File Coverage

166316641665166616671668166916701671 12 0 167216731674167516761677167816791680 50 1681168216831684 100 1685 50 33 1686 0 0 16871688 50 168916901691 50 169216931694 100 66 1695 50 66 1696 50 66 16971698 100 66 16991700170117021703170417051706170717081709 100 171017111712 100 1713 50 1714171517161717 100 171817191720 50 1721 100 100 66 172217231724 50 $title 100 17251726$title1727 50 1728 0 0 1729173017311732 50 33 33 1733 0 0 1734 0 0 1735 0 0 173617371738 50 66 66 1739 50 17401741174217431744 50 1745 0 0 1746 0 1747 0 0 0 174817491750 0 1751 0 0 17521753175417551756 50 1757 100 1758 100 66 175917601761 50 1762

1765

END

1766

;

1767

my($other) = @other ? " @other" : '';

1768

push(@result,"\n\n");

1769

return join("\n",@result);

1770

}

1771

1772

### Method: _style

1773

# internal method for generating a CSS style section

1774

####

1775

sub _style {

1776

my ($self,$style) = @_;

1777

my (@result);

1778

1779

my $type = 'text/css';

1780

my $rel = 'stylesheet';

1781

1782

1783

my $cdata_start = $XHTML ? "\n\n" : " -->\n";

1785

1786

my @s = ref($style) eq 'ARRAY' ? @$style : $style;

1787

my $other = '';

1788

1789

for my $s (@s) {

1790

if (ref($s)) {

1791

my($src,$code,$verbatim,$stype,$alternate,$foo,@other) =

1792

rearrange([qw(SRC CODE VERBATIM TYPE ALTERNATE FOO)],

1793

('-foo'=>'bar',

1794

ref($s) eq 'ARRAY' ? @$s : %$s));

1795

my $type = defined $stype ? $stype : 'text/css';

1796

my $rel = $alternate ? 'alternate stylesheet' : 'stylesheet';

1797

$other = "@other" if @other;

1798

1799

if (ref($src) eq "ARRAY") # Check to see if the $src variable is an array reference

1800

{ # If it is, push a LINK tag for each one

1801

for $src (@$src)

1802

{

1803

push(@result,$XHTML ? qq()

1804

: qq()) if $src;

1805

}

1806

}

1807

else

1808

{ # Otherwise, push the single -src, if it exists.

1809

push(@result,$XHTML ? qq()

1810

: qq()

1811

) if $src;

1812

}

1813

if ($verbatim) {

1814

my @v = ref($verbatim) eq 'ARRAY' ? @$verbatim : $verbatim;

1815

push(@result, "") for @v;

1816

}

1817

if ($code) {

1818

my @c = ref($code) eq 'ARRAY' ? @$code : $code;

1819

push(@result,style({'type'=>$type},"$cdata_start\n$_\n$cdata_end")) for @c;

1820

}

1821

1822

} else {

1823

my $src = $s;

1824

push(@result,$XHTML ? qq()

1825

: qq());

1826

}

1827

}

1828

@result;

1829

}

1830

1831

sub _script {

1832

my ($self,$script) = @_;

1833

my (@result);

1834

1835

my (@scripts) = ref($script) eq 'ARRAY' ? @$script : ($script);

1836

for $script (@scripts) {

1837

my($src,$code,$language,$charset);

1838

if (ref($script)) { # script is a hash

1839

($src,$code,$type,$charset) =

1840

rearrange(['SRC','CODE',['LANGUAGE','TYPE'],'CHARSET'],

1841

'-foo'=>'bar', # a trick to allow the '-' to be omitted

1842

ref($script) eq 'ARRAY' ? @$script : %$script);

1843

$type ||= 'text/javascript';

1844

unless ($type =~ m!\w+/\w+!) {

1845

$type =~ s/[\d.]+$//;

1846

$type = "text/$type";

1847

}

1848

} else {

1849

($src,$code,$type,$charset) = ('',$script, 'text/javascript', '');

1850

}

1851

1852

my $comment = '//'; # javascript by default

1853

$comment = '#' if $type=~/perl|tcl/i;

1854

$comment = "'" if $type=~/vbscript/i;

1855

1856

my ($cdata_start,$cdata_end);

1857

if ($XHTML) {

1858

$cdata_start = "$comment

1859

$cdata_end .= "\n$comment]]>";

1860

} else {

1861

$cdata_start = "\n\n";

1864

}

1865

my(@satts);

1866

push(@satts,'src'=>$src) if $src;

1867

push(@satts,'type'=>$type);

1868

push(@satts,'charset'=>$charset) if ($src && $charset);

1869

$code = $cdata_start . $code . $cdata_end if defined $code;

1870

push(@result,$self->script({@satts},$code || ''));

1871

}

1872

@result;

1873

}

1874

1875

#### Method: end_html

1876

# End an HTML document.

1877

# Trivial method for completeness. Just returns ""

1878

####

1879

sub end_html {

1880

return "\n\n";

1881

}

1882

1883

################################

1884

# METHODS USED IN BUILDING FORMS

1885

################################

1886

1887

#### Method: isindex

1888

# Just prints out the isindex tag.

1889

# Parameters:

1890

# $action -> optional URL of script to run

1891

# Returns:

1892

# A string containing a tag

1893

sub isindex {

1894

my($self,@p) = self_or_default(@_);

1895

my($action,@other) = rearrange([ACTION],@p);

1896

$action = qq/ action="$action"/ if $action;

1897

my($other) = @other ? " @other" : '';

1898

return $XHTML ? "" : "";

1899

}

1900

1901

#### Method: start_form

1902

# Start a form

1903

# Parameters:

1904

# $method -> optional submission method to use (GET or POST)

1905

# $action -> optional URL of script to run

1906

# $enctype ->encoding to use (URL_ENCODED or MULTIPART)

1907

sub start_form {

1908

my($self,@p) = self_or_default(@_);

1909

1910

my($method,$action,$enctype,@other) =

1911

rearrange([METHOD,ACTION,ENCTYPE],@p);

1912

1913

100

$method = $self->_maybe_escapeHTML(lc($method || 'post'));

1914

1915

100

470

if( $XHTML ){

1916

$enctype = $self->_maybe_escapeHTML($enctype || &MULTIPART);

1917

}else{

1918

$enctype = $self->_maybe_escapeHTML($enctype || &URL_ENCODED);

1919

}

1920

1921

302

if (defined $action) {

1922

$action = $self->_maybe_escapeHTML($action);

1923

}

1924

else {

1925

$action = $self->_maybe_escapeHTML($self->request_uri || $self->self_url);

1926

}

1927

289

$action = qq(action="$action");

1928

100

my($other) = @other ? " @other" : '';

1929

$self->{'.parametersToAdd'}={};

1930

return qq/

1931

}

1932

1933

#### Method: start_multipart_form

1934

sub start_multipart_form {

1935

my($self,@p) = self_or_default(@_);

1936

if (defined($p[0]) && substr($p[0],0,1) eq '-') {

1937

return $self->start_form(-enctype=>&MULTIPART,@p);

1938

} else {

1939

my($method,$action,@other) =

1940

rearrange([METHOD,ACTION],@p);

1941

return $self->start_form($method,$action,&MULTIPART,@other);

1942

}

1943

}

1944

1945

#### Method: end_form

1946

# End a form

1947

# Note: This repeated below under the older name.

1948

sub end_form {

1949

my($self,@p) = self_or_default(@_);

1950

if ( $NOSTICKY ) {

1951

return wantarray ? ("") : "\n";

1952

} else {

1953

if (my @fields = $self->get_fields) {

1954

return wantarray ? ("

",@fields,"

","")

1955

: "

".(join '',@fields)."

\n";

1956

} else {

1957

return "";

1958

}

1959

}

1960

}

1961

1962

#### Method: end_multipart_form

1963

# end a multipart form

1964

sub end_multipart_form {

1965

&end_form;

1966

}

1967

1968

sub _textfield {

1969

my($self,$tag,@p) = self_or_default(@_);

1970

my($name,$default,$size,$maxlength,$override,$tabindex,@other) =

1971

rearrange([NAME,[DEFAULT,VALUE,VALUES],SIZE,MAXLENGTH,[OVERRIDE,FORCE],TABINDEX],@p);

1972

1973

100

my $current = $override ? $default :

100

1974

(defined($self->param($name)) ? $self->param($name) : $default);

1975

1976

$current = defined($current) ? $self->_maybe_escapeHTML($current,1) : '';

1977

100

212

$name = defined($name) ? $self->_maybe_escapeHTML($name) : '';

1978

181

my($s) = defined($size) ? qq/ size="$size"/ : '';

1979

my($m) = defined($maxlength) ? qq/ maxlength="$maxlength"/ : '';

1980

100

my($other) = @other ? " @other" : '';

1981

# this entered at cristy's request to fix problems with file upload fields

1982

# and WebTV -- not sure it won't break stuff

1983

my($value) = $current ne '' ? qq(value="$current") : '';

1984

$tabindex = $self->element_tab($tabindex);

1985

return $XHTML ? qq()

1986

: qq();

1987

}

1988

1989

#### Method: textfield

1990

# Parameters:

1991

# $name -> Name of the text field

1992

# $default -> Optional default value of the field if not

1993

# already defined.

1994

# $size -> Optional width of field in characaters.

1995

# $maxlength -> Optional maximum number of characters.

1996

# Returns:

1997

# A string containing a field

1998

1999

sub textfield {

2000

my($self,@p) = self_or_default(@_);

2001

$self->_textfield('text',@p);

2002

}

2003

2004

#### Method: filefield

2005

# Parameters:

2006

# $name -> Name of the file upload field

2007

# $size -> Optional width of field in characaters.

2008

# $maxlength -> Optional maximum number of characters.

2009

# Returns:

2010

# A string containing a field

2011

2012

sub filefield {

2013

my($self,@p) = self_or_default(@_);

2014

$self->_textfield('file',@p);

2015

}

2016

2017

#### Method: password

2018

# Create a "secret password" entry field

2019

# Parameters:

2020

# $name -> Name of the field

2021

# $default -> Optional default value of the field if not

2022

# already defined.

2023

# $size -> Optional width of field in characters.

2024

# $maxlength -> Optional maximum characters that can be entered.

2025

# Returns:

2026

# A string containing a field

2027

2028

sub password_field {

2029

my ($self,@p) = self_or_default(@_);

2030

$self->_textfield('password',@p);

2031

}

2032

2033

#### Method: textarea

2034

# Parameters:

2035

# $name -> Name of the text field

2036

# $default -> Optional default value of the field if not

2037

# already defined.

2038

# $rows -> Optional number of rows in text area

2039

# $columns -> Optional number of columns in text area

2040

# Returns:

2041

# A string containing a tag

2042

2043

sub textarea {

2044

my($self,@p) = self_or_default(@_);

2045

my($name,$default,$rows,$cols,$override,$tabindex,@other) =

2046

rearrange([NAME,[DEFAULT,VALUE],ROWS,[COLS,COLUMNS],[OVERRIDE,FORCE],TABINDEX],@p);

2047

2048

my($current)= $override ? $default :

2049

(defined($self->param($name)) ? $self->param($name) : $default);

2050

2051

$name = defined($name) ? $self->_maybe_escapeHTML($name) : '';

2052

$current = defined($current) ? $self->_maybe_escapeHTML($current) : '';

2053

my($r) = $rows ? qq/ rows="$rows"/ : '';

2054

my($c) = $cols ? qq/ cols="$cols"/ : '';

2055

100

my($other) = @other ? " @other" : '';

2056

$tabindex = $self->element_tab($tabindex);

2057

return qq{};

2058

}

2059

2060

#### Method: button

2061

# Create a javascript button.

2062

# Parameters:

2063

# $name -> (optional) Name for the button. (-name)

2064

# $value -> (optional) Value of the button when selected (and visible name) (-value)

2065

# $onclick -> (optional) Text of the JavaScript to run when the button is

2066

# clicked.

2067

# Returns:

2068

# A string containing a tag

2069

####

2070

sub button {

2071

742

my($self,@p) = self_or_default(@_);

2072

2073

my($label,$value,$script,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL],

2074

[ONCLICK,SCRIPT],TABINDEX],@p);

2075

2076

$label=$self->_maybe_escapeHTML($label);

2077

238

$value=$self->_maybe_escapeHTML($value,1);

2078

$script=$self->_maybe_escapeHTML($script);

2079

2080

100

$script ||= '';

2081

2082

my($name) = '';

2083

100

$name = qq/ name="$label"/ if $label;

2084

$value = $value || $label;

2085

my($val) = '';

2086

100

$val = qq/ value="$value"/ if $value;

2087

100

$script = qq/ onclick="$script"/ if $script;

2088

100

my($other) = @other ? " @other" : '';

2089

$tabindex = $self->element_tab($tabindex);

2090

return $XHTML ? qq()

2091

: qq();

2092

}

2093

2094

#### Method: submit

2095

# Create a "submit query" button.

2096

# Parameters:

2097

# $name -> (optional) Name for the button.

2098

# $value -> (optional) Value of the button when selected (also doubles as label).

2099

# $label -> (optional) Label printed on the button(also doubles as the value).

2100

# Returns:

2101

# A string containing a tag

2102

####

2103

sub submit {

2104

352

my($self,@p) = self_or_default(@_);

2105

2106

my($label,$value,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL],TABINDEX],@p);

2107

2108

$label=$self->_maybe_escapeHTML($label);

2109

252

$value=$self->_maybe_escapeHTML($value,1);

2110

2111

305

my $name = $NOSTICKY ? '' : 'name=".submit" ';

2112

100

$name = qq/name="$label" / if defined($label);

2113

100

$value = defined($value) ? $value : $label;

2114

my $val = '';

2115

100

$val = qq/value="$value" / if defined($value);

2116

$tabindex = $self->element_tab($tabindex);

2117

100

my($other) = @other ? "@other " : '';

2118

return $XHTML ? qq()

2119

: qq();

2120

}

2121

2122

#### Method: reset

2123

# Create a "reset" button.

2124

# Parameters:

2125

# $name -> (optional) Name for the button.

2126

# Returns:

2127

# A string containing a tag

2128

####

2129

sub reset {

2130

my($self,@p) = self_or_default(@_);

2131

my($label,$value,$tabindex,@other) = rearrange(['NAME',['VALUE','LABEL'],TABINDEX],@p);

2132

$label=$self->_maybe_escapeHTML($label);

2133

$value=$self->_maybe_escapeHTML($value,1);

2134

my ($name) = ' name=".reset"';

2135

$name = qq/ name="$label"/ if defined($label);

2136

$value = defined($value) ? $value : $label;

2137

my($val) = '';

2138

$val = qq/ value="$value"/ if defined($value);

2139

my($other) = @other ? " @other" : '';

2140

$tabindex = $self->element_tab($tabindex);

2141

return $XHTML ? qq()

2142

: qq();

2143

}

2144

2145

#### Method: defaults

2146

# Create a "defaults" button.

2147

# Parameters:

2148

# $name -> (optional) Name for the button.

2149

# Returns:

2150

# A string containing a tag

2151

2152

# Note: this button has a special meaning to the initialization script,

2153

# and tells it to ERASE the current query string so that your defaults

2154

# are used again!

2155

####

2156

sub defaults {

2157

my($self,@p) = self_or_default(@_);

2158

2159

my($label,$tabindex,@other) = rearrange([[NAME,VALUE],TABINDEX],@p);

2160

2161

$label=$self->_maybe_escapeHTML($label,1);

2162

$label = $label || "Defaults";

2163

my($value) = qq/ value="$label"/;

2164

my($other) = @other ? " @other" : '';

2165

$tabindex = $self->element_tab($tabindex);

2166

return $XHTML ? qq()

2167

: qq//;

2168

}

2169

2170

#### Method: comment

2171

# Create an HTML

2172

# Parameters: a string

2173

sub comment {

2174

my($self,@p) = self_or_CGI(@_);

2175

return "";

2176

}

2177

2178

#### Method: checkbox

2179

# Create a checkbox that is not logically linked to any others.

2180

# The field value is "on" when the button is checked.

2181

# Parameters:

2182

# $name -> Name of the checkbox

2183

# $checked -> (optional) turned on by default if true

2184

# $value -> (optional) value of the checkbox, 'on' by default

2185

# $label -> (optional) a user-readable label printed next to the box.

2186

# Otherwise the checkbox name is used.

2187

# Returns:

2188

# A string containing a field

2189

####

2190

sub checkbox {

2191

my($self,@p) = self_or_default(@_);

2192

2193

my($name,$checked,$value,$label,$labelattributes,$override,$tabindex,@other) =

2194

rearrange([NAME,[CHECKED,SELECTED,ON],VALUE,LABEL,LABELATTRIBUTES,

2195

[OVERRIDE,FORCE],TABINDEX],@p);

2196

2197

$value = defined $value ? $value : 'on';

2198

2199

100

if (!$override && ($self->{'.fieldnames'}->{$name} ||

2200

defined $self->param($name))) {

2201

100

$checked = grep($_ eq $value,$self->param($name)) ? $self->_checked(1) : '';

2202

} else {

2203

$checked = $self->_checked($checked);

2204

}

2205

100

my($the_label) = defined $label ? $label : $name;

2206

$name = $self->_maybe_escapeHTML($name);

2207

248

$value = $self->_maybe_escapeHTML($value,1);

2208

209

$the_label = $self->_maybe_escapeHTML($the_label);

2209

100

235

my($other) = @other ? "@other " : '';

2210

$tabindex = $self->element_tab($tabindex);

2211

$self->register_parameter($name);

2212

return $XHTML ? CGI::label($labelattributes,

2213

qq{$the_label})

2214

: qq{$the_label};

2215

}

2216

2217

# Escape HTML

2218

sub escapeHTML {

2219

251

6528

require HTML::Entities;

2220

# hack to work around earlier hacks

2221

251

100

43904

push @_,$_[0] if @_==1 && $_[0] eq 'CGI';

2222

251

285

my ($self,$toencode,$newlinestoo) = CGI::self_or_default(@_);

2223

251

368

return undef unless defined($toencode);

2224

251

220

my $encode_entities = $ENCODE_ENTITIES;

2225

251

100

693

$encode_entities .= "\012\015" if ( $encode_entities && $newlinestoo );

2226

251

420

return HTML::Entities::encode_entities($toencode,$encode_entities);

2227

}

2228

2229

# unescape HTML -- used internally

2230

sub unescapeHTML {

2231

105

2730

require HTML::Entities;

2232

# hack to work around earlier hacks

2233

105

15971

push @_,$_[0] if @_==1 && $_[0] eq 'CGI';

2234

105

128

my ($self,$string) = CGI::self_or_default(@_);

2235

105

100

192

return undef unless defined($string);

2236

357

return HTML::Entities::decode_entities($string);

2237

}

2238

2239

# Internal procedure - don't use

2240

sub _tableize {

2241

my($rows,$columns,$rowheaders,$colheaders,@elements) = @_;

2242

my @rowheaders = $rowheaders ? @$rowheaders : ();

2243

my @colheaders = $colheaders ? @$colheaders : ();

2244

my($result);

2245

2246

if (defined($columns)) {

2247

$rows = int(0.99 + @elements/$columns) unless defined($rows);

2248

}

2249

if (defined($rows)) {

2250

$columns = int(0.99 + @elements/$rows) unless defined($columns);

2251

}

2252

2253

# rearrange into a pretty table

2254

$result = ""; " if @colheaders; "; "; " if @rowheaders; " ";

2255	1			1	my($row,$column);
2256	1	50	33	2	unshift(@colheaders,'') if @colheaders && @rowheaders;
2257	1	50		2	$result .= "
2258	1			2	for (@colheaders) {
2259	0			0	$result .= "	$_
2260					}
2261	1			3	for ($row=0;$row<$rows;$row++) {
2262	2			3	$result .= "
2263	2	50		3	$result .= "	$rowheaders[$row]
2264	2			6	for ($column=0;$column<$columns;$column++) {
2265	4	50		15	$result .= "	" . $elements[$column*$rows + $row] . "
2266					if defined($elements[$column*$rows + $row]);
2267					}
2268	2			3	$result .= "
2269					}
2270	1			1	$result .= "

2271

return $result;

2272

}

2273

2274

#### Method: radio_group

2275

# Create a list of logically-linked radio buttons.

2276

# Parameters:

2277

# $name -> Common name for all the buttons.

2278

# $values -> A pointer to a regular array containing the

2279

# values for each button in the group.

2280

# $default -> (optional) Value of the button to turn on by default. Pass '-'

2281

# to turn _nothing_ on.

2282

# $linebreak -> (optional) Set to true to place linebreaks

2283

# between the buttons.

2284

# $labels -> (optional)

2285

# A pointer to a hash of labels to print next to each checkbox

2286

# in the form $label{'value'}="Long explanatory label".

2287

# Otherwise the provided values are used as the labels.

2288

# Returns:

2289

# An ARRAY containing a series of fields

2290

####

2291

sub radio_group {

2292

my($self,@p) = self_or_default(@_);

2293

$self->_box_group('radio',@p);

2294

}

2295

2296

#### Method: checkbox_group

2297

# Create a list of logically-linked checkboxes.

2298

# Parameters:

2299

# $name -> Common name for all the check boxes

2300

# $values -> A pointer to a regular array containing the

2301

# values for each checkbox in the group.

2302

# $defaults -> (optional)

2303

# 1. If a pointer to a regular array of checkbox values,

2304

# then this will be used to decide which

2305

# checkboxes to turn on by default.

2306

# 2. If a scalar, will be assumed to hold the

2307

# value of a single checkbox in the group to turn on.

2308

# $linebreak -> (optional) Set to true to place linebreaks

2309

# between the buttons.

2310

# $labels -> (optional)

2311

# A pointer to a hash of labels to print next to each checkbox

2312

# in the form $label{'value'}="Long explanatory label".

2313

# Otherwise the provided values are used as the labels.

2314

# Returns:

2315

# An ARRAY containing a series of fields

2316

####

2317

2318

sub checkbox_group {

2319

my($self,@p) = self_or_default(@_);

2320

$self->_box_group('checkbox',@p);

2321

}

2322

2323

sub _box_group {

2324

my $self = shift;

2325

my $box_type = shift;

2326

2327

my($name,$values,$defaults,$linebreak,$labels,$labelattributes,

2328

$attributes,$rows,$columns,$rowheaders,$colheaders,

2329

$override,$nolabels,$tabindex,$disabled,@other) =

2330

rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LINEBREAK,LABELS,LABELATTRIBUTES,

2331

ATTRIBUTES,ROWS,[COLUMNS,COLS],[ROWHEADERS,ROWHEADER],[COLHEADERS,COLHEADER],

2332

[OVERRIDE,FORCE],NOLABELS,TABINDEX,DISABLED

2333

],@_);

2334

2335

2336

my($result,$checked,@elements,@values);

2337

2338

@values = $self->_set_values_and_labels($values,\$labels,$name);

2339

my %checked = $self->previous_or_default($name,$defaults,$override);

2340

2341

# If no check array is specified, check the first by default

2342

100

$checked{$values[0]}++ if $box_type eq 'radio' && !%checked;

2343

2344

$name=$self->_maybe_escapeHTML($name);

2345

2346

441

my %tabs = ();

2347

if ($TABINDEX && $tabindex) {

2348

if (!ref $tabindex) {

2349

$self->element_tab($tabindex);

2350

} elsif (ref $tabindex eq 'ARRAY') {

2351

%tabs = map {$_=>$self->element_tab} @$tabindex;

2352

} elsif (ref $tabindex eq 'HASH') {

2353

%tabs = %$tabindex;

2354

}

2355

}

2356

%tabs = map {$_=>$self->element_tab} @values unless %tabs;

2357

100

my $other = @other ? "@other " : '';

2358

my $radio_checked;

2359

2360

# for disabling groups of radio/checkbox buttons

2361

my %disabled;

2362

for (@{$disabled}) {

2363

$disabled{$_}=1;

2364

}

2365

2366

for (@values) {

2367

my $disable="";

2368

100

if ($disabled{$_}) {

2369

$disable="disabled='1'";

2370

}

2371

2372

my $checkit = $self->_checked($box_type eq 'radio' ? ($checked{$_} && !$radio_checked++)

2373

100

125

: $checked{$_});

2374

my($break);

2375

100

if ($linebreak) {

2376

$break = $XHTML ? "
" : "
";

2377

}

2378

else {

2379

$break = '';

2380

}

2381

my($label)='';

2382

unless (defined($nolabels) && $nolabels) {

2383

$label = $_;

2384

100

$label = $labels->{$_} if defined($labels) && defined($labels->{$_});

2385

$label = $self->_maybe_escapeHTML($label,1);

2386

100

951

$label = "$label" if $disabled{$_};

2387

}

2388

my $attribs = $self->_set_attributes($_, $attributes);

2389

my $tab = $tabs{$_};

2390

$_=$self->_maybe_escapeHTML($_);

2391

2392

100

726

if ($XHTML) {

2393

110

push @elements,

2394

CGI::label($labelattributes,

2395

qq($label)).${break};

2396

} else {

2397

push(@elements,qq/${label}${break}/);

2398

}

2399

}

2400

$self->register_parameter($name);

2401

134

return wantarray ? @elements : "@elements"

100

2402

unless defined($columns) || defined($rows);

2403

return _tableize($rows,$columns,$rowheaders,$colheaders,@elements);

2404

}

2405

2406

#### Method: popup_menu

2407

# Create a popup menu.

2408

# Parameters:

2409

# $name -> Name for all the menu

2410

# $values -> A pointer to a regular array containing the

2411

# text of each menu item.

2412

# $default -> (optional) Default item to display

2413

# $labels -> (optional)

2414

# A pointer to a hash of labels to print next to each checkbox

2415

# in the form $label{'value'}="Long explanatory label".

2416

# Otherwise the provided values are used as the labels.

2417

# Returns:

2418

# A string containing the definition of a popup menu.

2419

####

2420

sub popup_menu {

2421

300

my($self,@p) = self_or_default(@_);

2422

2423

my($name,$values,$default,$labels,$attributes,$override,$tabindex,@other) =

2424

rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LABELS,

2425

ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p);

2426

my($result,%selected);

2427

2428

if (!$override && defined($self->param($name))) {

100

2429

$selected{$self->param($name)}++;

2430

} elsif (defined $default) {

2431

%selected = map {$_=>1} ref($default) eq 'ARRAY'

2432

? @$default

2433

: $default;

2434

}

2435

$name=$self->_maybe_escapeHTML($name);

2436

# RT #30057 - ignore -multiple, if you need this

2437

# then use scrolling_list

2438

275

@other = grep { $_ !~ /^multiple=/i } @other;

2439

100

my($other) = @other ? " @other" : '';

2440

2441

my(@values);

2442

@values = $self->_set_values_and_labels($values,\$labels,$name);

2443

$tabindex = $self->element_tab($tabindex);

2444

100

$name = q{} if ! defined $name;

2445

$result = qq/

2446

for (@values) {

2447

100

if (/

2448

for my $v (split(/\n/)) {

2449

my $selectit = $XHTML ? 'selected="selected"' : 'selected';

2450

for my $selected (keys %selected) {

2451

$v =~ s/(value="\Q$selected\E")/$selectit $1/;

2452

}

2453

$result .= "$v\n";

2454

}

2455

}

2456

else {

2457

my $attribs = $self->_set_attributes($_, $attributes);

2458

my($selectit) = $self->_selected($selected{$_});

2459

my($label) = $_;

2460

100

$label = $labels->{$_} if defined($labels) && defined($labels->{$_});

2461

my($value) = $self->_maybe_escapeHTML($_);

2462

342

$label = $self->_maybe_escapeHTML($label,1);

2463

472

$result .= "$label\n";

2464

}

2465

}

2466

2467

$result .= "";

2468

return $result;

2469

}

2470

2471

#### Method: optgroup

2472

# Create a optgroup.

2473

# Parameters:

2474

# $name -> Label for the group

2475

# $values -> A pointer to a regular array containing the

2476

# values for each option line in the group.

2477

# $labels -> (optional)

2478

# A pointer to a hash of labels to print next to each item

2479

# in the form $label{'value'}="Long explanatory label".

2480

# Otherwise the provided values are used as the labels.

2481

# $labeled -> (optional)

2482

# A true value indicates the value should be used as the label attribute

2483

# in the option elements.

2484

# The label attribute specifies the option label presented to the user.

2485

# This defaults to the content of the

2486

# attribute allows authors to more easily use optgroup without sacrificing

2487

# compatibility with browsers that do not support option groups.

2488

# $novals -> (optional)

2489

# A true value indicates to suppress the val attribute in the option elements

2490

# Returns:

2491

# A string containing the definition of an option group.

2492

####

2493

sub optgroup {

2494

my($self,@p) = self_or_default(@_);

2495

my($name,$values,$attributes,$labeled,$noval,$labels,@other)

2496

= rearrange([NAME,[VALUES,VALUE],ATTRIBUTES,LABELED,NOVALS,LABELS],@p);

2497

2498

my($result,@values);

2499

@values = $self->_set_values_and_labels($values,\$labels,$name,$labeled,$novals);

2500

100

my($other) = @other ? " @other" : '';

2501

2502

100

$name = $self->_maybe_escapeHTML($name) || q{};

2503

$result = qq/\n/;

2504

for (@values) {

2505

if (/

2506

for (split(/\n/)) {

2507

my $selectit = $XHTML ? 'selected="selected"' : 'selected';

2508

s/(value="$selected")/$selectit $1/ if defined $selected;

2509

$result .= "$_\n";

2510

}

2511

}

2512

else {

2513

my $attribs = $self->_set_attributes($_, $attributes);

2514

my($label) = $_;

2515

$label = $labels->{$_} if defined($labels) && defined($labels->{$_});

2516

$label=$self->_maybe_escapeHTML($label);

2517

102

my($value)=$self->_maybe_escapeHTML($_,1);

2518

$result .= $labeled ? $novals ? "$label\n"

2519

: "$label\n"

2520

: $novals ? "$label\n"

2521

: "$label\n";

2522

}

2523

}

2524

$result .= "";

2525

return $result;

2526

}

2527

2528

#### Method: scrolling_list

2529

# Create a scrolling list.

2530

# Parameters:

2531

# $name -> name for the list

2532

# $values -> A pointer to a regular array containing the

2533

# values for each option line in the list.

2534

# $defaults -> (optional)

2535

# 1. If a pointer to a regular array of options,

2536

# then this will be used to decide which

2537

# lines to turn on by default.

2538

# 2. Otherwise holds the value of the single line to turn on.

2539

# $size -> (optional) Size of the list.

2540

# $multiple -> (optional) If set, allow multiple selections.

2541

# $labels -> (optional)

2542

# A pointer to a hash of labels to print next to each checkbox

2543

# in the form $label{'value'}="Long explanatory label".

2544

# Otherwise the provided values are used as the labels.

2545

# Returns:

2546

# A string containing the definition of a scrolling list.

2547

####

2548

sub scrolling_list {

2549

my($self,@p) = self_or_default(@_);

2550

my($name,$values,$defaults,$size,$multiple,$labels,$attributes,$override,$tabindex,@other)

2551

= rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT],

2552

SIZE,MULTIPLE,LABELS,ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p);

2553

2554

my($result,@values);

2555

@values = $self->_set_values_and_labels($values,\$labels,$name);

2556

2557

100

$size = $size || scalar(@values);

2558

2559

my(%selected) = $self->previous_or_default($name,$defaults,$override);

2560

2561

100

my($is_multiple) = $multiple ? qq/ multiple="multiple"/ : '';

2562

my($has_size) = $size ? qq/ size="$size"/: '';

2563

100

my($other) = @other ? " @other" : '';

2564

2565

$name=$self->_maybe_escapeHTML($name);

2566

$tabindex = $self->element_tab($tabindex);

2567

$result = qq/

2568

for (@values) {

2569

100

if (/

2570

for my $v (split(/\n/)) {

2571

my $selectit = $XHTML ? 'selected="selected"' : 'selected';

2572

for my $selected (keys %selected) {

2573

$v =~ s/(value="$selected")/$selectit $1/;

2574

}

2575

$result .= "$v\n";

2576

}

2577

}

2578

else {

2579

my $attribs = $self->_set_attributes($_, $attributes);

2580

my($selectit) = $self->_selected($selected{$_});

2581

my($label) = $_;

2582

100

$label = $labels->{$_} if defined($labels) && defined($labels->{$_});

2583

my($value) = $self->_maybe_escapeHTML($_);

2584

165

$label = $self->_maybe_escapeHTML($label,1);

2585

180

$result .= "$label\n";

2586

}

2587

}

2588

2589

$result .= "";

2590

$self->register_parameter($name);

2591

return $result;

2592

}

2593

2594

#### Method: hidden

2595

# Parameters:

2596

# $name -> Name of the hidden field

2597

# @default -> (optional) Initial values of field (may be an array)

2598

# or

2599

# $default->[initial values of field]

2600

# Returns:

2601

# A string containing a

2602

####

2603

sub hidden {

2604

my($self,@p) = self_or_default(@_);

2605

2606

# this is the one place where we departed from our standard

2607

# calling scheme, so we have to special-case (darn)

2608

my(@result,@value);

2609

my($name,$default,$override,@other) =

2610

rearrange([NAME,[DEFAULT,VALUE,VALUES],[OVERRIDE,FORCE]],@p);

2611

2612

my $do_override = 0;

2613

100

if ( ref($p[0]) || substr($p[0],0,1) eq '-') {

2614

100

@value = ref($default) ? @{$default} : $default;

2615

$do_override = $override;

2616

} else {

2617

for ($default,$override,@other) {

2618

100

push(@value,$_) if defined($_);

2619

}

2620

undef @other;

2621

}

2622

2623

# use previous values if override is not set

2624

my @prev = $self->param($name);

2625

@value = @prev if !$do_override && @prev;

2626

2627

$name=$self->_maybe_escapeHTML($name);

2628

458

for (@value) {

2629

$_ = defined($_) ? $self->_maybe_escapeHTML($_,1) : '';

2630

616

push @result,$XHTML ? qq()

2631

: qq();

2632

}

2633

100

return wantarray ? @result : join('',@result);

2634

}

2635

2636

#### Method: image_button

2637

# Parameters:

2638

# $name -> Name of the button

2639

# $src -> URL of the image source

2640

# $align -> Alignment style (TOP, BOTTOM or MIDDLE)

2641

# Returns:

2642

# A string containing a

2643

####

2644

sub image_button {

2645

my($self,@p) = self_or_default(@_);

2646

2647

my($name,$src,$alignment,@other) =

2648

rearrange([NAME,SRC,ALIGN],@p);

2649

2650

my($align) = $alignment ? " align=\L\"$alignment\"" : '';

2651

my($other) = @other ? " @other" : '';

2652

$name=$self->_maybe_escapeHTML($name);

2653

return $XHTML ? qq()

2654

: qq//;

2655

}

2656

2657

#### Method: self_url

2658

# Returns a URL containing the current script and all its

2659

# param/value pairs arranged as a query. You can use this

2660

# to create a link that, when selected, will reinvoke the

2661

# script with all its state information preserved.

2662

####

2663

sub self_url {

2664

my($self,@p) = self_or_default(@_);

2665

return $self->url('-path_info'=>1,'-query'=>1,'-full'=>1,@p);

2666

}

2667

2668

# This is provided as a synonym to self_url() for people unfortunate

2669

# enough to have incorporated it into their programs already!

2670

sub state {

2671

&self_url;

2672

}

2673

2674

#### Method: url

2675

# Like self_url, but doesn't return the query string part of

2676

# the URL.

2677

####

2678

sub url {

2679

my($self,@p) = self_or_default(@_);

2680

173

my ($relative,$absolute,$full,$path_info,$query,$base,$rewrite) =

2681

rearrange(['RELATIVE','ABSOLUTE','FULL',['PATH','PATH_INFO'],['QUERY','QUERY_STRING'],'BASE','REWRITE'],@p);

2682

my $url = '';

2683

100

209

$full++ if $base || !($relative || $absolute);

2684

100

$rewrite++ unless defined $rewrite;

2685

2686

my $path = $self->path_info;

2687

my $script_name = $self->script_name;

2688

100

my $request_uri = $self->request_uri || '';

2689

100

my $query_str = $query ? $self->query_string : '';

2690

2691

$request_uri =~ s/\?.*$//s; # remove query string

2692

$request_uri = unescape($request_uri);

2693

2694

100

142

my $uri = $rewrite && $request_uri ? $request_uri : $script_name;

2695

$uri =~ s/\?.*$//s; # remove query string

2696

2697

100

if ( defined( $ENV{PATH_INFO} ) ) {

2698

# IIS sometimes sets PATH_INFO to the same value as SCRIPT_NAME so only sub it out

2699

# if SCRIPT_NAME isn't defined or isn't the same value as PATH_INFO

2700

$uri =~ s/\Q$ENV{PATH_INFO}\E$//

2701

100

331

if ( ! defined( $ENV{SCRIPT_NAME} ) or $ENV{PATH_INFO} ne $ENV{SCRIPT_NAME} );

2702

2703

# if we're not IIS then keep to spec, the relevant info is here:

2704

# https://tools.ietf.org/html/rfc3875#section-4.1.13, namely

2705

# "No PATH_INFO segment (see section 4.1.5) is included in the

2706

# SCRIPT_NAME value." (see GH #126, GH #152, GH #176)

2707

100

if ( ! $IIS ) {

2708

104

$uri =~ s/\Q$ENV{PATH_INFO}\E$//;

2709

}

2710

}

2711

2712

100

if ($full) {

100

2713

my $protocol = $self->protocol();

2714

$url = "$protocol://";

2715

100

my $vh = http('x_forwarded_host') || http('host') || '';

2716

$vh =~ s/^.*,\s*//; # x_forwarded_host may be a comma-separated list (e.g. when the request has

2717

# passed through multiple reverse proxies. Take the last one.

2718

$vh =~ s/\:\d+$//; # some clients add the port number (incorrectly). Get rid of it.

2719

2720

$url .= $vh || server_name();

2721

2722

my $port = $self->virtual_port;

2723

2724

# add the port to the url unless it's the protocol's default port

2725

145

$url .= ':' . $port unless (lc($protocol) eq 'http' && $port == 80)

2726

or (lc($protocol) eq 'https' && $port == 443);

2727

2728

return $url if $base;

2729

2730

$url .= $uri;

2731

} elsif ($relative) {

2732

($url) = $uri =~ m!([^/]+)$!;

2733

} elsif ($absolute) {

2734

$url = $uri;

2735

}

2736

2737

100

112

$url .= $path if $path_info and defined $path;

2738

100

$url .= "?$query_str" if $query and $query_str ne '';

2739

$url ||= '';

2740

$url =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/sprintf("%%%02X",ord($1))/eg;

2741

158

return $url;

2742

}

2743

2744

#### Method: cookie

2745

# Set or read a cookie from the specified name.

2746

# Cookie can then be passed to header().

2747

# Usual rules apply to the stickiness of -value.

2748

# Parameters:

2749

# -name -> name for this cookie (optional)

2750

# -value -> value of this cookie (scalar, array or hash)

2751

# -path -> paths for which this cookie is valid (optional)

2752

# -domain -> internet domain in which this cookie is valid (optional)

2753

# -secure -> if true, cookie only passed through secure channel (optional)

2754

# -expires -> expiry date in format Wdy, DD-Mon-YYYY HH:MM:SS GMT (optional)

2755

####

2756

sub cookie {

2757

363

my($self,@p) = self_or_default(@_);

2758

my($name,$value,$path,$domain,$secure,$expires,$httponly) =

2759

rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES,HTTPONLY],@p);

2760

2761

472

require CGI::Cookie;

2762

2763

# if no value is supplied, then we retrieve the

2764

# value of the cookie, if any. For efficiency, we cache the parsed

2765

# cookies in our state variables.

2766

unless ( defined($value) ) {

2767

$self->{'.cookies'} = CGI::Cookie->fetch;

2768

2769

# If no name is supplied, then retrieve the names of all our cookies.

2770

return () unless $self->{'.cookies'};

2771

return keys %{$self->{'.cookies'}} unless $name;

2772

return () unless $self->{'.cookies'}->{$name};

2773

return $self->{'.cookies'}->{$name}->value if defined($name) && $name ne '';

2774

}

2775

2776

# If we get here, we're creating a new cookie

2777

return undef unless defined($name) && $name ne ''; # this is an error

2778

2779

my @param;

2780

push(@param,'-name'=>$name);

2781

push(@param,'-value'=>$value);

2782

push(@param,'-domain'=>$domain) if $domain;

2783

push(@param,'-path'=>$path) if $path;

2784

push(@param,'-expires'=>$expires) if $expires;

2785

push(@param,'-secure'=>$secure) if $secure;

2786

push(@param,'-httponly'=>$httponly) if $httponly;

2787

2788

return CGI::Cookie->new(@param);

2789

}

2790

2791

sub parse_keywordlist {

2792

my($self,$tosplit) = @_;

2793

$tosplit = unescape($tosplit); # unescape the keywords

2794

$tosplit=~tr/+/ /; # pluses to spaces

2795

my(@keywords) = split(/\s+/,$tosplit);

2796

return @keywords;

2797

}

2798

2799

sub param_fetch {

2800

my($self,@p) = self_or_default(@_);

2801

my($name) = rearrange([NAME],@p);

2802

100

return [] unless defined $name;

2803

2804

unless (exists($self->{param}{$name})) {

2805

$self->add_parameter($name);

2806

$self->{param}{$name} = [];

2807

}

2808

2809

return $self->{param}{$name};

2810

}

2811

2812

###############################################

2813

# OTHER INFORMATION PROVIDED BY THE ENVIRONMENT

2814

###############################################

2815

2816

#### Method: path_info

2817

# Return the extra virtual path information provided

2818

# after the URL (if any)

2819

####

2820

sub path_info {

2821

my ($self,$info) = self_or_default(@_);

2822

118

if (defined($info)) {

100

2823

$info = "/$info" if $info ne '' && substr($info,0,1) ne '/';

2824

$self->{'.path_info'} = $info;

2825

} elsif (! defined($self->{'.path_info'}) ) {

2826

my (undef,$path_info) = $self->_name_and_path_from_env;

2827

100

$self->{'.path_info'} = $path_info || '';

2828

}

2829

return $self->{'.path_info'};

2830

}

2831

2832

# This function returns a potentially modified version of SCRIPT_NAME

2833

# and PATH_INFO. Some HTTP servers do sanitise the paths in those

2834

# variables. It is the case of at least Apache 2. If for instance the

2835

# user requests: /path/./to/script.cgi/x//y/z/../x?y, Apache will set:

2836

# REQUEST_URI=/path/./to/script.cgi/x//y/z/../x?y

2837

# SCRIPT_NAME=/path/to/env.cgi

2838

# PATH_INFO=/x/y/x

2839

2840

# This is all fine except that some bogus CGI scripts expect

2841

# PATH_INFO=/http://foo when the user requests

2842

# http://xxx/script.cgi/http://foo

2843

2844

# Old versions of this module used to accomodate with those scripts, so

2845

# this is why we do this here to keep those scripts backward compatible.

2846

# Basically, we accomodate with those scripts but within limits, that is

2847

# we only try to preserve the number of / that were provided by the user

2848

# if $REQUEST_URI and "$SCRIPT_NAME$PATH_INFO" only differ by the number

2849

# of consecutive /.

2850

2851

# So for instance, in: http://foo/x//y/script.cgi/a//b, we'll return a

2852

# script_name of /x//y/script.cgi and a path_info of /a//b, but in:

2853

# http://foo/./x//z/script.cgi/a/../b//c, we'll return the versions

2854

# possibly sanitised by the HTTP server, so in the case of Apache 2:

2855

# script_name == /foo/x/z/script.cgi and path_info == /b/c.

2856

2857

# Future versions of this module may no longer do that, so one should

2858

# avoid relying on the browser, proxy, server, and CGI.pm preserving the

2859

# number of consecutive slashes as no guarantee can be made there.

2860

sub _name_and_path_from_env {

2861

my $self = shift;

2862

100

my $script_name = $ENV{SCRIPT_NAME} || '';

2863

100

my $path_info = $ENV{PATH_INFO} || '';

2864

100

my $uri = $self->request_uri || '';

2865

2866

$uri =~ s/\?.*//s;

2867

$uri = unescape($uri);

2868

2869

100

156

if ( $IIS ) {

100

2870

# IIS doesn't set $ENV{PATH_INFO} correctly. It sets it to

2871

# $ENV{SCRIPT_NAME}path_info

2872

# IIS also doesn't set $ENV{REQUEST_URI} so we don't want to do

2873

# the test below, hence this comes first

2874

$path_info =~ s/^\Q$script_name\E(.*)/$1/;

2875

} elsif ($uri ne "$script_name$path_info") {

2876

my $script_name_pattern = quotemeta($script_name);

2877

my $path_info_pattern = quotemeta($path_info);

2878

$script_name_pattern =~ s{(?:\\/)+}{/+}g;

2879

$path_info_pattern =~ s{(?:\\/)+}{/+}g;

2880

2881

105

if ($uri =~ /^($script_name_pattern)($path_info_pattern)$/s) {

2882

# REQUEST_URI and SCRIPT_NAME . PATH_INFO only differ by the

2883

# numer of consecutive slashes, so we can extract the info from

2884

# REQUEST_URI:

2885

($script_name, $path_info) = ($1, $2);

2886

}

2887

}

2888

return ($script_name,$path_info);

2889

}

2890

2891

#### Method: request_method

2892

# Returns 'POST', 'GET', 'PUT', 'PATCH' or 'HEAD'

2893

####

2894

sub request_method {

2895

1052

return (defined $ENV{'REQUEST_METHOD'}) ? $ENV{'REQUEST_METHOD'} : undef;

2896

}

2897

2898

#### Method: content_type

2899

# Returns the content_type string

2900

####

2901

sub content_type {

2902

return (defined $ENV{'CONTENT_TYPE'}) ? $ENV{'CONTENT_TYPE'} : undef;

2903

}

2904

2905

#### Method: path_translated

2906

# Return the physical path information provided

2907

# by the URL (if any)

2908

####

2909

sub path_translated {

2910

return (defined $ENV{'PATH_TRANSLATED'}) ? $ENV{'PATH_TRANSLATED'} : undef;

2911

}

2912

2913

#### Method: request_uri

2914

# Return the literal request URI

2915

####

2916

sub request_uri {

2917

100

192

return (defined $ENV{'REQUEST_URI'}) ? $ENV{'REQUEST_URI'} : undef;

2918

}

2919

2920

#### Method: query_string

2921

# Synthesize a query string from our current

2922

# parameters

2923

####

2924

sub query_string {

2925

my($self) = self_or_default(@_);

2926

my($param,$value,@pairs);

2927

for $param ($self->param) {

2928

my($eparam) = escape($param);

2929

for $value ($self->param($param)) {

2930

114

$value = escape($value);

2931

100

109

next unless defined $value;

2932

129

push(@pairs,"$eparam=$value");

2933

}

2934

}

2935

for (keys %{$self->{'.fieldnames'}}) {

2936

push(@pairs,".cgifields=".escape("$_"));

2937

}

2938

128

return join($USE_PARAM_SEMICOLONS ? ';' : '&',@pairs);

2939

}

2940

2941

sub env_query_string {

2942

return (defined $ENV{'QUERY_STRING'}) ? $ENV{'QUERY_STRING'} : undef;

2943

}

2944

2945

#### Method: accept

2946

# Without parameters, returns an array of the

2947

# MIME types the browser accepts.

2948

# With a single parameter equal to a MIME

2949

# type, will return undef if the browser won't

2950

# accept it, 1 if the browser accepts it but

2951

# doesn't give a preference, or a floating point

2952

# value between 0.0 and 1.0 if the browser

2953

# declares a quantitative score for it.

2954

# This handles MIME type globs correctly.

2955

####

2956

sub Accept {

2957

my($self,$search) = self_or_CGI(@_);

2958

my(%prefs,$type,$pref,$pat);

2959

2960

my(@accept) = defined $self->http('accept')

2961

? split(',',$self->http('accept'))

2962

: ();

2963

2964

for (@accept) {

2965

($pref) = /q=(\d\.\d+|\d+)/;

2966

($type) = m#(\S+/[^;]+)#;

2967

next unless $type;

2968

$prefs{$type}=$pref || 1;

2969

}

2970

2971

return keys %prefs unless $search;

2972

2973

# if a search type is provided, we may need to

2974

# perform a pattern matching operation.

2975

# The MIME types use a glob mechanism, which

2976

# is easily translated into a perl pattern match

2977

2978

# First return the preference for directly supported

2979

# types:

2980

return $prefs{$search} if $prefs{$search};

2981

2982

# Didn't get it, so try pattern matching.

2983

for (keys %prefs) {

2984

next unless /\*/; # not a pattern match

2985

($pat = $_) =~ s/([^\w*])/\\$1/g; # escape meta characters

2986

$pat =~ s/\*/.*/g; # turn it into a pattern

2987

return $prefs{$_} if $search=~/$pat/;

2988

}

2989

}

2990

2991

#### Method: user_agent

2992

# If called with no parameters, returns the user agent.

2993

# If called with one parameter, does a pattern match (case

2994

# insensitive) on the user agent.

2995

####

2996

sub user_agent {

2997

my($self,$match)=self_or_CGI(@_);

2998

my $user_agent = $self->http('user_agent');

2999

100

return $user_agent unless defined $match && $match && $user_agent;

100

3000

return $user_agent =~ /$match/i;

3001

}

3002

3003

#### Method: raw_cookie

3004

# Returns the magic cookies for the session.

3005

# The cookies are not parsed or altered in any way, i.e.

3006

# cookies are returned exactly as given in the HTTP

3007

# headers. If a cookie name is given, only that cookie's

3008

# value is returned, otherwise the entire raw cookie

3009

# is returned.

3010

####

3011

sub raw_cookie {

3012

my($self,$key) = self_or_CGI(@_);

3013

3014

require CGI::Cookie;

3015

3016

if (defined($key)) {

3017

$self->{'.raw_cookies'} = CGI::Cookie->raw_fetch

3018

unless $self->{'.raw_cookies'};

3019

3020

return () unless $self->{'.raw_cookies'};

3021

return () unless $self->{'.raw_cookies'}->{$key};

3022

return $self->{'.raw_cookies'}->{$key};

3023

}

3024

return $self->http('cookie') || $ENV{'COOKIE'} || '';

3025

}

3026

3027

#### Method: virtual_host

3028

# Return the name of the virtual_host, which

3029

# is not always the same as the server

3030

######

3031

sub virtual_host {

3032

my $vh = http('x_forwarded_host') || http('host') || server_name();

3033

$vh =~ s/:\d+$//; # get rid of port number

3034

return $vh;

3035

}

3036

3037

#### Method: remote_host

3038

# Return the name of the remote host, or its IP

3039

# address if unavailable. If this variable isn't

3040

# defined, it returns "localhost" for debugging

3041

# purposes.

3042

####

3043

sub remote_host {

3044

return $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'}

3045

|| 'localhost';

3046

}

3047

3048

#### Method: remote_addr

3049

# Return the IP addr of the remote host.

3050

####

3051

sub remote_addr {

3052

return $ENV{'REMOTE_ADDR'} || '127.0.0.1';

3053

}

3054

3055

#### Method: script_name

3056

# Return the partial URL to this script for

3057

# self-referencing scripts. Also see

3058

# self_url(), which returns a URL with all state information

3059

# preserved.

3060

####

3061

sub script_name {

3062

my ($self,@p) = self_or_default(@_);

3063

128

if (@p) {

100

3064

$self->{'.script_name'} = shift @p;

3065

} elsif (!exists $self->{'.script_name'}) {

3066

my ($script_name,$path_info) = $self->_name_and_path_from_env();

3067

$self->{'.script_name'} = $script_name;

3068

}

3069

return $self->{'.script_name'};

3070

}

3071

3072

#### Method: referer

3073

# Return the HTTP_REFERER: useful for generating

3074

# a GO BACK button.

3075

####

3076

sub referer {

3077

my($self) = self_or_CGI(@_);

3078

return $self->http('referer');

3079

}

3080

3081

#### Method: server_name

3082

# Return the name of the server

3083

####

3084

sub server_name {

3085

100

return $ENV{'SERVER_NAME'} || 'localhost';

3086

}

3087

3088

#### Method: server_software

3089

# Return the name of the server software

3090

####

3091

sub server_software {

3092

return $ENV{'SERVER_SOFTWARE'} || 'cmdline';

3093

}

3094

3095

#### Method: virtual_port

3096

# Return the server port, taking virtual hosts into account

3097

####

3098

sub virtual_port {

3099

my($self) = self_or_default(@_);

3100

100

my $vh = $self->http('x_forwarded_host') || $self->http('host');

3101

my $protocol = $self->protocol;

3102

100

if ($vh) {

3103

return ($vh =~ /:(\d+)$/)[0] || ($protocol eq 'https' ? 443 : 80);

3104

} else {

3105

return $self->server_port();

3106

}

3107

}

3108

3109

#### Method: server_port

3110

# Return the tcp/ip port the server is running on

3111

####

3112

sub server_port {

3113

100

210

return $ENV{'SERVER_PORT'} || 80; # for debugging

3114

}

3115

3116

#### Method: server_protocol

3117

# Return the protocol (usually HTTP/1.0)

3118

####

3119

sub server_protocol {

3120

100

125

return $ENV{'SERVER_PROTOCOL'} || 'HTTP/1.0'; # for debugging

3121

}

3122

3123

#### Method: http

3124

# Return the value of an HTTP variable, or

3125

# the list of variables if none provided

3126

####

3127

sub http {

3128

118

552

my ($self,$parameter) = self_or_CGI(@_);

3129

118

100

168

if ( defined($parameter) ) {

3130

116

105

$parameter =~ tr/-a-z/_A-Z/;

3131

116

100

204

if ( $parameter =~ /^HTTP(?:_|$)/ ) {

3132

return $ENV{$parameter};

3133

}

3134

115

351

return $ENV{"HTTP_$parameter"};

3135

}

3136

return grep { /^HTTP(?:_|$)/ } keys %ENV;

3137

}

3138

3139

#### Method: https

3140

# Return the value of HTTPS, or

3141

# the value of an HTTPS variable, or

3142

# the list of variables

3143

####

3144

sub https {

3145

659

my ($self,$parameter) = self_or_CGI(@_);

3146

if ( defined($parameter) ) {

3147

$parameter =~ tr/-a-z/_A-Z/;

3148

if ( $parameter =~ /^HTTPS(?:_|$)/ ) {

3149

return $ENV{$parameter};

3150

}

3151

return $ENV{"HTTPS_$parameter"};

3152

}

3153

return wantarray

3154

? grep { /^HTTPS(?:_|$)/ } keys %ENV

3155

100

158

: $ENV{'HTTPS'};

3156

}

3157

3158

#### Method: protocol

3159

# Return the protocol (http or https currently)

3160

####

3161

sub protocol {

3162

104

local($^W)=0;

3163

my $self = shift;

3164

return 'https' if uc($self->https()) eq 'ON';

3165

return 'https' if $self->server_port == 443;

3166

my $prot = $self->server_protocol;

3167

107

my($protocol,$version) = split('/',$prot);

3168

103

return "\L$protocol\E";

3169

}

3170

3171

#### Method: remote_ident

3172

# Return the identity of the remote user

3173

# (but only if his host is running identd)

3174

####

3175

sub remote_ident {

3176

return (defined $ENV{'REMOTE_IDENT'}) ? $ENV{'REMOTE_IDENT'} : undef;

3177

}

3178

3179

#### Method: auth_type

3180

# Return the type of use verification/authorization in use, if any.

3181

####

3182

sub auth_type {

3183

return (defined $ENV{'AUTH_TYPE'}) ? $ENV{'AUTH_TYPE'} : undef;

3184

}

3185

3186

#### Method: remote_user

3187

# Return the authorization name used for user

3188

# verification.

3189

####

3190

sub remote_user {

3191

return (defined $ENV{'REMOTE_USER'}) ? $ENV{'REMOTE_USER'} : undef;

3192

}

3193

3194

#### Method: user_name

3195

# Try to return the remote user's name by hook or by

3196

# crook

3197

####

3198

sub user_name {

3199

my ($self) = self_or_CGI(@_);

3200

return $self->http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'};

3201

}

3202

3203

#### Method: nosticky

3204

# Set or return the NOSTICKY global flag

3205

####

3206

sub nosticky {

3207

my ($self,$param) = self_or_CGI(@_);

3208

$CGI::NOSTICKY = $param if defined($param);

3209

return $CGI::NOSTICKY;

3210

}

3211

3212

#### Method: nph

3213

# Set or return the NPH global flag

3214

####

3215

sub nph {

3216

my ($self,$param) = self_or_CGI(@_);

3217

$CGI::NPH = $param if defined($param);

3218

return $CGI::NPH;

3219

}

3220

3221

#### Method: private_tempfiles

3222

# Set or return the private_tempfiles global flag

3223

####

3224

sub private_tempfiles {

3225

warn "private_tempfiles has been deprecated";

3226

return 0;

3227

}

3228

#### Method: close_upload_files

3229

# Set or return the close_upload_files global flag

3230

####

3231

sub close_upload_files {

3232

my ($self,$param) = self_or_CGI(@_);

3233

$CGI::CLOSE_UPLOAD_FILES = $param if defined($param);

3234

return $CGI::CLOSE_UPLOAD_FILES;

3235

}

3236

3237

#### Method: default_dtd

3238

# Set or return the default_dtd global

3239

####

3240

sub default_dtd {

3241

my ($self,$param,$param2) = self_or_CGI(@_);

3242

if (defined $param2 && defined $param) {

3243

$CGI::DEFAULT_DTD = [ $param, $param2 ];

3244

} elsif (defined $param) {

3245

$CGI::DEFAULT_DTD = $param;

3246

}

3247

return $CGI::DEFAULT_DTD;

3248

}

3249

3250

# -------------- really private subroutines -----------------

3251

sub _maybe_escapeHTML {

3252

# hack to work around earlier hacks

3253

318

590

push @_,$_[0] if @_==1 && $_[0] eq 'CGI';

3254

318

379

my ($self,$toencode,$newlinestoo) = CGI::self_or_default(@_);

3255

318

100

491

return undef unless defined($toencode);

3256

304

100

926

return $toencode if ref($self) && !$self->{'escape'};

3257

244

339

return $self->escapeHTML($toencode, $newlinestoo);

3258

}

3259

3260

sub previous_or_default {

3261

my($self,$name,$defaults,$override) = @_;

3262

my(%selected);

3263

3264

100

if (!$override && ($self->{'.fieldnames'}->{$name} ||

100

3265

defined($self->param($name)) ) ) {

3266

$selected{$_}++ for $self->param($name);

3267

} elsif (defined($defaults) && ref($defaults) &&

3268

(ref($defaults) eq 'ARRAY')) {

3269

$selected{$_}++ for @{$defaults};

3270

} else {

3271

100

$selected{$defaults}++ if defined($defaults);

3272

}

3273

3274

return %selected;

3275

}

3276

3277

sub register_parameter {

3278

my($self,$param) = @_;

3279

$self->{'.parametersToAdd'}->{$param}++;

3280

}

3281

3282

sub get_fields {

3283

my($self) = @_;

3284

return $self->CGI::hidden('-name'=>'.cgifields',

3285

'-values'=>[keys %{$self->{'.parametersToAdd'}}],

3286

'-override'=>1);

3287

}

3288

3289

sub read_from_cmdline {

3290

173

my($input,@words);

3291

my($query_string);

3292

my($subpath);

3293

372

if ($DEBUG && @ARGV) {

3294

@words = @ARGV;

3295

} elsif ($DEBUG > 1) {

3296

require Text::ParseWords;

3297

print STDERR "(offline mode: enter name=value pairs on standard input; press ^D or ^Z when done)\n";

3298

chomp(@lines = ); # remove newlines

3299

$input = join(" ",@lines);

3300

@words = &Text::ParseWords::old_shellwords($input);

3301

}

3302

156

for (@words) {

3303

s/\\=/%3D/g;

3304

s/\\&/%26/g;

3305

}

3306

3307

229

if ("@words"=~/=/) {

3308

$query_string = join('&',@words);

3309

} else {

3310

145

$query_string = join('+',@words);

3311

}

3312

138

if ($query_string =~ /^(.*?)\?(.*)$/)

3313

{

3314

$query_string = $2;

3315

$subpath = $1;

3316

}

3317

214

return { 'query_string' => $query_string, 'subpath' => $subpath };

3318

}

3319

3320

#####

3321

# subroutine: read_multipart

3322

3323

# Read multipart data and store it into our parameters.

3324

# An interesting feature is that if any of the parts is a file, we

3325

# create a temporary file and open up a filehandle on it so that the

3326

# caller can read from it if necessary.

3327

#####

3328

sub read_multipart {

3329

my($self,$boundary,$length) = @_;

3330

my($buffer) = $self->new_MultipartBuffer($boundary,$length);

3331

return unless $buffer;

3332

my(%header,$body);

3333

my $filenumber = 0;

3334

while (!$buffer->eof) {

3335

%header = $buffer->readHeader;

3336

3337

unless (%header) {

3338

$self->cgi_error("400 Bad request (malformed multipart POST)");

3339

return;

3340

}

3341

3342

$header{'Content-Disposition'} ||= ''; # quench uninit variable warning

3343

3344

my($param)= $header{'Content-Disposition'}=~/[\s;]name="([^"]*)"/;

3345

$param .= $TAINTED;

3346

3347

# See RFC 1867, 2183, 2045

3348

# NB: File content will be loaded into memory should

3349

# content-disposition parsing fail.

3350

my ($filename) = $header{'Content-Disposition'}

3351

=~/ filename=(("[^"]*")|([a-z\d!\#'\*\+,\.^_\`\{\}\|\~]*))/i;

3352

3353

$filename ||= ''; # quench uninit variable warning

3354

3355

$filename =~ s/^"([^"]*)"$/$1/;

3356

# Test for Opera's multiple upload feature

3357

my($multipart) = ( defined( $header{'Content-Type'} ) &&

3358

$header{'Content-Type'} =~ /multipart\/mixed/ ) ?

3359

1 : 0;

3360

3361

# add this parameter to our list

3362

$self->add_parameter($param);

3363

3364

# If no filename specified, then just read the data and assign it

3365

# to our parameter list.

3366

if ( ( !defined($filename) || $filename eq '' ) && !$multipart ) {

3367

my($value) = $buffer->readBody;

3368

$value .= $TAINTED;

3369

push(@{$self->{param}{$param}},$value);

3370

next;

3371

}

3372

3373

UPLOADS: {

3374

# If we get here, then we are dealing with a potentially large

3375

# uploaded form. Save the data to a temporary file, then open

3376

# the file for reading.

3377

3378

# skip the file if uploads disabled

3379

if ($DISABLE_UPLOADS) {

3380

while (defined($data = $buffer->read)) { }

3381

last UPLOADS;

3382

}

3383

3384

# set the filename to some recognizable value

3385

if ( ( !defined($filename) || $filename eq '' ) && $multipart ) {

3386

$filename = "multipart/mixed";

3387

}

3388

3389

my $tmp_dir = $CGI::OS eq 'WINDOWS'

3390

? ( $ENV{TEMP} || $ENV{TMP} || ( $ENV{WINDIR} ? ( $ENV{WINDIR} . $SL . 'TEMP' ) : undef ) )

3391

: undef; # File::Temp defaults to TMPDIR

3392

3393

826

require CGI::File::Temp;

3394

my $filehandle = CGI::File::Temp->new(

3395

UNLINK => $UNLINK_TMP_FILES,

3396

DIR => $tmp_dir,

3397

);

3398

3007

$filehandle->_mp_filename( $filename );

3399

3400

$CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode

3401

&& defined fileno($filehandle);

3402

3403

# if this is an multipart/mixed attachment, save the header

3404

# together with the body for later parsing with an external

3405

# MIME parser module

3406

if ( $multipart ) {

3407

for ( keys %header ) {

3408

print $filehandle "$_: $header{$_}${CRLF}";

3409

}

3410

print $filehandle "${CRLF}";

3411

}

3412

3413

my ($data);

3414

local($\) = '';

3415

my $totalbytes = 0;

3416

while (defined($data = $buffer->read)) {

3417

if (defined $self->{'.upload_hook'})

3418

{

3419

$totalbytes += length($data);

3420

&{$self->{'.upload_hook'}}($filename ,$data, $totalbytes, $self->{'.upload_data'});

3421

}

3422

print $filehandle $data if ($self->{'use_tempfile'});

3423

}

3424

3425

# back up to beginning of file

3426

215

seek($filehandle,0,0);

3427

3428

## Close the filehandle if requested this allows a multipart MIME

3429

## upload to contain many files, and we won't die due to too many

3430

## open file handles. The user can access the files using the hash

3431

## below.

3432

close $filehandle if $CLOSE_UPLOAD_FILES;

3433

$CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;

3434

3435

# Save some information about the uploaded file where we can get

3436

# at it later.

3437

# Use the typeglob + filename as the key, as this is guaranteed to be

3438

# unique for each filehandle. Don't use the file descriptor as

3439

# this will be re-used for each filehandle if the

3440

# close_upload_files feature is used.

3441

$self->{'.tmpfiles'}->{$$filehandle . $filehandle} = {

3442

hndl => $filehandle,

3443

name => $filehandle->filename,

3444

info => {%header},

3445

};

3446

push(@{$self->{param}{$param}},$filehandle);

3447

}

3448

}

3449

}

3450

3451

#####

3452

# subroutine: read_multipart_related

3453

3454

# Read multipart/related data and store it into our parameters. The

3455

# first parameter sets the start of the data. The part identified by

3456

# this Content-ID will not be stored as a file upload, but will be

3457

# returned by this method. All other parts will be available as file

3458

# uploads accessible by their Content-ID

3459

#####

3460

sub read_multipart_related {

3461

my($self,$start,$boundary,$length) = @_;

3462

my($buffer) = $self->new_MultipartBuffer($boundary,$length);

3463

return unless $buffer;

3464

my(%header,$body);

3465

my $filenumber = 0;

3466

my $returnvalue;

3467

while (!$buffer->eof) {

3468

%header = $buffer->readHeader;

3469

3470

unless (%header) {

3471

$self->cgi_error("400 Bad request (malformed multipart POST)");

3472

return;

3473

}

3474

3475

my($param) = $header{'Content-ID'}=~/\<([^\>]*)\>/;

3476

$param .= $TAINTED;

3477

3478

# If this is the start part, then just read the data and assign it

3479

# to our return variable.

3480

if ( $param eq $start ) {

3481

$returnvalue = $buffer->readBody;

3482

$returnvalue .= $TAINTED;

3483

next;

3484

}

3485

3486

# add this parameter to our list

3487

$self->add_parameter($param);

3488

3489

UPLOADS: {

3490

# If we get here, then we are dealing with a potentially large

3491

# uploaded form. Save the data to a temporary file, then open

3492

# the file for reading.

3493

3494

# skip the file if uploads disabled

3495

if ($DISABLE_UPLOADS) {

3496

while (defined($data = $buffer->read)) { }

3497

last UPLOADS;

3498

}

3499

3500

my $tmp_dir = $CGI::OS eq 'WINDOWS'

3501

? ( $ENV{TEMP} || $ENV{TMP} || ( $ENV{WINDIR} ? ( $ENV{WINDIR} . $SL . 'TEMP' ) : undef ) )

3502

: undef; # File::Temp defaults to TMPDIR

3503

3504

393

require CGI::File::Temp;

3505

my $filehandle = CGI::File::Temp->new(

3506

UNLINK => $UNLINK_TMP_FILES,

3507

DIR => $tmp_dir,

3508

);

3509

802

$filehandle->_mp_filename( $filehandle->filename );

3510

3511

$CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode

3512

&& defined fileno($filehandle);

3513

3514

my ($data);

3515

local($\) = '';

3516

my $totalbytes;

3517

while (defined($data = $buffer->read)) {

3518

if (defined $self->{'.upload_hook'})

3519

{

3520

$totalbytes += length($data);

3521

&{$self->{'.upload_hook'}}($param ,$data, $totalbytes, $self->{'.upload_data'});

3522

}

3523

print $filehandle $data if ($self->{'use_tempfile'});

3524

}

3525

3526

# back up to beginning of file

3527

seek($filehandle,0,0);

3528

3529

## Close the filehandle if requested this allows a multipart MIME

3530

## upload to contain many files, and we won't die due to too many

3531

## open file handles. The user can access the files using the hash

3532

## below.

3533

close $filehandle if $CLOSE_UPLOAD_FILES;

3534

$CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;

3535

3536

# Save some information about the uploaded file where we can get

3537

# at it later.

3538

# Use the typeglob + filename as the key, as this is guaranteed to be

3539

# unique for each filehandle. Don't use the file descriptor as

3540

# this will be re-used for each filehandle if the

3541

# close_upload_files feature is used.

3542

$self->{'.tmpfiles'}->{$$filehandle . $filehandle} = {

3543

hndl => $filehandle,

3544

name => $filehandle->filename,

3545

info => {%header},

3546

};

3547

push(@{$self->{param}{$param}},$filehandle);

3548

}

3549

}

3550

return $returnvalue;

3551

}

3552

3553

sub upload {

3554

2580

my($self,$param_name) = self_or_default(@_);

3555

my @param = grep {ref($_) && defined(fileno($_))} $self->param($param_name);

3556

return unless @param;

3557

100

return wantarray ? @param : $param[0];

3558

}

3559

3560

sub tmpFileName {

3561

201

my($self,$filename) = self_or_default(@_);

3562

3563

# preferred calling convention: $filename came directly from param or upload

3564

100

if (ref $filename) {

3565

return $self->{'.tmpfiles'}->{$$filename . $filename}->{name} || '';

3566

}

3567

3568

# backwards compatible with older versions: $filename is merely equal to

3569

# one of our filenames when compared as strings

3570

foreach my $param_name ($self->param) {

3571

foreach my $filehandle ($self->multi_param($param_name)) {

3572

100

if ($filehandle eq $filename) {

3573

return $self->{'.tmpfiles'}->{$$filehandle . $filehandle}->{name} || '';

3574

}

3575

}

3576

}

3577

3578

return '';

3579

}

3580

3581

sub uploadInfo {

3582

517

my($self,$filename) = self_or_default(@_);

3583

100

return if ! defined $$filename;

3584

return $self->{'.tmpfiles'}->{$$filename . $filename}->{info};

3585

}

3586

3587

# internal routine, don't use

3588

sub _set_values_and_labels {

3589

my $self = shift;

3590

my ($v,$l,$n) = @_;

3591

$$l = $v if ref($v) eq 'HASH' && !ref($$l);

3592

100

return $self->param($n) if !defined($v);

3593

return $v if !ref($v);

3594

return ref($v) eq 'HASH' ? keys %$v : @$v;

3595

}

3596

3597

# internal routine, don't use

3598

sub _set_attributes {

3599

my $self = shift;

3600

my($element, $attributes) = @_;

3601

100

171

return '' unless defined($attributes->{$element});

3602

$attribs = ' ';

3603

for my $attrib (keys %{$attributes->{$element}}) {

3604

(my $clean_attrib = $attrib) =~ s/^-//;

3605

$attribs .= "@{[lc($clean_attrib)]}=\"$attributes->{$element}{$attrib}\" ";

3606

}

3607

$attribs =~ s/ $//;

3608

return $attribs;

3609

}

3610

3611

#########################################################

3612

# Globals and stubs for other packages that we use.

3613

#########################################################

3614

3615

######################## CGI::MultipartBuffer ####################

3616

3617

package CGI::MultipartBuffer;

3618

3619

$_DEBUG = 0;

3620

3621

# how many bytes to read at a time. We use

3622

# a 4K buffer by default.

3623

$MultipartBuffer::INITIAL_FILLUNIT ||= 1024 * 4;

3624

$MultipartBuffer::TIMEOUT ||= 240*60; # 4 hour timeout for big files

3625

$MultipartBuffer::SPIN_LOOP_MAX ||= 2000; # bug fix for some Netscape servers

3626

$MultipartBuffer::CRLF ||= $CGI::CRLF;

3627

3628

$INITIAL_FILLUNIT = $MultipartBuffer::INITIAL_FILLUNIT;

3629

$TIMEOUT = $MultipartBuffer::TIMEOUT;

3630

$SPIN_LOOP_MAX = $MultipartBuffer::SPIN_LOOP_MAX;

3631

$CRLF = $MultipartBuffer::CRLF;

3632

3633

sub new {

3634

my($package,$interface,$boundary,$length) = @_;

3635

$FILLUNIT = $INITIAL_FILLUNIT;

3636

$CGI::DefaultClass->binmode($IN); # if $CGI::needs_binmode; # just do it always

3637

3638

# If the user types garbage into the file upload field,

3639

# then Netscape passes NOTHING to the server (not good).

3640

# We may hang on this read in that case. So we implement

3641

# a read timeout. If nothing is ready to read

3642

# by then, we return.

3643

3644

# Netscape seems to be a little bit unreliable

3645

# about providing boundary strings.

3646

my $boundary_read = 0;

3647

if ($boundary) {

3648

3649

# Under the MIME spec, the boundary consists of the

3650

# characters "--" PLUS the Boundary string

3651

3652

# BUG: IE 3.01 on the Macintosh uses just the boundary -- not

3653

# the two extra hyphens. We do a special case here on the user-agent!!!!

3654

$boundary = "--$boundary" unless CGI::user_agent('MSIE\s+3\.0[12];\s*Mac|DreamPassport');

3655

3656

} else { # otherwise we find it ourselves

3657

my($old);

3658

($old,$/) = ($/,$CRLF); # read a CRLF-delimited line

3659

$boundary = ; # BUG: This won't work correctly under mod_perl

3660

$length -= length($boundary);

3661

chomp($boundary); # remove the CRLF

3662

$/ = $old; # restore old line separator

3663

$boundary_read++;

3664

}

3665

3666

my $self = {LENGTH=>$length,

3667

CHUNKED=>!$length,

3668

BOUNDARY=>$boundary,

3669

INTERFACE=>$interface,

3670

BUFFER=>'',

3671

};

3672

3673

$FILLUNIT = length($boundary)

3674

if length($boundary) > $FILLUNIT;

3675

3676

my $retval = bless $self,ref $package || $package;

3677

3678

# Read the preamble and the topmost (boundary) line plus the CRLF.

3679

unless ($boundary_read) {

3680

while ($self->read(0)) { }

3681

}

3682

die "Malformed multipart POST: data truncated\n" if $self->eof;

3683

3684

return $retval;

3685

}

3686

3687

sub readHeader {

3688

my($self) = @_;

3689

my($end);

3690

my($ok) = 0;

3691

my($bad) = 0;

3692

3693

local($CRLF) = "\015\012" if $CGI::OS eq 'VMS' || $CGI::EBCDIC;

3694

3695

do {

3696

$self->fillBuffer($FILLUNIT);

3697

$ok++ if ($end = index($self->{BUFFER},"${CRLF}${CRLF}")) >= 0;

3698

$ok++ if $self->{BUFFER} eq '';

3699

$bad++ if !$ok && $self->{LENGTH} <= 0;

3700

# this was a bad idea

3701

# $FILLUNIT *= 2 if length($self->{BUFFER}) >= $FILLUNIT;

3702

} until $ok || $bad;

3703

return () if $bad;

3704

3705

#EBCDIC NOTE: translate header into EBCDIC, but watch out for continuation lines!

3706

3707

my($header) = substr($self->{BUFFER},0,$end+2);

3708

substr($self->{BUFFER},0,$end+4) = '';

3709

my %return;

3710

3711

if ($CGI::EBCDIC) {

3712

warn "untranslated header=$header\n" if $_DEBUG;

3713

$header = CGI::Util::ascii2ebcdic($header);

3714

warn "translated header=$header\n" if $_DEBUG;

3715

}

3716

3717

# See RFC 2045 Appendix A and RFC 822 sections 3.4.8

3718

# (Folding Long Header Fields), 3.4.3 (Comments)

3719

# and 3.4.5 (Quoted-Strings).

3720

3721

my $token = '[-\w!\#$%&\'*+.^_\`|{}~]';

3722

$header=~s/$CRLF\s+/ /og; # merge continuation lines

3723

3724

229

while ($header=~/($token+):\s+([^$CRLF]*)/mgox) {

3725

my ($field_name,$field_value) = ($1,$2);

3726

$field_name =~ s/\b(\w)/uc($1)/eg; #canonicalize

127

3727

118

$return{$field_name}=$field_value;

3728

}

3729

return %return;

3730

}

3731

3732

# This reads and returns the body as a single scalar value.

3733

sub readBody {

3734

my($self) = @_;

3735

my($data);

3736

my($returnval)='';

3737

3738

#EBCDIC NOTE: want to translate returnval into EBCDIC HERE

3739

3740

while (defined($data = $self->read)) {

3741

$returnval .= $data;

3742

}

3743

3744

if ($CGI::EBCDIC) {

3745

warn "untranslated body=$returnval\n" if $_DEBUG;

3746

$returnval = CGI::Util::ascii2ebcdic($returnval);

3747

warn "translated body=$returnval\n" if $_DEBUG;

3748

}

3749

return $returnval;

3750

}

3751

3752

# This will read $bytes or until the boundary is hit, whichever happens

3753

# first. After the boundary is hit, we return undef. The next read will

3754

# skip over the boundary and begin reading again;

3755

sub read {

3756

my($self,$bytes) = @_;

3757

3758

# default number of bytes to read

3759

$bytes = $bytes || $FILLUNIT;

3760

3761

# Fill up our internal buffer in such a way that the boundary

3762

# is never split between reads.

3763

$self->fillBuffer($bytes);

3764

3765

my $boundary_start = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY}) : $self->{BOUNDARY};

3766

my $boundary_end = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY}.'--') : $self->{BOUNDARY}.'--';

3767

3768

# Find the boundary in the buffer (it may not be there).

3769

my $start = index($self->{BUFFER},$boundary_start);

3770

3771

warn "boundary=$self->{BOUNDARY} length=$self->{LENGTH} start=$start\n" if $_DEBUG;

3772

3773

# protect against malformed multipart POST operations

3774

die "Malformed multipart POST\n" unless $self->{CHUNKED} || ($start >= 0 || $self->{LENGTH} > 0);

3775

3776

#EBCDIC NOTE: want to translate boundary search into ASCII here.

3777

3778

# If the boundary begins the data, then skip past it

3779

# and return undef.

3780

100

if ($start == 0) {

3781

3782

# clear us out completely if we've hit the last boundary.

3783

100

107

if (index($self->{BUFFER},$boundary_end)==0) {

3784

$self->{BUFFER}='';

3785

$self->{LENGTH}=0;

3786

return undef;

3787

}

3788

3789

# just remove the boundary.

3790

substr($self->{BUFFER},0,length($boundary_start))='';

3791

$self->{BUFFER} =~ s/^\012\015?//;

3792

return undef;

3793

}

3794

3795

my $bytesToReturn;

3796

if ($start > 0) { # read up to the boundary

3797

$bytesToReturn = $start-2 > $bytes ? $bytes : $start;

3798

} else { # read the requested number of bytes

3799

# leave enough bytes in the buffer to allow us to read

3800

# the boundary. Thanks to Kevin Hendrick for finding

3801

# this one.

3802

$bytesToReturn = $bytes - (length($boundary_start)+1);

3803

}

3804

3805

my $returnval=substr($self->{BUFFER},0,$bytesToReturn);

3806

substr($self->{BUFFER},0,$bytesToReturn)='';

3807

3808

# If we hit the boundary, remove the CRLF from the end.

3809

return ($bytesToReturn==$start)

3810

? substr($returnval,0,-2) : $returnval;

3811

}

3812

3813

# This fills up our internal buffer in such a way that the

3814

# boundary is never split between reads

3815

sub fillBuffer {

3816

my($self,$bytes) = @_;

3817

141

return unless $self->{CHUNKED} || $self->{LENGTH};

3818

3819

my($boundaryLength) = length($self->{BOUNDARY});

3820

my($bufferLength) = length($self->{BUFFER});

3821

my($bytesToRead) = $bytes - $bufferLength + $boundaryLength + 2;

3822

100

124

$bytesToRead = $self->{LENGTH} if !$self->{CHUNKED} && $self->{LENGTH} < $bytesToRead;

3823

3824

# Try to read some data. We may hang here if the browser is screwed up.

3825

my $bytesRead = $self->{INTERFACE}->read_from_client(\$self->{BUFFER},

3826

$bytesToRead,

3827

$bufferLength);

3828

warn "bytesToRead=$bytesToRead, bufferLength=$bufferLength, buffer=$self->{BUFFER}\n" if $_DEBUG;

3829

$self->{BUFFER} = '' unless defined $self->{BUFFER};

3830

3831

# An apparent bug in the Apache server causes the read()

3832

# to return zero bytes repeatedly without blocking if the

3833

# remote user aborts during a file transfer. I don't know how

3834

# they manage this, but the workaround is to abort if we get

3835

# more than SPIN_LOOP_MAX consecutive zero reads.

3836

100

if ($bytesRead <= 0) {

3837

die "CGI.pm: Server closed socket during multipart read (client aborted?).\n"

3838

if ($self->{ZERO_LOOP_COUNTER}++ >= $SPIN_LOOP_MAX);

3839

} else {

3840

$self->{ZERO_LOOP_COUNTER}=0;

3841

}

3842

3843

100

115

$self->{LENGTH} -= $bytesRead if !$self->{CHUNKED} && $bytesRead;

3844

}

3845

3846

# Return true when we've finished reading

3847

sub eof {

3848

my($self) = @_;

3849

return 1 if (length($self->{BUFFER}) == 0)

3850

100

&& ($self->{LENGTH} <= 0);

3851

undef;

3852

}

3853

3854

3855

3856

package CGI;

3857

3858

# We get a whole bunch of warnings about "possibly uninitialized variables"

3859

# when running with the -w switch. Touch them all once to get rid of the

3860

# warnings. This is ugly and I hate it.

3861

if ($^W) {

3862

$CGI::CGI = '';

3863

$CGI::CGI=<

3864

$CGI::VERSION;

3865

$CGI::MultipartBuffer::SPIN_LOOP_MAX;

3866

$CGI::MultipartBuffer::CRLF;

3867

$CGI::MultipartBuffer::TIMEOUT;

3868

$CGI::MultipartBuffer::INITIAL_FILLUNIT;

3869

EOF

3870

;

3871

}

3872

3873