($columns)) {
2243      $rows = int(0.99 + @elements/$columns) unless defined($rows);
2244      }
2245      if (defined($rows)) {
2246      $columns = int(0.99 + @elements/$rows) unless defined($columns);
2247      }
2248  
2249      # rearrange into a pretty table
2250      $result = "<table>";
2251      my($row,$column);
2252      unshift(@colheaders,'') if @colheaders && @rowheaders;
2253      $result .= "<tr>" if @colheaders;
2254      foreach (@colheaders) {
2255      $result .= "<th>$_</th>";
2256      }
2257      for ($row=0;$row<$rows;$row++) {
2258      $result .= "<tr>";
2259      $result .= "<th>$rowheaders[$row]</th>" if @rowheaders;
2260      for ($column=0;$column<$columns;$column++) {
2261          $result .= "<td>" . $elements[$column*$rows + $row] . "</td>"
2262          if defined($elements[$column*$rows + $row]);
2263      }
2264      $result .= "</tr>";
2265      }
2266      $result .= "</table>";
2267      return $result;
2268  }
2269  END_OF_FUNC
2270  
2271  
2272  #### Method: radio_group
2273  # Create a list of logically-linked radio buttons.
2274  # Parameters:
2275  #   $name -> Common name for all the buttons.
2276  #   $values -> A pointer to a regular array containing the
2277  #             values for each button in the group.
2278  #   $default -> (optional) Value of the button to turn on by default.  Pass '-'
2279  #               to turn _nothing_ on.
2280  #   $linebreak -> (optional) Set to true to place linebreaks
2281  #             between the buttons.
2282  #   $labels -> (optional)
2283  #             A pointer to an associative array of labels to print next to each checkbox
2284  #             in the form $label{'value'}="Long explanatory label".
2285  #             Otherwise the provided values are used as the labels.
2286  # Returns:
2287  #   An ARRAY containing a series of <input type="radio"> fields
2288  ####
2289  'radio_group' => <<'END_OF_FUNC',
2290  sub radio_group {
2291      my($self,@p) = self_or_default(@_);
2292     $self->_box_group('radio',@p);
2293  }
2294  END_OF_FUNC
2295  
2296  #### Method: checkbox_group
2297  # Create a list of logically-linked checkboxes.
2298  # Parameters:
2299  #   $name -> Common name for all the check boxes
2300  #   $values -> A pointer to a regular array containing the
2301  #             values for each checkbox in the group.
2302  #   $defaults -> (optional)
2303  #             1. If a pointer to a regular array of checkbox values,
2304  #             then this will be used to decide which
2305  #             checkboxes to turn on by default.
2306  #             2. If a scalar, will be assumed to hold the
2307  #             value of a single checkbox in the group to turn on. 
2308  #   $linebreak -> (optional) Set to true to place linebreaks
2309  #             between the buttons.
2310  #   $labels -> (optional)
2311  #             A pointer to an associative array of labels to print next to each checkbox
2312  #             in the form $label{'value'}="Long explanatory label".
2313  #             Otherwise the provided values are used as the labels.
2314  # Returns:
2315  #   An ARRAY containing a series of <input type="checkbox"> fields
2316  ####
2317  
2318  'checkbox_group' => <<'END_OF_FUNC',
2319  sub checkbox_group {
2320      my($self,@p) = self_or_default(@_);
2321     $self->_box_group('checkbox',@p);
2322  }
2323  END_OF_FUNC
2324  
2325  '_box_group' => <<'END_OF_FUNC',
2326  sub _box_group {
2327      my $self     = shift;
2328      my $box_type = shift;
2329  
2330      my($name,$values,$defaults,$linebreak,$labels,$attributes,
2331         $rows,$columns,$rowheaders,$colheaders,
2332         $override,$nolabels,$tabindex,$disabled,@other) =
2333         rearrange([      NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LINEBREAK,LABELS,ATTRIBUTES,
2334                  ROWS,[COLUMNS,COLS],[ROWHEADERS,ROWHEADER],[COLHEADERS,COLHEADER],
2335              [OVERRIDE,FORCE],NOLABELS,TABINDEX,DISABLED
2336                   ],@_);
2337  
2338      my($result,$checked,@elements,@values);
2339  
2340      @values = $self->_set_values_and_labels($values,\$labels,$name);
2341      my %checked = $self->previous_or_default($name,$defaults,$override);
2342  
2343      # If no check array is specified, check the first by default
2344      $checked{$values[0]}++ if $box_type eq 'radio' && !%checked;
2345  
2346      $name=$self->escapeHTML($name);
2347  
2348      my %tabs = ();
2349      if ($TABINDEX && $tabindex) {
2350        if (!ref $tabindex) {
2351            $self->element_tab($tabindex);
2352        } elsif (ref $tabindex eq 'ARRAY') {
2353            %tabs = map {$_=>$self->element_tab} @$tabindex;
2354        } elsif (ref $tabindex eq 'HASH') {
2355            %tabs = %$tabindex;
2356        }
2357      }
2358      %tabs = map {$_=>$self->element_tab} @values unless %tabs;
2359      my $other = @other ? "@other " : '';
2360      my $radio_checked;
2361  
2362      # for disabling groups of radio/checkbox buttons
2363      my %disabled;
2364      foreach (@{$disabled}) {
2365         $disabled{$_}=1;
2366      }
2367  
2368      foreach (@values) {
2369           my $disable="";
2370       if ($disabled{$_}) {
2371          $disable="disabled='1'";
2372       }
2373  
2374          my $checkit = $self->_checked($box_type eq 'radio' ? ($checked{$_} && !$radio_checked++)
2375                                                             : $checked{$_});
2376      my($break);
2377      if ($linebreak) {
2378            $break = $XHTML ? "<br />" : "<br>";
2379      }
2380      else {
2381        $break = '';
2382      }
2383      my($label)='';
2384      unless (defined($nolabels) && $nolabels) {
2385          $label = $_;
2386          $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
2387          $label = $self->escapeHTML($label,1);
2388              $label = "<span style=\"color:gray\">$label</span>" if $disabled{$_};
2389      }
2390          my $attribs = $self->_set_attributes($_, $attributes);
2391          my $tab     = $tabs{$_};
2392      $_=$self->escapeHTML($_);
2393  
2394          if ($XHTML) {
2395             push @elements,
2396                CGI::label(
2397                     qq(<input type="$box_type" name="$name" value="$_" $checkit$other$tab$attribs$disable/>$label)).$break};
2398          } else {
2399              push(@elements,qq/<input type="$box_type" name="$name" value="$_"$checkit$other$tab$attribs$disable>$label}$break}/);
2400          }
2401      }
2402      $self->register_parameter($name);
2403      return wantarray ? @elements : "@elements"
2404             unless defined($columns) || defined($rows);
2405      return _tableize($rows,$columns,$rowheaders,$colheaders,@elements);
2406  }
2407  END_OF_FUNC
2408  
2409  
2410  #### Method: popup_menu
2411  # Create a popup menu.
2412  # Parameters:
2413  #   $name -> Name for all the menu
2414  #   $values -> A pointer to a regular array containing the
2415  #             text of each menu item.
2416  #   $default -> (optional) Default item to display
2417  #   $labels -> (optional)
2418  #             A pointer to an associative array of labels to print next to each checkbox
2419  #             in the form $label{'value'}="Long explanatory label".
2420  #             Otherwise the provided values are used as the labels.
2421  # Returns:
2422  #   A string containing the definition of a popup menu.
2423  ####
2424  'popup_menu' => <<'END_OF_FUNC',
2425  sub popup_menu {
2426      my($self,@p) = self_or_default(@_);
2427  
2428      my($name,$values,$default,$labels,$attributes,$override,$tabindex,@other) =
2429         rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LABELS,
2430         ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p);
2431      my($result,$selected);
2432  
2433      if (!$override && defined($self->param($name))) {
2434      $selected = $self->param($name);
2435      } else {
2436      $selected = $default;
2437      }
2438      $name=$self->escapeHTML($name);
2439      my($other) = @other ? " @other" : '';
2440  
2441      my(@values);
2442      @values = $self->_set_values_and_labels($values,\$labels,$name);
2443      $tabindex = $self->element_tab($tabindex);
2444      $result = qq/<select name="$name" $tabindex$other>\n/;
2445      foreach (@values) {
2446          if (/<optgroup/) {
2447              foreach (split(/\n/)) {
2448                  my $selectit = $XHTML ? 'selected="selected"' : 'selected';
2449                  s/(value="$selected")/$selectit $1/ if defined $selected;
2450                  $result .= "$_\n";
2451              }
2452          }
2453          else {
2454            my $attribs = $self->_set_attributes($_, $attributes);
2455        my($selectit) = defined($selected) ? $self->_selected($selected eq $_) : '';
2456        my($label) = $_;
2457        $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
2458        my($value) = $self->escapeHTML($_);
2459        $label=$self->escapeHTML($label,1);
2460            $result .= "<option$attribs} $selectit}value=\"$value\">$label</option>\n";
2461          }
2462      }
2463  
2464      $result .= "</select>";
2465      return $result;
2466  }
2467  END_OF_FUNC
2468  
2469  
2470  #### Method: optgroup
2471  # Create a optgroup.
2472  # Parameters:
2473  #   $name -> Label for the group
2474  #   $values -> A pointer to a regular array containing the
2475  #              values for each option line in the group.
2476  #   $labels -> (optional)
2477  #              A pointer to an associative array of labels to print next to each item
2478  #              in the form $label{'value'}="Long explanatory label".
2479  #              Otherwise the provided values are used as the labels.
2480  #   $labeled -> (optional)
2481  #               A true value indicates the value should be used as the label attribute
2482  #               in the option elements.
2483  #               The label attribute specifies the option label presented to the user.
2484  #               This defaults to the content of the <option> element, but the label
2485  #               attribute allows authors to more easily use optgroup without sacrificing
2486  #               compatibility with browsers that do not support option groups.
2487  #   $novals -> (optional)
2488  #              A true value indicates to suppress the val attribute in the option elements
2489  # Returns:
2490  #   A string containing the definition of an option group.
2491  ####
2492  'optgroup' => <<'END_OF_FUNC',
2493  sub optgroup {
2494      my($self,@p) = self_or_default(@_);
2495      my($name,$values,$attributes,$labeled,$noval,$labels,@other)
2496          = rearrange([NAME,[VALUES,VALUE],ATTRIBUTES,LABELED,NOVALS,LABELS],@p);
2497  
2498      my($result,@values);
2499      @values = $self->_set_values_and_labels($values,\$labels,$name,$labeled,$novals);
2500      my($other) = @other ? " @other" : '';
2501  
2502      $name=$self->escapeHTML($name);
2503      $result = qq/<optgroup label="$name"$other>\n/;
2504      foreach (@values) {
2505          if (/<optgroup/) {
2506              foreach (split(/\n/)) {
2507                  my $selectit = $XHTML ? 'selected="selected"' : 'selected';
2508                  s/(value="$selected")/$selectit $1/ if defined $selected;
2509                  $result .= "$_\n";
2510              }
2511          }
2512          else {
2513              my $attribs = $self->_set_attributes($_, $attributes);
2514              my($label) = $_;
2515              $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
2516              $label=$self->escapeHTML($label);
2517              my($value)=$self->escapeHTML($_,1);
2518              $result .= $labeled ? $novals ? "<option$attribs label=\"$value\">$label</option>\n"
2519                                            : "<option$attribs label=\"$value\" value=\"$value\">$label</option>\n"
2520                                  : $novals ? "<option$attribs>$label</option>\n"
2521                                            : "<option$attribs value=\"$value\">$label</option>\n";
2522          }
2523      }
2524      $result .= "</optgroup>";
2525      return $result;
2526  }
2527  END_OF_FUNC
2528  
2529  
2530  #### Method: scrolling_list
2531  # Create a scrolling list.
2532  # Parameters:
2533  #   $name -> name for the list
2534  #   $values -> A pointer to a regular array containing the
2535  #             values for each option line in the list.
2536  #   $defaults -> (optional)
2537  #             1. If a pointer to a regular array of options,
2538  #             then this will be used to decide which
2539  #             lines to turn on by default.
2540  #             2. Otherwise holds the value of the single line to turn on.
2541  #   $size -> (optional) Size of the list.
2542  #   $multiple -> (optional) If set, allow multiple selections.
2543  #   $labels -> (optional)
2544  #             A pointer to an associative array of labels to print next to each checkbox
2545  #             in the form $label{'value'}="Long explanatory label".
2546  #             Otherwise the provided values are used as the labels.
2547  # Returns:
2548  #   A string containing the definition of a scrolling list.
2549  ####
2550  'scrolling_list' => <<'END_OF_FUNC',
2551  sub scrolling_list {
2552      my($self,@p) = self_or_default(@_);
2553      my($name,$values,$defaults,$size,$multiple,$labels,$attributes,$override,$tabindex,@other)
2554      = rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT],
2555            SIZE,MULTIPLE,LABELS,ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p);
2556  
2557      my($result,@values);
2558      @values = $self->_set_values_and_labels($values,\$labels,$name);
2559  
2560      $size = $size || scalar(@values);
2561  
2562      my(%selected) = $self->previous_or_default($name,$defaults,$override);
2563      my($is_multiple) = $multiple ? qq/ multiple="multiple"/ : '';
2564      my($has_size) = $size ? qq/ size="$size"/: '';
2565      my($other) = @other ? " @other" : '';
2566  
2567      $name=$self->escapeHTML($name);
2568      $tabindex = $self->element_tab($tabindex);
2569      $result = qq/<select name="$name" $tabindex$has_size$is_multiple$other>\n/;
2570      foreach (@values) {
2571      my($selectit) = $self->_selected($selected{$_});
2572      my($label) = $_;
2573      $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
2574      $label=$self->escapeHTML($label);
2575      my($value)=$self->escapeHTML($_,1);
2576          my $attribs = $self->_set_attributes($_, $attributes);
2577          $result .= "<option $selectit}$attribs}value=\"$value\">$label</option>\n";
2578      }
2579      $result .= "</select>";
2580      $self->register_parameter($name);
2581      return $result;
2582  }
2583  END_OF_FUNC
2584  
2585  
2586  #### Method: hidden
2587  # Parameters:
2588  #   $name -> Name of the hidden field
2589  #   @default -> (optional) Initial values of field (may be an array)
2590  #      or
2591  #   $default->[initial values of field]
2592  # Returns:
2593  #   A string containing a <input type="hidden" name="name" value="value">
2594  ####
2595  'hidden' => <<'END_OF_FUNC',
2596  sub hidden {
2597      my($self,@p) = self_or_default(@_);
2598  
2599      # this is the one place where we departed from our standard
2600      # calling scheme, so we have to special-case (darn)
2601      my(@result,@value);
2602      my($name,$default,$override,@other) = 
2603      rearrange([NAME,[DEFAULT,VALUE,VALUES],[OVERRIDE,FORCE]],@p);
2604  
2605      my $do_override = 0;
2606      if ( ref($p[0]) || substr($p[0],0,1) eq '-') {
2607      @value = ref($default) ? @{$default} : $default;
2608      $do_override = $override;
2609      } else {
2610      foreach ($default,$override,@other) {
2611          push(@value,$_) if defined($_);
2612      }
2613      }
2614  
2615      # use previous values if override is not set
2616      my @prev = $self->param($name);
2617      @value = @prev if !$do_override && @prev;
2618  
2619      $name=$self->escapeHTML($name);
2620      foreach (@value) {
2621      $_ = defined($_) ? $self->escapeHTML($_,1) : '';
2622      push @result,$XHTML ? qq(<input type="hidden" name="$name" value="$_" @other />)
2623                              : qq(<input type="hidden" name="$name" value="$_" @other>);
2624      }
2625      return wantarray ? @result : join('',@result);
2626  }
2627  END_OF_FUNC
2628  
2629  
2630  #### Method: image_button
2631  # Parameters:
2632  #   $name -> Name of the button
2633  #   $src ->  URL of the image source
2634  #   $align -> Alignment style (TOP, BOTTOM or MIDDLE)
2635  # Returns:
2636  #   A string containing a <input type="image" name="name" src="url" align="alignment">
2637  ####
2638  'image_button' => <<'END_OF_FUNC',
2639  sub image_button {
2640      my($self,@p) = self_or_default(@_);
2641  
2642      my($name,$src,$alignment,@other) =
2643      rearrange([NAME,SRC,ALIGN],@p);
2644  
2645      my($align) = $alignment ? " align=\L\"$alignment\"" : '';
2646      my($other) = @other ? " @other" : '';
2647      $name=$self->escapeHTML($name);
2648      return $XHTML ? qq(<input type="image" name="$name" src="$src"$align$other />)
2649                    : qq/<input type="image" name="$name" src="$src"$align$other>/;
2650  }
2651  END_OF_FUNC
2652  
2653  
2654  #### Method: self_url
2655  # Returns a URL containing the current script and all its
2656  # param/value pairs arranged as a query.  You can use this
2657  # to create a link that, when selected, will reinvoke the
2658  # script with all its state information preserved.
2659  ####
2660  'self_url' => <<'END_OF_FUNC',
2661  sub self_url {
2662      my($self,@p) = self_or_default(@_);
2663      return $self->url('-path_info'=>1,'-query'=>1,'-full'=>1,@p);
2664  }
2665  END_OF_FUNC
2666  
2667  
2668  # This is provided as a synonym to self_url() for people unfortunate
2669  # enough to have incorporated it into their programs already!
2670  'state' => <<'END_OF_FUNC',
2671  sub state {
2672      &self_url;
2673  }
2674  END_OF_FUNC
2675  
2676  
2677  #### Method: url
2678  # Like self_url, but doesn't return the query string part of
2679  # the URL.
2680  ####
2681  'url' => <<'END_OF_FUNC',
2682  sub url {
2683      my($self,@p) = self_or_default(@_);
2684      my ($relative,$absolute,$full,$path_info,$query,$base,$rewrite) = 
2685      rearrange(['RELATIVE','ABSOLUTE','FULL',['PATH','PATH_INFO'],['QUERY','QUERY_STRING'],'BASE','REWRITE'],@p);
2686      my $url  = '';
2687      $full++      if $base || !($relative || $absolute);
2688      $rewrite++   unless defined $rewrite;
2689  
2690      my $path        =  $self->path_info;
2691      my $script_name =  $self->script_name;
2692      my $request_uri =  unescape($self->request_uri) || '';
2693      my $query_str   =  $self->query_string;
2694  
2695      my $rewrite_in_use = $request_uri && $request_uri !~ /^$script_name/;
2696      undef $path if $rewrite_in_use && $rewrite;  # path not valid when rewriting active
2697  
2698      my $uri         =  $rewrite && $request_uri ? $request_uri : $script_name;
2699      $uri            =~ s/\?.*$//;                                 # remove query string
2700      $uri            =~ s/\Q$path\E$//      if defined $path;      # remove path
2701  
2702      if ($full) {
2703      my $protocol = $self->protocol();
2704      $url = "$protocol://";
2705      my $vh = http('x_forwarded_host') || http('host') || '';
2706          $vh =~ s/\:\d+$//;  # some clients add the port number (incorrectly). Get rid of it.
2707      if ($vh) {
2708          $url .= $vh;
2709      } else {
2710          $url .= server_name();
2711      }
2712          my $port = $self->server_port;
2713      $url .= ":" . $port
2714        unless (lc($protocol) eq 'http'  && $port == 80)
2715          || (lc($protocol) eq 'https' && $port == 443);
2716          return $url if $base;
2717      $url .= $uri;
2718      } elsif ($relative) {
2719      ($url) = $uri =~ m!([^/]+)$!;
2720      } elsif ($absolute) {
2721      $url = $uri;
2722      }
2723  
2724      $url .= $path         if $path_info and defined $path;
2725      $url .= "?$query_str" if $query     and $query_str ne '';
2726      $url =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/sprintf("%%%02X",ord($1))/eg;
2727      return $url;
2728  }
2729  
2730  END_OF_FUNC
2731  
2732  #### Method: cookie
2733  # Set or read a cookie from the specified name.
2734  # Cookie can then be passed to header().
2735  # Usual rules apply to the stickiness of -value.
2736  #  Parameters:
2737  #   -name -> name for this cookie (optional)
2738  #   -value -> value of this cookie (scalar, array or hash) 
2739  #   -path -> paths for which this cookie is valid (optional)
2740  #   -domain -> internet domain in which this cookie is valid (optional)
2741  #   -secure -> if true, cookie only passed through secure channel (optional)
2742  #   -expires -> expiry date in format Wdy, DD-Mon-YYYY HH:MM:SS GMT (optional)
2743  ####
2744  'cookie' => <<'END_OF_FUNC',
2745  sub cookie {
2746      my($self,@p) = self_or_default(@_);
2747      my($name,$value,$path,$domain,$secure,$expires,$httponly) =
2748      rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES,HTTPONLY],@p);
2749  
2750      require CGI::Cookie;
2751  
2752      # if no value is supplied, then we retrieve the
2753      # value of the cookie, if any.  For efficiency, we cache the parsed
2754      # cookies in our state variables.
2755      unless ( defined($value) ) {
2756      $self->{'.cookies'} = CGI::Cookie->fetch
2757          unless $self->{'.cookies'};
2758  
2759      # If no name is supplied, then retrieve the names of all our cookies.
2760      return () unless $self->{'.cookies'};
2761      return keys %{$self->{'.cookies'}} unless $name;
2762      return () unless $self->{'.cookies'}->{$name};
2763      return $self->{'.cookies'}->{$name}->value if defined($name) && $name ne '';
2764      }
2765  
2766      # If we get here, we're creating a new cookie
2767      return undef unless defined($name) && $name ne '';    # this is an error
2768  
2769      my @param;
2770      push(@param,'-name'=>$name);
2771      push(@param,'-value'=>$value);
2772      push(@param,'-domain'=>$domain) if $domain;
2773      push(@param,'-path'=>$path) if $path;
2774      push(@param,'-expires'=>$expires) if $expires;
2775      push(@param,'-secure'=>$secure) if $secure;
2776      push(@param,'-httponly'=>$httponly) if $httponly;
2777  
2778      return new CGI::Cookie(@param);
2779  }
2780  END_OF_FUNC
2781  
2782  'parse_keywordlist' => <<'END_OF_FUNC',
2783  sub parse_keywordlist {
2784      my($self,$tosplit) = @_;
2785      $tosplit = unescape($tosplit); # unescape the keywords
2786      $tosplit=~tr/+/ /;          # pluses to spaces
2787      my(@keywords) = split(/\s+/,$tosplit);
2788      return @keywords;
2789  }
2790  END_OF_FUNC
2791  
2792  'param_fetch' => <<'END_OF_FUNC',
2793  sub param_fetch {
2794      my($self,@p) = self_or_default(@_);
2795      my($name) = rearrange([NAME],@p);
2796      unless (exists($self->{$name})) {
2797      $self->add_parameter($name);
2798      $self->{$name} = [];
2799      }
2800      
2801      return $self->{$name};
2802  }
2803  END_OF_FUNC
2804  
2805  ###############################################
2806  # OTHER INFORMATION PROVIDED BY THE ENVIRONMENT
2807  ###############################################
2808  
2809  #### Method: path_info
2810  # Return the extra virtual path information provided
2811  # after the URL (if any)
2812  ####
2813  'path_info' => <<'END_OF_FUNC',
2814  sub path_info {
2815      my ($self,$info) = self_or_default(@_);
2816      if (defined($info)) {
2817      $info = "/$info" if $info ne '' &&  substr($info,0,1) ne '/';
2818      $self->{'.path_info'} = $info;
2819      } elsif (! defined($self->{'.path_info'}) ) {
2820          my (undef,$path_info) = $self->_name_and_path_from_env;
2821      $self->{'.path_info'} = $path_info || '';
2822      }
2823      return $self->{'.path_info'};
2824  }
2825  END_OF_FUNC
2826  
2827  # WE USE THIS TO COMPENSATE FOR A BUG IN APACHE 2 PRESENT AT LEAST UP THROUGH 2.0.54
2828  '_name_and_path_from_env' => <<'END_OF_FUNC',
2829  sub _name_and_path_from_env {
2830     my $self = shift;
2831     my $raw_script_name = $ENV{SCRIPT_NAME} || '';
2832     my $raw_path_info   = $ENV{PATH_INFO}   || '';
2833     my $uri             = unescape($self->request_uri) || '';
2834  
2835     my $protected    = quotemeta($raw_path_info);
2836     $raw_script_name =~ s/$protected$//;
2837  
2838     my @uri_double_slashes  = $uri =~ m^(/{2,}?)^g;
2839     my @path_double_slashes = "$raw_script_name $raw_path_info" =~ m^(/{2,}?)^g;
2840  
2841     my $apache_bug      = @uri_double_slashes != @path_double_slashes;
2842     return ($raw_script_name,$raw_path_info) unless $apache_bug;
2843  
2844     my $path_info_search = quotemeta($raw_path_info);
2845     $path_info_search    =~ s!/!/+!g;
2846     if ($uri =~ m/^(.+)($path_info_search)/) {
2847         return ($1,$2);
2848     } else {
2849         return ($raw_script_name,$raw_path_info);
2850     }
2851  }
2852  END_OF_FUNC
2853  
2854  
2855  #### Method: request_method
2856  # Returns 'POST', 'GET', 'PUT' or 'HEAD'
2857  ####
2858  'request_method' => <<'END_OF_FUNC',
2859  sub request_method {
2860      return $ENV{'REQUEST_METHOD'};
2861  }
2862  END_OF_FUNC
2863  
2864  #### Method: content_type
2865  # Returns the content_type string
2866  ####
2867  'content_type' => <<'END_OF_FUNC',
2868  sub content_type {
2869      return $ENV{'CONTENT_TYPE'};
2870  }
2871  END_OF_FUNC
2872  
2873  #### Method: path_translated
2874  # Return the physical path information provided
2875  # by the URL (if any)
2876  ####
2877  'path_translated' => <<'END_OF_FUNC',
2878  sub path_translated {
2879      return $ENV{'PATH_TRANSLATED'};
2880  }
2881  END_OF_FUNC
2882  
2883  
2884  #### Method: request_uri
2885  # Return the literal request URI
2886  ####
2887  'request_uri' => <<'END_OF_FUNC',
2888  sub request_uri {
2889      return $ENV{'REQUEST_URI'};
2890  }
2891  END_OF_FUNC
2892  
2893  
2894  #### Method: query_string
2895  # Synthesize a query string from our current
2896  # parameters
2897  ####
2898  'query_string' => <<'END_OF_FUNC',
2899  sub query_string {
2900      my($self) = self_or_default(@_);
2901      my($param,$value,@pairs);
2902      foreach $param ($self->param) {
2903      my($eparam) = escape($param);
2904      foreach $value ($self->param($param)) {
2905          $value = escape($value);
2906              next unless defined $value;
2907          push(@pairs,"$eparam=$value");
2908      }
2909      }
2910      foreach (keys %{$self->{'.fieldnames'}}) {
2911        push(@pairs,".cgifields=".escape("$_"));
2912      }
2913      return join($USE_PARAM_SEMICOLONS ? ';' : '&',@pairs);
2914  }
2915  END_OF_FUNC
2916  
2917  
2918  #### Method: accept
2919  # Without parameters, returns an array of the
2920  # MIME types the browser accepts.
2921  # With a single parameter equal to a MIME
2922  # type, will return undef if the browser won't
2923  # accept it, 1 if the browser accepts it but
2924  # doesn't give a preference, or a floating point
2925  # value between 0.0 and 1.0 if the browser
2926  # declares a quantitative score for it.
2927  # This handles MIME type globs correctly.
2928  ####
2929  'Accept' => <<'END_OF_FUNC',
2930  sub Accept {
2931      my($self,$search) = self_or_CGI(@_);
2932      my(%prefs,$type,$pref,$pat);
2933      
2934      my(@accept) = split(',',$self->http('accept'));
2935  
2936      foreach (@accept) {
2937      ($pref) = /q=(\d\.\d+|\d+)/;
2938      ($type) = m#(\S+/[^;]+)#;
2939      next unless $type;
2940      $prefs{$type}=$pref || 1;
2941      }
2942  
2943      return keys %prefs unless $search;
2944      
2945      # if a search type is provided, we may need to
2946      # perform a pattern matching operation.
2947      # The MIME types use a glob mechanism, which
2948      # is easily translated into a perl pattern match
2949  
2950      # First return the preference for directly supported
2951      # types:
2952      return $prefs{$search} if $prefs{$search};
2953  
2954      # Didn't get it, so try pattern matching.
2955      foreach (keys %prefs) {
2956      next unless /\*/;       # not a pattern match
2957      ($pat = $_) =~ s/([^\w*])/\\$1/g; # escape meta characters
2958      $pat =~ s/\*/.*/g; # turn it into a pattern
2959      return $prefs{$_} if $search=~/$pat/;
2960      }
2961  }
2962  END_OF_FUNC
2963  
2964  
2965  #### Method: user_agent
2966  # If called with no parameters, returns the user agent.
2967  # If called with one parameter, does a pattern match (case
2968  # insensitive) on the user agent.
2969  ####
2970  'user_agent' => <<'END_OF_FUNC',
2971  sub user_agent {
2972      my($self,$match)=self_or_CGI(@_);
2973      return $self->http('user_agent') unless $match;
2974      return $self->http('user_agent') =~ /$match/i;
2975  }
2976  END_OF_FUNC
2977  
2978  
2979  #### Method: raw_cookie
2980  # Returns the magic cookies for the session.
2981  # The cookies are not parsed or altered in any way, i.e.
2982  # cookies are returned exactly as given in the HTTP
2983  # headers.  If a cookie name is given, only that cookie's
2984  # value is returned, otherwise the entire raw cookie
2985  # is returned.
2986  ####
2987  'raw_cookie' => <<'END_OF_FUNC',
2988  sub raw_cookie {
2989      my($self,$key) = self_or_CGI(@_);
2990  
2991      require CGI::Cookie;
2992  
2993      if (defined($key)) {
2994      $self->{'.raw_cookies'} = CGI::Cookie->raw_fetch
2995          unless $self->{'.raw_cookies'};
2996  
2997      return () unless $self->{'.raw_cookies'};
2998      return () unless $self->{'.raw_cookies'}->{$key};
2999      return $self->{'.raw_cookies'}->{$key};
3000      }
3001      return $self->http('cookie') || $ENV{'COOKIE'} || '';
3002  }
3003  END_OF_FUNC
3004  
3005  #### Method: virtual_host
3006  # Return the name of the virtual_host, which
3007  # is not always the same as the server
3008  ######
3009  'virtual_host' => <<'END_OF_FUNC',
3010  sub virtual_host {
3011      my $vh = http('x_forwarded_host') || http('host') || server_name();
3012      $vh =~ s/:\d+$//;        # get rid of port number
3013      return $vh;
3014  }
3015  END_OF_FUNC
3016  
3017  #### Method: remote_host
3018  # Return the name of the remote host, or its IP
3019  # address if unavailable.  If this variable isn't
3020  # defined, it returns "localhost" for debugging
3021  # purposes.
3022  ####
3023  'remote_host' => <<'END_OF_FUNC',
3024  sub remote_host {
3025      return $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'} 
3026      || 'localhost';
3027  }
3028  END_OF_FUNC
3029  
3030  
3031  #### Method: remote_addr
3032  # Return the IP addr of the remote host.
3033  ####
3034  'remote_addr' => <<'END_OF_FUNC',
3035  sub remote_addr {
3036      return $ENV{'REMOTE_ADDR'} || '127.0.0.1';
3037  }
3038  END_OF_FUNC
3039  
3040  
3041  #### Method: script_name
3042  # Return the partial URL to this script for
3043  # self-referencing scripts.  Also see
3044  # self_url(), which returns a URL with all state information
3045  # preserved.
3046  ####
3047  'script_name' => <<'END_OF_FUNC',
3048  sub script_name {
3049      my ($self,@p) = self_or_default(@_);
3050      if (@p) {
3051          $self->{'.script_name'} = shift @p;
3052      } elsif (!exists $self->{'.script_name'}) {
3053          my ($script_name,$path_info) = $self->_name_and_path_from_env();
3054          $self->{'.script_name'} = $script_name;
3055      }
3056      return $self->{'.script_name'};
3057  }
3058  END_OF_FUNC
3059  
3060  
3061  #### Method: referer
3062  # Return the HTTP_REFERER: useful for generating
3063  # a GO BACK button.
3064  ####
3065  'referer' => <<'END_OF_FUNC',
3066  sub referer {
3067      my($self) = self_or_CGI(@_);
3068      return $self->http('referer');
3069  }
3070  END_OF_FUNC
3071  
3072  
3073  #### Method: server_name
3074  # Return the name of the server
3075  ####
3076  'server_name' => <<'END_OF_FUNC',
3077  sub server_name {
3078      return $ENV{'SERVER_NAME'} || 'localhost';
3079  }
3080  END_OF_FUNC
3081  
3082  #### Method: server_software
3083  # Return the name of the server software
3084  ####
3085  'server_software' => <<'END_OF_FUNC',
3086  sub server_software {
3087      return $ENV{'SERVER_SOFTWARE'} || 'cmdline';
3088  }
3089  END_OF_FUNC
3090  
3091  #### Method: virtual_port
3092  # Return the server port, taking virtual hosts into account
3093  ####
3094  'virtual_port' => <<'END_OF_FUNC',
3095  sub virtual_port {
3096      my($self) = self_or_default(@_);
3097      my $vh = $self->http('x_forwarded_host') || $self->http('host');
3098      my $protocol = $self->protocol;
3099      if ($vh) {
3100          return ($vh =~ /:(\d+)$/)[0] || ($protocol eq 'https' ? 443 : 80);
3101      } else {
3102          return $self->server_port();
3103      }
3104  }
3105  END_OF_FUNC
3106  
3107  #### Method: server_port
3108  # Return the tcp/ip port the server is running on
3109  ####
3110  'server_port' => <<'END_OF_FUNC',
3111  sub server_port {
3112      return $ENV{'SERVER_PORT'} || 80; # for debugging
3113  }
3114  END_OF_FUNC
3115  
3116  #### Method: server_protocol
3117  # Return the protocol (usually HTTP/1.0)
3118  ####
3119  'server_protocol' => <<'END_OF_FUNC',
3120  sub server_protocol {
3121      return $ENV{'SERVER_PROTOCOL'} || 'HTTP/1.0'; # for debugging
3122  }
3123  END_OF_FUNC
3124  
3125  #### Method: http
3126  # Return the value of an HTTP variable, or
3127  # the list of variables if none provided
3128  ####
3129  'http' => <<'END_OF_FUNC',
3130  sub http {
3131      my ($self,$parameter) = self_or_CGI(@_);
3132      return $ENV{$parameter} if $parameter=~/^HTTP/;
3133      $parameter =~ tr/-/_/;
3134      return $ENV{"HTTP_\U$parameter\E"} if $parameter;
3135      my(@p);
3136      foreach (keys %ENV) {
3137      push(@p,$_) if /^HTTP/;
3138      }
3139      return @p;
3140  }
3141  END_OF_FUNC
3142  
3143  #### Method: https
3144  # Return the value of HTTPS
3145  ####
3146  'https' => <<'END_OF_FUNC',
3147  sub https {
3148      local($^W)=0;
3149      my ($self,$parameter) = self_or_CGI(@_);
3150      return $ENV{HTTPS} unless $parameter;
3151      return $ENV{$parameter} if $parameter=~/^HTTPS/;
3152      $parameter =~ tr/-/_/;
3153      return $ENV{"HTTPS_\U$parameter\E"} if $parameter;
3154      my(@p);
3155      foreach (keys %ENV) {
3156      push(@p,$_) if /^HTTPS/;
3157      }
3158      return @p;
3159  }
3160  END_OF_FUNC
3161  
3162  #### Method: protocol
3163  # Return the protocol (http or https currently)
3164  ####
3165  'protocol' => <<'END_OF_FUNC',
3166  sub protocol {
3167      local($^W)=0;
3168      my $self = shift;
3169      return 'https' if uc($self->https()) eq 'ON'; 
3170      return 'https' if $self->server_port == 443;
3171      my $prot = $self->server_protocol;
3172      my($protocol,$version) = split('/',$prot);
3173      return "\L$protocol\E";
3174  }
3175  END_OF_FUNC
3176  
3177  #### Method: remote_ident
3178  # Return the identity of the remote user
3179  # (but only if his host is running identd)
3180  ####
3181  'remote_ident' => <<'END_OF_FUNC',
3182  sub remote_ident {
3183      return $ENV{'REMOTE_IDENT'};
3184  }
3185  END_OF_FUNC
3186  
3187  
3188  #### Method: auth_type
3189  # Return the type of use verification/authorization in use, if any.
3190  ####
3191  'auth_type' => <<'END_OF_FUNC',
3192  sub auth_type {
3193      return $ENV{'AUTH_TYPE'};
3194  }
3195  END_OF_FUNC
3196  
3197  
3198  #### Method: remote_user
3199  # Return the authorization name used for user
3200  # verification.
3201  ####
3202  'remote_user' => <<'END_OF_FUNC',
3203  sub remote_user {
3204      return $ENV{'REMOTE_USER'};
3205  }
3206  END_OF_FUNC
3207  
3208  
3209  #### Method: user_name
3210  # Try to return the remote user's name by hook or by
3211  # crook
3212  ####
3213  'user_name' => <<'END_OF_FUNC',
3214  sub user_name {
3215      my ($self) = self_or_CGI(@_);
3216      return $self->http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'};
3217  }
3218  END_OF_FUNC
3219  
3220  #### Method: nosticky
3221  # Set or return the NOSTICKY global flag
3222  ####
3223  'nosticky' => <<'END_OF_FUNC',
3224  sub nosticky {
3225      my ($self,$param) = self_or_CGI(@_);
3226      $CGI::NOSTICKY = $param if defined($param);
3227      return $CGI::NOSTICKY;
3228  }
3229  END_OF_FUNC
3230  
3231  #### Method: nph
3232  # Set or return the NPH global flag
3233  ####
3234  'nph' => <<'END_OF_FUNC',
3235  sub nph {
3236      my ($self,$param) = self_or_CGI(@_);
3237      $CGI::NPH = $param if defined($param);
3238      return $CGI::NPH;
3239  }
3240  END_OF_FUNC
3241  
3242  #### Method: private_tempfiles
3243  # Set or return the private_tempfiles global flag
3244  ####
3245  'private_tempfiles' => <<'END_OF_FUNC',
3246  sub private_tempfiles {
3247      my ($self,$param) = self_or_CGI(@_);
3248      $CGI::PRIVATE_TEMPFILES = $param if defined($param);
3249      return $CGI::PRIVATE_TEMPFILES;
3250  }
3251  END_OF_FUNC
3252  #### Method: close_upload_files
3253  # Set or return the close_upload_files global flag
3254  ####
3255  'close_upload_files' => <<'END_OF_FUNC',
3256  sub close_upload_files {
3257      my ($self,$param) = self_or_CGI(@_);
3258      $CGI::CLOSE_UPLOAD_FILES = $param if defined($param);
3259      return $CGI::CLOSE_UPLOAD_FILES;
3260  }
3261  END_OF_FUNC
3262  
3263  
3264  #### Method: default_dtd
3265  # Set or return the default_dtd global
3266  ####
3267  'default_dtd' => <<'END_OF_FUNC',
3268  sub default_dtd {
3269      my ($self,$param,$param2) = self_or_CGI(@_);
3270      if (defined $param2 && defined $param) {
3271          $CGI::DEFAULT_DTD = [ $param, $param2 ];
3272      } elsif (defined $param) {
3273          $CGI::DEFAULT_DTD = $param;
3274      }
3275      return $CGI::DEFAULT_DTD;
3276  }
3277  END_OF_FUNC
3278  
3279  # -------------- really private subroutines -----------------
3280  'previous_or_default' => <<'END_OF_FUNC',
3281  sub previous_or_default {
3282      my($self,$name,$defaults,$override) = @_;
3283      my(%selected);
3284  
3285      if (!$override && ($self->{'.fieldnames'}->{$name} || 
3286                 defined($self->param($name)) ) ) {
3287      grep($selected{$_}++,$self->param($name));
3288      } elsif (defined($defaults) && ref($defaults) && 
3289           (ref($defaults) eq 'ARRAY')) {
3290      grep($selected{$_}++,@{$defaults});
3291      } else {
3292      $selected{$defaults}++ if defined($defaults);
3293      }
3294  
3295      return %selected;
3296  }
3297  END_OF_FUNC
3298  
3299  'register_parameter' => <<'END_OF_FUNC',
3300  sub register_parameter {
3301      my($self,$param) = @_;
3302      $self->{'.parametersToAdd'}->{$param}++;
3303  }
3304  END_OF_FUNC
3305  
3306  'get_fields' => <<'END_OF_FUNC',
3307  sub get_fields {
3308      my($self) = @_;
3309      return $self->CGI::hidden('-name'=>'.cgifields',
3310                    '-values'=>[keys %{$self->{'.parametersToAdd'}}],
3311                    '-override'=>1);
3312  }
3313  END_OF_FUNC
3314  
3315  'read_from_cmdline' => <<'END_OF_FUNC',
3316  sub read_from_cmdline {
3317      my($input,@words);
3318      my($query_string);
3319      my($subpath);
3320      if ($DEBUG && @ARGV) {
3321      @words = @ARGV;
3322      } elsif ($DEBUG > 1) {
3323      require  "shellwords.pl";
3324      print STDERR "(offline mode: enter name=value pairs on standard input; press ^D or ^Z when done)\n";
3325      chomp(@lines = <STDIN>); # remove newlines
3326      $input = join(" ",@lines);
3327      @words = &shellwords($input);    
3328      }
3329      foreach (@words) {
3330      s/\\=/%3D/g;
3331      s/\\&/%26/g;        
3332      }
3333  
3334      if ("@words"=~/=/) {
3335      $query_string = join('&',@words);
3336      } else {
3337      $query_string = join('+',@words);
3338      }
3339      if ($query_string =~ /^(.*?)\?(.*)$/)
3340      {
3341          $query_string = $2;
3342          $subpath = $1;
3343      }
3344      return { 'query_string' => $query_string, 'subpath' => $subpath };
3345  }
3346  END_OF_FUNC
3347  
3348  #####
3349  # subroutine: read_multipart
3350  #
3351  # Read multipart data and store it into our parameters.
3352  # An interesting feature is that if any of the parts is a file, we
3353  # create a temporary file and open up a filehandle on it so that the
3354  # caller can read from it if necessary.
3355  #####
3356  'read_multipart' => <<'END_OF_FUNC',
3357  sub read_multipart {
3358      my($self,$boundary,$length) = @_;
3359      my($buffer) = $self->new_MultipartBuffer($boundary,$length);
3360      return unless $buffer;
3361      my(%header,$body);
3362      my $filenumber = 0;
3363      while (!$buffer->eof) {
3364      %header = $buffer->readHeader;
3365  
3366      unless (%header) {
3367          $self->cgi_error("400 Bad request (malformed multipart POST)");
3368          return;
3369      }
3370  
3371      my($param)= $header{'Content-Disposition'}=~/ name="([^"]*)"/;
3372          $param .= $TAINTED;
3373  
3374      # Bug:  Netscape doesn't escape quotation marks in file names!!!
3375      my($filename) = $header{'Content-Disposition'}=~/ filename="([^"]*)"/;
3376      # Test for Opera's multiple upload feature
3377      my($multipart) = ( defined( $header{'Content-Type'} ) &&
3378          $header{'Content-Type'} =~ /multipart\/mixed/ ) ?
3379          1 : 0;
3380  
3381      # add this parameter to our list
3382      $self->add_parameter($param);
3383  
3384      # If no filename specified, then just read the data and assign it
3385      # to our parameter list.
3386      if ( ( !defined($filename) || $filename eq '' ) && !$multipart ) {
3387          my($value) = $buffer->readBody;
3388              $value .= $TAINTED;
3389          push(@{$self->{$param}},$value);
3390          next;
3391      }
3392  
3393      my ($tmpfile,$tmp,$filehandle);
3394        UPLOADS: {
3395        # If we get here, then we are dealing with a potentially large
3396        # uploaded form.  Save the data to a temporary file, then open
3397        # the file for reading.
3398  
3399        # skip the file if uploads disabled
3400        if ($DISABLE_UPLOADS) {
3401            while (defined($data = $buffer->read)) { }
3402            last UPLOADS;
3403        }
3404  
3405        # set the filename to some recognizable value
3406            if ( ( !defined($filename) || $filename eq '' ) && $multipart ) {
3407                $filename = "multipart/mixed";
3408            }
3409  
3410        # choose a relatively unpredictable tmpfile sequence number
3411            my $seqno = unpack("%16C*",join('',localtime,grep {defined $_} values %ENV));
3412            for (my $cnt=10;$cnt>0;$cnt--) {
3413          next unless $tmpfile = new CGITempFile($seqno);
3414          $tmp = $tmpfile->as_string;
3415          last if defined($filehandle = Fh->new($filename,$tmp,$PRIVATE_TEMPFILES));
3416              $seqno += int rand(100);
3417            }
3418            die "CGI open of tmpfile: $!\n" unless defined $filehandle;
3419        $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode 
3420                       && defined fileno($filehandle);
3421  
3422        # if this is an multipart/mixed attachment, save the header
3423        # together with the body for later parsing with an external
3424        # MIME parser module
3425        if ( $multipart ) {
3426            foreach ( keys %header ) {
3427            print $filehandle "$_: $header{$_}$CRLF}";
3428            }
3429            print $filehandle "$CRLF}";
3430        }
3431  
3432        my ($data);
3433        local($\) = '';
3434            my $totalbytes;
3435            while (defined($data = $buffer->read)) {
3436                if (defined $self->{'.upload_hook'})
3437                 {
3438                    $totalbytes += length($data);
3439                     &{$self->{'.upload_hook'}}($filename ,$data, $totalbytes, $self->{'.upload_data'});
3440                }
3441                print $filehandle $data if ($self->{'use_tempfile'});
3442            }
3443  
3444        # back up to beginning of file
3445        seek($filehandle,0,0);
3446  
3447        ## Close the filehandle if requested this allows a multipart MIME
3448        ## upload to contain many files, and we won't die due to too many
3449        ## open file handles. The user can access the files using the hash
3450        ## below.
3451        close $filehandle if $CLOSE_UPLOAD_FILES;
3452        $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;
3453  
3454        # Save some information about the uploaded file where we can get
3455        # at it later.
3456        # Use the typeglob as the key, as this is guaranteed to be
3457        # unique for each filehandle.  Don't use the file descriptor as
3458        # this will be re-used for each filehandle if the
3459        # close_upload_files feature is used.
3460        $self->{'.tmpfiles'}->{$$filehandle}= {
3461                hndl => $filehandle,
3462            name => $tmpfile,
3463            info => {%header},
3464        };
3465        push(@{$self->{$param}},$filehandle);
3466        }
3467      }
3468  }
3469  END_OF_FUNC
3470  
3471  #####
3472  # subroutine: read_multipart_related
3473  #
3474  # Read multipart/related data and store it into our parameters.  The
3475  # first parameter sets the start of the data. The part identified by
3476  # this Content-ID will not be stored as a file upload, but will be
3477  # returned by this method.  All other parts will be available as file
3478  # uploads accessible by their Content-ID
3479  #####
3480  'read_multipart_related' => <<'END_OF_FUNC',
3481  sub read_multipart_related {
3482      my($self,$start,$boundary,$length) = @_;
3483      my($buffer) = $self->new_MultipartBuffer($boundary,$length);
3484      return unless $buffer;
3485      my(%header,$body);
3486      my $filenumber = 0;
3487      my $returnvalue;
3488      while (!$buffer->eof) {
3489      %header = $buffer->readHeader;
3490  
3491      unless (%header) {
3492          $self->cgi_error("400 Bad request (malformed multipart POST)");
3493          return;
3494      }
3495  
3496      my($param) = $header{'Content-ID'}=~/\<([^\>]*)\>/;
3497          $param .= $TAINTED;
3498  
3499      # If this is the start part, then just read the data and assign it
3500      # to our return variable.
3501      if ( $param eq $start ) {
3502          $returnvalue = $buffer->readBody;
3503              $returnvalue .= $TAINTED;
3504          next;
3505      }
3506  
3507      # add this parameter to our list
3508      $self->add_parameter($param);
3509  
3510      my ($tmpfile,$tmp,$filehandle);
3511        UPLOADS: {
3512        # If we get here, then we are dealing with a potentially large
3513        # uploaded form.  Save the data to a temporary file, then open
3514        # the file for reading.
3515  
3516        # skip the file if uploads disabled
3517        if ($DISABLE_UPLOADS) {
3518            while (defined($data = $buffer->read)) { }
3519            last UPLOADS;
3520        }
3521  
3522        # choose a relatively unpredictable tmpfile sequence number
3523            my $seqno = unpack("%16C*",join('',localtime,grep {defined $_} values %ENV));
3524            for (my $cnt=10;$cnt>0;$cnt--) {
3525          next unless $tmpfile = new CGITempFile($seqno);
3526          $tmp = $tmpfile->as_string;
3527          last if defined($filehandle = Fh->new($param,$tmp,$PRIVATE_TEMPFILES));
3528              $seqno += int rand(100);
3529            }
3530            die "CGI open of tmpfile: $!\n" unless defined $filehandle;
3531        $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode 
3532                       && defined fileno($filehandle);
3533  
3534        my ($data);
3535        local($\) = '';
3536            my $totalbytes;
3537            while (defined($data = $buffer->read)) {
3538                if (defined $self->{'.upload_hook'})
3539                 {
3540                    $totalbytes += length($data);
3541                     &{$self->{'.upload_hook'}}($param ,$data, $totalbytes, $self->{'.upload_data'});
3542                }
3543                print $filehandle $data if ($self->{'use_tempfile'});
3544            }
3545  
3546        # back up to beginning of file
3547        seek($filehandle,0,0);
3548  
3549        ## Close the filehandle if requested this allows a multipart MIME
3550        ## upload to contain many files, and we won't die due to too many
3551        ## open file handles. The user can access the files using the hash
3552        ## below.
3553        close $filehandle if $CLOSE_UPLOAD_FILES;
3554        $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;
3555  
3556        # Save some information about the uploaded file where we can get
3557        # at it later.
3558        # Use the typeglob as the key, as this is guaranteed to be
3559        # unique for each filehandle.  Don't use the file descriptor as
3560        # this will be re-used for each filehandle if the
3561        # close_upload_files feature is used.
3562        $self->{'.tmpfiles'}->{$$filehandle}= {
3563                hndl => $filehandle,
3564            name => $tmpfile,
3565            info => {%header},
3566        };
3567        push(@{$self->{$param}},$filehandle);
3568        }
3569      }
3570      return $returnvalue;
3571  }
3572  END_OF_FUNC
3573  
3574  
3575  'upload' =><<'END_OF_FUNC',
3576  sub upload {
3577      my($self,$param_name) = self_or_default(@_);
3578      my @param = grep {ref($_) && defined(fileno($_))} $self->param($param_name);
3579      return unless @param;
3580      return wantarray ? @param : $param[0];
3581  }
3582  END_OF_FUNC
3583  
3584  'tmpFileName' => <<'END_OF_FUNC',
3585  sub tmpFileName {
3586      my($self,$filename) = self_or_default(@_);
3587      return $self->{'.tmpfiles'}->{$$filename}->{name} ?
3588      $self->{'.tmpfiles'}->{$$filename}->{name}->as_string
3589          : '';
3590  }
3591  END_OF_FUNC
3592  
3593  'uploadInfo' => <<'END_OF_FUNC',
3594  sub uploadInfo {
3595      my($self,$filename) = self_or_default(@_);
3596      return $self->{'.tmpfiles'}->{$$filename}->{info};
3597  }
3598  END_OF_FUNC
3599  
3600  # internal routine, don't use
3601  '_set_values_and_labels' => <<'END_OF_FUNC',
3602  sub _set_values_and_labels {
3603      my $self = shift;
3604      my ($v,$l,$n) = @_;
3605      $$l = $v if ref($v) eq 'HASH' && !ref($$l);
3606      return $self->param($n) if !defined($v);
3607      return $v if !ref($v);
3608      return ref($v) eq 'HASH' ? keys %$v : @$v;
3609  }
3610  END_OF_FUNC
3611  
3612  # internal routine, don't use
3613  '_set_attributes' => <<'END_OF_FUNC',
3614  sub _set_attributes {
3615      my $self = shift;
3616      my($element, $attributes) = @_;
3617      return '' unless defined($attributes->{$element});
3618      $attribs = ' ';
3619      foreach my $attrib (keys %{$attributes->{$element}}) {
3620          (my $clean_attrib = $attrib) =~ s/^-//;
3621          $attribs .= "@{[lc($clean_attrib)]}=\"$attributes->{$element}{$attrib}\" ";
3622      }
3623      $attribs =~ s/ $//;
3624      return $attribs;
3625  }
3626  END_OF_FUNC
3627  
3628  '_compile_all' => <<'END_OF_FUNC',
3629  sub _compile_all {
3630      foreach (@_) {
3631      next if defined(&$_);
3632      $AUTOLOAD = "CGI::$_";
3633      _compile();
3634      }
3635  }
3636  END_OF_FUNC
3637  
3638  );
3639  END_OF_AUTOLOAD
3640  ;
3641  
3642  #########################################################
3643  # Globals and stubs for other packages that we use.
3644  #########################################################
3645  
3646  ################### Fh -- lightweight filehandle ###############
3647  package Fh;
3648  use overload 
3649      '""'  => \&asString,
3650      'cmp' => \&compare,
3651      'fallback'=>1;
3652  
3653  $FH='fh00000';
3654  
3655  *Fh::AUTOLOAD = \&CGI::AUTOLOAD;
3656  
3657  sub DESTROY {
3658      my $self = shift;
3659      close $self;
3660  }
3661  
3662  $AUTOLOADED_ROUTINES = '';      # prevent -w error
3663  $AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3664  %SUBS =  (
3665  'asString' => <<'END_OF_FUNC',
3666  sub asString {
3667      my $self = shift;
3668      # get rid of package name
3669      (my $i = $$self) =~ s/^\*(\w+::fh\d{5})+//; 
3670      $i =~ s/%(..)/ chr(hex($1)) /eg;
3671      return $i.$CGI::TAINTED;
3672  # BEGIN DEAD CODE
3673  # This was an extremely clever patch that allowed "use strict refs".
3674  # Unfortunately it relied on another bug that caused leaky file descriptors.
3675  # The underlying bug has been fixed, so this no longer works.  However
3676  # "strict refs" still works for some reason.
3677  #    my $self = shift;
3678  #    return ${*{$self}{SCALAR}};
3679  # END DEAD CODE
3680  }
3681  END_OF_FUNC
3682  
3683  'compare' => <<'END_OF_FUNC',
3684  sub compare {
3685      my $self = shift;
3686      my $value = shift;
3687      return "$self" cmp $value;
3688  }
3689  END_OF_FUNC
3690  
3691  'new'  => <<'END_OF_FUNC',
3692  sub new {
3693      my($pack,$name,$file,$delete) = @_;
3694      _setup_symbols(@SAVED_SYMBOLS) if @SAVED_SYMBOLS;
3695      require Fcntl unless defined &Fcntl::O_RDWR;
3696      (my $safename = $name) =~ s/([':%])/ sprintf '%%%02X', ord $1 /eg;
3697      my $fv = ++$FH . $safename;
3698      my $ref = \*{"Fh::$fv"};
3699      $file =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return;
3700      my $safe = $1;
3701      sysopen($ref,$safe,Fcntl::O_RDWR()|Fcntl::O_CREAT()|Fcntl::O_EXCL(),0600) || return;
3702      unlink($safe) if $delete;
3703      CORE::delete $Fh::{$fv};
3704      return bless $ref,$pack;
3705  }
3706  END_OF_FUNC
3707  
3708  );
3709  END_OF_AUTOLOAD
3710  
3711  ######################## MultipartBuffer ####################
3712  package MultipartBuffer;
3713  
3714  use constant DEBUG => 0;
3715  
3716  # how many bytes to read at a time.  We use
3717  # a 4K buffer by default.
3718  $INITIAL_FILLUNIT = 1024 * 4;
3719  $TIMEOUT = 240*60;       # 4 hour timeout for big files
3720  $SPIN_LOOP_MAX = 2000;  # bug fix for some Netscape servers
3721  $CRLF=$CGI::CRLF;
3722  
3723  #reuse the autoload function
3724  *MultipartBuffer::AUTOLOAD = \&CGI::AUTOLOAD;
3725  
3726  # avoid autoloader warnings
3727  sub DESTROY {}
3728  
3729  ###############################################################################
3730  ################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
3731  ###############################################################################
3732  $AUTOLOADED_ROUTINES = '';      # prevent -w error
3733  $AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
3734  %SUBS =  (
3735  
3736  'new' => <<'END_OF_FUNC',
3737  sub new {
3738      my($package,$interface,$boundary,$length) = @_;
3739      $FILLUNIT = $INITIAL_FILLUNIT;
3740      $CGI::DefaultClass->binmode($IN); # if $CGI::needs_binmode;  # just do it always
3741  
3742      # If the user types garbage into the file upload field,
3743      # then Netscape passes NOTHING to the server (not good).
3744      # We may hang on this read in that case. So we implement
3745      # a read timeout.  If nothing is ready to read
3746      # by then, we return.
3747  
3748      # Netscape seems to be a little bit unreliable
3749      # about providing boundary strings.
3750      my $boundary_read = 0;
3751      if ($boundary) {
3752  
3753      # Under the MIME spec, the boundary consists of the 
3754      # characters "--" PLUS the Boundary string
3755  
3756      # BUG: IE 3.01 on the Macintosh uses just the boundary -- not
3757      # the two extra hyphens.  We do a special case here on the user-agent!!!!
3758      $boundary = "--$boundary" unless CGI::user_agent('MSIE\s+3\.0[12];\s*Mac|DreamPassport');
3759  
3760      } else { # otherwise we find it ourselves
3761      my($old);
3762      ($old,$/) = ($/,$CRLF); # read a CRLF-delimited line
3763      $boundary = <STDIN>;      # BUG: This won't work correctly under mod_perl
3764      $length -= length($boundary);
3765      chomp($boundary);               # remove the CRLF
3766      $/ = $old;                      # restore old line separator
3767          $boundary_read++;
3768      }
3769  
3770      my $self = {LENGTH=>$length,
3771          CHUNKED=>!defined $length,
3772          BOUNDARY=>$boundary,
3773          INTERFACE=>$interface,
3774          BUFFER=>'',
3775          };
3776  
3777      $FILLUNIT = length($boundary)
3778      if length($boundary) > $FILLUNIT;
3779  
3780      my $retval = bless $self,ref $package || $package;
3781  
3782      # Read the preamble and the topmost (boundary) line plus the CRLF.
3783      unless ($boundary_read) {
3784        while ($self->read(0)) { }
3785      }
3786      die "Malformed multipart POST: data truncated\n" if $self->eof;
3787  
3788      return $retval;
3789  }
3790  END_OF_FUNC
3791  
3792  'readHeader' => <<'END_OF_FUNC',
3793  sub readHeader {
3794      my($self) = @_;
3795      my($end);
3796      my($ok) = 0;
3797      my($bad) = 0;
3798  
3799      local($CRLF) = "\015\012" if $CGI::OS eq 'VMS' || $CGI::EBCDIC;
3800  
3801      do {
3802      $self->fillBuffer($FILLUNIT);
3803      $ok++ if ($end = index($self->{BUFFER},"$CRLF}$CRLF}")) >= 0;
3804      $ok++ if $self->{BUFFER} eq '';
3805      $bad++ if !$ok && $self->{LENGTH} <= 0;
3806      # this was a bad idea
3807      # $FILLUNIT *= 2 if length($self->{BUFFER}) >= $FILLUNIT; 
3808      } until $ok || $bad;
3809      return () if $bad;
3810  
3811      #EBCDIC NOTE: translate header into EBCDIC, but watch out for continuation lines!
3812  
3813      my($header) = substr($self->{BUFFER},0,$end+2);
3814      substr($self->{BUFFER},0,$end+4) = '';
3815      my %return;
3816  
3817      if ($CGI::EBCDIC) {
3818        warn "untranslated header=$header\n" if DEBUG;
3819        $header = CGI::Util::ascii2ebcdic($header);
3820        warn "translated header=$header\n" if DEBUG;
3821      }
3822  
3823      # See RFC 2045 Appendix A and RFC 822 sections 3.4.8
3824      #   (Folding Long Header Fields), 3.4.3 (Comments)
3825      #   and 3.4.5 (Quoted-Strings).
3826  
3827      my $token = '[-\w!\#$%&\'*+.^_\`|{}~]';
3828      $header=~s/$CRLF\s+/ /og;        # merge continuation lines
3829  
3830      while ($header=~/($token+):\s+([^$CRLF]*)/mgox) {
3831          my ($field_name,$field_value) = ($1,$2);
3832      $field_name =~ s/\b(\w)/uc($1)/eg; #canonicalize
3833      $return{$field_name}=$field_value;
3834      }
3835      return %return;
3836  }
3837  END_OF_FUNC
3838  
3839  # This reads and returns the body as a single scalar value.
3840  'readBody' => <<'END_OF_FUNC',
3841  sub readBody {
3842      my($self) = @_;
3843      my($data);
3844      my($returnval)='';
3845  
3846      #EBCDIC NOTE: want to translate returnval into EBCDIC HERE
3847  
3848      while (defined($data = $self->read)) {
3849      $returnval .= $data;
3850      }
3851  
3852      if ($CGI::EBCDIC) {
3853        warn "untranslated body=$returnval\n" if DEBUG;
3854        $returnval = CGI::Util::ascii2ebcdic($returnval);
3855        warn "translated body=$returnval\n"   if DEBUG;
3856      }
3857      return $returnval;
3858  }
3859  END_OF_FUNC
3860  
3861  # This will read $bytes or until the boundary is hit, whichever happens
3862  # first.  After the boundary is hit, we return undef.  The next read will
3863  # skip over the boundary and begin reading again;
3864  'read' => <<'END_OF_FUNC',
3865  sub read {
3866      my($self,$bytes) = @_;
3867  
3868      # default number of bytes to read
3869      $bytes = $bytes || $FILLUNIT;
3870  
3871      # Fill up our internal buffer in such a way that the boundary
3872      # is never split between reads.
3873      $self->fillBuffer($bytes);
3874  
3875      my $boundary_start = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY})      : $self->{BOUNDARY};
3876      my $boundary_end   = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY}.'--') : $self->{BOUNDARY}.'--';
3877  
3878      # Find the boundary in the buffer (it may not be there).
3879      my $start = index($self->{BUFFER},$boundary_start);
3880  
3881      warn "boundary=$self->{BOUNDARY} length=$self->{LENGTH} start=$start\n" if DEBUG;
3882  
3883      # protect against malformed multipart POST operations
3884      die "Malformed multipart POST\n" unless $self->{CHUNKED} || ($start >= 0 || $self->{LENGTH} > 0);
3885  
3886      #EBCDIC NOTE: want to translate boundary search into ASCII here.
3887  
3888      # If the boundary begins the data, then skip past it
3889      # and return undef.
3890      if ($start == 0) {
3891  
3892      # clear us out completely if we've hit the last boundary.
3893      if (index($self->{BUFFER},$boundary_end)==0) {
3894          $self->{BUFFER}='';
3895          $self->{LENGTH}=0;
3896          return undef;
3897      }
3898  
3899      # just remove the boundary.
3900      substr($self->{BUFFER},0,length($boundary_start))='';
3901          $self->{BUFFER} =~ s/^\012\015?//;
3902      return undef;
3903      }
3904  
3905      my $bytesToReturn;
3906      if ($start > 0) {           # read up to the boundary
3907          $bytesToReturn = $start-2 > $bytes ? $bytes : $start;
3908      } else {    # read the requested number of bytes
3909      # leave enough bytes in the buffer to allow us to read
3910      # the boundary.  Thanks to Kevin Hendrick for finding
3911      # this one.
3912      $bytesToReturn = $bytes - (length($boundary_start)+1);
3913      }
3914  
3915      my $returnval=substr($self->{BUFFER},0,$bytesToReturn);
3916      substr($self->{BUFFER},0,$bytesToReturn)='';
3917      
3918      # If we hit the boundary, remove the CRLF from the end.
3919      return ($bytesToReturn==$start)
3920             ? substr($returnval,0,-2) : $returnval;
3921  }
3922  END_OF_FUNC
3923  
3924  
3925  # This fills up our internal buffer in such a way that the
3926  # boundary is never split between reads
3927  'fillBuffer' => <<'END_OF_FUNC',
3928  sub fillBuffer {
3929      my($self,$bytes) = @_;
3930      return unless $self->{CHUNKED} || $self->{LENGTH};
3931  
3932      my($boundaryLength) = length($self->{BOUNDARY});
3933      my($bufferLength) = length($self->{BUFFER});
3934      my($bytesToRead) = $bytes - $bufferLength + $boundaryLength + 2;
3935      $bytesToRead = $self->{LENGTH} if !$self->{CHUNKED} && $self->{LENGTH} < $bytesToRead;
3936  
3937      # Try to read some data.  We may hang here if the browser is screwed up.
3938      my $bytesRead = $self->{INTERFACE}->read_from_client(\$self->{BUFFER},
3939                               $bytesToRead,
3940                               $bufferLength);
3941      warn "bytesToRead=$bytesToRead, bufferLength=$bufferLength, buffer=$self->{BUFFER}\n" if DEBUG;
3942      $self->{BUFFER} = '' unless defined $self->{BUFFER};
3943  
3944      # An apparent bug in the Apache server causes the read()
3945      # to return zero bytes repeatedly without blocking if the
3946      # remote user aborts during a file transfer.  I don't know how
3947      # they manage this, but the workaround is to abort if we get
3948      # more than SPIN_LOOP_MAX consecutive zero reads.
3949      if ($bytesRead <= 0) {
3950      die  "CGI.pm: Server closed socket during multipart read (client aborted?).\n"
3951          if ($self->{ZERO_LOOP_COUNTER}++ >= $SPIN_LOOP_MAX);
3952      } else {
3953      $self->{ZERO_LOOP_COUNTER}=0;
3954      }
3955  
3956      $self->{LENGTH} -= $bytesRead if !$self->{CHUNKED} && $bytesRead;
3957  }
3958  END_OF_FUNC
3959  
3960  
3961  # Return true when we've finished reading
3962  'eof' => <<'END_OF_FUNC'
3963  sub eof {
3964      my($self) = @_;
3965      return 1 if (length($self->{BUFFER}) == 0)
3966           && ($self->{LENGTH} <= 0);
3967      undef;
3968  }
3969  END_OF_FUNC
3970  
3971  );
3972  END_OF_AUTOLOAD
3973  
3974  ####################################################################################
3975  ################################## TEMPORARY FILES #################################
3976  ####################################################################################
3977  package CGITempFile;
3978  
3979  sub find_tempdir {
3980    $SL = $CGI::SL;
3981    $MAC = $CGI::OS eq 'MACINTOSH';
3982    my ($vol) = $MAC ? MacPerl::Volumes() =~ /:(.*)/ : "";
3983    unless (defined $TMPDIRECTORY) {
3984      @TEMP=("$SL}usr$SL}tmp","$SL}var$SL}tmp",
3985         "C:$SL}temp","$SL}tmp","$SL}temp",
3986         "$vol}$SL}Temporary Items",
3987             "$SL}WWW_ROOT", "$SL}SYS\$SCRATCH",
3988         "C:$SL}system$SL}temp");
3989      unshift(@TEMP,$ENV{'TMPDIR'}) if defined $ENV{'TMPDIR'};
3990  
3991      # this feature was supposed to provide per-user tmpfiles, but
3992      # it is problematic.
3993      #    unshift(@TEMP,(getpwuid($<))[7].'/tmp') if $CGI::OS eq 'UNIX';
3994      # Rob: getpwuid() is unfortunately UNIX specific. On brain dead OS'es this
3995      #    : can generate a 'getpwuid() not implemented' exception, even though
3996      #    : it's never called.  Found under DOS/Win with the DJGPP perl port.
3997      #    : Refer to getpwuid() only at run-time if we're fortunate and have  UNIX.
3998      # unshift(@TEMP,(eval {(getpwuid($>))[7]}).'/tmp') if $CGI::OS eq 'UNIX' and $> != 0;
3999  
4000      foreach (@TEMP) {
4001        do {$TMPDIRECTORY = $_; last} if -d $_ && -w _;
4002      }
4003    }
4004    $TMPDIRECTORY  = $MAC ? "" : "." unless $TMPDIRECTORY;
4005  }
4006  
4007  find_tempdir();
4008  
4009  $MAXTRIES = 5000;
4010  
4011  # cute feature, but overload implementation broke it
4012  # %OVERLOAD = ('""'=>'as_string');
4013  *CGITempFile::AUTOLOAD = \&CGI::AUTOLOAD;
4014  
4015  sub DESTROY {
4016      my($self) = @_;
4017      $$self =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return;
4018      my $safe = $1;             # untaint operation
4019      unlink $safe;              # get rid of the file
4020  }
4021  
4022  ###############################################################################
4023  ################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
4024  ###############################################################################
4025  $AUTOLOADED_ROUTINES = '';      # prevent -w error
4026  $AUTOLOADED_ROUTINES=<<'END_OF_AUTOLOAD';
4027  %SUBS = (
4028  
4029  'new' => <<'END_OF_FUNC',
4030  sub new {
4031      my($package,$sequence) = @_;
4032      my $filename;
4033      find_tempdir() unless -w $TMPDIRECTORY;
4034      for (my $i = 0; $i < $MAXTRIES; $i++) {
4035      last if ! -f ($filename = sprintf("$TMPDIRECTORY}$SL}CGItemp%d",$sequence++));
4036      }
4037      # check that it is a more-or-less valid filename
4038      return unless $filename =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$!;
4039      # this used to untaint, now it doesn't
4040      # $filename = $1;
4041      return bless \$filename;
4042  }
4043  END_OF_FUNC
4044  
4045  'as_string' => <<'END_OF_FUNC'
4046  sub as_string {
4047      my($self) = @_;
4048      return $$self;
4049  }
4050  END_OF_FUNC
4051  
4052  );
4053  END_OF_AUTOLOAD
4054  
4055  package CGI;
4056  
4057  # We get a whole bunch of warnings about "possibly uninitialized variables"
4058  # when running with the -w switch.  Touch them all once to get rid of the
4059  # warnings.  This is ugly and I hate it.
4060  if ($^W) {
4061      $CGI::CGI = '';
4062      $CGI::CGI=<<EOF;
4063      $CGI::VERSION;
4064      $MultipartBuffer::SPIN_LOOP_MAX;
4065      $MultipartBuffer::CRLF;
4066      $MultipartBuffer::TIMEOUT;
4067      $MultipartBuffer::INITIAL_FILLUNIT;
4068  EOF
4069      ;
4070  }
4071  
4072  1;
4073  
4074  __END__
4075  
4076  =head1 NAME
4077  
4078  CGI - Simple Common Gateway Interface Class
4079  
4080  =head1 SYNOPSIS
4081  
4082    # CGI script that creates a fill-out form
4083    # and echoes back its values.
4084  
4085    use CGI qw/:standard/;
4086    print header,
4087          start_html('A Simple Example'),
4088          h1('A Simple Example'),
4089          start_form,
4090          "What's your name? ",textfield('name'),p,
4091          "What's the combination?", p,
4092          checkbox_group(-name=>'words',
4093                 -values=>['eenie','meenie','minie','moe'],
4094                 -defaults=>['eenie','minie']), p,
4095          "What's your favorite color? ",
4096          popup_menu(-name=>'color',
4097                 -values=>['red','green','blue','chartreuse']),p,
4098          submit,
4099          end_form,
4100          hr;
4101  
4102     if (param()) {
4103         my $name      = param('name');
4104         my $keywords  = join ', ',param('words');
4105         my $color     = param('color');
4106         print "Your name is",em(escapeHTML($name)),p,
4107           "The keywords are: ",em(escapeHTML($keywords)),p,
4108           "Your favorite color is ",em(escapeHTML($color)),
4109           hr;
4110     }
4111  
4112  =head1 ABSTRACT
4113  
4114  This perl library uses perl5 objects to make it easy to create Web
4115  fill-out forms and parse their contents.  This package defines CGI
4116  objects, entities that contain the values of the current query string
4117  and other state variables.  Using a CGI object's methods, you can
4118  examine keywords and parameters passed to your script, and create
4119  forms whose initial values are taken from the current query (thereby
4120  preserving state information).  The module provides shortcut functions
4121  that produce boilerplate HTML, reducing typing and coding errors. It
4122  also provides functionality for some of the more advanced features of
4123  CGI scripting, including support for file uploads, cookies, cascading
4124  style sheets, server push, and frames.
4125  
4126  CGI.pm also provides a simple function-oriented programming style for
4127  those who don't need its object-oriented features.
4128  
4129  The current version of CGI.pm is available at
4130  
4131    http://www.genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html
4132    ftp://ftp-genome.wi.mit.edu/pub/software/WWW/
4133  
4134  =head1 DESCRIPTION
4135  
4136  =head2 PROGRAMMING STYLE
4137  
4138  There are two styles of programming with CGI.pm, an object-oriented
4139  style and a function-oriented style.  In the object-oriented style you
4140  create one or more CGI objects and then use object methods to create
4141  the various elements of the page.  Each CGI object starts out with the
4142  list of named parameters that were passed to your CGI script by the
4143  server.  You can modify the objects, save them to a file or database
4144  and recreate them.  Because each object corresponds to the "state" of
4145  the CGI script, and because each object's parameter list is
4146  independent of the others, this allows you to save the state of the
4147  script and restore it later.
4148  
4149  For example, using the object oriented style, here is how you create
4150  a simple "Hello World" HTML page:
4151  
4152     #!/usr/local/bin/perl -w
4153     use CGI;                             # load CGI routines
4154     $q = new CGI;                        # create new CGI object
4155     print $q->header,                    # create the HTTP header
4156           $q->start_html('hello world'), # start the HTML
4157           $q->h1('hello world'),         # level 1 header
4158           $q->end_html;                  # end the HTML
4159  
4160  In the function-oriented style, there is one default CGI object that
4161  you rarely deal with directly.  Instead you just call functions to
4162  retrieve CGI parameters, create HTML tags, manage cookies, and so
4163  on.  This provides you with a cleaner programming interface, but
4164  limits you to using one CGI object at a time.  The following example
4165  prints the same page, but uses the function-oriented interface.
4166  The main differences are that we now need to import a set of functions
4167  into our name space (usually the "standard" functions), and we don't
4168  need to create the CGI object.
4169  
4170     #!/usr/local/bin/perl
4171     use CGI qw/:standard/;           # load standard CGI routines
4172     print header,                    # create the HTTP header
4173           start_html('hello world'), # start the HTML
4174           h1('hello world'),         # level 1 header
4175           end_html;                  # end the HTML
4176  
4177  The examples in this document mainly use the object-oriented style.
4178  See HOW TO IMPORT FUNCTIONS for important information on
4179  function-oriented programming in CGI.pm
4180  
4181  =head2 CALLING CGI.PM ROUTINES
4182  
4183  Most CGI.pm routines accept several arguments, sometimes as many as 20
4184  optional ones!  To simplify this interface, all routines use a named
4185  argument calling style that looks like this:
4186  
4187     print $q->header(-type=>'image/gif',-expires=>'+3d');
4188  
4189  Each argument name is preceded by a dash.  Neither case nor order
4190  matters in the argument list.  -type, -Type, and -TYPE are all
4191  acceptable.  In fact, only the first argument needs to begin with a
4192  dash.  If a dash is present in the first argument, CGI.pm assumes
4193  dashes for the subsequent ones.
4194  
4195  Several routines are commonly called with just one argument.  In the
4196  case of these routines you can provide the single argument without an
4197  argument name.  header() happens to be one of these routines.  In this
4198  case, the single argument is the document type.
4199  
4200     print $q->header('text/html');
4201  
4202  Other such routines are documented below.
4203  
4204  Sometimes named arguments expect a scalar, sometimes a reference to an
4205  array, and sometimes a reference to a hash.  Often, you can pass any
4206  type of argument and the routine will do whatever is most appropriate.
4207  For example, the param() routine is used to set a CGI parameter to a
4208  single or a multi-valued value.  The two cases are shown below:
4209  
4210     $q->param(-name=>'veggie',-value=>'tomato');
4211     $q->param(-name=>'veggie',-value=>['tomato','tomahto','potato','potahto']);
4212  
4213  A large number of routines in CGI.pm actually aren't specifically
4214  defined in the module, but are generated automatically as needed.
4215  These are the "HTML shortcuts," routines that generate HTML tags for
4216  use in dynamically-generated pages.  HTML tags have both attributes
4217  (the attribute="value" pairs within the tag itself) and contents (the
4218  part between the opening and closing pairs.)  To distinguish between
4219  attributes and contents, CGI.pm uses the convention of passing HTML
4220  attributes as a hash reference as the first argument, and the
4221  contents, if any, as any subsequent arguments.  It works out like
4222  this:
4223  
4224     Code                           Generated HTML
4225     ----                           --------------
4226     h1()                           <h1>
4227     h1('some','contents');         <h1>some contents</h1>
4228     h1({-align=>left});            <h1 align="LEFT">
4229     h1({-align=>left},'contents'); <h1 align="LEFT">contents</h1>
4230  
4231  HTML tags are described in more detail later.
4232  
4233  Many newcomers to CGI.pm are puzzled by the difference between the
4234  calling conventions for the HTML shortcuts, which require curly braces
4235  around the HTML tag attributes, and the calling conventions for other
4236  routines, which manage to generate attributes without the curly
4237  brackets.  Don't be confused.  As a convenience the curly braces are
4238  optional in all but the HTML shortcuts.  If you like, you can use
4239  curly braces when calling any routine that takes named arguments.  For
4240  example:
4241  
4242     print $q->header( {-type=>'image/gif',-expires=>'+3d'} );
4243  
4244  If you use the B<-w> switch, you will be warned that some CGI.pm argument
4245  names conflict with built-in Perl functions.  The most frequent of
4246  these is the -values argument, used to create multi-valued menus,
4247  radio button clusters and the like.  To get around this warning, you
4248  have several choices:
4249  
4250  =over 4
4251  
4252  =item 1.
4253  
4254  Use another name for the argument, if one is available. 
4255  For example, -value is an alias for -values.
4256  
4257  =item 2.
4258  
4259  Change the capitalization, e.g. -Values
4260  
4261  =item 3.
4262  
4263  Put quotes around the argument name, e.g. '-values'
4264  
4265  =back
4266  
4267  Many routines will do something useful with a named argument that it
4268  doesn't recognize.  For example, you can produce non-standard HTTP
4269  header fields by providing them as named arguments:
4270  
4271    print $q->header(-type  =>  'text/html',
4272                     -cost  =>  'Three smackers',
4273                     -annoyance_level => 'high',
4274                     -complaints_to   => 'bit bucket');
4275  
4276  This will produce the following nonstandard HTTP header:
4277  
4278     HTTP/1.0 200 OK
4279     Cost: Three smackers
4280     Annoyance-level: high
4281     Complaints-to: bit bucket
4282     Content-type: text/html
4283  
4284  Notice the way that underscores are translated automatically into
4285  hyphens.  HTML-generating routines perform a different type of
4286  translation. 
4287  
4288  This feature allows you to keep up with the rapidly changing HTTP and
4289  HTML "standards".
4290  
4291  =head2 CREATING A NEW QUERY OBJECT (OBJECT-ORIENTED STYLE):
4292  
4293       $query = new CGI;
4294  
4295  This will parse the input (from both POST and GET methods) and store
4296  it into a perl5 object called $query. 
4297  
4298  Any filehandles from file uploads will have their position reset to 
4299  the beginning of the file. 
4300  
4301  =head2 CREATING A NEW QUERY OBJECT FROM AN INPUT FILE
4302  
4303       $query = new CGI(INPUTFILE);
4304  
4305  If you provide a file handle to the new() method, it will read
4306  parameters from the file (or STDIN, or whatever).  The file can be in
4307  any of the forms describing below under debugging (i.e. a series of
4308  newline delimited TAG=VALUE pairs will work).  Conveniently, this type
4309  of file is created by the save() method (see below).  Multiple records
4310  can be saved and restored.
4311  
4312  Perl purists will be pleased to know that this syntax accepts
4313  references to file handles, or even references to filehandle globs,
4314  which is the "official" way to pass a filehandle:
4315  
4316      $query = new CGI(\*STDIN);
4317  
4318  You can also initialize the CGI object with a FileHandle or IO::File
4319  object.
4320  
4321  If you are using the function-oriented interface and want to
4322  initialize CGI state from a file handle, the way to do this is with
4323  B<restore_parameters()>.  This will (re)initialize the
4324  default CGI object from the indicated file handle.
4325  
4326      open (IN,"test.in") || die;
4327      restore_parameters(IN);
4328      close IN;
4329  
4330  You can also initialize the query object from an associative array
4331  reference:
4332  
4333      $query = new CGI( {'dinosaur'=>'barney',
4334                 'song'=>'I love you',
4335                 'friends'=>[qw/Jessica George Nancy/]}
4336              );
4337  
4338  or from a properly formatted, URL-escaped query string:
4339  
4340      $query = new CGI('dinosaur=barney&color=purple');
4341  
4342  or from a previously existing CGI object (currently this clones the
4343  parameter list, but none of the other object-specific fields, such as
4344  autoescaping):
4345  
4346      $old_query = new CGI;
4347      $new_query = new CGI($old_query);
4348  
4349  To create an empty query, initialize it from an empty string or hash:
4350  
4351     $empty_query = new CGI("");
4352  
4353         -or-
4354  
4355     $empty_query = new CGI({});
4356  
4357  =head2 FETCHING A LIST OF KEYWORDS FROM THE QUERY:
4358  
4359       @keywords = $query->keywords
4360  
4361  If the script was invoked as the result of an <ISINDEX> search, the
4362  parsed keywords can be obtained as an array using the keywords() method.
4363  
4364  =head2 FETCHING THE NAMES OF ALL THE PARAMETERS PASSED TO YOUR SCRIPT:
4365  
4366       @names = $query->param
4367  
4368  If the script was invoked with a parameter list
4369  (e.g. "name1=value1&name2=value2&name3=value3"), the param() method
4370  will return the parameter names as a list.  If the script was invoked
4371  as an <ISINDEX> script and contains a string without ampersands
4372  (e.g. "value1+value2+value3") , there will be a single parameter named
4373  "keywords" containing the "+"-delimited keywords.
4374  
4375  NOTE: As of version 1.5, the array of parameter names returned will
4376  be in the same order as they were submitted by the browser.
4377  Usually this order is the same as the order in which the 
4378  parameters are defined in the form (however, this isn't part
4379  of the spec, and so isn't guaranteed).
4380  
4381  =head2 FETCHING THE VALUE OR VALUES OF A SINGLE NAMED PARAMETER:
4382  
4383      @values = $query->param('foo');
4384  
4385            -or-
4386  
4387      $value = $query->param('foo');
4388  
4389  Pass the param() method a single argument to fetch the value of the
4390  named parameter. If the parameter is multivalued (e.g. from multiple
4391  selections in a scrolling list), you can ask to receive an array.  Otherwise
4392  the method will return a single value.
4393  
4394  If a value is not given in the query string, as in the queries
4395  "name1=&name2=" or "name1&name2", it will be returned as an empty
4396  string.  This feature is new in 2.63.
4397  
4398  
4399  If the parameter does not exist at all, then param() will return undef
4400  in a scalar context, and the empty list in a list context.
4401  
4402  
4403  =head2 SETTING THE VALUE(S) OF A NAMED PARAMETER:
4404  
4405      $query->param('foo','an','array','of','values');
4406  
4407  This sets the value for the named parameter 'foo' to an array of
4408  values.  This is one way to change the value of a field AFTER
4409  the script has been invoked once before.  (Another way is with
4410  the -override parameter accepted by all methods that generate
4411  form elements.)
4412  
4413  param() also recognizes a named parameter style of calling described
4414  in more detail later:
4415  
4416      $query->param(-name=>'foo',-values=>['an','array','of','values']);
4417  
4418                    -or-
4419  
4420      $query->param(-name=>'foo',-value=>'the value');
4421  
4422  =head2 APPENDING ADDITIONAL VALUES TO A NAMED PARAMETER:
4423  
4424     $query->append(-name=>'foo',-values=>['yet','more','values']);
4425  
4426  This adds a value or list of values to the named parameter.  The
4427  values are appended to the end of the parameter if it already exists.
4428  Otherwise the parameter is created.  Note that this method only
4429  recognizes the named argument calling syntax.
4430  
4431  =head2 IMPORTING ALL PARAMETERS INTO A NAMESPACE:
4432  
4433     $query->import_names('R');
4434  
4435  This creates a series of variables in the 'R' namespace.  For example,
4436  $R::foo, @R:foo.  For keyword lists, a variable @R::keywords will appear.
4437  If no namespace is given, this method will assume 'Q'.
4438  WARNING:  don't import anything into 'main'; this is a major security
4439  risk!!!!
4440  
4441  NOTE 1: Variable names are transformed as necessary into legal Perl
4442  variable names.  All non-legal characters are transformed into
4443  underscores.  If you need to keep the original names, you should use
4444  the param() method instead to access CGI variables by name.
4445  
4446  NOTE 2: In older versions, this method was called B<import()>.  As of version 2.20, 
4447  this name has been removed completely to avoid conflict with the built-in
4448  Perl module B<import> operator.
4449  
4450  =head2 DELETING A PARAMETER COMPLETELY:
4451  
4452      $query->delete('foo','bar','baz');
4453  
4454  This completely clears a list of parameters.  It sometimes useful for
4455  resetting parameters that you don't want passed down between script
4456  invocations.
4457  
4458  If you are using the function call interface, use "Delete()" instead
4459  to avoid conflicts with Perl's built-in delete operator.
4460  
4461  =head2 DELETING ALL PARAMETERS:
4462  
4463     $query->delete_all();
4464  
4465  This clears the CGI object completely.  It might be useful to ensure
4466  that all the defaults are taken when you create a fill-out form.
4467  
4468  Use Delete_all() instead if you are using the function call interface.
4469  
4470  =head2 HANDLING NON-URLENCODED ARGUMENTS
4471  
4472  
4473  If POSTed data is not of type application/x-www-form-urlencoded or
4474  multipart/form-data, then the POSTed data will not be processed, but
4475  instead be returned as-is in a parameter named POSTDATA.  To retrieve
4476  it, use code like this:
4477  
4478     my $data = $query->param('POSTDATA');
4479  
4480  (If you don't know what the preceding means, don't worry about it.  It
4481  only affects people trying to use CGI for XML processing and other
4482  specialized tasks.)
4483  
4484  
4485  =head2 DIRECT ACCESS TO THE PARAMETER LIST:
4486  
4487     $q->param_fetch('address')->[1] = '1313 Mockingbird Lane';
4488     unshift @{$q->param_fetch(-name=>'address')},'George Munster';
4489  
4490  If you need access to the parameter list in a way that isn't covered
4491  by the methods above, you can obtain a direct reference to it by
4492  calling the B<param_fetch()> method with the name of the .  This
4493  will return an array reference to the named parameters, which you then
4494  can manipulate in any way you like.
4495  
4496  You can also use a named argument style using the B<-name> argument.
4497  
4498  =head2 FETCHING THE PARAMETER LIST AS A HASH:
4499  
4500      $params = $q->Vars;
4501      print $params->{'address'};
4502      @foo = split("\0",$params->{'foo'});
4503      %params = $q->Vars;
4504  
4505      use CGI ':cgi-lib';
4506      $params = Vars;
4507  
4508  Many people want to fetch the entire parameter list as a hash in which
4509  the keys are the names of the CGI parameters, and the values are the
4510  parameters' values.  The Vars() method does this.  Called in a scalar
4511  context, it returns the parameter list as a tied hash reference.
4512  Changing a key changes the value of the parameter in the underlying
4513  CGI parameter list.  Called in a list context, it returns the
4514  parameter list as an ordinary hash.  This allows you to read the
4515  contents of the parameter list, but not to change it.
4516  
4517  When using this, the thing you must watch out for are multivalued CGI
4518  parameters.  Because a hash cannot distinguish between scalar and
4519  list context, multivalued parameters will be returned as a packed
4520  string, separated by the "\0" (null) character.  You must split this
4521  packed string in order to get at the individual values.  This is the
4522  convention introduced long ago by Steve Brenner in his cgi-lib.pl
4523  module for Perl version 4.
4524  
4525  If you wish to use Vars() as a function, import the I<:cgi-lib> set of
4526  function calls (also see the section on CGI-LIB compatibility).
4527  
4528  =head2 SAVING THE STATE OF THE SCRIPT TO A FILE:
4529  
4530      $query->save(\*FILEHANDLE)
4531  
4532  This will write the current state of the form to the provided
4533  filehandle.  You can read it back in by providing a filehandle
4534  to the new() method.  Note that the filehandle can be a file, a pipe,
4535  or whatever!
4536  
4537  The format of the saved file is:
4538  
4539      NAME1=VALUE1
4540      NAME1=VALUE1'
4541      NAME2=VALUE2
4542      NAME3=VALUE3
4543      =
4544  
4545  Both name and value are URL escaped.  Multi-valued CGI parameters are
4546  represented as repeated names.  A session record is delimited by a
4547  single = symbol.  You can write out multiple records and read them
4548  back in with several calls to B<new>.  You can do this across several
4549  sessions by opening the file in append mode, allowing you to create
4550  primitive guest books, or to keep a history of users' queries.  Here's
4551  a short example of creating multiple session records:
4552  
4553     use CGI;
4554  
4555     open (OUT,">>test.out") || die;
4556     $records = 5;
4557     foreach (0..$records) {
4558         my $q = new CGI;
4559         $q->param(-name=>'counter',-value=>$_);
4560         $q->save(\*OUT);
4561     }
4562     close OUT;
4563  
4564     # reopen for reading
4565     open (IN,"test.out") || die;
4566     while (!eof(IN)) {
4567         my $q = new CGI(\*IN);
4568         print $q->param('counter'),"\n";
4569     }
4570  
4571  The file format used for save/restore is identical to that used by the
4572  Whitehead Genome Center's data exchange format "Boulderio", and can be
4573  manipulated and even databased using Boulderio utilities.  See
4574  
4575    http://stein.cshl.org/boulder/
4576  
4577  for further details.
4578  
4579  If you wish to use this method from the function-oriented (non-OO)
4580  interface, the exported name for this method is B<save_parameters()>.
4581  
4582  =head2 RETRIEVING CGI ERRORS
4583  
4584  Errors can occur while processing user input, particularly when
4585  processing uploaded files.  When these errors occur, CGI will stop
4586  processing and return an empty parameter list.  You can test for
4587  the existence and nature of errors using the I<cgi_error()> function.
4588  The error messages are formatted as HTTP status codes. You can either
4589  incorporate the error text into an HTML page, or use it as the value
4590  of the HTTP status:
4591  
4592      my $error = $q->cgi_error;
4593      if ($error) {
4594      print $q->header(-status=>$error),
4595            $q->start_html('Problems'),
4596                $q->h2('Request not processed'),
4597            $q->strong($error);
4598          exit 0;
4599      }
4600  
4601  When using the function-oriented interface (see the next section),
4602  errors may only occur the first time you call I<param()>. Be ready
4603  for this!
4604  
4605  =head2 USING THE FUNCTION-ORIENTED INTERFACE
4606  
4607  To use the function-oriented interface, you must specify which CGI.pm
4608  routines or sets of routines to import into your script's namespace.
4609  There is a small overhead associated with this importation, but it
4610  isn't much.
4611  
4612     use CGI <list of methods>;
4613  
4614  The listed methods will be imported into the current package; you can
4615  call them directly without creating a CGI object first.  This example
4616  shows how to import the B<param()> and B<header()>
4617  methods, and then use them directly:
4618  
4619     use CGI 'param','header';
4620     print header('text/plain');
4621     $zipcode = param('zipcode');
4622  
4623  More frequently, you'll import common sets of functions by referring
4624  to the groups by name.  All function sets are preceded with a ":"
4625  character as in ":html3" (for tags defined in the HTML 3 standard).
4626  
4627  Here is a list of the function sets you can import:
4628  
4629  =over 4
4630  
4631  =item B<:cgi>
4632  
4633  Import all CGI-handling methods, such as B<param()>, B<path_info()>
4634  and the like.
4635  
4636  =item B<:form>
4637  
4638  Import all fill-out form generating methods, such as B<textfield()>.
4639  
4640  =item B<:html2>
4641  
4642  Import all methods that generate HTML 2.0 standard elements.
4643  
4644  =item B<:html3>
4645  
4646  Import all methods that generate HTML 3.0 elements (such as
4647  <table>, <super> and <sub>).
4648  
4649  =item B<:html4>
4650  
4651  Import all methods that generate HTML 4 elements (such as
4652  <abbrev>, <acronym> and <thead>).
4653  
4654  =item B<:netscape>
4655  
4656  Import all methods that generate Netscape-specific HTML extensions.
4657  
4658  =item B<:html>
4659  
4660  Import all HTML-generating shortcuts (i.e. 'html2' + 'html3' +
4661  'netscape')...
4662  
4663  =item B<:standard>
4664  
4665  Import "standard" features, 'html2', 'html3', 'html4', 'form' and 'cgi'.
4666  
4667  =item B<:all>
4668  
4669  Import all the available methods.  For the full list, see the CGI.pm
4670  code, where the variable %EXPORT_TAGS is defined.
4671  
4672  =back
4673  
4674  If you import a function name that is not part of CGI.pm, the module
4675  will treat it as a new HTML tag and generate the appropriate
4676  subroutine.  You can then use it like any other HTML tag.  This is to
4677  provide for the rapidly-evolving HTML "standard."  For example, say
4678  Microsoft comes out with a new tag called <gradient> (which causes the
4679  user's desktop to be flooded with a rotating gradient fill until his
4680  machine reboots).  You don't need to wait for a new version of CGI.pm
4681  to start using it immediately:
4682  
4683     use CGI qw/:standard :html3 gradient/;
4684     print gradient({-start=>'red',-end=>'blue'});
4685  
4686  Note that in the interests of execution speed CGI.pm does B<not> use
4687  the standard L<Exporter> syntax for specifying load symbols.  This may
4688  change in the future.
4689  
4690  If you import any of the state-maintaining CGI or form-generating
4691  methods, a default CGI object will be created and initialized
4692  automatically the first time you use any of the methods that require
4693  one to be present.  This includes B<param()>, B<textfield()>,
4694  B<submit()> and the like.  (If you need direct access to the CGI
4695  object, you can find it in the global variable B<$CGI::Q>).  By
4696  importing CGI.pm methods, you can create visually elegant scripts:
4697  
4698     use CGI qw/:standard/;
4699     print 
4700         header,
4701         start_html('Simple Script'),
4702         h1('Simple Script'),
4703         start_form,
4704         "What's your name? ",textfield('name'),p,
4705         "What's the combination?",
4706         checkbox_group(-name=>'words',
4707                -values=>['eenie','meenie','minie','moe'],
4708                -defaults=>['eenie','moe']),p,
4709         "What's your favorite color?",
4710         popup_menu(-name=>'color',
4711            -values=>['red','green','blue','chartreuse']),p,
4712         submit,
4713         end_form,
4714         hr,"\n";
4715  
4716      if (param) {
4717         print 
4718         "Your name is ",em(param('name')),p,
4719         "The keywords are: ",em(join(", ",param('words'))),p,
4720         "Your favorite color is ",em(param('color')),".\n";
4721      }
4722      print end_html;
4723  
4724  =head2 PRAGMAS
4725  
4726  In addition to the function sets, there are a number of pragmas that
4727  you can import.  Pragmas, which are always preceded by a hyphen,
4728  change the way that CGI.pm functions in various ways.  Pragmas,
4729  function sets, and individual functions can all be imported in the
4730  same use() line.  For example, the following use statement imports the
4731  standard set of functions and enables debugging mode (pragma
4732  -debug):
4733  
4734     use CGI qw/:standard -debug/;
4735  
4736  The current list of pragmas is as follows:
4737  
4738  =over 4
4739  
4740  =item -any
4741  
4742  When you I<use CGI -any>, then any method that the query object
4743  doesn't recognize will be interpreted as a new HTML tag.  This allows
4744  you to support the next I<ad hoc> Netscape or Microsoft HTML
4745  extension.  This lets you go wild with new and unsupported tags:
4746  
4747     use CGI qw(-any);
4748     $q=new CGI;
4749     print $q->gradient({speed=>'fast',start=>'red',end=>'blue'});
4750  
4751  Since using <cite>any</cite> causes any mistyped method name
4752  to be interpreted as an HTML tag, use it with care or not at
4753  all.
4754  
4755  =item -compile
4756  
4757  This causes the indicated autoloaded methods to be compiled up front,
4758  rather than deferred to later.  This is useful for scripts that run
4759  for an extended period of time under FastCGI or mod_perl, and for
4760  those destined to be crunched by Malcolm Beattie's Perl compiler.  Use
4761  it in conjunction with the methods or method families you plan to use.
4762  
4763     use CGI qw(-compile :standard :html3);
4764  
4765  or even
4766  
4767     use CGI qw(-compile :all);
4768  
4769  Note that using the -compile pragma in this way will always have
4770  the effect of importing the compiled functions into the current
4771  namespace.  If you want to compile without importing use the
4772  compile() method instead:
4773  
4774     use CGI();
4775     CGI->compile();
4776  
4777  This is particularly useful in a mod_perl environment, in which you
4778  might want to precompile all CGI routines in a startup script, and
4779  then import the functions individually in each mod_perl script.
4780  
4781  =item -nosticky
4782  
4783  By default the CGI module implements a state-preserving behavior
4784  called "sticky" fields.  The way this works is that if you are
4785  regenerating a form, the methods that generate the form field values
4786  will interrogate param() to see if similarly-named parameters are
4787  present in the query string. If they find a like-named parameter, they
4788  will use it to set their default values.
4789  
4790  Sometimes this isn't what you want.  The B<-nosticky> pragma prevents
4791  this behavior.  You can also selectively change the sticky behavior in
4792  each element that you generate.
4793  
4794  =item -tabindex
4795  
4796  Automatically add tab index attributes to each form field. With this
4797  option turned off, you can still add tab indexes manually by passing a
4798  -tabindex option to each field-generating method.
4799  
4800  =item -no_undef_params
4801  
4802  This keeps CGI.pm from including undef params in the parameter list.
4803  
4804  =item -no_xhtml
4805  
4806  By default, CGI.pm versions 2.69 and higher emit XHTML
4807  (http://www.w3.org/TR/xhtml1/).  The -no_xhtml pragma disables this
4808  feature.  Thanks to Michalis Kabrianis <kabrianis@hellug.gr> for this
4809  feature.
4810  
4811  If start_html()'s -dtd parameter specifies an HTML 2.0 or 3.2 DTD, 
4812  XHTML will automatically be disabled without needing to use this 
4813  pragma.
4814  
4815  =item -nph
4816  
4817  This makes CGI.pm produce a header appropriate for an NPH (no
4818  parsed header) script.  You may need to do other things as well
4819  to tell the server that the script is NPH.  See the discussion
4820  of NPH scripts below.
4821  
4822  =item -newstyle_urls
4823  
4824  Separate the name=value pairs in CGI parameter query strings with
4825  semicolons rather than ampersands.  For example:
4826  
4827     ?name=fred;age=24;favorite_color=3
4828  
4829  Semicolon-delimited query strings are always accepted, but will not be
4830  emitted by self_url() and query_string() unless the -newstyle_urls
4831  pragma is specified.
4832  
4833  This became the default in version 2.64.
4834  
4835  =item -oldstyle_urls
4836  
4837  Separate the name=value pairs in CGI parameter query strings with
4838  ampersands rather than semicolons.  This is no longer the default.
4839  
4840  =item -autoload
4841  
4842  This overrides the autoloader so that any function in your program
4843  that is not recognized is referred to CGI.pm for possible evaluation.
4844  This allows you to use all the CGI.pm functions without adding them to
4845  your symbol table, which is of concern for mod_perl users who are
4846  worried about memory consumption.  I<Warning:> when
4847  I<-autoload> is in effect, you cannot use "poetry mode"
4848  (functions without the parenthesis).  Use I<hr()> rather
4849  than I<hr>, or add something like I<use subs qw/hr p header/> 
4850  to the top of your script.
4851  
4852  =item -no_debug
4853  
4854  This turns off the command-line processing features.  If you want to
4855  run a CGI.pm script from the command line to produce HTML, and you
4856  don't want it to read CGI parameters from the command line or STDIN,
4857  then use this pragma:
4858  
4859     use CGI qw(-no_debug :standard);
4860  
4861  =item -debug
4862  
4863  This turns on full debugging.  In addition to reading CGI arguments
4864  from the command-line processing, CGI.pm will pause and try to read
4865  arguments from STDIN, producing the message "(offline mode: enter
4866  name=value pairs on standard input)" features.
4867  
4868  See the section on debugging for more details.
4869  
4870  =item -private_tempfiles
4871  
4872  CGI.pm can process uploaded file. Ordinarily it spools the uploaded
4873  file to a temporary directory, then deletes the file when done.
4874  However, this opens the risk of eavesdropping as described in the file
4875  upload section.  Another CGI script author could peek at this data
4876  during the upload, even if it is confidential information. On Unix
4877  systems, the -private_tempfiles pragma will cause the temporary file
4878  to be unlinked as soon as it is opened and before any data is written
4879  into it, reducing, but not eliminating the risk of eavesdropping
4880  (there is still a potential race condition).  To make life harder for
4881  the attacker, the program chooses tempfile names by calculating a 32
4882  bit checksum of the incoming HTTP headers.
4883  
4884  To ensure that the temporary file cannot be read by other CGI scripts,
4885  use suEXEC or a CGI wrapper program to run your script.  The temporary
4886  file is created with mode 0600 (neither world nor group readable).
4887  
4888  The temporary directory is selected using the following algorithm:
4889  
4890      1. if the current user (e.g. "nobody") has a directory named
4891      "tmp" in its home directory, use that (Unix systems only).
4892  
4893      2. if the environment variable TMPDIR exists, use the location
4894      indicated.
4895  
4896      3. Otherwise try the locations /usr/tmp, /var/tmp, C:\temp,
4897      /tmp, /temp, ::Temporary Items, and \WWW_ROOT.
4898  
4899  Each of these locations is checked that it is a directory and is
4900  writable.  If not, the algorithm tries the next choice.
4901  
4902  =back
4903  
4904  =head2 SPECIAL FORMS FOR IMPORTING HTML-TAG FUNCTIONS
4905  
4906  Many of the methods generate HTML tags.  As described below, tag
4907  functions automatically generate both the opening and closing tags.
4908  For example:
4909  
4910    print h1('Level 1 Header');
4911  
4912  produces
4913  
4914    <h1>Level 1 Header</h1>
4915  
4916  There will be some times when you want to produce the start and end
4917  tags yourself.  In this case, you can use the form start_I<tag_name>
4918  and end_I<tag_name>, as in:
4919  
4920    print start_h1,'Level 1 Header',end_h1;
4921  
4922  With a few exceptions (described below), start_I<tag_name> and
4923  end_I<tag_name> functions are not generated automatically when you
4924  I<use CGI>.  However, you can specify the tags you want to generate
4925  I<start/end> functions for by putting an asterisk in front of their
4926  name, or, alternatively, requesting either "start_I<tag_name>" or
4927  "end_I<tag_name>" in the import list.
4928  
4929  Example:
4930  
4931    use CGI qw/:standard *table start_ul/;
4932  
4933  In this example, the following functions are generated in addition to
4934  the standard ones:
4935  
4936  =over 4
4937  
4938  =item 1. start_table() (generates a <table> tag)
4939  
4940  =item 2. end_table() (generates a </table> tag)
4941  
4942  =item 3. start_ul() (generates a <ul> tag)
4943  
4944  =item 4. end_ul() (generates a </ul> tag)
4945  
4946  =back
4947  
4948  =head1 GENERATING DYNAMIC DOCUMENTS
4949  
4950  Most of CGI.pm's functions deal with creating documents on the fly.
4951  Generally you will produce the HTTP header first, followed by the
4952  document itself.  CGI.pm provides functions for generating HTTP
4953  headers of various types as well as for generating HTML.  For creating
4954  GIF images, see the GD.pm module.
4955  
4956  Each of these functions produces a fragment of HTML or HTTP which you
4957  can print out directly so that it displays in the browser window,
4958  append to a string, or save to a file for later use.
4959  
4960  =head2 CREATING A STANDARD HTTP HEADER:
4961  
4962  Normally the first thing you will do in any CGI script is print out an
4963  HTTP header.  This tells the browser what type of document to expect,
4964  and gives other optional information, such as the language, expiration
4965  date, and whether to cache the document.  The header can also be
4966  manipulated for special purposes, such as server push and pay per view
4967  pages.
4968  
4969      print header;
4970  
4971           -or-
4972  
4973      print header('image/gif');
4974  
4975           -or-
4976  
4977      print header('text/html','204 No response');
4978  
4979           -or-
4980  
4981      print header(-type=>'image/gif',
4982                   -nph=>1,
4983                   -status=>'402 Payment required',
4984                   -expires=>'+3d',
4985                   -cookie=>$cookie,
4986                               -charset=>'utf-7',
4987                               -attachment=>'foo.gif',
4988                   -Cost=>'$2.00');
4989  
4990  header() returns the Content-type: header.  You can provide your own
4991  MIME type if you choose, otherwise it defaults to text/html.  An
4992  optional second parameter specifies the status code and a human-readable
4993  message.  For example, you can specify 204, "No response" to create a
4994  script that tells the browser to do nothing at all.
4995  
4996  The last example shows the named argument style for passing arguments
4997  to the CGI methods using named parameters.  Recognized parameters are
4998  B<-type>, B<-status>, B<-expires>, and B<-cookie>.  Any other named
4999  parameters will be stripped of their initial hyphens and turned into
5000  header fields, allowing you to specify any HTTP header you desire.
5001  Internal underscores will be turned into hyphens:
5002  
5003      print header(-Content_length=>3002);
5004  
5005  Most browsers will not cache the output from CGI scripts.  Every time
5006  the browser reloads the page, the script is invoked anew.  You can
5007  change this behavior with the B<-expires> parameter.  When you specify
5008  an absolute or relative expiration interval with this parameter, some
5009  browsers and proxy servers will cache the script's output until the
5010  indicated expiration date.  The following forms are all valid for the
5011  -expires field:
5012  
5013      +30s                              30 seconds from now
5014      +10m                              ten minutes from now
5015      +1h                               one hour from now
5016      -1d                               yesterday (i.e. "ASAP!")
5017      now                               immediately
5018      +3M                               in three months
5019      +10y                              in ten years time
5020      Thursday, 25-Apr-1999 00:40:33 GMT  at the indicated time & date
5021  
5022  The B<-cookie> parameter generates a header that tells the browser to provide
5023  a "magic cookie" during all subsequent transactions with your script.
5024  Netscape cookies have a special format that includes interesting attributes
5025  such as expiration time.  Use the cookie() method to create and retrieve
5026  session cookies.
5027  
5028  The B<-nph> parameter, if set to a true value, will issue the correct
5029  headers to work with a NPH (no-parse-header) script.  This is important
5030  to use with certain servers that expect all their scripts to be NPH.
5031  
5032  The B<-charset> parameter can be used to control the character set
5033  sent to the browser.  If not provided, defaults to ISO-8859-1.  As a
5034  side effect, this sets the charset() method as well.
5035  
5036  The B<-attachment> parameter can be used to turn the page into an
5037  attachment.  Instead of displaying the page, some browsers will prompt
5038  the user to save it to disk.  The value of the argument is the
5039  suggested name for the saved file.  In order for this to work, you may
5040  have to set the B<-type> to "application/octet-stream".
5041  
5042  The B<-p3p> parameter will add a P3P tag to the outgoing header.  The
5043  parameter can be an arrayref or a space-delimited string of P3P tags.
5044  For example:
5045  
5046     print header(-p3p=>[qw(CAO DSP LAW CURa)]);
5047     print header(-p3p=>'CAO DSP LAW CURa');
5048  
5049  In either case, the outgoing header will be formatted as:
5050  
5051    P3P: policyref="/w3c/p3p.xml" cp="CAO DSP LAW CURa"
5052  
5053  =head2 GENERATING A REDIRECTION HEADER
5054  
5055     print redirect('http://somewhere.else/in/movie/land');
5056  
5057  Sometimes you don't want to produce a document yourself, but simply
5058  redirect the browser elsewhere, perhaps choosing a URL based on the
5059  time of day or the identity of the user.  
5060  
5061  The redirect() function redirects the browser to a different URL.  If
5062  you use redirection like this, you should B<not> print out a header as
5063  well.
5064  
5065  You should always use full URLs (including the http: or ftp: part) in
5066  redirection requests.  Relative URLs will not work correctly.
5067  
5068  You can also use named arguments:
5069  
5070      print redirect(-uri=>'http://somewhere.else/in/movie/land',
5071                 -nph=>1,
5072                             -status=>301);
5073  
5074  The B<-nph> parameter, if set to a true value, will issue the correct
5075  headers to work with a NPH (no-parse-header) script.  This is important
5076  to use with certain servers, such as Microsoft IIS, which
5077  expect all their scripts to be NPH.
5078  
5079  The B<-status> parameter will set the status of the redirect.  HTTP
5080  defines three different possible redirection status codes:
5081  
5082       301 Moved Permanently
5083       302 Found
5084       303 See Other
5085  
5086  The default if not specified is 302, which means "moved temporarily."
5087  You may change the status to another status code if you wish.  Be
5088  advised that changing the status to anything other than 301, 302 or
5089  303 will probably break redirection.
5090  
5091  =head2 CREATING THE HTML DOCUMENT HEADER
5092  
5093     print start_html(-title=>'Secrets of the Pyramids',
5094                  -author=>'fred@capricorn.org',
5095                  -base=>'true',
5096                  -target=>'_blank',
5097                  -meta=>{'keywords'=>'pharaoh secret mummy',
5098                      'copyright'=>'copyright 1996 King Tut'},
5099                  -style=>{'src'=>'/styles/style1.css'},
5100                  -BGCOLOR=>'blue');
5101  
5102  After creating the HTTP header, most CGI scripts will start writing
5103  out an HTML document.  The start_html() routine creates the top of the
5104  page, along with a lot of optional information that controls the
5105  page's appearance and behavior.
5106  
5107  This method returns a canned HTML header and the opening <body> tag.
5108  All parameters are optional.  In the named parameter form, recognized
5109  parameters are -title, -author, -base, -xbase, -dtd, -lang and -target
5110  (see below for the explanation).  Any additional parameters you
5111  provide, such as the Netscape unofficial BGCOLOR attribute, are added
5112  to the <body> tag.  Additional parameters must be proceeded by a
5113  hyphen.
5114  
5115  The argument B<-xbase> allows you to provide an HREF for the <base> tag
5116  different from the current location, as in
5117  
5118      -xbase=>"http://home.mcom.com/"
5119  
5120  All relative links will be interpreted relative to this tag.
5121  
5122  The argument B<-target> allows you to provide a default target frame
5123  for all the links and fill-out forms on the page.  B<This is a
5124  non-standard HTTP feature which only works with Netscape browsers!>
5125  See the Netscape documentation on frames for details of how to
5126  manipulate this.
5127  
5128      -target=>"answer_window"
5129  
5130  All relative links will be interpreted relative to this tag.
5131  You add arbitrary meta information to the header with the B<-meta>
5132  argument.  This argument expects a reference to an associative array
5133  containing name/value pairs of meta information.  These will be turned
5134  into a series of header <meta> tags that look something like this:
5135  
5136      <meta name="keywords" content="pharaoh secret mummy">
5137      <meta name="description" content="copyright 1996 King Tut">
5138  
5139  To create an HTTP-EQUIV type of <meta> tag, use B<-head>, described
5140  below.
5141  
5142  The B<-style> argument is used to incorporate cascading stylesheets
5143  into your code.  See the section on CASCADING STYLESHEETS for more
5144  information.
5145  
5146  The B<-lang> argument is used to incorporate a language attribute into
5147  the <html> tag.  For example:
5148  
5149      print $q->start_html(-lang=>'fr-CA');
5150  
5151  The default if not specified is "en-US" for US English, unless the 
5152  -dtd parameter specifies an HTML 2.0 or 3.2 DTD, in which case the
5153  lang attribute is left off.  You can force the lang attribute to left
5154  off in other cases by passing an empty string (-lang=>'').
5155  
5156  The B<-encoding> argument can be used to specify the character set for
5157  XHTML.  It defaults to iso-8859-1 if not specified.
5158  
5159  The B<-declare_xml> argument, when used in conjunction with XHTML,
5160  will put a <?xml> declaration at the top of the HTML header. The sole
5161  purpose of this declaration is to declare the character set
5162  encoding. In the absence of -declare_xml, the output HTML will contain
5163  a <meta> tag that specifies the encoding, allowing the HTML to pass
5164  most validators.  The default for -declare_xml is false.
5165  
5166  You can place other arbitrary HTML elements to the <head> section with the
5167  B<-head> tag.  For example, to place the rarely-used <link> element in the
5168  head section, use this:
5169  
5170      print start_html(-head=>Link({-rel=>'next',
5171                            -href=>'http://www.capricorn.com/s2.html'}));
5172  
5173  To incorporate multiple HTML elements into the <head> section, just pass an
5174  array reference:
5175  
5176      print start_html(-head=>[ 
5177                               Link({-rel=>'next',
5178                     -href=>'http://www.capricorn.com/s2.html'}),
5179                       Link({-rel=>'previous',
5180                     -href=>'http://www.capricorn.com/s1.html'})
5181                   ]
5182               );
5183  
5184  And here's how to create an HTTP-EQUIV <meta> tag:
5185  
5186        print start_html(-head=>meta({-http_equiv => 'Content-Type',
5187                                      -content    => 'text/html'}))
5188  
5189  
5190  JAVASCRIPTING: The B<-script>, B<-noScript>, B<-onLoad>,
5191  B<-onMouseOver>, B<-onMouseOut> and B<-onUnload> parameters are used
5192  to add Netscape JavaScript calls to your pages.  B<-script> should
5193  point to a block of text containing JavaScript function definitions.
5194  This block will be placed within a <script> block inside the HTML (not
5195  HTTP) header.  The block is placed in the header in order to give your
5196  page a fighting chance of having all its JavaScript functions in place
5197  even if the user presses the stop button before the page has loaded
5198  completely.  CGI.pm attempts to format the script in such a way that
5199  JavaScript-naive browsers will not choke on the code: unfortunately
5200  there are some browsers, such as Chimera for Unix, that get confused
5201  by it nevertheless.
5202  
5203  The B<-onLoad> and B<-onUnload> parameters point to fragments of JavaScript
5204  code to execute when the page is respectively opened and closed by the
5205  browser.  Usually these parameters are calls to functions defined in the
5206  B<-script> field:
5207  
5208        $query = new CGI;
5209        print header;
5210        $JSCRIPT=<<END;
5211        // Ask a silly question
5212        function riddle_me_this() {
5213       var r = prompt("What walks on four legs in the morning, " +
5214                 "two legs in the afternoon, " +
5215                 "and three legs in the evening?");
5216       response(r);
5217        }
5218        // Get a silly answer
5219        function response(answer) {
5220       if (answer == "man")
5221          alert("Right you are!");
5222       else
5223          alert("Wrong!  Guess again.");
5224        }
5225        END
5226        print start_html(-title=>'The Riddle of the Sphinx',
5227                     -script=>$JSCRIPT);
5228  
5229  Use the B<-noScript> parameter to pass some HTML text that will be displayed on 
5230  browsers that do not have JavaScript (or browsers where JavaScript is turned
5231  off).
5232  
5233  The <script> tag, has several attributes including "type" and src.
5234  The latter is particularly interesting, as it allows you to keep the
5235  JavaScript code in a file or CGI script rather than cluttering up each
5236  page with the source.  To use these attributes pass a HASH reference
5237  in the B<-script> parameter containing one or more of -type, -src, or
5238  -code:
5239  
5240      print $q->start_html(-title=>'The Riddle of the Sphinx',
5241               -script=>{-type=>'JAVASCRIPT',
5242                                     -src=>'/javascript/sphinx.js'}
5243               );
5244  
5245      print $q->(-title=>'The Riddle of the Sphinx',
5246             -script=>{-type=>'PERLSCRIPT',
5247               -code=>'print "hello world!\n;"'}
5248             );
5249  
5250  
5251  A final feature allows you to incorporate multiple <script> sections into the
5252  header.  Just pass the list of script sections as an array reference.
5253  this allows you to specify different source files for different dialects
5254  of JavaScript.  Example:
5255  
5256       print $q->start_html(-title=>'The Riddle of the Sphinx',
5257                            -script=>[
5258                                      { -type => 'text/javascript',
5259                                        -src      => '/javascript/utilities10.js'
5260                                      },
5261                                      { -type => 'text/javascript',
5262                                        -src      => '/javascript/utilities11.js'
5263                                      },
5264                                      { -type => 'text/jscript',
5265                                        -src      => '/javascript/utilities12.js'
5266                                      },
5267                                      { -type => 'text/ecmascript',
5268                                        -src      => '/javascript/utilities219.js'
5269                                      }
5270                                   ]
5271                               );
5272  
5273  The option "-language" is a synonym for -type, and is supported for
5274  backwad compatibility.
5275  
5276  The old-style positional parameters are as follows:
5277  
5278  =over 4
5279  
5280  =item B<Parameters:>
5281  
5282  =item 1.
5283  
5284  The title
5285  
5286  =item 2.
5287  
5288  The author's e-mail address (will create a <link rev="MADE"> tag if present
5289  
5290  =item 3.
5291  
5292  A 'true' flag if you want to include a <base> tag in the header.  This
5293  helps resolve relative addresses to absolute ones when the document is moved, 
5294  but makes the document hierarchy non-portable.  Use with care!
5295  
5296  =item 4, 5, 6...
5297  
5298  Any other parameters you want to include in the <body> tag.  This is a good
5299  place to put Netscape extensions, such as colors and wallpaper patterns.
5300  
5301  =back
5302  
5303  =head2 ENDING THE HTML DOCUMENT:
5304  
5305      print end_html
5306  
5307  This ends an HTML document by printing the </body></html> tags.
5308  
5309  =head2 CREATING A SELF-REFERENCING URL THAT PRESERVES STATE INFORMATION:
5310  
5311      $myself = self_url;
5312      print q(<a href="$myself">I'm talking to myself.</a>);
5313  
5314  self_url() will return a URL, that, when selected, will reinvoke
5315  this script with all its state information intact.  This is most
5316  useful when you want to jump around within the document using
5317  internal anchors but you don't want to disrupt the current contents
5318  of the form(s).  Something like this will do the trick.
5319  
5320       $myself = self_url;
5321       print "<a href=\"$myself#table1\">See table 1</a>";
5322       print "<a href=\"$myself#table2\">See table 2</a>";
5323       print "<a href=\"$myself#yourself\">See for yourself</a>";
5324  
5325  If you want more control over what's returned, using the B<url()>
5326  method instead.
5327  
5328  You can also retrieve the unprocessed query string with query_string():
5329  
5330      $the_string = query_string;
5331  
5332  =head2 OBTAINING THE SCRIPT'S URL
5333  
5334      $full_url      = url();
5335      $full_url      = url(-full=>1);  #alternative syntax
5336      $relative_url  = url(-relative=>1);
5337      $absolute_url  = url(-absolute=>1);
5338      $url_with_path = url(-path_info=>1);
5339      $url_with_path_and_query = url(-path_info=>1,-query=>1);
5340      $netloc        = url(-base => 1);
5341  
5342  B<url()> returns the script's URL in a variety of formats.  Called
5343  without any arguments, it returns the full form of the URL, including
5344  host name and port number
5345  
5346      http://your.host.com/path/to/script.cgi
5347  
5348  You can modify this format with the following named arguments:
5349  
5350  =over 4
5351  
5352  =item B<-absolute>
5353  
5354  If true, produce an absolute URL, e.g.
5355  
5356      /path/to/script.cgi
5357  
5358  =item B<-relative>
5359  
5360  Produce a relative URL.  This is useful if you want to reinvoke your
5361  script with different parameters. For example:
5362  
5363      script.cgi
5364  
5365  =item B<-full>
5366  
5367  Produce the full URL, exactly as if called without any arguments.
5368  This overrides the -relative and -absolute arguments.
5369  
5370  =item B<-path> (B<-path_info>)
5371  
5372  Append the additional path information to the URL.  This can be
5373  combined with B<-full>, B<-absolute> or B<-relative>.  B<-path_info>
5374  is provided as a synonym.
5375  
5376  =item B<-query> (B<-query_string>)
5377  
5378  Append the query string to the URL.  This can be combined with
5379  B<-full>, B<-absolute> or B<-relative>.  B<-query_string> is provided
5380  as a synonym.
5381  
5382  =item B<-base>
5383  
5384  Generate just the protocol and net location, as in http://www.foo.com:8000
5385  
5386  =item B<-rewrite>
5387  
5388  If Apache's mod_rewrite is turned on, then the script name and path
5389  info probably won't match the request that the user sent. Set
5390  -rewrite=>1 (default) to return URLs that match what the user sent
5391  (the original request URI). Set -rewrite->0 to return URLs that match
5392  the URL after mod_rewrite's rules have run. Because the additional
5393  path information only makes sense in the context of the rewritten URL,
5394  -rewrite is set to false when you request path info in the URL.
5395  
5396  =back
5397  
5398  =head2 MIXING POST AND URL PARAMETERS
5399  
5400     $color = url_param('color');
5401  
5402  It is possible for a script to receive CGI parameters in the URL as
5403  well as in the fill-out form by creating a form that POSTs to a URL
5404  containing a query string (a "?" mark followed by arguments).  The
5405  B<param()> method will always return the contents of the POSTed
5406  fill-out form, ignoring the URL's query string.  To retrieve URL
5407  parameters, call the B<url_param()> method.  Use it in the same way as
5408  B<param()>.  The main difference is that it allows you to read the
5409  parameters, but not set them.
5410  
5411  
5412  Under no circumstances will the contents of the URL query string
5413  interfere with similarly-named CGI parameters in POSTed forms.  If you
5414  try to mix a URL query string with a form submitted with the GET
5415  method, the results will not be what you expect.
5416  
5417  =head1 CREATING STANDARD HTML ELEMENTS:
5418  
5419  CGI.pm defines general HTML shortcut methods for most, if not all of
5420  the HTML 3 and HTML 4 tags.  HTML shortcuts are named after a single
5421  HTML element and return a fragment of HTML text that you can then
5422  print or manipulate as you like.  Each shortcut returns a fragment of
5423  HTML code that you can append to a string, save to a file, or, most
5424  commonly, print out so that it displays in the browser window.
5425  
5426  This example shows how to use the HTML methods:
5427  
5428     print $q->blockquote(
5429               "Many years ago on the island of",
5430               $q->a({href=>"http://crete.org/"},"Crete"),
5431               "there lived a Minotaur named",
5432               $q->strong("Fred."),
5433              ),
5434         $q->hr;
5435  
5436  This results in the following HTML code (extra newlines have been
5437  added for readability):
5438  
5439     <blockquote>
5440     Many years ago on the island of
5441     <a href="http://crete.org/">Crete</a> there lived
5442     a minotaur named <strong>Fred.</strong> 
5443     </blockquote>
5444     <hr>
5445  
5446  If you find the syntax for calling the HTML shortcuts awkward, you can
5447  import them into your namespace and dispense with the object syntax
5448  completely (see the next section for more details):
5449  
5450     use CGI ':standard';
5451     print blockquote(
5452        "Many years ago on the island of",
5453        a({href=>"http://crete.org/"},"Crete"),
5454        "there lived a minotaur named",
5455        strong("Fred."),
5456        ),
5457        hr;
5458  
5459  =head2 PROVIDING ARGUMENTS TO HTML SHORTCUTS
5460  
5461  The HTML methods will accept zero, one or multiple arguments.  If you
5462  provide no arguments, you get a single tag:
5463  
5464     print hr;      #  <hr>
5465  
5466  If you provide one or more string arguments, they are concatenated
5467  together with spaces and placed between opening and closing tags:
5468  
5469     print h1("Chapter","1"); # <h1>Chapter 1</h1>"
5470  
5471  If the first argument is an associative array reference, then the keys
5472  and values of the associative array become the HTML tag's attributes:
5473  
5474     print a({-href=>'fred.html',-target=>'_new'},
5475        "Open a new frame");
5476  
5477          <a href="fred.html",target="_new">Open a new frame</a>
5478  
5479  You may dispense with the dashes in front of the attribute names if
5480  you prefer:
5481  
5482     print img {src=>'fred.gif',align=>'LEFT'};
5483  
5484         <img align="LEFT" src="fred.gif">
5485  
5486  Sometimes an HTML tag attribute has no argument.  For example, ordered
5487  lists can be marked as COMPACT.  The syntax for this is an argument that
5488  that points to an undef string:
5489  
5490     print ol({compact=>undef},li('one'),li('two'),li('three'));
5491  
5492  Prior to CGI.pm version 2.41, providing an empty ('') string as an
5493  attribute argument was the same as providing undef.  However, this has
5494  changed in order to accommodate those who want to create tags of the form 
5495  <img alt="">.  The difference is shown in these two pieces of code:
5496  
5497     CODE                   RESULT
5498     img({alt=>undef})      <img alt>
5499     img({alt=>''})         <img alt="">
5500  
5501  =head2 THE DISTRIBUTIVE PROPERTY OF HTML SHORTCUTS
5502  
5503  One of the cool features of the HTML shortcuts is that they are
5504  distributive.  If you give them an argument consisting of a
5505  B<reference> to a list, the tag will be distributed across each
5506  element of the list.  For example, here's one way to make an ordered
5507  list:
5508  
5509     print ul(
5510               li({-type=>'disc'},['Sneezy','Doc','Sleepy','Happy'])
5511             );
5512  
5513  This example will result in HTML output that looks like this:
5514  
5515     <ul>
5516       <li type="disc">Sneezy</li>
5517       <li type="disc">Doc</li>
5518       <li type="disc">Sleepy</li>
5519       <li type="disc">Happy</li>
5520     </ul>
5521  
5522  This is extremely useful for creating tables.  For example:
5523  
5524     print table({-border=>undef},
5525             caption('When Should You Eat Your Vegetables?'),
5526             Tr({-align=>CENTER,-valign=>TOP},
5527             [
5528                th(['Vegetable', 'Breakfast','Lunch','Dinner']),
5529                td(['Tomatoes' , 'no', 'yes', 'yes']),
5530                td(['Broccoli' , 'no', 'no',  'yes']),
5531                td(['Onions'   , 'yes','yes', 'yes'])
5532             ]
5533             )
5534          );
5535  
5536  =head2 HTML SHORTCUTS AND LIST INTERPOLATION
5537  
5538  Consider this bit of code:
5539  
5540     print blockquote(em('Hi'),'mom!'));
5541  
5542  It will ordinarily return the string that you probably expect, namely:
5543  
5544     <blockquote><em>Hi</em> mom!</blockquote>
5545  
5546  Note the space between the element "Hi" and the element "mom!".
5547  CGI.pm puts the extra space there using array interpolation, which is
5548  controlled by the magic $" variable.  Sometimes this extra space is
5549  not what you want, for example, when you are trying to align a series
5550  of images.  In this case, you can simply change the value of $" to an
5551  empty string.
5552  
5553     {
5554        local($") = '';
5555        print blockquote(em('Hi'),'mom!'));
5556      }
5557  
5558  I suggest you put the code in a block as shown here.  Otherwise the
5559  change to $" will affect all subsequent code until you explicitly
5560  reset it.
5561  
5562  =head2 NON-STANDARD HTML SHORTCUTS
5563  
5564  A few HTML tags don't follow the standard pattern for various
5565  reasons.  
5566  
5567  B<comment()> generates an HTML comment (<!-- comment -->).  Call it
5568  like
5569  
5570      print comment('here is my comment');
5571  
5572  Because of conflicts with built-in Perl functions, the following functions
5573  begin with initial caps:
5574  
5575      Select
5576      Tr
5577      Link
5578      Delete
5579      Accept
5580      Sub
5581  
5582  In addition, start_html(), end_html(), start_form(), end_form(),
5583  start_multipart_form() and all the fill-out form tags are special.
5584  See their respective sections.
5585  
5586  =head2 AUTOESCAPING HTML
5587  
5588  By default, all HTML that is emitted by the form-generating functions
5589  is passed through a function called escapeHTML():
5590  
5591  =over 4
5592  
5593  =item $escaped_string = escapeHTML("unescaped string");
5594  
5595  Escape HTML formatting characters in a string.
5596  
5597  =back
5598  
5599  Provided that you have specified a character set of ISO-8859-1 (the
5600  default), the standard HTML escaping rules will be used.  The "<"
5601  character becomes "&lt;", ">" becomes "&gt;", "&" becomes "&amp;", and
5602  the quote character becomes "&quot;".  In addition, the hexadecimal
5603  0x8b and 0x9b characters, which some browsers incorrectly interpret
5604  as the left and right angle-bracket characters, are replaced by their
5605  numeric character entities ("&#8249" and "&#8250;").  If you manually change
5606  the charset, either by calling the charset() method explicitly or by
5607  passing a -charset argument to header(), then B<all> characters will
5608  be replaced by their numeric entities, since CGI.pm has no lookup
5609  table for all the possible encodings.
5610  
5611  The automatic escaping does not apply to other shortcuts, such as
5612  h1().  You should call escapeHTML() yourself on untrusted data in
5613  order to protect your pages against nasty tricks that people may enter
5614  into guestbooks, etc..  To change the character set, use charset().
5615  To turn autoescaping off completely, use autoEscape(0):
5616  
5617  =over 4
5618  
5619  =item $charset = charset([$charset]);
5620  
5621  Get or set the current character set.
5622  
5623  =item $flag = autoEscape([$flag]);
5624  
5625  Get or set the value of the autoescape flag.
5626  
5627  =back
5628  
5629  =head2 PRETTY-PRINTING HTML
5630  
5631  By default, all the HTML produced by these functions comes out as one
5632  long line without carriage returns or indentation. This is yuck, but
5633  it does reduce the size of the documents by 10-20%.  To get
5634  pretty-printed output, please use L<CGI::Pretty>, a subclass
5635  contributed by Brian Paulsen.
5636  
5637  =head1 CREATING FILL-OUT FORMS:
5638  
5639  I<General note>  The various form-creating methods all return strings
5640  to the caller, containing the tag or tags that will create the requested
5641  form element.  You are responsible for actually printing out these strings.
5642  It's set up this way so that you can place formatting tags
5643  around the form elements.
5644  
5645  I<Another note> The default values that you specify for the forms are only
5646  used the B<first> time the script is invoked (when there is no query
5647  string).  On subsequent invocations of the script (when there is a query
5648  string), the former values are used even if they are blank.  
5649  
5650  If you want to change the value of a field from its previous value, you have two
5651  choices:
5652  
5653  (1) call the param() method to set it.
5654  
5655  (2) use the -override (alias -force) parameter (a new feature in version 2.15).
5656  This forces the default value to be used, regardless of the previous value:
5657  
5658     print textfield(-name=>'field_name',
5659                 -default=>'starting value',
5660                 -override=>1,
5661                 -size=>50,
5662                 -maxlength=>80);
5663  
5664  I<Yet another note> By default, the text and labels of form elements are
5665  escaped according to HTML rules.  This means that you can safely use
5666  "<CLICK ME>" as the label for a button.  However, it also interferes with
5667  your ability to incorporate special HTML character sequences, such as &Aacute;,
5668  into your fields.  If you wish to turn off automatic escaping, call the
5669  autoEscape() method with a false value immediately after creating the CGI object:
5670  
5671     $query = new CGI;
5672     autoEscape(undef);
5673  
5674  I<A Lurking Trap!> Some of the form-element generating methods return
5675  multiple tags.  In a scalar context, the tags will be concatenated
5676  together with spaces, or whatever is the current value of the $"
5677  global.  In a list context, the methods will return a list of
5678  elements, allowing you to modify them if you wish.  Usually you will
5679  not notice this behavior, but beware of this:
5680  
5681      printf("%s\n",end_form())
5682  
5683  end_form() produces several tags, and only the first of them will be
5684  printed because the format only expects one value.
5685  
5686  <p>
5687  
5688  
5689  =head2 CREATING AN ISINDEX TAG
5690  
5691     print isindex(-action=>$action);
5692  
5693       -or-
5694  
5695     print isindex($action);
5696  
5697  Prints out an <isindex> tag.  Not very exciting.  The parameter
5698  -action specifies the URL of the script to process the query.  The
5699  default is to process the query with the current script.
5700  
5701  =head2 STARTING AND ENDING A FORM
5702  
5703      print start_form(-method=>$method,
5704              -action=>$action,
5705              -enctype=>$encoding);
5706        <... various form stuff ...>
5707      print endform;
5708  
5709      -or-
5710  
5711      print start_form($method,$action,$encoding);
5712        <... various form stuff ...>
5713      print endform;
5714  
5715  start_form() will return a <form> tag with the optional method,
5716  action and form encoding that you specify.  The defaults are:
5717  
5718      method: POST
5719      action: this script
5720      enctype: application/x-www-form-urlencoded
5721  
5722  endform() returns the closing </form> tag.  
5723  
5724  Start_form()'s enctype argument tells the browser how to package the various
5725  fields of the form before sending the form to the server.  Two
5726  values are possible:
5727  
5728  B<Note:> This method was previously named startform(), and startform()
5729  is still recognized as an alias.
5730  
5731  =over 4
5732  
5733  =item B<application/x-www-form-urlencoded>
5734  
5735  This is the older type of encoding used by all browsers prior to
5736  Netscape 2.0.  It is compatible with many CGI scripts and is
5737  suitable for short fields containing text data.  For your
5738  convenience, CGI.pm stores the name of this encoding
5739  type in B<&CGI::URL_ENCODED>.
5740  
5741  =item B<multipart/form-data>
5742  
5743  This is the newer type of encoding introduced by Netscape 2.0.
5744  It is suitable for forms that contain very large fields or that
5745  are intended for transferring binary data.  Most importantly,
5746  it enables the "file upload" feature of Netscape 2.0 forms.  For
5747  your convenience, CGI.pm stores the name of this encoding type
5748  in B<&CGI::MULTIPART>
5749  
5750  Forms that use this type of encoding are not easily interpreted
5751  by CGI scripts unless they use CGI.pm or another library designed
5752  to handle them.
5753  
5754  If XHTML is activated (the default), then forms will be automatically
5755  created using this type of encoding.
5756  
5757  =back
5758  
5759  For compatibility, the start_form() method uses the older form of
5760  encoding by default.  If you want to use the newer form of encoding
5761  by default, you can call B<start_multipart_form()> instead of
5762  B<start_form()>.
5763  
5764  JAVASCRIPTING: The B<-name> and B<-onSubmit> parameters are provided
5765  for use with JavaScript.  The -name parameter gives the
5766  form a name so that it can be identified and manipulated by
5767  JavaScript functions.  -onSubmit should point to a JavaScript
5768  function that will be executed just before the form is submitted to your
5769  server.  You can use this opportunity to check the contents of the form 
5770  for consistency and completeness.  If you find something wrong, you
5771  can put up an alert box or maybe fix things up yourself.  You can 
5772  abort the submission by returning false from this function.  
5773  
5774  Usually the bulk of JavaScript functions are defined in a <script>
5775  block in the HTML header and -onSubmit points to one of these function
5776  call.  See start_html() for details.
5777  
5778  =head2 FORM ELEMENTS
5779  
5780  After starting a form, you will typically create one or more
5781  textfields, popup menus, radio groups and other form elements.  Each
5782  of these elements takes a standard set of named arguments.  Some
5783  elements also have optional arguments.  The standard arguments are as
5784  follows:
5785  
5786  =over 4
5787  
5788  =item B<-name>
5789  
5790  The name of the field. After submission this name can be used to
5791  retrieve the field's value using the param() method.
5792  
5793  =item B<-value>, B<-values>
5794  
5795  The initial value of the field which will be returned to the script
5796  after form submission.  Some form elements, such as text fields, take
5797  a single scalar -value argument. Others, such as popup menus, take a
5798  reference to an array of values. The two arguments are synonyms.
5799  
5800  =item B<-tabindex>
5801  
5802  A numeric value that sets the order in which the form element receives
5803  focus when the user presses the tab key. Elements with lower values
5804  receive focus first.
5805  
5806  =item B<-id>
5807  
5808  A string identifier that can be used to identify this element to
5809  JavaScript and DHTML.
5810  
5811  =item B<-override>
5812  
5813  A boolean, which, if true, forces the element to take on the value
5814  specified by B<-value>, overriding the sticky behavior described
5815  earlier for the B<-no_sticky> pragma.
5816  
5817  =item B<-onChange>, B<-onFocus>, B<-onBlur>, B<-onMouseOver>, B<-onMouseOut>, B<-onSelect>
5818  
5819  These are used to assign JavaScript event handlers. See the
5820  JavaScripting section for more details.
5821  
5822  =back
5823  
5824  Other common arguments are described in the next section. In addition
5825  to these, all attributes described in the HTML specifications are
5826  supported.
5827  
5828  =head2 CREATING A TEXT FIELD
5829  
5830      print textfield(-name=>'field_name',
5831              -value=>'starting value',
5832              -size=>50,
5833              -maxlength=>80);
5834      -or-
5835  
5836      print textfield('field_name','starting value',50,80);
5837  
5838  textfield() will return a text input field. 
5839  
5840  =over 4
5841  
5842  =item B<Parameters>
5843  
5844  =item 1.
5845  
5846  The first parameter is the required name for the field (-name). 
5847  
5848  =item 2.
5849  
5850  The optional second parameter is the default starting value for the field
5851  contents (-value, formerly known as -default).
5852  
5853  =item 3.
5854  
5855  The optional third parameter is the size of the field in
5856        characters (-size).
5857  
5858  =item 4.
5859  
5860  The optional fourth parameter is the maximum number of characters the
5861        field will accept (-maxlength).
5862  
5863  =back
5864  
5865  As with all these methods, the field will be initialized with its 
5866  previous contents from earlier invocations of the script.
5867  When the form is processed, the value of the text field can be
5868  retrieved with:
5869  
5870         $value = param('foo');
5871  
5872  If you want to reset it from its initial value after the script has been
5873  called once, you can do so like this:
5874  
5875         param('foo',"I'm taking over this value!");
5876  
5877  =head2 CREATING A BIG TEXT FIELD
5878  
5879     print textarea(-name=>'foo',
5880                -default=>'starting value',
5881                -rows=>10,
5882                -columns=>50);
5883  
5884      -or
5885  
5886     print textarea('foo','starting value',10,50);
5887  
5888  textarea() is just like textfield, but it allows you to specify
5889  rows and columns for a multiline text entry box.  You can provide
5890  a starting value for the field, which can be long and contain
5891  multiple lines.
5892  
5893  =head2 CREATING A PASSWORD FIELD
5894  
5895     print password_field(-name=>'secret',
5896                  -value=>'starting value',
5897                  -size=>50,
5898                  -maxlength=>80);
5899      -or-
5900  
5901     print password_field('secret','starting value',50,80);
5902  
5903  password_field() is identical to textfield(), except that its contents 
5904  will be starred out on the web page.
5905  
5906  =head2 CREATING A FILE UPLOAD FIELD
5907  
5908      print filefield(-name=>'uploaded_file',
5909                  -default=>'starting value',
5910                  -size=>50,
5911                  -maxlength=>80);
5912      -or-
5913  
5914      print filefield('uploaded_file','starting value',50,80);
5915  
5916  filefield() will return a file upload field for Netscape 2.0 browsers.
5917  In order to take full advantage of this I<you must use the new 
5918  multipart encoding scheme> for the form.  You can do this either
5919  by calling B<start_form()> with an encoding type of B<&CGI::MULTIPART>,
5920  or by calling the new method B<start_multipart_form()> instead of
5921  vanilla B<start_form()>.
5922  
5923  =over 4
5924  
5925  =item B<Parameters>
5926  
5927  =item 1.
5928  
5929  The first parameter is the required name for the field (-name).  
5930  
5931  =item 2.
5932  
5933  The optional second parameter is the starting value for the field contents
5934  to be used as the default file name (-default).
5935  
5936  For security reasons, browsers don't pay any attention to this field,
5937  and so the starting value will always be blank.  Worse, the field
5938  loses its "sticky" behavior and forgets its previous contents.  The
5939  starting value field is called for in the HTML specification, however,
5940  and possibly some browser will eventually provide support for it.
5941  
5942  =item 3.
5943  
5944  The optional third parameter is the size of the field in
5945  characters (-size).
5946  
5947  =item 4.
5948  
5949  The optional fourth parameter is the maximum number of characters the
5950  field will accept (-maxlength).
5951  
5952  =back
5953  
5954  When the form is processed, you can retrieve the entered filename
5955  by calling param():
5956  
5957         $filename = param('uploaded_file');
5958  
5959  Different browsers will return slightly different things for the
5960  name.  Some browsers return the filename only.  Others return the full
5961  path to the file, using the path conventions of the user's machine.
5962  Regardless, the name returned is always the name of the file on the
5963  I<user's> machine, and is unrelated to the name of the temporary file
5964  that CGI.pm creates during upload spooling (see below).
5965  
5966  The filename returned is also a file handle.  You can read the contents
5967  of the file using standard Perl file reading calls:
5968  
5969      # Read a text file and print it out
5970      while (<$filename>) {
5971         print;
5972      }
5973  
5974      # Copy a binary file to somewhere safe
5975      open (OUTFILE,">>/usr/local/web/users/feedback");
5976      while ($bytesread=read($filename,$buffer,1024)) {
5977         print OUTFILE $buffer;
5978      }
5979  
5980  However, there are problems with the dual nature of the upload fields.
5981  If you C<use strict>, then Perl will complain when you try to use a
5982  string as a filehandle.  You can get around this by placing the file
5983  reading code in a block containing the C<no strict> pragma.  More
5984  seriously, it is possible for the remote user to type garbage into the
5985  upload field, in which case what you get from param() is not a
5986  filehandle at all, but a string.
5987  
5988  To be safe, use the I<upload()> function (new in version 2.47).  When
5989  called with the name of an upload field, I<upload()> returns a
5990  filehandle, or undef if the parameter is not a valid filehandle.
5991  
5992       $fh = upload('uploaded_file');
5993       while (<$fh>) {
5994         print;
5995       }
5996  
5997  In an list context, upload() will return an array of filehandles.
5998  This makes it possible to create forms that use the same name for
5999  multiple upload fields.
6000  
6001  This is the recommended idiom.
6002  
6003  For robust code, consider reseting the file handle position to beginning of the
6004  file. Inside of larger frameworks, other code may have already used the query
6005  object and changed the filehandle postion:
6006  
6007    seek($fh,0,0); # reset postion to beginning of file.
6008  
6009  When a file is uploaded the browser usually sends along some
6010  information along with it in the format of headers.  The information
6011  usually includes the MIME content type.  Future browsers may send
6012  other information as well (such as modification date and size). To
6013  retrieve this information, call uploadInfo().  It returns a reference to
6014  an associative array containing all the document headers.
6015  
6016         $filename = param('uploaded_file');
6017         $type = uploadInfo($filename)->{'Content-Type'};
6018         unless ($type eq 'text/html') {
6019        die "HTML FILES ONLY!";
6020         }
6021  
6022  If you are using a machine that recognizes "text" and "binary" data
6023  modes, be sure to understand when and how to use them (see the Camel book).  
6024  Otherwise you may find that binary files are corrupted during file
6025  uploads.
6026  
6027  There are occasionally problems involving parsing the uploaded file.
6028  This usually happens when the user presses "Stop" before the upload is
6029  finished.  In this case, CGI.pm will return undef for the name of the
6030  uploaded file and set I<cgi_error()> to the string "400 Bad request
6031  (malformed multipart POST)".  This error message is designed so that
6032  you can incorporate it into a status code to be sent to the browser.
6033  Example:
6034  
6035     $file = upload('uploaded_file');
6036     if (!$file && cgi_error) {
6037        print header(-status=>cgi_error);
6038        exit 0;
6039     }
6040  
6041  You are free to create a custom HTML page to complain about the error,
6042  if you wish.
6043  
6044  You can set up a callback that will be called whenever a file upload
6045  is being read during the form processing. This is much like the
6046  UPLOAD_HOOK facility available in Apache::Request, with the exception
6047  that the first argument to the callback is an Apache::Upload object,
6048  here it's the remote filename.
6049  
6050   $q = CGI->new(\&hook [,$data [,$use_tempfile]]);
6051  
6052   sub hook
6053   {
6054          my ($filename, $buffer, $bytes_read, $data) = @_;
6055          print  "Read $bytes_read bytes of $filename\n";         
6056   }
6057  
6058  The $data field is optional; it lets you pass configuration
6059  information (e.g. a database handle) to your hook callback.
6060  
6061  The $use_tempfile field is a flag that lets you turn on and off
6062  CGI.pm's use of a temporary disk-based file during file upload. If you
6063  set this to a FALSE value (default true) then param('uploaded_file')
6064  will no longer work, and the only way to get at the uploaded data is
6065  via the hook you provide.
6066  
6067  If using the function-oriented interface, call the CGI::upload_hook()
6068  method before calling param() or any other CGI functions:
6069  
6070    CGI::upload_hook(\&hook [,$data [,$use_tempfile]]);
6071  
6072  This method is not exported by default.  You will have to import it
6073  explicitly if you wish to use it without the CGI:: prefix.
6074  
6075  If you are using CGI.pm on a Windows platform and find that binary
6076  files get slightly larger when uploaded but that text files remain the
6077  same, then you have forgotten to activate binary mode on the output
6078  filehandle.  Be sure to call binmode() on any handle that you create
6079  to write the uploaded file to disk.
6080  
6081  JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur>,
6082  B<-onMouseOver>, B<-onMouseOut> and B<-onSelect> parameters are
6083  recognized.  See textfield() for details.
6084  
6085  =head2 CREATING A POPUP MENU
6086  
6087     print popup_menu('menu_name',
6088                  ['eenie','meenie','minie'],
6089                  'meenie');
6090  
6091        -or-
6092  
6093     %labels = ('eenie'=>'your first choice',
6094            'meenie'=>'your second choice',
6095            'minie'=>'your third choice');
6096     %attributes = ('eenie'=>{'class'=>'class of first choice'});
6097     print popup_menu('menu_name',
6098                  ['eenie','meenie','minie'],
6099            'meenie',\%labels,\%attributes);
6100  
6101      -or (named parameter style)-
6102  
6103     print popup_menu(-name=>'menu_name',
6104                  -values=>['eenie','meenie','minie'],
6105                  -default=>'meenie',
6106            -labels=>\%labels,
6107            -attributes=>\%attributes);
6108  
6109  popup_menu() creates a menu.
6110  
6111  =over 4
6112  
6113  =item 1.
6114  
6115  The required first argument is the menu's name (-name).
6116  
6117  =item 2.
6118  
6119  The required second argument (-values) is an array B<reference>
6120  containing the list of menu items in the menu.  You can pass the
6121  method an anonymous array, as shown in the example, or a reference to
6122  a named array, such as "\@foo".
6123  
6124  =item 3.
6125  
6126  The optional third parameter (-default) is the name of the default
6127  menu choice.  If not specified, the first item will be the default.
6128  The values of the previous choice will be maintained across queries.
6129  
6130  =item 4.
6131  
6132  The optional fourth parameter (-labels) is provided for people who
6133  want to use different values for the user-visible label inside the
6134  popup menu and the value returned to your script.  It's a pointer to an
6135  associative array relating menu values to user-visible labels.  If you
6136  leave this parameter blank, the menu values will be displayed by
6137  default.  (You can also leave a label undefined if you want to).
6138  
6139  =item 5.
6140  
6141  The optional fifth parameter (-attributes) is provided to assign
6142  any of the common HTML attributes to an individual menu item. It's
6143  a pointer to an associative array relating menu values to another
6144  associative array with the attribute's name as the key and the
6145  attribute's value as the value.
6146  
6147  =back
6148  
6149  When the form is processed, the selected value of the popup menu can
6150  be retrieved using:
6151  
6152        $popup_menu_value = param('menu_name');
6153  
6154  =head2 CREATING AN OPTION GROUP
6155  
6156  Named parameter style
6157  
6158    print popup_menu(-name=>'menu_name',
6159                    -values=>[qw/eenie meenie minie/,
6160                              optgroup(-name=>'optgroup_name',
6161                                               -values => ['moe','catch'],
6162                                               -attributes=>{'catch'=>{'class'=>'red'}})],
6163                    -labels=>{'eenie'=>'one',
6164                              'meenie'=>'two',
6165                              'minie'=>'three'},
6166                    -default=>'meenie');
6167  
6168    Old style
6169    print popup_menu('menu_name',
6170                    ['eenie','meenie','minie',
6171                     optgroup('optgroup_name', ['moe', 'catch'],
6172                                     {'catch'=>{'class'=>'red'}})],'meenie',
6173                    {'eenie'=>'one','meenie'=>'two','minie'=>'three'});
6174  
6175  optgroup() creates an option group within a popup menu.
6176  
6177  =over 4
6178  
6179  =item 1.
6180  
6181  The required first argument (B<-name>) is the label attribute of the
6182  optgroup and is B<not> inserted in the parameter list of the query.
6183  
6184  =item 2.
6185  
6186  The required second argument (B<-values>)  is an array reference
6187  containing the list of menu items in the menu.  You can pass the
6188  method an anonymous array, as shown in the example, or a reference
6189  to a named array, such as \@foo.  If you pass a HASH reference,
6190  the keys will be used for the menu values, and the values will be
6191  used for the menu labels (see -labels below).
6192  
6193  =item 3.
6194  
6195  The optional third parameter (B<-labels>) allows you to pass a reference
6196  to an associative array containing user-visible labels for one or more
6197  of the menu items.  You can use this when you want the user to see one
6198  menu string, but have the browser return your program a different one.
6199  If you don't specify this, the value string will be used instead
6200  ("eenie", "meenie" and "minie" in this example).  This is equivalent
6201  to using a hash reference for the -values parameter.
6202  
6203  =item 4.
6204  
6205  An optional fourth parameter (B<-labeled>) can be set to a true value
6206  and indicates that the values should be used as the label attribute
6207  for each option element within the optgroup.
6208  
6209  =item 5.
6210  
6211  An optional fifth parameter (-novals) can be set to a true value and
6212  indicates to suppress the val attribute in each option element within
6213  the optgroup.
6214  
6215  See the discussion on optgroup at W3C
6216  (http://www.w3.org/TR/REC-html40/interact/forms.html#edef-OPTGROUP)
6217  for details.
6218  
6219  =item 6.
6220  
6221  An optional sixth parameter (-attributes) is provided to assign
6222  any of the common HTML attributes to an individual menu item. It's
6223  a pointer to an associative array relating menu values to another
6224  associative array with the attribute's name as the key and the
6225  attribute's value as the value.
6226  
6227  =back
6228  
6229  =head2 CREATING A SCROLLING LIST
6230  
6231     print scrolling_list('list_name',
6232                  ['eenie','meenie','minie','moe'],
6233          ['eenie','moe'],5,'true',{'moe'=>{'class'=>'red'}});
6234        -or-
6235  
6236     print scrolling_list('list_name',
6237                  ['eenie','meenie','minie','moe'],
6238                  ['eenie','moe'],5,'true',
6239          \%labels,%attributes);
6240  
6241      -or-
6242  
6243     print scrolling_list(-name=>'list_name',
6244                  -values=>['eenie','meenie','minie','moe'],
6245                  -default=>['eenie','moe'],
6246                  -size=>5,
6247                  -multiple=>'true',
6248          -labels=>\%labels,
6249          -attributes=>\%attributes);
6250  
6251  scrolling_list() creates a scrolling list.  
6252  
6253  =over 4
6254  
6255  =item B<Parameters:>
6256  
6257  =item 1.
6258  
6259  The first and second arguments are the list name (-name) and values
6260  (-values).  As in the popup menu, the second argument should be an
6261  array reference.
6262  
6263  =item 2.
6264  
6265  The optional third argument (-default) can be either a reference to a
6266  list containing the values to be selected by default, or can be a
6267  single value to select.  If this argument is missing or undefined,
6268  then nothing is selected when the list first appears.  In the named
6269  parameter version, you can use the synonym "-defaults" for this
6270  parameter.
6271  
6272  =item 3.
6273  
6274  The optional fourth argument is the size of the list (-size).
6275  
6276  =item 4.
6277  
6278  The optional fifth argument can be set to true to allow multiple
6279  simultaneous selections (-multiple).  Otherwise only one selection
6280  will be allowed at a time.
6281  
6282  =item 5.
6283  
6284  The optional sixth argument is a pointer to an associative array
6285  containing long user-visible labels for the list items (-labels).
6286  If not provided, the values will be displayed.
6287  
6288  =item 6.
6289  
6290  The optional sixth parameter (-attributes) is provided to assign
6291  any of the common HTML attributes to an individual menu item. It's
6292  a pointer to an associative array relating menu values to another
6293  associative array with the attribute's name as the key and the
6294  attribute's value as the value.
6295  
6296  When this form is processed, all selected list items will be returned as
6297  a list under the parameter name 'list_name'.  The values of the
6298  selected items can be retrieved with:
6299  
6300        @selected = param('list_name');
6301  
6302  =back
6303  
6304  =head2 CREATING A GROUP OF RELATED CHECKBOXES
6305  
6306     print checkbox_group(-name=>'group_name',
6307                  -values=>['eenie','meenie','minie','moe'],
6308                  -default=>['eenie','moe'],
6309                  -linebreak=>'true',
6310                                  -disabled => ['moe'],
6311          -labels=>\%labels,
6312          -attributes=>\%attributes);
6313  
6314     print checkbox_group('group_name',
6315                  ['eenie','meenie','minie','moe'],
6316          ['eenie','moe'],'true',\%labels,
6317          {'moe'=>{'class'=>'red'}});
6318  
6319     HTML3-COMPATIBLE BROWSERS ONLY:
6320  
6321     print checkbox_group(-name=>'group_name',
6322                  -values=>['eenie','meenie','minie','moe'],
6323                  -rows=2,-columns=>2);
6324  
6325  
6326  checkbox_group() creates a list of checkboxes that are related
6327  by the same name.
6328  
6329  =over 4
6330  
6331  =item B<Parameters:>
6332  
6333  =item 1.
6334  
6335  The first and second arguments are the checkbox name and values,
6336  respectively (-name and -values).  As in the popup menu, the second
6337  argument should be an array reference.  These values are used for the
6338  user-readable labels printed next to the checkboxes as well as for the
6339  values passed to your script in the query string.
6340  
6341  =item 2.
6342  
6343  The optional third argument (-default) can be either a reference to a
6344  list containing the values to be checked by default, or can be a
6345  single value to checked.  If this argument is missing or undefined,
6346  then nothing is selected when the list first appears.
6347  
6348  =item 3.
6349  
6350  The optional fourth argument (-linebreak) can be set to true to place
6351  line breaks between the checkboxes so that they appear as a vertical
6352  list.  Otherwise, they will be strung together on a horizontal line.
6353  
6354  =back
6355  
6356  
6357  The optional b<-labels> argument is a pointer to an associative array
6358  relating the checkbox values to the user-visible labels that will be
6359  printed next to them.  If not provided, the values will be used as the
6360  default.
6361  
6362  
6363  The optional parameters B<-rows>, and B<-columns> cause
6364  checkbox_group() to return an HTML3 compatible table containing the
6365  checkbox group formatted with the specified number of rows and
6366  columns.  You can provide just the -columns parameter if you wish;
6367  checkbox_group will calculate the correct number of rows for you.
6368  
6369  The option b<-disabled> takes an array of checkbox values and disables
6370  them by greying them out (this may not be supported by all browsers).
6371  
6372  The optional B<-attributes> argument is provided to assign any of the
6373  common HTML attributes to an individual menu item. It's a pointer to
6374  an associative array relating menu values to another associative array
6375  with the attribute's name as the key and the attribute's value as the
6376  value.
6377  
6378  The optional B<-tabindex> argument can be used to control the order in which
6379  radio buttons receive focus when the user presses the tab button.  If
6380  passed a scalar numeric value, the first element in the group will
6381  receive this tab index and subsequent elements will be incremented by
6382  one.  If given a reference to an array of radio button values, then
6383  the indexes will be jiggered so that the order specified in the array
6384  will correspond to the tab order.  You can also pass a reference to a
6385  hash in which the hash keys are the radio button values and the values
6386  are the tab indexes of each button.  Examples:
6387  
6388    -tabindex => 100    #  this group starts at index 100 and counts up
6389    -tabindex => ['moe','minie','eenie','meenie']  # tab in this order
6390    -tabindex => {meenie=>100,moe=>101,minie=>102,eenie=>200} # tab in this order
6391  
6392  When the form is processed, all checked boxes will be returned as
6393  a list under the parameter name 'group_name'.  The values of the
6394  "on" checkboxes can be retrieved with:
6395  
6396        @turned_on = param('group_name');
6397  
6398  The value returned by checkbox_group() is actually an array of button
6399  elements.  You can capture them and use them within tables, lists,
6400  or in other creative ways:
6401  
6402      @h = checkbox_group(-name=>'group_name',-values=>\@values);
6403      &use_in_creative_way(@h);
6404  
6405  =head2 CREATING A STANDALONE CHECKBOX
6406  
6407      print checkbox(-name=>'checkbox_name',
6408                 -checked=>1,
6409                 -value=>'ON',
6410                 -label=>'CLICK ME');
6411  
6412      -or-
6413  
6414      print checkbox('checkbox_name','checked','ON','CLICK ME');
6415  
6416  checkbox() is used to create an isolated checkbox that isn't logically
6417  related to any others.
6418  
6419  =over 4
6420  
6421  =item B<Parameters:>
6422  
6423  =item 1.
6424  
6425  The first parameter is the required name for the checkbox (-name).  It
6426  will also be used for the user-readable label printed next to the
6427  checkbox.
6428  
6429  =item 2.
6430  
6431  The optional second parameter (-checked) specifies that the checkbox
6432  is turned on by default.  Synonyms are -selected and -on.
6433  
6434  =item 3.
6435  
6436  The optional third parameter (-value) specifies the value of the
6437  checkbox when it is checked.  If not provided, the word "on" is
6438  assumed.
6439  
6440  =item 4.
6441  
6442  The optional fourth parameter (-label) is the user-readable label to
6443  be attached to the checkbox.  If not provided, the checkbox name is
6444  used.
6445  
6446  =back
6447  
6448  The value of the checkbox can be retrieved using:
6449  
6450      $turned_on = param('checkbox_name');
6451  
6452  =head2 CREATING A RADIO BUTTON GROUP
6453  
6454     print radio_group(-name=>'group_name',
6455                   -values=>['eenie','meenie','minie'],
6456                   -default=>'meenie',
6457                   -linebreak=>'true',
6458             -labels=>\%labels,
6459             -attributes=>\%attributes);
6460  
6461      -or-
6462  
6463     print radio_group('group_name',['eenie','meenie','minie'],
6464              'meenie','true',\%labels,\%attributes);
6465  
6466  
6467     HTML3-COMPATIBLE BROWSERS ONLY:
6468  
6469     print radio_group(-name=>'group_name',
6470                   -values=>['eenie','meenie','minie','moe'],
6471                   -rows=2,-columns=>2);
6472  
6473  radio_group() creates a set of logically-related radio buttons
6474  (turning one member of the group on turns the others off)
6475  
6476  =over 4
6477  
6478  =item B<Parameters:>
6479  
6480  =item 1.
6481  
6482  The first argument is the name of the group and is required (-name).
6483  
6484  =item 2.
6485  
6486  The second argument (-values) is the list of values for the radio
6487  buttons.  The values and the labels that appear on the page are
6488  identical.  Pass an array I<reference> in the second argument, either
6489  using an anonymous array, as shown, or by referencing a named array as
6490  in "\@foo".
6491  
6492  =item 3.
6493  
6494  The optional third parameter (-default) is the name of the default
6495  button to turn on. If not specified, the first item will be the
6496  default.  You can provide a nonexistent button name, such as "-" to
6497  start up with no buttons selected.
6498  
6499  =item 4.
6500  
6501  The optional fourth parameter (-linebreak) can be set to 'true' to put
6502  line breaks between the buttons, creating a vertical list.
6503  
6504  =item 5.
6505  
6506  The optional fifth parameter (-labels) is a pointer to an associative
6507  array relating the radio button values to user-visible labels to be
6508  used in the display.  If not provided, the values themselves are
6509  displayed.
6510  
6511  =back
6512  
6513  
6514  All modern browsers can take advantage of the optional parameters
6515  B<-rows>, and B<-columns>.  These parameters cause radio_group() to
6516  return an HTML3 compatible table containing the radio group formatted
6517  with the specified number of rows and columns.  You can provide just
6518  the -columns parameter if you wish; radio_group will calculate the
6519  correct number of rows for you.
6520  
6521  To include row and column headings in the returned table, you
6522  can use the B<-rowheaders> and B<-colheaders> parameters.  Both
6523  of these accept a pointer to an array of headings to use.
6524  The headings are just decorative.  They don't reorganize the
6525  interpretation of the radio buttons -- they're still a single named
6526  unit.
6527  
6528  The optional B<-tabindex> argument can be used to control the order in which
6529  radio buttons receive focus when the user presses the tab button.  If
6530  passed a scalar numeric value, the first element in the group will
6531  receive this tab index and subsequent elements will be incremented by
6532  one.  If given a reference to an array of radio button values, then
6533  the indexes will be jiggered so that the order specified in the array
6534  will correspond to the tab order.  You can also pass a reference to a
6535  hash in which the hash keys are the radio button values and the values
6536  are the tab indexes of each button.  Examples:
6537  
6538    -tabindex => 100    #  this group starts at index 100 and counts up
6539    -tabindex => ['moe','minie','eenie','meenie']  # tab in this order
6540    -tabindex => {meenie=>100,moe=>101,minie=>102,eenie=>200} # tab in this order
6541  
6542  
6543  The optional B<-attributes> argument is provided to assign any of the
6544  common HTML attributes to an individual menu item. It's a pointer to
6545  an associative array relating menu values to another associative array
6546  with the attribute's name as the key and the attribute's value as the
6547  value.
6548  
6549  When the form is processed, the selected radio button can
6550  be retrieved using:
6551  
6552        $which_radio_button = param('group_name');
6553  
6554  The value returned by radio_group() is actually an array of button
6555  elements.  You can capture them and use them within tables, lists,
6556  or in other creative ways:
6557  
6558      @h = radio_group(-name=>'group_name',-values=>\@values);
6559      &use_in_creative_way(@h);
6560  
6561  =head2 CREATING A SUBMIT BUTTON 
6562  
6563     print submit(-name=>'button_name',
6564              -value=>'value');
6565  
6566      -or-
6567  
6568     print submit('button_name','value');
6569  
6570  submit() will create the query submission button.  Every form
6571  should have one of these.
6572  
6573  =over 4
6574  
6575  =item B<Parameters:>
6576  
6577  =item 1.
6578  
6579  The first argument (-name) is optional.  You can give the button a
6580  name if you have several submission buttons in your form and you want
6581  to distinguish between them.  
6582  
6583  =item 2.
6584  
6585  The second argument (-value) is also optional.  This gives the button
6586  a value that will be passed to your script in the query string. The
6587  name will also be used as the user-visible label.
6588  
6589  =item 3.
6590  
6591  You can use -label as an alias for -value.  I always get confused
6592  about which of -name and -value changes the user-visible label on the
6593  button.
6594  
6595  =back
6596  
6597  You can figure out which button was pressed by using different
6598  values for each one:
6599  
6600       $which_one = param('button_name');
6601  
6602  =head2 CREATING A RESET BUTTON
6603  
6604     print reset
6605  
6606  reset() creates the "reset" button.  Note that it restores the
6607  form to its value from the last time the script was called, 
6608  NOT necessarily to the defaults.
6609  
6610  Note that this conflicts with the Perl reset() built-in.  Use
6611  CORE::reset() to get the original reset function.
6612  
6613  =head2 CREATING A DEFAULT BUTTON
6614  
6615     print defaults('button_label')
6616  
6617  defaults() creates a button that, when invoked, will cause the
6618  form to be completely reset to its defaults, wiping out all the
6619  changes the user ever made.
6620  
6621  =head2 CREATING A HIDDEN FIELD
6622  
6623      print hidden(-name=>'hidden_name',
6624                   -default=>['value1','value2'...]);
6625  
6626          -or-
6627  
6628      print hidden('hidden_name','value1','value2'...);
6629  
6630  hidden() produces a text field that can't be seen by the user.  It
6631  is useful for passing state variable information from one invocation
6632  of the script to the next.
6633  
6634  =over 4
6635  
6636  =item B<Parameters:>
6637  
6638  =item 1.
6639  
6640  The first argument is required and specifies the name of this
6641  field (-name).
6642  
6643  =item 2.  
6644  
6645  The second argument is also required and specifies its value
6646  (-default).  In the named parameter style of calling, you can provide
6647  a single value here or a reference to a whole list
6648  
6649  =back
6650  
6651  Fetch the value of a hidden field this way:
6652  
6653       $hidden_value = param('hidden_name');
6654  
6655  Note, that just like all the other form elements, the value of a
6656  hidden field is "sticky".  If you want to replace a hidden field with
6657  some other values after the script has been called once you'll have to
6658  do it manually:
6659  
6660       param('hidden_name','new','values','here');
6661  
6662  =head2 CREATING A CLICKABLE IMAGE BUTTON
6663  
6664       print image_button(-name=>'button_name',
6665                  -src=>'/source/URL',
6666                  -align=>'MIDDLE');      
6667  
6668      -or-
6669  
6670       print image_button('button_name','/source/URL','MIDDLE');
6671  
6672  image_button() produces a clickable image.  When it's clicked on the
6673  position of the click is returned to your script as "button_name.x"
6674  and "button_name.y", where "button_name" is the name you've assigned
6675  to it.
6676  
6677  =over 4
6678  
6679  =item B<Parameters:>
6680  
6681  =item 1.
6682  
6683  The first argument (-name) is required and specifies the name of this
6684  field.
6685  
6686  =item 2.
6687  
6688  The second argument (-src) is also required and specifies the URL
6689  
6690  =item 3.
6691  The third option (-align, optional) is an alignment type, and may be
6692  TOP, BOTTOM or MIDDLE
6693  
6694  =back
6695  
6696  Fetch the value of the button this way:
6697       $x = param('button_name.x');
6698       $y = param('button_name.y');
6699  
6700  =head2 CREATING A JAVASCRIPT ACTION BUTTON
6701  
6702       print button(-name=>'button_name',
6703                -value=>'user visible label',
6704                -onClick=>"do_something()");
6705  
6706      -or-
6707  
6708       print button('button_name',"do_something()");
6709  
6710  button() produces a button that is compatible with Netscape 2.0's
6711  JavaScript.  When it's pressed the fragment of JavaScript code
6712  pointed to by the B<-onClick> parameter will be executed.  On
6713  non-Netscape browsers this form element will probably not even
6714  display.
6715  
6716  =head1 HTTP COOKIES
6717  
6718  Netscape browsers versions 1.1 and higher, and all versions of
6719  Internet Explorer, support a so-called "cookie" designed to help
6720  maintain state within a browser session.  CGI.pm has several methods
6721  that support cookies.
6722  
6723  A cookie is a name=value pair much like the named parameters in a CGI
6724  query string.  CGI scripts create one or more cookies and send
6725  them to the browser in the HTTP header.  The browser maintains a list
6726  of cookies that belong to a particular Web server, and returns them
6727  to the CGI script during subsequent interactions.
6728  
6729  In addition to the required name=value pair, each cookie has several
6730  optional attributes:
6731  
6732  =over 4
6733  
6734  =item 1. an expiration time
6735  
6736  This is a time/date string (in a special GMT format) that indicates
6737  when a cookie expires.  The cookie will be saved and returned to your
6738  script until this expiration date is reached if the user exits
6739  the browser and restarts it.  If an expiration date isn't specified, the cookie
6740  will remain active until the user quits the browser.
6741  
6742  =item 2. a domain
6743  
6744  This is a partial or complete domain name for which the cookie is 
6745  valid.  The browser will return the cookie to any host that matches
6746  the partial domain name.  For example, if you specify a domain name
6747  of ".capricorn.com", then the browser will return the cookie to
6748  Web servers running on any of the machines "www.capricorn.com", 
6749  "www2.capricorn.com", "feckless.capricorn.com", etc.  Domain names
6750  must contain at least two periods to prevent attempts to match
6751  on top level domains like ".edu".  If no domain is specified, then
6752  the browser will only return the cookie to servers on the host the
6753  cookie originated from.
6754  
6755  =item 3. a path
6756  
6757  If you provide a cookie path attribute, the browser will check it
6758  against your script's URL before returning the cookie.  For example,
6759  if you specify the path "/cgi-bin", then the cookie will be returned
6760  to each of the scripts "/cgi-bin/tally.pl", "/cgi-bin/order.pl",
6761  and "/cgi-bin/customer_service/complain.pl", but not to the script
6762  "/cgi-private/site_admin.pl".  By default, path is set to "/", which
6763  causes the cookie to be sent to any CGI script on your site.
6764  
6765  =item 4. a "secure" flag
6766  
6767  If the "secure" attribute is set, the cookie will only be sent to your
6768  script if the CGI request is occurring on a secure channel, such as SSL.
6769  
6770  =back
6771  
6772  The interface to HTTP cookies is the B<cookie()> method:
6773  
6774      $cookie = cookie(-name=>'sessionID',
6775                   -value=>'xyzzy',
6776                   -expires=>'+1h',
6777                   -path=>'/cgi-bin/database',
6778                   -domain=>'.capricorn.org',
6779                   -secure=>1);
6780      print header(-cookie=>$cookie);
6781  
6782  B<cookie()> creates a new cookie.  Its parameters include:
6783  
6784  =over 4
6785  
6786  =item B<-name>
6787  
6788  The name of the cookie (required).  This can be any string at all.
6789  Although browsers limit their cookie names to non-whitespace
6790  alphanumeric characters, CGI.pm removes this restriction by escaping
6791  and unescaping cookies behind the scenes.
6792  
6793  =item B<-value>
6794  
6795  The value of the cookie.  This can be any scalar value,
6796  array reference, or even associative array reference.  For example,
6797  you can store an entire associative array into a cookie this way:
6798  
6799      $cookie=cookie(-name=>'family information',
6800                     -value=>\%childrens_ages);
6801  
6802  =item B<-path>
6803  
6804  The optional partial path for which this cookie will be valid, as described
6805  above.
6806  
6807  =item B<-domain>
6808  
6809  The optional partial domain for which this cookie will be valid, as described
6810  above.
6811  
6812  =item B<-expires>
6813  
6814  The optional expiration date for this cookie.  The format is as described 
6815  in the section on the B<header()> method:
6816  
6817      "+1h"  one hour from now
6818  
6819  =item B<-secure>
6820  
6821  If set to true, this cookie will only be used within a secure
6822  SSL session.
6823  
6824  =back
6825  
6826  The cookie created by cookie() must be incorporated into the HTTP
6827  header within the string returned by the header() method:
6828  
6829          use CGI ':standard';
6830      print header(-cookie=>$my_cookie);
6831  
6832  To create multiple cookies, give header() an array reference:
6833  
6834      $cookie1 = cookie(-name=>'riddle_name',
6835                    -value=>"The Sphynx's Question");
6836      $cookie2 = cookie(-name=>'answers',
6837                    -value=>\%answers);
6838      print header(-cookie=>[$cookie1,$cookie2]);
6839  
6840  To retrieve a cookie, request it by name by calling cookie() method
6841  without the B<-value> parameter. This example uses the object-oriented
6842  form:
6843  
6844      use CGI;
6845      $query = new CGI;
6846      $riddle = $query->cookie('riddle_name');
6847          %answers = $query->cookie('answers');
6848  
6849  Cookies created with a single scalar value, such as the "riddle_name"
6850  cookie, will be returned in that form.  Cookies with array and hash
6851  values can also be retrieved.
6852  
6853  The cookie and CGI namespaces are separate.  If you have a parameter
6854  named 'answers' and a cookie named 'answers', the values retrieved by
6855  param() and cookie() are independent of each other.  However, it's
6856  simple to turn a CGI parameter into a cookie, and vice-versa:
6857  
6858     # turn a CGI parameter into a cookie
6859     $c=cookie(-name=>'answers',-value=>[param('answers')]);
6860     # vice-versa
6861     param(-name=>'answers',-value=>[cookie('answers')]);
6862  
6863  If you call cookie() without any parameters, it will return a list of
6864  the names of all cookies passed to your script:
6865  
6866    @cookies = cookie();
6867  
6868  See the B<cookie.cgi> example script for some ideas on how to use
6869  cookies effectively.
6870  
6871  =head1 WORKING WITH FRAMES
6872  
6873  It's possible for CGI.pm scripts to write into several browser panels
6874  and windows using the HTML 4 frame mechanism.  There are three
6875  techniques for defining new frames programmatically:
6876  
6877  =over 4
6878  
6879  =item 1. Create a <Frameset> document
6880  
6881  After writing out the HTTP header, instead of creating a standard
6882  HTML document using the start_html() call, create a <frameset> 
6883  document that defines the frames on the page.  Specify your script(s)
6884  (with appropriate parameters) as the SRC for each of the frames.
6885  
6886  There is no specific support for creating <frameset> sections 
6887  in CGI.pm, but the HTML is very simple to write.  See the frame
6888  documentation in Netscape's home pages for details 
6889  
6890    http://wp.netscape.com/assist/net_sites/frames.html
6891  
6892  =item 2. Specify the destination for the document in the HTTP header
6893  
6894  You may provide a B<-target> parameter to the header() method:
6895  
6896      print header(-target=>'ResultsWindow');
6897  
6898  This will tell the browser to load the output of your script into the
6899  frame named "ResultsWindow".  If a frame of that name doesn't already
6900  exist, the browser will pop up a new window and load your script's
6901  document into that.  There are a number of magic names that you can
6902  use for targets.  See the frame documents on Netscape's home pages for
6903  details.
6904  
6905  =item 3. Specify the destination for the document in the <form> tag
6906  
6907  You can specify the frame to load in the FORM tag itself.  With
6908  CGI.pm it looks like this:
6909  
6910      print start_form(-target=>'ResultsWindow');
6911  
6912  When your script is reinvoked by the form, its output will be loaded
6913  into the frame named "ResultsWindow".  If one doesn't already exist
6914  a new window will be created.
6915  
6916  =back
6917  
6918  The script "frameset.cgi" in the examples directory shows one way to
6919  create pages in which the fill-out form and the response live in
6920  side-by-side frames.
6921  
6922  =head1 SUPPORT FOR JAVASCRIPT
6923  
6924  Netscape versions 2.0 and higher incorporate an interpreted language
6925  called JavaScript. Internet Explorer, 3.0 and higher, supports a
6926  closely-related dialect called JScript. JavaScript isn't the same as
6927  Java, and certainly isn't at all the same as Perl, which is a great
6928  pity. JavaScript allows you to programmatically change the contents of
6929  fill-out forms, create new windows, and pop up dialog box from within
6930  Netscape itself. From the point of view of CGI scripting, JavaScript
6931  is quite useful for validating fill-out forms prior to submitting
6932  them.
6933  
6934  You'll need to know JavaScript in order to use it. There are many good
6935  sources in bookstores and on the web.
6936  
6937  The usual way to use JavaScript is to define a set of functions in a
6938  <SCRIPT> block inside the HTML header and then to register event
6939  handlers in the various elements of the page. Events include such
6940  things as the mouse passing over a form element, a button being
6941  clicked, the contents of a text field changing, or a form being
6942  submitted. When an event occurs that involves an element that has
6943  registered an event handler, its associated JavaScript code gets
6944  called.
6945  
6946  The elements that can register event handlers include the <BODY> of an
6947  HTML document, hypertext links, all the various elements of a fill-out
6948  form, and the form itself. There are a large number of events, and
6949  each applies only to the elements for which it is relevant. Here is a
6950  partial list:
6951  
6952  =over 4
6953  
6954  =item B<onLoad>
6955  
6956  The browser is loading the current document. Valid in:
6957  
6958       + The HTML <BODY> section only.
6959  
6960  =item B<onUnload>
6961  
6962  The browser is closing the current page or frame. Valid for:
6963  
6964       + The HTML <BODY> section only.
6965  
6966  =item B<onSubmit>
6967  
6968  The user has pressed the submit button of a form. This event happens
6969  just before the form is submitted, and your function can return a
6970  value of false in order to abort the submission.  Valid for:
6971  
6972       + Forms only.
6973  
6974  =item B<onClick>
6975  
6976  The mouse has clicked on an item in a fill-out form. Valid for:
6977  
6978       + Buttons (including submit, reset, and image buttons)
6979       + Checkboxes
6980       + Radio buttons
6981  
6982  =item B<onChange>
6983  
6984  The user has changed the contents of a field. Valid for:
6985  
6986       + Text fields
6987       + Text areas
6988       + Password fields
6989       + File fields
6990       + Popup Menus
6991       + Scrolling lists
6992  
6993  =item B<onFocus>
6994  
6995  The user has selected a field to work with. Valid for:
6996  
6997       + Text fields
6998       + Text areas
6999       + Password fields
7000       + File fields
7001       + Popup Menus
7002       + Scrolling lists
7003  
7004  =item B<onBlur>
7005  
7006  The user has deselected a field (gone to work somewhere else).  Valid
7007  for:
7008  
7009       + Text fields
7010       + Text areas
7011       + Password fields
7012       + File fields
7013       + Popup Menus
7014       + Scrolling lists
7015  
7016  =item B<onSelect>
7017  
7018  The user has changed the part of a text field that is selected.  Valid
7019  for:
7020  
7021       + Text fields
7022       + Text areas
7023       + Password fields
7024       + File fields
7025  
7026  =item B<onMouseOver>
7027  
7028  The mouse has moved over an element.
7029  
7030       + Text fields
7031       + Text areas
7032       + Password fields
7033       + File fields
7034       + Popup Menus
7035       + Scrolling lists
7036  
7037  =item B<onMouseOut>
7038  
7039  The mouse has moved off an element.
7040  
7041       + Text fields
7042       + Text areas
7043       + Password fields
7044       + File fields
7045       + Popup Menus
7046       + Scrolling lists
7047  
7048  =back
7049  
7050  In order to register a JavaScript event handler with an HTML element,
7051  just use the event name as a parameter when you call the corresponding
7052  CGI method. For example, to have your validateAge() JavaScript code
7053  executed every time the textfield named "age" changes, generate the
7054  field like this: 
7055  
7056   print textfield(-name=>'age',-onChange=>"validateAge(this)");
7057  
7058  This example assumes that you've already declared the validateAge()
7059  function by incorporating it into a <SCRIPT> block. The CGI.pm
7060  start_html() method provides a convenient way to create this section.
7061  
7062  Similarly, you can create a form that checks itself over for
7063  consistency and alerts the user if some essential value is missing by
7064  creating it this way: 
7065    print startform(-onSubmit=>"validateMe(this)");
7066  
7067  See the javascript.cgi script for a demonstration of how this all
7068  works.
7069  
7070  
7071  =head1 LIMITED SUPPORT FOR CASCADING STYLE SHEETS
7072  
7073  CGI.pm has limited support for HTML3's cascading style sheets (css).
7074  To incorporate a stylesheet into your document, pass the
7075  start_html() method a B<-style> parameter.  The value of this
7076  parameter may be a scalar, in which case it is treated as the source
7077  URL for the stylesheet, or it may be a hash reference.  In the latter
7078  case you should provide the hash with one or more of B<-src> or
7079  B<-code>.  B<-src> points to a URL where an externally-defined
7080  stylesheet can be found.  B<-code> points to a scalar value to be
7081  incorporated into a <style> section.  Style definitions in B<-code>
7082  override similarly-named ones in B<-src>, hence the name "cascading."
7083  
7084  You may also specify the type of the stylesheet by adding the optional
7085  B<-type> parameter to the hash pointed to by B<-style>.  If not
7086  specified, the style defaults to 'text/css'.
7087  
7088  To refer to a style within the body of your document, add the
7089  B<-class> parameter to any HTML element:
7090  
7091      print h1({-class=>'Fancy'},'Welcome to the Party');
7092  
7093  Or define styles on the fly with the B<-style> parameter:
7094  
7095      print h1({-style=>'Color: red;'},'Welcome to Hell');
7096  
7097  You may also use the new B<span()> element to apply a style to a
7098  section of text:
7099  
7100      print span({-style=>'Color: red;'},
7101             h1('Welcome to Hell'),
7102             "Where did that handbasket get to?"
7103             );
7104  
7105  Note that you must import the ":html3" definitions to have the
7106  B<span()> method available.  Here's a quick and dirty example of using
7107  CSS's.  See the CSS specification at
7108  http://www.w3.org/pub/WWW/TR/Wd-css-1.html for more information.
7109  
7110      use CGI qw/:standard :html3/;
7111  
7112      #here's a stylesheet incorporated directly into the page
7113      $newStyle=<<END;
7114      <!-- 
7115      P.Tip {
7116      margin-right: 50pt;
7117      margin-left: 50pt;
7118          color: red;
7119      }
7120      P.Alert {
7121      font-size: 30pt;
7122          font-family: sans-serif;
7123        color: red;
7124      }
7125      -->
7126      END
7127      print header();
7128      print start_html( -title=>'CGI with Style',
7129                -style=>{-src=>'http://www.capricorn.com/style/st1.css',
7130                         -code=>$newStyle}
7131                   );
7132      print h1('CGI with Style'),
7133            p({-class=>'Tip'},
7134          "Better read the cascading style sheet spec before playing with this!"),
7135            span({-style=>'color: magenta'},
7136             "Look Mom, no hands!",
7137             p(),
7138             "Whooo wee!"
7139             );
7140      print end_html;
7141  
7142  Pass an array reference to B<-code> or B<-src> in order to incorporate
7143  multiple stylesheets into your document.
7144  
7145  Should you wish to incorporate a verbatim stylesheet that includes
7146  arbitrary formatting in the header, you may pass a -verbatim tag to
7147  the -style hash, as follows:
7148  
7149  print start_html (-style  =>  {-verbatim => '@import url("/server-common/css/'.$cssFile.'");',
7150                    -src    =>  '/server-common/css/core.css'});
7151  
7152  
7153  This will generate an HTML header that contains this:
7154  
7155   <link rel="stylesheet" type="text/css"  href="/server-common/css/core.css">
7156     <style type="text/css">
7157     @import url("/server-common/css/main.css");
7158     </style>
7159  
7160  Any additional arguments passed in the -style value will be
7161  incorporated into the <link> tag.  For example:
7162  
7163   start_html(-style=>{-src=>['/styles/print.css','/styles/layout.css'],
7164                -media => 'all'});
7165  
7166  This will give:
7167  
7168   <link rel="stylesheet" type="text/css" href="/styles/print.css" media="all"/>
7169   <link rel="stylesheet" type="text/css" href="/styles/layout.css" media="all"/>
7170  
7171  <p>
7172  
7173  To make more complicated <link> tags, use the Link() function
7174  and pass it to start_html() in the -head argument, as in:
7175  
7176    @h = (Link({-rel=>'stylesheet',-type=>'text/css',-src=>'/ss/ss.css',-media=>'all'}),
7177          Link({-rel=>'stylesheet',-type=>'text/css',-src=>'/ss/fred.css',-media=>'paper'}));
7178    print start_html({-head=>\@h})
7179  
7180  To create primary and  "alternate" stylesheet, use the B<-alternate> option:
7181  
7182   start_html(-style=>{-src=>[
7183                             {-src=>'/styles/print.css'},
7184                 {-src=>'/styles/alt.css',-alternate=>1}
7185                             ]
7186              });
7187  
7188  =head1 DEBUGGING
7189  
7190  If you are running the script from the command line or in the perl
7191  debugger, you can pass the script a list of keywords or
7192  parameter=value pairs on the command line or from standard input (you
7193  don't have to worry about tricking your script into reading from
7194  environment variables).  You can pass keywords like this:
7195  
7196      your_script.pl keyword1 keyword2 keyword3
7197  
7198  or this:
7199  
7200     your_script.pl keyword1+keyword2+keyword3
7201  
7202  or this:
7203  
7204      your_script.pl name1=value1 name2=value2
7205  
7206  or this:
7207  
7208      your_script.pl name1=value1&name2=value2
7209  
7210  To turn off this feature, use the -no_debug pragma.
7211  
7212  To test the POST method, you may enable full debugging with the -debug
7213  pragma.  This will allow you to feed newline-delimited name=value
7214  pairs to the script on standard input.
7215  
7216  When debugging, you can use quotes and backslashes to escape 
7217  characters in the familiar shell manner, letting you place
7218  spaces and other funny characters in your parameter=value
7219  pairs:
7220  
7221     your_script.pl "name1='I am a long value'" "name2=two\ words"
7222  
7223  Finally, you can set the path info for the script by prefixing the first
7224  name/value parameter with the path followed by a question mark (?):
7225  
7226      your_script.pl /your/path/here?name1=value1&name2=value2
7227  
7228  =head2 DUMPING OUT ALL THE NAME/VALUE PAIRS
7229  
7230  The Dump() method produces a string consisting of all the query's
7231  name/value pairs formatted nicely as a nested list.  This is useful
7232  for debugging purposes:
7233  
7234      print Dump
7235  
7236  
7237  Produces something that looks like:
7238  
7239      <ul>
7240      <li>name1
7241      <ul>
7242      <li>value1
7243      <li>value2
7244      </ul>
7245      <li>name2
7246      <ul>
7247      <li>value1
7248      </ul>
7249      </ul>
7250  
7251  As a shortcut, you can interpolate the entire CGI object into a string
7252  and it will be replaced with the a nice HTML dump shown above:
7253  
7254      $query=new CGI;
7255      print "<h2>Current Values</h2> $query\n";
7256  
7257  =head1 FETCHING ENVIRONMENT VARIABLES
7258  
7259  Some of the more useful environment variables can be fetched
7260  through this interface.  The methods are as follows:
7261  
7262  =over 4
7263  
7264  =item B<Accept()>
7265  
7266  Return a list of MIME types that the remote browser accepts. If you
7267  give this method a single argument corresponding to a MIME type, as in
7268  Accept('text/html'), it will return a floating point value
7269  corresponding to the browser's preference for this type from 0.0
7270  (don't want) to 1.0.  Glob types (e.g. text/*) in the browser's accept
7271  list are handled correctly.
7272  
7273  Note that the capitalization changed between version 2.43 and 2.44 in
7274  order to avoid conflict with Perl's accept() function.
7275  
7276  =item B<raw_cookie()>
7277  
7278  Returns the HTTP_COOKIE variable, an HTTP extension implemented by
7279  Netscape browsers version 1.1 and higher, and all versions of Internet
7280  Explorer.  Cookies have a special format, and this method call just
7281  returns the raw form (?cookie dough).  See cookie() for ways of
7282  setting and retrieving cooked cookies.
7283  
7284  Called with no parameters, raw_cookie() returns the packed cookie
7285  structure.  You can separate it into individual cookies by splitting
7286  on the character sequence "; ".  Called with the name of a cookie,
7287  retrieves the B<unescaped> form of the cookie.  You can use the
7288  regular cookie() method to get the names, or use the raw_fetch()
7289  method from the CGI::Cookie module.
7290  
7291  =item B<user_agent()>
7292  
7293  Returns the HTTP_USER_AGENT variable.  If you give
7294  this method a single argument, it will attempt to
7295  pattern match on it, allowing you to do something
7296  like user_agent(netscape);
7297  
7298  =item B<path_info()>
7299  
7300  Returns additional path information from the script URL.
7301  E.G. fetching /cgi-bin/your_script/additional/stuff will result in
7302  path_info() returning "/additional/stuff".
7303  
7304  NOTE: The Microsoft Internet Information Server
7305  is broken with respect to additional path information.  If
7306  you use the Perl DLL library, the IIS server will attempt to
7307  execute the additional path information as a Perl script.
7308  If you use the ordinary file associations mapping, the
7309  path information will be present in the environment, 
7310  but incorrect.  The best thing to do is to avoid using additional
7311  path information in CGI scripts destined for use with IIS.
7312  
7313  =item B<path_translated()>
7314  
7315  As per path_info() but returns the additional
7316  path information translated into a physical path, e.g.
7317  "/usr/local/etc/httpd/htdocs/additional/stuff".
7318  
7319  The Microsoft IIS is broken with respect to the translated
7320  path as well.
7321  
7322  =item B<remote_host()>
7323  
7324  Returns either the remote host name or IP address.
7325  if the former is unavailable.
7326  
7327  =item B<script_name()>
7328  Return the script name as a partial URL, for self-refering
7329  scripts.
7330  
7331  =item B<referer()>
7332  
7333  Return the URL of the page the browser was viewing
7334  prior to fetching your script.  Not available for all
7335  browsers.
7336  
7337  =item B<auth_type ()>
7338  
7339  Return the authorization/verification method in use for this
7340  script, if any.
7341  
7342  =item B<server_name ()>
7343  
7344  Returns the name of the server, usually the machine's host
7345  name.
7346  
7347  =item B<virtual_host ()>
7348  
7349  When using virtual hosts, returns the name of the host that
7350  the browser attempted to contact
7351  
7352  =item B<server_port ()>
7353  
7354  Return the port that the server is listening on.
7355  
7356  =item B<virtual_port ()>
7357  
7358  Like server_port() except that it takes virtual hosts into account.
7359  Use this when running with virtual hosts.
7360  
7361  =item B<server_software ()>
7362  
7363  Returns the server software and version number.
7364  
7365  =item B<remote_user ()>
7366  
7367  Return the authorization/verification name used for user
7368  verification, if this script is protected.
7369  
7370  =item B<user_name ()>
7371  
7372  Attempt to obtain the remote user's name, using a variety of different
7373  techniques.  This only works with older browsers such as Mosaic.
7374  Newer browsers do not report the user name for privacy reasons!
7375  
7376  =item B<request_method()>
7377  
7378  Returns the method used to access your script, usually
7379  one of 'POST', 'GET' or 'HEAD'.
7380  
7381  =item B<content_type()>
7382  
7383  Returns the content_type of data submitted in a POST, generally 
7384  multipart/form-data or application/x-www-form-urlencoded
7385  
7386  =item B<http()>
7387  
7388  Called with no arguments returns the list of HTTP environment
7389  variables, including such things as HTTP_USER_AGENT,
7390  HTTP_ACCEPT_LANGUAGE, and HTTP_ACCEPT_CHARSET, corresponding to the
7391  like-named HTTP header fields in the request.  Called with the name of
7392  an HTTP header field, returns its value.  Capitalization and the use
7393  of hyphens versus underscores are not significant.
7394  
7395  For example, all three of these examples are equivalent:
7396  
7397     $requested_language = http('Accept-language');
7398     $requested_language = http('Accept_language');
7399     $requested_language = http('HTTP_ACCEPT_LANGUAGE');
7400  
7401  =item B<https()>
7402  
7403  The same as I<http()>, but operates on the HTTPS environment variables
7404  present when the SSL protocol is in effect.  Can be used to determine
7405  whether SSL is turned on.
7406  
7407  =back
7408  
7409  =head1 USING NPH SCRIPTS
7410  
7411  NPH, or "no-parsed-header", scripts bypass the server completely by
7412  sending the complete HTTP header directly to the browser.  This has
7413  slight performance benefits, but is of most use for taking advantage
7414  of HTTP extensions that are not directly supported by your server,
7415  such as server push and PICS headers.
7416  
7417  Servers use a variety of conventions for designating CGI scripts as
7418  NPH.  Many Unix servers look at the beginning of the script's name for
7419  the prefix "nph-".  The Macintosh WebSTAR server and Microsoft's
7420  Internet Information Server, in contrast, try to decide whether a
7421  program is an NPH script by examining the first line of script output.
7422  
7423  
7424  CGI.pm supports NPH scripts with a special NPH mode.  When in this
7425  mode, CGI.pm will output the necessary extra header information when
7426  the header() and redirect() methods are
7427  called.
7428  
7429  The Microsoft Internet Information Server requires NPH mode.  As of
7430  version 2.30, CGI.pm will automatically detect when the script is
7431  running under IIS and put itself into this mode.  You do not need to
7432  do this manually, although it won't hurt anything if you do.  However,
7433  note that if you have applied Service Pack 6, much of the
7434  functionality of NPH scripts, including the ability to redirect while
7435  setting a cookie, b<do not work at all> on IIS without a special patch
7436  from Microsoft.  See
7437  http://support.microsoft.com/support/kb/articles/Q280/3/41.ASP:
7438  Non-Parsed Headers Stripped From CGI Applications That Have nph-
7439  Prefix in Name.
7440  
7441  =over 4
7442  
7443  =item In the B<use> statement 
7444  
7445  Simply add the "-nph" pragmato the list of symbols to be imported into
7446  your script:
7447  
7448        use CGI qw(:standard -nph)
7449  
7450  =item By calling the B<nph()> method:
7451  
7452  Call B<nph()> with a non-zero parameter at any point after using CGI.pm in your program.
7453  
7454        CGI->nph(1)
7455  
7456  =item By using B<-nph> parameters
7457  
7458  in the B<header()> and B<redirect()>  statements:
7459  
7460        print header(-nph=>1);
7461  
7462  =back
7463  
7464  =head1 Server Push
7465  
7466  CGI.pm provides four simple functions for producing multipart
7467  documents of the type needed to implement server push.  These
7468  functions were graciously provided by Ed Jordan <ed@fidalgo.net>.  To
7469  import these into your namespace, you must import the ":push" set.
7470  You are also advised to put the script into NPH mode and to set $| to
7471  1 to avoid buffering problems.
7472  
7473  Here is a simple script that demonstrates server push:
7474  
7475    #!/usr/local/bin/perl
7476    use CGI qw/:push -nph/;
7477    $| = 1;
7478    print multipart_init(-boundary=>'----here we go!');
7479    foreach (0 .. 4) {
7480        print multipart_start(-type=>'text/plain'),
7481              "The current time is ",scalar(localtime),"\n";
7482        if ($_ < 4) {
7483                print multipart_end;
7484        } else {
7485                print multipart_final;
7486        }
7487        sleep 1;
7488    }
7489  
7490  This script initializes server push by calling B<multipart_init()>.
7491  It then enters a loop in which it begins a new multipart section by
7492  calling B<multipart_start()>, prints the current local time,
7493  and ends a multipart section with B<multipart_end()>.  It then sleeps
7494  a second, and begins again. On the final iteration, it ends the
7495  multipart section with B<multipart_final()> rather than with
7496  B<multipart_end()>.
7497  
7498  =over 4
7499  
7500  =item multipart_init()
7501  
7502    multipart_init(-boundary=>$boundary);
7503  
7504  Initialize the multipart system.  The -boundary argument specifies
7505  what MIME boundary string to use to separate parts of the document.
7506  If not provided, CGI.pm chooses a reasonable boundary for you.
7507  
7508  =item multipart_start()
7509  
7510    multipart_start(-type=>$type)
7511  
7512  Start a new part of the multipart document using the specified MIME
7513  type.  If not specified, text/html is assumed.
7514  
7515  =item multipart_end()
7516  
7517    multipart_end()
7518  
7519  End a part.  You must remember to call multipart_end() once for each
7520  multipart_start(), except at the end of the last part of the multipart
7521  document when multipart_final() should be called instead of multipart_end().
7522  
7523  =item multipart_final()
7524  
7525    multipart_final()
7526  
7527  End all parts.  You should call multipart_final() rather than
7528  multipart_end() at the end of the last part of the multipart document.
7529  
7530  =back
7531  
7532  Users interested in server push applications should also have a look
7533  at the CGI::Push module.
7534  
7535  Only Netscape Navigator supports server push.  Internet Explorer
7536  browsers do not.
7537  
7538  =head1 Avoiding Denial of Service Attacks
7539  
7540  A potential problem with CGI.pm is that, by default, it attempts to
7541  process form POSTings no matter how large they are.  A wily hacker
7542  could attack your site by sending a CGI script a huge POST of many
7543  megabytes.  CGI.pm will attempt to read the entire POST into a
7544  variable, growing hugely in size until it runs out of memory.  While
7545  the script attempts to allocate the memory the system may slow down
7546  dramatically.  This is a form of denial of service attack.
7547  
7548  Another possible attack is for the remote user to force CGI.pm to
7549  accept a huge file upload.  CGI.pm will accept the upload and store it
7550  in a temporary directory even if your script doesn't expect to receive
7551  an uploaded file.  CGI.pm will delete the file automatically when it
7552  terminates, but in the meantime the remote user may have filled up the
7553  server's disk space, causing problems for other programs.
7554  
7555  The best way to avoid denial of service attacks is to limit the amount
7556  of memory, CPU time and disk space that CGI scripts can use.  Some Web
7557  servers come with built-in facilities to accomplish this. In other
7558  cases, you can use the shell I<limit> or I<ulimit>
7559  commands to put ceilings on CGI resource usage.
7560  
7561  
7562  CGI.pm also has some simple built-in protections against denial of
7563  service attacks, but you must activate them before you can use them.
7564  These take the form of two global variables in the CGI name space:
7565  
7566  =over 4
7567  
7568  =item B<$CGI::POST_MAX>
7569  
7570  If set to a non-negative integer, this variable puts a ceiling
7571  on the size of POSTings, in bytes.  If CGI.pm detects a POST
7572  that is greater than the ceiling, it will immediately exit with an error
7573  message.  This value will affect both ordinary POSTs and
7574  multipart POSTs, meaning that it limits the maximum size of file
7575  uploads as well.  You should set this to a reasonably high
7576  value, such as 1 megabyte.
7577  
7578  =item B<$CGI::DISABLE_UPLOADS>
7579  
7580  If set to a non-zero value, this will disable file uploads
7581  completely.  Other fill-out form values will work as usual.
7582  
7583  =back
7584  
7585  You can use these variables in either of two ways.
7586  
7587  =over 4
7588  
7589  =item B<1. On a script-by-script basis>
7590  
7591  Set the variable at the top of the script, right after the "use" statement:
7592  
7593      use CGI qw/:standard/;
7594      use CGI::Carp 'fatalsToBrowser';
7595      $CGI::POST_MAX=1024 * 100;  # max 100K posts
7596      $CGI::DISABLE_UPLOADS = 1;  # no uploads
7597  
7598  =item B<2. Globally for all scripts>
7599  
7600  Open up CGI.pm, find the definitions for $POST_MAX and 
7601  $DISABLE_UPLOADS, and set them to the desired values.  You'll 
7602  find them towards the top of the file in a subroutine named 
7603  initialize_globals().
7604  
7605  =back
7606  
7607  An attempt to send a POST larger than $POST_MAX bytes will cause
7608  I<param()> to return an empty CGI parameter list.  You can test for
7609  this event by checking I<cgi_error()>, either after you create the CGI
7610  object or, if you are using the function-oriented interface, call
7611  <param()> for the first time.  If the POST was intercepted, then
7612  cgi_error() will return the message "413 POST too large".
7613  
7614  This error message is actually defined by the HTTP protocol, and is
7615  designed to be returned to the browser as the CGI script's status
7616   code.  For example:
7617  
7618     $uploaded_file = param('upload');
7619     if (!$uploaded_file && cgi_error()) {
7620        print header(-status=>cgi_error());
7621        exit 0;
7622     }
7623  
7624  However it isn't clear that any browser currently knows what to do
7625  with this status code.  It might be better just to create an
7626  HTML page that warns the user of the problem.
7627  
7628  =head1 COMPATIBILITY WITH CGI-LIB.PL
7629  
7630  To make it easier to port existing programs that use cgi-lib.pl the
7631  compatibility routine "ReadParse" is provided.  Porting is simple:
7632  
7633  OLD VERSION
7634      require "cgi-lib.pl";
7635      &ReadParse;
7636      print "The value of the antique is $in{antique}.\n";
7637  
7638  NEW VERSION
7639      use CGI;
7640      CGI::ReadParse();
7641      print "The value of the antique is $in{antique}.\n";
7642  
7643  CGI.pm's ReadParse() routine creates a tied variable named %in,
7644  which can be accessed to obtain the query variables.  Like
7645  ReadParse, you can also provide your own variable.  Infrequently
7646  used features of ReadParse, such as the creation of @in and $in 
7647  variables, are not supported.
7648  
7649  Once you use ReadParse, you can retrieve the query object itself
7650  this way:
7651  
7652      $q = $in{CGI};
7653      print textfield(-name=>'wow',
7654              -value=>'does this really work?');
7655  
7656  This allows you to start using the more interesting features
7657  of CGI.pm without rewriting your old scripts from scratch.
7658  
7659  =head1 AUTHOR INFORMATION
7660  
7661  Copyright 1995-1998, Lincoln D. Stein.  All rights reserved.  
7662  
7663  This library is free software; you can redistribute it and/or modify
7664  it under the same terms as Perl itself.
7665  
7666  Address bug reports and comments to: lstein@cshl.org.  When sending
7667  bug reports, please provide the version of CGI.pm, the version of
7668  Perl, the name and version of your Web server, and the name and
7669  version of the operating system you are using.  If the problem is even
7670  remotely browser dependent, please provide information about the
7671  affected browers as well.
7672  
7673  =head1 CREDITS
7674  
7675  Thanks very much to:
7676  
7677  =over 4
7678  
7679  =item Matt Heffron (heffron@falstaff.css.beckman.com)
7680  
7681  =item James Taylor (james.taylor@srs.gov)
7682  
7683  =item Scott Anguish <sanguish@digifix.com>
7684  
7685  =item Mike Jewell (mlj3u@virginia.edu)
7686  
7687  =item Timothy Shimmin (tes@kbs.citri.edu.au)
7688  
7689  =item Joergen Haegg (jh@axis.se)
7690  
7691  =item Laurent Delfosse (delfosse@delfosse.com)
7692  
7693  =item Richard Resnick (applepi1@aol.com)
7694  
7695  =item Craig Bishop (csb@barwonwater.vic.gov.au)
7696  
7697  =item Tony Curtis (tc@vcpc.univie.ac.at)
7698  
7699  =item Tim Bunce (Tim.Bunce@ig.co.uk)
7700  
7701  =item Tom Christiansen (tchrist@convex.com)
7702  
7703  =item Andreas Koenig (k@franz.ww.TU-Berlin.DE)
7704  
7705  =item Tim MacKenzie (Tim.MacKenzie@fulcrum.com.au)
7706  
7707  =item Kevin B. Hendricks (kbhend@dogwood.tyler.wm.edu)
7708  
7709  =item Stephen Dahmen (joyfire@inxpress.net)
7710  
7711  =item Ed Jordan (ed@fidalgo.net)
7712  
7713  =item David Alan Pisoni (david@cnation.com)
7714  
7715  =item Doug MacEachern (dougm@opengroup.org)
7716  
7717  =item Robin Houston (robin@oneworld.org)
7718  
7719  =item ...and many many more...
7720  
7721  for suggestions and bug fixes.
7722  
7723  =back
7724  
7725  =head1 A COMPLETE EXAMPLE OF A SIMPLE FORM-BASED SCRIPT
7726  
7727  
7728      #!/usr/local/bin/perl
7729  
7730      use CGI ':standard';
7731  
7732      print header;
7733      print start_html("Example CGI.pm Form");
7734      print "<h1> Example CGI.pm Form</h1>\n";
7735          print_prompt();
7736      do_work();
7737      print_tail();
7738      print end_html;
7739  
7740      sub print_prompt {
7741         print start_form;
7742         print "<em>What's your name?</em><br>";
7743         print textfield('name');
7744         print checkbox('Not my real name');
7745  
7746         print "<p><em>Where can you find English Sparrows?</em><br>";
7747         print checkbox_group(
7748                   -name=>'Sparrow locations',
7749                   -values=>[England,France,Spain,Asia,Hoboken],
7750                   -linebreak=>'yes',
7751                   -defaults=>[England,Asia]);
7752  
7753         print "<p><em>How far can they fly?</em><br>",
7754          radio_group(
7755              -name=>'how far',
7756              -values=>['10 ft','1 mile','10 miles','real far'],
7757              -default=>'1 mile');
7758  
7759         print "<p><em>What's your favorite color?</em>  ";
7760         print popup_menu(-name=>'Color',
7761                      -values=>['black','brown','red','yellow'],
7762                      -default=>'red');
7763  
7764         print hidden('Reference','Monty Python and the Holy Grail');
7765  
7766         print "<p><em>What have you got there?</em><br>";
7767         print scrolling_list(
7768               -name=>'possessions',
7769               -values=>['A Coconut','A Grail','An Icon',
7770                     'A Sword','A Ticket'],
7771               -size=>5,
7772               -multiple=>'true');
7773  
7774         print "<p><em>Any parting comments?</em><br>";
7775         print textarea(-name=>'Comments',
7776                    -rows=>10,
7777                    -columns=>50);
7778  
7779         print "<p>",reset;
7780         print submit('Action','Shout');
7781         print submit('Action','Scream');
7782         print endform;
7783         print "<hr>\n";
7784      }
7785  
7786      sub do_work {
7787         my(@values,$key);
7788  
7789         print "<h2>Here are the current settings in this form</h2>";
7790  
7791         foreach $key (param) {
7792            print "<strong>$key</strong> -> ";
7793            @values = param($key);
7794            print join(", ",@values),"<br>\n";
7795        }
7796      }
7797  
7798      sub print_tail {
7799         print <<END;
7800      <hr>
7801      <address>Lincoln D. Stein</address><br>
7802      <a href="/">Home Page</a>
7803      END
7804      }
7805  
7806  =head1 BUGS
7807  
7808  Please report them.
7809  
7810  =head1 SEE ALSO
7811  
7812  L<CGI::Carp>, L<CGI::Fast>, L<CGI::Pretty>
7813  
7814  =cut
7815  


Generated: Tue Mar 17 22:47:18 2015 Cross-referenced by PHPXref 0.7.1