File Coverage

166316641665166616671668166916701671 12 0 167216731674167516761677167816791680 50 1681168216831684 100 1685 50 33 1686 0 0 16871688 50 168916901691 50 169216931694 100 66 1695 50 66 1696 50 66 16971698 100 66 16991700170117021703170417051706170717081709 100 171017111712 100 1713 50 1714171517161717 100 171817191720 50 1721 100 100 66 172217231724 50 $title 100 17251726$title1727 50 1728 0 0 1729173017311732 50 33 33 1733 0 0 1734 0 0 1735 0 0 173617371738 50 66 66 1739 50 17401741174217431744 50 1745 0 0 1746 0 1747 0 0 0 174817491750 0 1751 0 0 17521753175417551756 50 1757 100 1758 100 66 175917601761 50 1762

1765

END

1766

;

1767

my($other) = @other ? " @other" : '';

1768

push(@result,"\n\n");

1769

103

return join("\n",@result);

1770

}

1771

1772

### Method: _style

1773

# internal method for generating a CSS style section

1774

####

1775

sub _style {

1776

my ($self,$style) = @_;

1777

my (@result);

1778

1779

my $type = 'text/css';

1780

my $rel = 'stylesheet';

1781

1782

1783

my $cdata_start = $XHTML ? "\n\n" : " -->\n";

1785

1786

my @s = ref($style) eq 'ARRAY' ? @$style : $style;

1787

my $other = '';

1788

1789

for my $s (@s) {

1790

if (ref($s)) {

1791

my($src,$code,$verbatim,$stype,$alternate,$foo,@other) =

1792

rearrange([qw(SRC CODE VERBATIM TYPE ALTERNATE FOO)],

1793

('-foo'=>'bar',

1794

ref($s) eq 'ARRAY' ? @$s : %$s));

1795

my $type = defined $stype ? $stype : 'text/css';

1796

my $rel = $alternate ? 'alternate stylesheet' : 'stylesheet';

1797

$other = "@other" if @other;

1798

1799

if (ref($src) eq "ARRAY") # Check to see if the $src variable is an array reference

1800

{ # If it is, push a LINK tag for each one

1801

for $src (@$src)

1802

{

1803

push(@result,$XHTML ? qq()

1804

: qq()) if $src;

1805

}

1806

}

1807

else

1808

{ # Otherwise, push the single -src, if it exists.

1809

push(@result,$XHTML ? qq()

1810

: qq()

1811

) if $src;

1812

}

1813

if ($verbatim) {

1814

my @v = ref($verbatim) eq 'ARRAY' ? @$verbatim : $verbatim;

1815

push(@result, "") for @v;

1816

}

1817

if ($code) {

1818

my @c = ref($code) eq 'ARRAY' ? @$code : $code;

1819

push(@result,style({'type'=>$type},"$cdata_start\n$_\n$cdata_end")) for @c;

1820

}

1821

1822

} else {

1823

my $src = $s;

1824

push(@result,$XHTML ? qq()

1825

: qq());

1826

}

1827

}

1828

@result;

1829

}

1830

1831

sub _script {

1832

my ($self,$script) = @_;

1833

my (@result);

1834

1835

my (@scripts) = ref($script) eq 'ARRAY' ? @$script : ($script);

1836

for $script (@scripts) {

1837

my($src,$code,$language,$charset);

1838

if (ref($script)) { # script is a hash

1839

($src,$code,$type,$charset) =

1840

rearrange(['SRC','CODE',['LANGUAGE','TYPE'],'CHARSET'],

1841

'-foo'=>'bar', # a trick to allow the '-' to be omitted

1842

ref($script) eq 'ARRAY' ? @$script : %$script);

1843

$type ||= 'text/javascript';

1844

unless ($type =~ m!\w+/\w+!) {

1845

$type =~ s/[\d.]+$//;

1846

$type = "text/$type";

1847

}

1848

} else {

1849

($src,$code,$type,$charset) = ('',$script, 'text/javascript', '');

1850

}

1851

1852

my $comment = '//'; # javascript by default

1853

$comment = '#' if $type=~/perl|tcl/i;

1854

$comment = "'" if $type=~/vbscript/i;

1855

1856

my ($cdata_start,$cdata_end);

1857

if ($XHTML) {

1858

$cdata_start = "$comment

1859

$cdata_end .= "\n$comment]]>";

1860

} else {

1861

$cdata_start = "\n\n";

1864

}

1865

my(@satts);

1866

push(@satts,'src'=>$src) if $src;

1867

push(@satts,'type'=>$type);

1868

push(@satts,'charset'=>$charset) if ($src && $charset);

1869

$code = $cdata_start . $code . $cdata_end if defined $code;

1870

push(@result,$self->script({@satts},$code || ''));

1871

}

1872

@result;

1873

}

1874

1875

#### Method: end_html

1876

# End an HTML document.

1877

# Trivial method for completeness. Just returns ""

1878

####

1879

sub end_html {

1880

return "\n\n";

1881

}

1882

1883

################################

1884

# METHODS USED IN BUILDING FORMS

1885

################################

1886

1887

#### Method: isindex

1888

# Just prints out the isindex tag.

1889

# Parameters:

1890

# $action -> optional URL of script to run

1891

# Returns:

1892

# A string containing a tag

1893

sub isindex {

1894

my($self,@p) = self_or_default(@_);

1895

my($action,@other) = rearrange([ACTION],@p);

1896

$action = qq/ action="$action"/ if $action;

1897

my($other) = @other ? " @other" : '';

1898

return $XHTML ? "" : "";

1899

}

1900

1901

#### Method: start_form

1902

# Start a form

1903

# Parameters:

1904

# $method -> optional submission method to use (GET or POST)

1905

# $action -> optional URL of script to run

1906

# $enctype ->encoding to use (URL_ENCODED or MULTIPART)

1907

sub start_form {

1908

my($self,@p) = self_or_default(@_);

1909

1910

my($method,$action,$enctype,@other) =

1911

rearrange([METHOD,ACTION,ENCTYPE],@p);

1912

1913

100

$method = $self->_maybe_escapeHTML(lc($method || 'post'));

1914

1915

100

454

if( $XHTML ){

1916

$enctype = $self->_maybe_escapeHTML($enctype || &MULTIPART);

1917

}else{

1918

$enctype = $self->_maybe_escapeHTML($enctype || &URL_ENCODED);

1919

}

1920

1921

286

if (defined $action) {

1922

$action = $self->_maybe_escapeHTML($action);

1923

}

1924

else {

1925

$action = $self->_maybe_escapeHTML($self->request_uri || $self->self_url);

1926

}

1927

264

$action = qq(action="$action");

1928

100

my($other) = @other ? " @other" : '';

1929

$self->{'.parametersToAdd'}={};

1930

return qq/

1931

}

1932

1933

#### Method: start_multipart_form

1934

sub start_multipart_form {

1935

my($self,@p) = self_or_default(@_);

1936

if (defined($p[0]) && substr($p[0],0,1) eq '-') {

1937

return $self->start_form(-enctype=>&MULTIPART,@p);

1938

} else {

1939

my($method,$action,@other) =

1940

rearrange([METHOD,ACTION],@p);

1941

return $self->start_form($method,$action,&MULTIPART,@other);

1942

}

1943

}

1944

1945

#### Method: end_form

1946

# End a form

1947

# Note: This repeated below under the older name.

1948

sub end_form {

1949

my($self,@p) = self_or_default(@_);

1950

if ( $NOSTICKY ) {

1951

return wantarray ? ("") : "\n";

1952

} else {

1953

if (my @fields = $self->get_fields) {

1954

return wantarray ? ("

",@fields,"

","")

1955

: "

".(join '',@fields)."

\n";

1956

} else {

1957

return "";

1958

}

1959

}

1960

}

1961

1962

#### Method: end_multipart_form

1963

# end a multipart form

1964

sub end_multipart_form {

1965

&end_form;

1966

}

1967

1968

sub _textfield {

1969

my($self,$tag,@p) = self_or_default(@_);

1970

my($name,$default,$size,$maxlength,$override,$tabindex,@other) =

1971

rearrange([NAME,[DEFAULT,VALUE,VALUES],SIZE,MAXLENGTH,[OVERRIDE,FORCE],TABINDEX],@p);

1972

1973

100

my $current = $override ? $default :

100

1974

(defined($self->param($name)) ? $self->param($name) : $default);

1975

1976

$current = defined($current) ? $self->_maybe_escapeHTML($current,1) : '';

1977

100

202

$name = defined($name) ? $self->_maybe_escapeHTML($name) : '';

1978

164

my($s) = defined($size) ? qq/ size="$size"/ : '';

1979

my($m) = defined($maxlength) ? qq/ maxlength="$maxlength"/ : '';

1980

100

my($other) = @other ? " @other" : '';

1981

# this entered at cristy's request to fix problems with file upload fields

1982

# and WebTV -- not sure it won't break stuff

1983

my($value) = $current ne '' ? qq(value="$current") : '';

1984

$tabindex = $self->element_tab($tabindex);

1985

return $XHTML ? qq()

1986

: qq();

1987

}

1988

1989

#### Method: textfield

1990

# Parameters:

1991

# $name -> Name of the text field

1992

# $default -> Optional default value of the field if not

1993

# already defined.

1994

# $size -> Optional width of field in characaters.

1995

# $maxlength -> Optional maximum number of characters.

1996

# Returns:

1997

# A string containing a field

1998

1999

sub textfield {

2000

my($self,@p) = self_or_default(@_);

2001

$self->_textfield('text',@p);

2002

}

2003

2004

#### Method: filefield

2005

# Parameters:

2006

# $name -> Name of the file upload field

2007

# $size -> Optional width of field in characaters.

2008

# $maxlength -> Optional maximum number of characters.

2009

# Returns:

2010

# A string containing a field

2011

2012

sub filefield {

2013

my($self,@p) = self_or_default(@_);

2014

$self->_textfield('file',@p);

2015

}

2016

2017

#### Method: password

2018

# Create a "secret password" entry field

2019

# Parameters:

2020

# $name -> Name of the field

2021

# $default -> Optional default value of the field if not

2022

# already defined.

2023

# $size -> Optional width of field in characters.

2024

# $maxlength -> Optional maximum characters that can be entered.

2025

# Returns:

2026

# A string containing a field

2027

2028

sub password_field {

2029

my ($self,@p) = self_or_default(@_);

2030

$self->_textfield('password',@p);

2031

}

2032

2033

#### Method: textarea

2034

# Parameters:

2035

# $name -> Name of the text field

2036

# $default -> Optional default value of the field if not

2037

# already defined.

2038

# $rows -> Optional number of rows in text area

2039

# $columns -> Optional number of columns in text area

2040

# Returns:

2041

# A string containing a tag

2042

2043

sub textarea {

2044

my($self,@p) = self_or_default(@_);

2045

my($name,$default,$rows,$cols,$override,$tabindex,@other) =

2046

rearrange([NAME,[DEFAULT,VALUE],ROWS,[COLS,COLUMNS],[OVERRIDE,FORCE],TABINDEX],@p);

2047

2048

my($current)= $override ? $default :

2049

(defined($self->param($name)) ? $self->param($name) : $default);

2050

2051

$name = defined($name) ? $self->_maybe_escapeHTML($name) : '';

2052

$current = defined($current) ? $self->_maybe_escapeHTML($current) : '';

2053

my($r) = $rows ? qq/ rows="$rows"/ : '';

2054

my($c) = $cols ? qq/ cols="$cols"/ : '';

2055

100

my($other) = @other ? " @other" : '';

2056

$tabindex = $self->element_tab($tabindex);

2057

return qq{};

2058

}

2059

2060

#### Method: button

2061

# Create a javascript button.

2062

# Parameters:

2063

# $name -> (optional) Name for the button. (-name)

2064

# $value -> (optional) Value of the button when selected (and visible name) (-value)

2065

# $onclick -> (optional) Text of the JavaScript to run when the button is

2066

# clicked.

2067

# Returns:

2068

# A string containing a tag

2069

####

2070

sub button {

2071

741

my($self,@p) = self_or_default(@_);

2072

2073

my($label,$value,$script,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL],

2074

[ONCLICK,SCRIPT],TABINDEX],@p);

2075

2076

$label=$self->_maybe_escapeHTML($label);

2077

178

$value=$self->_maybe_escapeHTML($value,1);

2078

$script=$self->_maybe_escapeHTML($script);

2079

2080

100

$script ||= '';

2081

2082

my($name) = '';

2083

100

$name = qq/ name="$label"/ if $label;

2084

$value = $value || $label;

2085

my($val) = '';

2086

100

$val = qq/ value="$value"/ if $value;

2087

100

$script = qq/ onclick="$script"/ if $script;

2088

100

my($other) = @other ? " @other" : '';

2089

$tabindex = $self->element_tab($tabindex);

2090

return $XHTML ? qq()

2091

: qq();

2092

}

2093

2094

#### Method: submit

2095

# Create a "submit query" button.

2096

# Parameters:

2097

# $name -> (optional) Name for the button.

2098

# $value -> (optional) Value of the button when selected (also doubles as label).

2099

# $label -> (optional) Label printed on the button(also doubles as the value).

2100

# Returns:

2101

# A string containing a tag

2102

####

2103

sub submit {

2104

382

my($self,@p) = self_or_default(@_);

2105

2106

my($label,$value,$tabindex,@other) = rearrange([NAME,[VALUE,LABEL],TABINDEX],@p);

2107

2108

$label=$self->_maybe_escapeHTML($label);

2109

241

$value=$self->_maybe_escapeHTML($value,1);

2110

2111

294

my $name = $NOSTICKY ? '' : 'name=".submit" ';

2112

100

$name = qq/name="$label" / if defined($label);

2113

100

$value = defined($value) ? $value : $label;

2114

my $val = '';

2115

100

$val = qq/value="$value" / if defined($value);

2116

$tabindex = $self->element_tab($tabindex);

2117

100

my($other) = @other ? "@other " : '';

2118

return $XHTML ? qq()

2119

: qq();

2120

}

2121

2122

#### Method: reset

2123

# Create a "reset" button.

2124

# Parameters:

2125

# $name -> (optional) Name for the button.

2126

# Returns:

2127

# A string containing a tag

2128

####

2129

sub reset {

2130

my($self,@p) = self_or_default(@_);

2131

my($label,$value,$tabindex,@other) = rearrange(['NAME',['VALUE','LABEL'],TABINDEX],@p);

2132

$label=$self->_maybe_escapeHTML($label);

2133

$value=$self->_maybe_escapeHTML($value,1);

2134

my ($name) = ' name=".reset"';

2135

$name = qq/ name="$label"/ if defined($label);

2136

$value = defined($value) ? $value : $label;

2137

my($val) = '';

2138

$val = qq/ value="$value"/ if defined($value);

2139

my($other) = @other ? " @other" : '';

2140

$tabindex = $self->element_tab($tabindex);

2141

return $XHTML ? qq()

2142

: qq();

2143

}

2144

2145

#### Method: defaults

2146

# Create a "defaults" button.

2147

# Parameters:

2148

# $name -> (optional) Name for the button.

2149

# Returns:

2150

# A string containing a tag

2151

2152

# Note: this button has a special meaning to the initialization script,

2153

# and tells it to ERASE the current query string so that your defaults

2154

# are used again!

2155

####

2156

sub defaults {

2157

my($self,@p) = self_or_default(@_);

2158

2159

my($label,$tabindex,@other) = rearrange([[NAME,VALUE],TABINDEX],@p);

2160

2161

$label=$self->_maybe_escapeHTML($label,1);

2162

$label = $label || "Defaults";

2163

my($value) = qq/ value="$label"/;

2164

my($other) = @other ? " @other" : '';

2165

$tabindex = $self->element_tab($tabindex);

2166

return $XHTML ? qq()

2167

: qq//;

2168

}

2169

2170

#### Method: comment

2171

# Create an HTML

2172

# Parameters: a string

2173

sub comment {

2174

my($self,@p) = self_or_CGI(@_);

2175

return "";

2176

}

2177

2178

#### Method: checkbox

2179

# Create a checkbox that is not logically linked to any others.

2180

# The field value is "on" when the button is checked.

2181

# Parameters:

2182

# $name -> Name of the checkbox

2183

# $checked -> (optional) turned on by default if true

2184

# $value -> (optional) value of the checkbox, 'on' by default

2185

# $label -> (optional) a user-readable label printed next to the box.

2186

# Otherwise the checkbox name is used.

2187

# Returns:

2188

# A string containing a field

2189

####

2190

sub checkbox {

2191

my($self,@p) = self_or_default(@_);

2192

2193

my($name,$checked,$value,$label,$labelattributes,$override,$tabindex,@other) =

2194

rearrange([NAME,[CHECKED,SELECTED,ON],VALUE,LABEL,LABELATTRIBUTES,

2195

[OVERRIDE,FORCE],TABINDEX],@p);

2196

2197

$value = defined $value ? $value : 'on';

2198

2199

100

if (!$override && ($self->{'.fieldnames'}->{$name} ||

2200

defined $self->param($name))) {

2201

100

$checked = grep($_ eq $value,$self->param($name)) ? $self->_checked(1) : '';

2202

} else {

2203

$checked = $self->_checked($checked);

2204

}

2205

100

my($the_label) = defined $label ? $label : $name;

2206

$name = $self->_maybe_escapeHTML($name);

2207

229

$value = $self->_maybe_escapeHTML($value,1);

2208

185

$the_label = $self->_maybe_escapeHTML($the_label);

2209

100

188

my($other) = @other ? "@other " : '';

2210

$tabindex = $self->element_tab($tabindex);

2211

$self->register_parameter($name);

2212

return $XHTML ? CGI::label($labelattributes,

2213

qq{$the_label})

2214

: qq{$the_label};

2215

}

2216

2217

# Escape HTML

2218

sub escapeHTML {

2219

251

6146

require HTML::Entities;

2220

# hack to work around earlier hacks

2221

251

100

44435

push @_,$_[0] if @_==1 && $_[0] eq 'CGI';

2222

251

294

my ($self,$toencode,$newlinestoo) = CGI::self_or_default(@_);

2223

251

357

return undef unless defined($toencode);

2224

251

211

my $encode_entities = $ENCODE_ENTITIES;

2225

251

100

670

$encode_entities .= "\012\015" if ( $encode_entities && $newlinestoo );

2226

251

403

return HTML::Entities::encode_entities($toencode,$encode_entities);

2227

}

2228

2229

# unescape HTML -- used internally

2230

sub unescapeHTML {

2231

105

2302

require HTML::Entities;

2232

# hack to work around earlier hacks

2233

105

13210

push @_,$_[0] if @_==1 && $_[0] eq 'CGI';

2234

105

118

my ($self,$string) = CGI::self_or_default(@_);

2235

105

100

165

return undef unless defined($string);

2236

313

return HTML::Entities::decode_entities($string);

2237

}

2238

2239

# Internal procedure - don't use

2240

sub _tableize {

2241

my($rows,$columns,$rowheaders,$colheaders,@elements) = @_;

2242

my @rowheaders = $rowheaders ? @$rowheaders : ();

2243

my @colheaders = $colheaders ? @$colheaders : ();

2244

my($result);

2245

2246

if (defined($columns)) {

2247

$rows = int(0.99 + @elements/$columns) unless defined($rows);

2248

}

2249

if (defined($rows)) {

2250

$columns = int(0.99 + @elements/$rows) unless defined($columns);

2251

}

2252

2253

# rearrange into a pretty table

2254

$result = ""; " if @colheaders; "; "; " if @rowheaders; " ";

2255	1			1	my($row,$column);
2256	1	50	33	2	unshift(@colheaders,'') if @colheaders && @rowheaders;
2257	1	50		3	$result .= "
2258	1			1	for (@colheaders) {
2259	0			0	$result .= "	$_
2260					}
2261	1			3	for ($row=0;$row<$rows;$row++) {
2262	2			2	$result .= "
2263	2	50		3	$result .= "	$rowheaders[$row]
2264	2			9	for ($column=0;$column<$columns;$column++) {
2265	4	50		14	$result .= "	" . $elements[$column*$rows + $row] . "
2266					if defined($elements[$column*$rows + $row]);
2267					}
2268	2			5	$result .= "
2269					}
2270	1			1	$result .= "

2271

return $result;

2272

}

2273

2274

#### Method: radio_group

2275

# Create a list of logically-linked radio buttons.

2276

# Parameters:

2277

# $name -> Common name for all the buttons.

2278

# $values -> A pointer to a regular array containing the

2279

# values for each button in the group.

2280

# $default -> (optional) Value of the button to turn on by default. Pass '-'

2281

# to turn _nothing_ on.

2282

# $linebreak -> (optional) Set to true to place linebreaks

2283

# between the buttons.

2284

# $labels -> (optional)

2285

# A pointer to a hash of labels to print next to each checkbox

2286

# in the form $label{'value'}="Long explanatory label".

2287

# Otherwise the provided values are used as the labels.

2288

# Returns:

2289

# An ARRAY containing a series of fields

2290

####

2291

sub radio_group {

2292

my($self,@p) = self_or_default(@_);

2293

$self->_box_group('radio',@p);

2294

}

2295

2296

#### Method: checkbox_group

2297

# Create a list of logically-linked checkboxes.

2298

# Parameters:

2299

# $name -> Common name for all the check boxes

2300

# $values -> A pointer to a regular array containing the

2301

# values for each checkbox in the group.

2302

# $defaults -> (optional)

2303

# 1. If a pointer to a regular array of checkbox values,

2304

# then this will be used to decide which

2305

# checkboxes to turn on by default.

2306

# 2. If a scalar, will be assumed to hold the

2307

# value of a single checkbox in the group to turn on.

2308

# $linebreak -> (optional) Set to true to place linebreaks

2309

# between the buttons.

2310

# $labels -> (optional)

2311

# A pointer to a hash of labels to print next to each checkbox

2312

# in the form $label{'value'}="Long explanatory label".

2313

# Otherwise the provided values are used as the labels.

2314

# Returns:

2315

# An ARRAY containing a series of fields

2316

####

2317

2318

sub checkbox_group {

2319

my($self,@p) = self_or_default(@_);

2320

$self->_box_group('checkbox',@p);

2321

}

2322

2323

sub _box_group {

2324

my $self = shift;

2325

my $box_type = shift;

2326

2327

my($name,$values,$defaults,$linebreak,$labels,$labelattributes,

2328

$attributes,$rows,$columns,$rowheaders,$colheaders,

2329

$override,$nolabels,$tabindex,$disabled,@other) =

2330

rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LINEBREAK,LABELS,LABELATTRIBUTES,

2331

ATTRIBUTES,ROWS,[COLUMNS,COLS],[ROWHEADERS,ROWHEADER],[COLHEADERS,COLHEADER],

2332

[OVERRIDE,FORCE],NOLABELS,TABINDEX,DISABLED

2333

],@_);

2334

2335

2336

my($result,$checked,@elements,@values);

2337

2338

@values = $self->_set_values_and_labels($values,\$labels,$name);

2339

my %checked = $self->previous_or_default($name,$defaults,$override);

2340

2341

# If no check array is specified, check the first by default

2342

100

$checked{$values[0]}++ if $box_type eq 'radio' && !%checked;

2343

2344

$name=$self->_maybe_escapeHTML($name);

2345

2346

428

my %tabs = ();

2347

if ($TABINDEX && $tabindex) {

2348

if (!ref $tabindex) {

2349

$self->element_tab($tabindex);

2350

} elsif (ref $tabindex eq 'ARRAY') {

2351

%tabs = map {$_=>$self->element_tab} @$tabindex;

2352

} elsif (ref $tabindex eq 'HASH') {

2353

%tabs = %$tabindex;

2354

}

2355

}

2356

%tabs = map {$_=>$self->element_tab} @values unless %tabs;

2357

100

my $other = @other ? "@other " : '';

2358

my $radio_checked;

2359

2360

# for disabling groups of radio/checkbox buttons

2361

my %disabled;

2362

for (@{$disabled}) {

2363

$disabled{$_}=1;

2364

}

2365

2366

for (@values) {

2367

my $disable="";

2368

100

if ($disabled{$_}) {

2369

$disable="disabled='1'";

2370

}

2371

2372

my $checkit = $self->_checked($box_type eq 'radio' ? ($checked{$_} && !$radio_checked++)

2373

100

114

: $checked{$_});

2374

my($break);

2375

100

if ($linebreak) {

2376

$break = $XHTML ? "
" : "
";

2377

}

2378

else {

2379

$break = '';

2380

}

2381

my($label)='';

2382

unless (defined($nolabels) && $nolabels) {

2383

$label = $_;

2384

100

$label = $labels->{$_} if defined($labels) && defined($labels->{$_});

2385

$label = $self->_maybe_escapeHTML($label,1);

2386

100

847

$label = "$label" if $disabled{$_};

2387

}

2388

my $attribs = $self->_set_attributes($_, $attributes);

2389

my $tab = $tabs{$_};

2390

$_=$self->_maybe_escapeHTML($_);

2391

2392

100

664

if ($XHTML) {

2393

push @elements,

2394

CGI::label($labelattributes,

2395

qq($label)).${break};

2396

} else {

2397

push(@elements,qq/${label}${break}/);

2398

}

2399

}

2400

$self->register_parameter($name);

2401

132

return wantarray ? @elements : "@elements"

100

2402

unless defined($columns) || defined($rows);

2403

return _tableize($rows,$columns,$rowheaders,$colheaders,@elements);

2404

}

2405

2406

#### Method: popup_menu

2407

# Create a popup menu.

2408

# Parameters:

2409

# $name -> Name for all the menu

2410

# $values -> A pointer to a regular array containing the

2411

# text of each menu item.

2412

# $default -> (optional) Default item to display

2413

# $labels -> (optional)

2414

# A pointer to a hash of labels to print next to each checkbox

2415

# in the form $label{'value'}="Long explanatory label".

2416

# Otherwise the provided values are used as the labels.

2417

# Returns:

2418

# A string containing the definition of a popup menu.

2419

####

2420

sub popup_menu {

2421

295

my($self,@p) = self_or_default(@_);

2422

2423

my($name,$values,$default,$labels,$attributes,$override,$tabindex,@other) =

2424

rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LABELS,

2425

ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p);

2426

my($result,%selected);

2427

2428

if (!$override && defined($self->param($name))) {

100

2429

$selected{$self->param($name)}++;

2430

} elsif (defined $default) {

2431

%selected = map {$_=>1} ref($default) eq 'ARRAY'

2432

? @$default

2433

: $default;

2434

}

2435

$name=$self->_maybe_escapeHTML($name);

2436

# RT #30057 - ignore -multiple, if you need this

2437

# then use scrolling_list

2438

328

@other = grep { $_ !~ /^multiple=/i } @other;

2439

100

my($other) = @other ? " @other" : '';

2440

2441

my(@values);

2442

@values = $self->_set_values_and_labels($values,\$labels,$name);

2443

$tabindex = $self->element_tab($tabindex);

2444

100

$name = q{} if ! defined $name;

2445

$result = qq/

2446

for (@values) {

2447

100

if (/

2448

for my $v (split(/\n/)) {

2449

my $selectit = $XHTML ? 'selected="selected"' : 'selected';

2450

for my $selected (keys %selected) {

2451

$v =~ s/(value="\Q$selected\E")/$selectit $1/;

2452

}

2453

$result .= "$v\n";

2454

}

2455

}

2456

else {

2457

my $attribs = $self->_set_attributes($_, $attributes);

2458

my($selectit) = $self->_selected($selected{$_});

2459

my($label) = $_;

2460

100

$label = $labels->{$_} if defined($labels) && defined($labels->{$_});

2461

my($value) = $self->_maybe_escapeHTML($_);

2462

374

$label = $self->_maybe_escapeHTML($label,1);

2463

449

$result .= "$label\n";

2464

}

2465

}

2466

2467

$result .= "";

2468

return $result;

2469

}

2470

2471

#### Method: optgroup

2472

# Create a optgroup.

2473

# Parameters:

2474

# $name -> Label for the group

2475

# $values -> A pointer to a regular array containing the

2476

# values for each option line in the group.

2477

# $labels -> (optional)

2478

# A pointer to a hash of labels to print next to each item

2479

# in the form $label{'value'}="Long explanatory label".

2480

# Otherwise the provided values are used as the labels.

2481

# $labeled -> (optional)

2482

# A true value indicates the value should be used as the label attribute

2483

# in the option elements.

2484

# The label attribute specifies the option label presented to the user.

2485

# This defaults to the content of the

2486

# attribute allows authors to more easily use optgroup without sacrificing

2487

# compatibility with browsers that do not support option groups.

2488

# $novals -> (optional)

2489

# A true value indicates to suppress the val attribute in the option elements

2490

# Returns:

2491

# A string containing the definition of an option group.

2492

####

2493

sub optgroup {

2494

my($self,@p) = self_or_default(@_);

2495

my($name,$values,$attributes,$labeled,$noval,$labels,@other)

2496

= rearrange([NAME,[VALUES,VALUE],ATTRIBUTES,LABELED,NOVALS,LABELS],@p);

2497

2498

my($result,@values);

2499

@values = $self->_set_values_and_labels($values,\$labels,$name,$labeled,$novals);

2500

100

my($other) = @other ? " @other" : '';

2501

2502

100

$name = $self->_maybe_escapeHTML($name) || q{};

2503

$result = qq/\n/;

2504

for (@values) {

2505

if (/

2506

for (split(/\n/)) {

2507

my $selectit = $XHTML ? 'selected="selected"' : 'selected';

2508

s/(value="$selected")/$selectit $1/ if defined $selected;

2509

$result .= "$_\n";

2510

}

2511

}

2512

else {

2513

my $attribs = $self->_set_attributes($_, $attributes);

2514

my($label) = $_;

2515

$label = $labels->{$_} if defined($labels) && defined($labels->{$_});

2516

$label=$self->_maybe_escapeHTML($label);

2517

my($value)=$self->_maybe_escapeHTML($_,1);

2518

$result .= $labeled ? $novals ? "$label\n"

2519

: "$label\n"

2520

: $novals ? "$label\n"

2521

: "$label\n";

2522

}

2523

}

2524

$result .= "";

2525

return $result;

2526

}

2527

2528

#### Method: scrolling_list

2529

# Create a scrolling list.

2530

# Parameters:

2531

# $name -> name for the list

2532

# $values -> A pointer to a regular array containing the

2533

# values for each option line in the list.

2534

# $defaults -> (optional)

2535

# 1. If a pointer to a regular array of options,

2536

# then this will be used to decide which

2537

# lines to turn on by default.

2538

# 2. Otherwise holds the value of the single line to turn on.

2539

# $size -> (optional) Size of the list.

2540

# $multiple -> (optional) If set, allow multiple selections.

2541

# $labels -> (optional)

2542

# A pointer to a hash of labels to print next to each checkbox

2543

# in the form $label{'value'}="Long explanatory label".

2544

# Otherwise the provided values are used as the labels.

2545

# Returns:

2546

# A string containing the definition of a scrolling list.

2547

####

2548

sub scrolling_list {

2549

my($self,@p) = self_or_default(@_);

2550

my($name,$values,$defaults,$size,$multiple,$labels,$attributes,$override,$tabindex,@other)

2551

= rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT],

2552

SIZE,MULTIPLE,LABELS,ATTRIBUTES,[OVERRIDE,FORCE],TABINDEX],@p);

2553

2554

my($result,@values);

2555

@values = $self->_set_values_and_labels($values,\$labels,$name);

2556

2557

100

$size = $size || scalar(@values);

2558

2559

my(%selected) = $self->previous_or_default($name,$defaults,$override);

2560

2561

100

my($is_multiple) = $multiple ? qq/ multiple="multiple"/ : '';

2562

my($has_size) = $size ? qq/ size="$size"/: '';

2563

100

my($other) = @other ? " @other" : '';

2564

2565

$name=$self->_maybe_escapeHTML($name);

2566

$tabindex = $self->element_tab($tabindex);

2567

$result = qq/

2568

for (@values) {

2569

100

if (/

2570

for my $v (split(/\n/)) {

2571

my $selectit = $XHTML ? 'selected="selected"' : 'selected';

2572

for my $selected (keys %selected) {

2573

$v =~ s/(value="$selected")/$selectit $1/;

2574

}

2575

$result .= "$v\n";

2576

}

2577

}

2578

else {

2579

my $attribs = $self->_set_attributes($_, $attributes);

2580

my($selectit) = $self->_selected($selected{$_});

2581

my($label) = $_;

2582

100

$label = $labels->{$_} if defined($labels) && defined($labels->{$_});

2583

my($value) = $self->_maybe_escapeHTML($_);

2584

161

$label = $self->_maybe_escapeHTML($label,1);

2585

152

$result .= "$label\n";

2586

}

2587

}

2588

2589

$result .= "";

2590

$self->register_parameter($name);

2591

return $result;

2592

}

2593

2594

#### Method: hidden

2595

# Parameters:

2596

# $name -> Name of the hidden field

2597

# @default -> (optional) Initial values of field (may be an array)

2598

# or

2599

# $default->[initial values of field]

2600

# Returns:

2601

# A string containing a

2602

####

2603

sub hidden {

2604

my($self,@p) = self_or_default(@_);

2605

2606

# this is the one place where we departed from our standard

2607

# calling scheme, so we have to special-case (darn)

2608

my(@result,@value);

2609

my($name,$default,$override,@other) =

2610

rearrange([NAME,[DEFAULT,VALUE,VALUES],[OVERRIDE,FORCE]],@p);

2611

2612

my $do_override = 0;

2613

100

if ( ref($p[0]) || substr($p[0],0,1) eq '-') {

2614

100

@value = ref($default) ? @{$default} : $default;

2615

$do_override = $override;

2616

} else {

2617

for ($default,$override,@other) {

2618

100

push(@value,$_) if defined($_);

2619

}

2620

undef @other;

2621

}

2622

2623

# use previous values if override is not set

2624

my @prev = $self->param($name);

2625

@value = @prev if !$do_override && @prev;

2626

2627

$name=$self->_maybe_escapeHTML($name);

2628

452

for (@value) {

2629

$_ = defined($_) ? $self->_maybe_escapeHTML($_,1) : '';

2630

527

push @result,$XHTML ? qq()

2631

: qq();

2632

}

2633

100

return wantarray ? @result : join('',@result);

2634

}

2635

2636

#### Method: image_button

2637

# Parameters:

2638

# $name -> Name of the button

2639

# $src -> URL of the image source

2640

# $align -> Alignment style (TOP, BOTTOM or MIDDLE)

2641

# Returns:

2642

# A string containing a

2643

####

2644

sub image_button {

2645

my($self,@p) = self_or_default(@_);

2646

2647

my($name,$src,$alignment,@other) =

2648

rearrange([NAME,SRC,ALIGN],@p);

2649

2650

my($align) = $alignment ? " align=\L\"$alignment\"" : '';

2651

my($other) = @other ? " @other" : '';

2652

$name=$self->_maybe_escapeHTML($name);

2653

return $XHTML ? qq()

2654

: qq//;

2655

}

2656

2657

#### Method: self_url

2658

# Returns a URL containing the current script and all its

2659

# param/value pairs arranged as a query. You can use this

2660

# to create a link that, when selected, will reinvoke the

2661

# script with all its state information preserved.

2662

####

2663

sub self_url {

2664

my($self,@p) = self_or_default(@_);

2665

return $self->url('-path_info'=>1,'-query'=>1,'-full'=>1,@p);

2666

}

2667

2668

# This is provided as a synonym to self_url() for people unfortunate

2669

# enough to have incorporated it into their programs already!

2670

sub state {

2671

&self_url;

2672

}

2673

2674

#### Method: url

2675

# Like self_url, but doesn't return the query string part of

2676

# the URL.

2677

####

2678

sub url {

2679

my($self,@p) = self_or_default(@_);

2680

201

my ($relative,$absolute,$full,$path_info,$query,$base,$rewrite) =

2681

rearrange(['RELATIVE','ABSOLUTE','FULL',['PATH','PATH_INFO'],['QUERY','QUERY_STRING'],'BASE','REWRITE'],@p);

2682

my $url = '';

2683

100

206

$full++ if $base || !($relative || $absolute);

2684

100

$rewrite++ unless defined $rewrite;

2685

2686

my $path = $self->path_info;

2687

my $script_name = $self->script_name;

2688

100

my $request_uri = $self->request_uri || '';

2689

100

my $query_str = $query ? $self->query_string : '';

2690

2691

$request_uri =~ s/\?.*$//s; # remove query string

2692

$request_uri = unescape($request_uri);

2693

2694

100

139

my $uri = $rewrite && $request_uri ? $request_uri : $script_name;

2695

$uri =~ s/\?.*$//s; # remove query string

2696

2697

100

if ( defined( $ENV{PATH_INFO} ) ) {

2698

# IIS sometimes sets PATH_INFO to the same value as SCRIPT_NAME so only sub it out

2699

# if SCRIPT_NAME isn't defined or isn't the same value as PATH_INFO

2700

$uri =~ s/\Q$ENV{PATH_INFO}\E$//

2701

100

299

if ( ! defined( $ENV{SCRIPT_NAME} ) or $ENV{PATH_INFO} ne $ENV{SCRIPT_NAME} );

2702

2703

# if we're not IIS then keep to spec, the relevant info is here:

2704

# https://tools.ietf.org/html/rfc3875#section-4.1.13, namely

2705

# "No PATH_INFO segment (see section 4.1.5) is included in the

2706

# SCRIPT_NAME value." (see GH #126, GH #152, GH #176)

2707

100

if ( ! $IIS ) {

2708

104

$uri =~ s/\Q$ENV{PATH_INFO}\E$//;

2709

}

2710

}

2711

2712

100

if ($full) {

100

2713

my $protocol = $self->protocol();

2714

$url = "$protocol://";

2715

100

my $vh = http('x_forwarded_host') || http('host') || '';

2716

$vh =~ s/^.*,\s*//; # x_forwarded_host may be a comma-separated list (e.g. when the request has

2717

# passed through multiple reverse proxies. Take the last one.

2718

$vh =~ s/\:\d+$//; # some clients add the port number (incorrectly). Get rid of it.

2719

2720

$url .= $vh || server_name();

2721

2722

my $port = $self->virtual_port;

2723

2724

# add the port to the url unless it's the protocol's default port

2725

138

$url .= ':' . $port unless (lc($protocol) eq 'http' && $port == 80)

2726

or (lc($protocol) eq 'https' && $port == 443);

2727

2728

return $url if $base;

2729

2730

$url .= $uri;

2731

} elsif ($relative) {

2732

($url) = $uri =~ m!([^/]+)$!;

2733

} elsif ($absolute) {

2734

$url = $uri;

2735

}

2736

2737

100

118

$url .= $path if $path_info and defined $path;

2738

100

111

$url .= "?$query_str" if $query and $query_str ne '';

2739

$url ||= '';

2740

$url =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/sprintf("%%%02X",ord($1))/eg;

2741

159

return $url;

2742

}

2743

2744

#### Method: cookie

2745

# Set or read a cookie from the specified name.

2746

# Cookie can then be passed to header().

2747

# Usual rules apply to the stickiness of -value.

2748

# Parameters:

2749

# -name -> name for this cookie (optional)

2750

# -value -> value of this cookie (scalar, array or hash)

2751

# -path -> paths for which this cookie is valid (optional)

2752

# -domain -> internet domain in which this cookie is valid (optional)

2753

# -secure -> if true, cookie only passed through secure channel (optional)

2754

# -expires -> expiry date in format Wdy, DD-Mon-YYYY HH:MM:SS GMT (optional)

2755

####

2756

sub cookie {

2757

292

my($self,@p) = self_or_default(@_);

2758

my($name,$value,$path,$domain,$secure,$expires,$httponly,$max_age,$samesite) =

2759

rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES,HTTPONLY,'MAX-AGE',SAMESITE],@p);

2760

2761

505

require CGI::Cookie;

2762

2763

# if no value is supplied, then we retrieve the

2764

# value of the cookie, if any. For efficiency, we cache the parsed

2765

# cookies in our state variables.

2766

unless ( defined($value) ) {

2767

$self->{'.cookies'} = CGI::Cookie->fetch;

2768

2769

# If no name is supplied, then retrieve the names of all our cookies.

2770

return () unless $self->{'.cookies'};

2771

return keys %{$self->{'.cookies'}} unless $name;

2772

return () unless $self->{'.cookies'}->{$name};

2773

return $self->{'.cookies'}->{$name}->value if defined($name) && $name ne '';

2774

}

2775

2776

# If we get here, we're creating a new cookie

2777

return undef unless defined($name) && $name ne ''; # this is an error

2778

2779

my @param;

2780

push(@param,'-name'=>$name);

2781

push(@param,'-value'=>$value);

2782

push(@param,'-domain'=>$domain) if $domain;

2783

push(@param,'-path'=>$path) if $path;

2784

push(@param,'-expires'=>$expires) if $expires;

2785

push(@param,'-secure'=>$secure) if $secure;

2786

push(@param,'-httponly'=>$httponly) if $httponly;

2787

push(@param,'-max_age'=>$max_age) if $max_age;

2788

push(@param,'-samesite'=>$samesite) if $samesite;

2789

2790

return CGI::Cookie->new(@param);

2791

}

2792

2793

sub parse_keywordlist {

2794

my($self,$tosplit) = @_;

2795

$tosplit = unescape($tosplit); # unescape the keywords

2796

$tosplit=~tr/+/ /; # pluses to spaces

2797

my(@keywords) = split(/\s+/,$tosplit);

2798

return @keywords;

2799

}

2800

2801

sub param_fetch {

2802

my($self,@p) = self_or_default(@_);

2803

my($name) = rearrange([NAME],@p);

2804

100

return [] unless defined $name;

2805

2806

unless (exists($self->{param}{$name})) {

2807

$self->add_parameter($name);

2808

$self->{param}{$name} = [];

2809

}

2810

2811

return $self->{param}{$name};

2812

}

2813

2814

###############################################

2815

# OTHER INFORMATION PROVIDED BY THE ENVIRONMENT

2816

###############################################

2817

2818

#### Method: path_info

2819

# Return the extra virtual path information provided

2820

# after the URL (if any)

2821

####

2822

sub path_info {

2823

my ($self,$info) = self_or_default(@_);

2824

105

if (defined($info)) {

100

2825

$info = "/$info" if $info ne '' && substr($info,0,1) ne '/';

2826

$self->{'.path_info'} = $info;

2827

} elsif (! defined($self->{'.path_info'}) ) {

2828

my (undef,$path_info) = $self->_name_and_path_from_env;

2829

100

$self->{'.path_info'} = $path_info || '';

2830

}

2831

return $self->{'.path_info'};

2832

}

2833

2834

# This function returns a potentially modified version of SCRIPT_NAME

2835

# and PATH_INFO. Some HTTP servers do sanitise the paths in those

2836

# variables. It is the case of at least Apache 2. If for instance the

2837

# user requests: /path/./to/script.cgi/x//y/z/../x?y, Apache will set:

2838

# REQUEST_URI=/path/./to/script.cgi/x//y/z/../x?y

2839

# SCRIPT_NAME=/path/to/env.cgi

2840

# PATH_INFO=/x/y/x

2841

2842

# This is all fine except that some bogus CGI scripts expect

2843

# PATH_INFO=/http://foo when the user requests

2844

# http://xxx/script.cgi/http://foo

2845

2846

# Old versions of this module used to accomodate with those scripts, so

2847

# this is why we do this here to keep those scripts backward compatible.

2848

# Basically, we accomodate with those scripts but within limits, that is

2849

# we only try to preserve the number of / that were provided by the user

2850

# if $REQUEST_URI and "$SCRIPT_NAME$PATH_INFO" only differ by the number

2851

# of consecutive /.

2852

2853

# So for instance, in: http://foo/x//y/script.cgi/a//b, we'll return a

2854

# script_name of /x//y/script.cgi and a path_info of /a//b, but in:

2855

# http://foo/./x//z/script.cgi/a/../b//c, we'll return the versions

2856

# possibly sanitised by the HTTP server, so in the case of Apache 2:

2857

# script_name == /foo/x/z/script.cgi and path_info == /b/c.

2858

2859

# Future versions of this module may no longer do that, so one should

2860

# avoid relying on the browser, proxy, server, and CGI.pm preserving the

2861

# number of consecutive slashes as no guarantee can be made there.

2862

sub _name_and_path_from_env {

2863

my $self = shift;

2864

100

my $script_name = $ENV{SCRIPT_NAME} || '';

2865

100

my $path_info = $ENV{PATH_INFO} || '';

2866

100

my $uri = $self->request_uri || '';

2867

2868

$uri =~ s/\?.*//s;

2869

$uri = unescape($uri);

2870

2871

100

119

if ( $IIS ) {

100

2872

# IIS doesn't set $ENV{PATH_INFO} correctly. It sets it to

2873

# $ENV{SCRIPT_NAME}path_info

2874

# IIS also doesn't set $ENV{REQUEST_URI} so we don't want to do

2875

# the test below, hence this comes first

2876

$path_info =~ s/^\Q$script_name\E(.*)/$1/;

2877

} elsif ($uri ne "$script_name$path_info") {

2878

my $script_name_pattern = quotemeta($script_name);

2879

my $path_info_pattern = quotemeta($path_info);

2880

$script_name_pattern =~ s{(?:\\/)+}{/+}g;

2881

$path_info_pattern =~ s{(?:\\/)+}{/+}g;

2882

2883

115

if ($uri =~ /^($script_name_pattern)($path_info_pattern)$/s) {

2884

# REQUEST_URI and SCRIPT_NAME . PATH_INFO only differ by the

2885

# numer of consecutive slashes, so we can extract the info from

2886

# REQUEST_URI:

2887

($script_name, $path_info) = ($1, $2);

2888

}

2889

}

2890

return ($script_name,$path_info);

2891

}

2892

2893

#### Method: request_method

2894

# Returns 'POST', 'GET', 'PUT', 'PATCH' or 'HEAD'

2895

####

2896

sub request_method {

2897

1079

return (defined $ENV{'REQUEST_METHOD'}) ? $ENV{'REQUEST_METHOD'} : undef;

2898

}

2899

2900

#### Method: content_type

2901

# Returns the content_type string

2902

####

2903

sub content_type {

2904

return (defined $ENV{'CONTENT_TYPE'}) ? $ENV{'CONTENT_TYPE'} : undef;

2905

}

2906

2907

#### Method: path_translated

2908

# Return the physical path information provided

2909

# by the URL (if any)

2910

####

2911

sub path_translated {

2912

return (defined $ENV{'PATH_TRANSLATED'}) ? $ENV{'PATH_TRANSLATED'} : undef;

2913

}

2914

2915

#### Method: request_uri

2916

# Return the literal request URI

2917

####

2918

sub request_uri {

2919

100

208

return (defined $ENV{'REQUEST_URI'}) ? $ENV{'REQUEST_URI'} : undef;

2920

}

2921

2922

#### Method: query_string

2923

# Synthesize a query string from our current

2924

# parameters

2925

####

2926

sub query_string {

2927

my($self) = self_or_default(@_);

2928

my($param,$value,@pairs);

2929

for $param ($self->param) {

2930

102

my($eparam) = escape($param);

2931

for $value ($self->param($param)) {

2932

107

$value = escape($value);

2933

100

120

next unless defined $value;

2934

144

push(@pairs,"$eparam=$value");

2935

}

2936

}

2937

for (keys %{$self->{'.fieldnames'}}) {

109

2938

push(@pairs,".cgifields=".escape("$_"));

2939

}

2940

139

return join($USE_PARAM_SEMICOLONS ? ';' : '&',@pairs);

2941

}

2942

2943

sub env_query_string {

2944

return (defined $ENV{'QUERY_STRING'}) ? $ENV{'QUERY_STRING'} : undef;

2945

}

2946

2947

#### Method: accept

2948

# Without parameters, returns an array of the

2949

# MIME types the browser accepts.

2950

# With a single parameter equal to a MIME

2951

# type, will return undef if the browser won't

2952

# accept it, 1 if the browser accepts it but

2953

# doesn't give a preference, or a floating point

2954

# value between 0.0 and 1.0 if the browser

2955

# declares a quantitative score for it.

2956

# This handles MIME type globs correctly.

2957

####

2958

sub Accept {

2959

my($self,$search) = self_or_CGI(@_);

2960

my(%prefs,$type,$pref,$pat);

2961

2962

my(@accept) = defined $self->http('accept')

2963

? split(',',$self->http('accept'))

2964

: ();

2965

2966

for (@accept) {

2967

($pref) = /q=(\d\.\d+|\d+)/;

2968

($type) = m#(\S+/[^;]+)#;

2969

next unless $type;

2970

$prefs{$type}=$pref || 1;

2971

}

2972

2973

return keys %prefs unless $search;

2974

2975

# if a search type is provided, we may need to

2976

# perform a pattern matching operation.

2977

# The MIME types use a glob mechanism, which

2978

# is easily translated into a perl pattern match

2979

2980

# First return the preference for directly supported

2981

# types:

2982

return $prefs{$search} if $prefs{$search};

2983

2984

# Didn't get it, so try pattern matching.

2985

for (keys %prefs) {

2986

next unless /\*/; # not a pattern match

2987

($pat = $_) =~ s/([^\w*])/\\$1/g; # escape meta characters

2988

$pat =~ s/\*/.*/g; # turn it into a pattern

2989

return $prefs{$_} if $search=~/$pat/;

2990

}

2991

}

2992

2993

#### Method: user_agent

2994

# If called with no parameters, returns the user agent.

2995

# If called with one parameter, does a pattern match (case

2996

# insensitive) on the user agent.

2997

####

2998

sub user_agent {

2999

my($self,$match)=self_or_CGI(@_);

3000

my $user_agent = $self->http('user_agent');

3001

100

return $user_agent unless defined $match && $match && $user_agent;

100

3002

return $user_agent =~ /$match/i;

3003

}

3004

3005

#### Method: raw_cookie

3006

# Returns the magic cookies for the session.

3007

# The cookies are not parsed or altered in any way, i.e.

3008

# cookies are returned exactly as given in the HTTP

3009

# headers. If a cookie name is given, only that cookie's

3010

# value is returned, otherwise the entire raw cookie

3011

# is returned.

3012

####

3013

sub raw_cookie {

3014

my($self,$key) = self_or_CGI(@_);

3015

3016

require CGI::Cookie;

3017

3018

if (defined($key)) {

3019

$self->{'.raw_cookies'} = CGI::Cookie->raw_fetch

3020

unless $self->{'.raw_cookies'};

3021

3022

return () unless $self->{'.raw_cookies'};

3023

return () unless $self->{'.raw_cookies'}->{$key};

3024

return $self->{'.raw_cookies'}->{$key};

3025

}

3026

return $self->http('cookie') || $ENV{'COOKIE'} || '';

3027

}

3028

3029

#### Method: virtual_host

3030

# Return the name of the virtual_host, which

3031

# is not always the same as the server

3032

######

3033

sub virtual_host {

3034

my $vh = http('x_forwarded_host') || http('host') || server_name();

3035

$vh =~ s/:\d+$//; # get rid of port number

3036

return $vh;

3037

}

3038

3039

#### Method: remote_host

3040

# Return the name of the remote host, or its IP

3041

# address if unavailable. If this variable isn't

3042

# defined, it returns "localhost" for debugging

3043

# purposes.

3044

####

3045

sub remote_host {

3046

return $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'}

3047

|| 'localhost';

3048

}

3049

3050

#### Method: remote_addr

3051

# Return the IP addr of the remote host.

3052

####

3053

sub remote_addr {

3054

return $ENV{'REMOTE_ADDR'} || '127.0.0.1';

3055

}

3056

3057

#### Method: script_name

3058

# Return the partial URL to this script for

3059

# self-referencing scripts. Also see

3060

# self_url(), which returns a URL with all state information

3061

# preserved.

3062

####

3063

sub script_name {

3064

my ($self,@p) = self_or_default(@_);

3065

125

if (@p) {

100

3066

$self->{'.script_name'} = shift @p;

3067

} elsif (!exists $self->{'.script_name'}) {

3068

my ($script_name,$path_info) = $self->_name_and_path_from_env();

3069

$self->{'.script_name'} = $script_name;

3070

}

3071

return $self->{'.script_name'};

3072

}

3073

3074

#### Method: referer

3075

# Return the HTTP_REFERER: useful for generating

3076

# a GO BACK button.

3077

####

3078

sub referer {

3079

my($self) = self_or_CGI(@_);

3080

return $self->http('referer');

3081

}

3082

3083

#### Method: server_name

3084

# Return the name of the server

3085

####

3086

sub server_name {

3087

100

return $ENV{'SERVER_NAME'} || 'localhost';

3088

}

3089

3090

#### Method: server_software

3091

# Return the name of the server software

3092

####

3093

sub server_software {

3094

return $ENV{'SERVER_SOFTWARE'} || 'cmdline';

3095

}

3096

3097

#### Method: virtual_port

3098

# Return the server port, taking virtual hosts into account

3099

####

3100

sub virtual_port {

3101

my($self) = self_or_default(@_);

3102

100

my $vh = $self->http('x_forwarded_host') || $self->http('host');

3103

my $protocol = $self->protocol;

3104

100

if ($vh) {

3105

return ($vh =~ /:(\d+)$/)[0] || ($protocol eq 'https' ? 443 : 80);

3106

} else {

3107

return $self->server_port();

3108

}

3109

}

3110

3111

#### Method: server_port

3112

# Return the tcp/ip port the server is running on

3113

####

3114

sub server_port {

3115

100

243

return $ENV{'SERVER_PORT'} || 80; # for debugging

3116

}

3117

3118

#### Method: server_protocol

3119

# Return the protocol (usually HTTP/1.0)

3120

####

3121

sub server_protocol {

3122

100

117

return $ENV{'SERVER_PROTOCOL'} || 'HTTP/1.0'; # for debugging

3123

}

3124

3125

#### Method: http

3126

# Return the value of an HTTP variable, or

3127

# the list of variables if none provided

3128

####

3129

sub http {

3130

118

563

my ($self,$parameter) = self_or_CGI(@_);

3131

118

100

182

if ( defined($parameter) ) {

3132

116

111

$parameter =~ tr/-a-z/_A-Z/;

3133

116

100

189

if ( $parameter =~ /^HTTP(?:_|$)/ ) {

3134

return $ENV{$parameter};

3135

}

3136

115

371

return $ENV{"HTTP_$parameter"};

3137

}

3138

return grep { /^HTTP(?:_|$)/ } keys %ENV;

3139

}

3140

3141

#### Method: https

3142

# Return the value of HTTPS, or

3143

# the value of an HTTPS variable, or

3144

# the list of variables

3145

####

3146

sub https {

3147

652

my ($self,$parameter) = self_or_CGI(@_);

3148

if ( defined($parameter) ) {

3149

$parameter =~ tr/-a-z/_A-Z/;

3150

if ( $parameter =~ /^HTTPS(?:_|$)/ ) {

3151

return $ENV{$parameter};

3152

}

3153

return $ENV{"HTTPS_$parameter"};

3154

}

3155

return wantarray

3156

? grep { /^HTTPS(?:_|$)/ } keys %ENV

3157

100

174

: $ENV{'HTTPS'};

3158

}

3159

3160

#### Method: protocol

3161

# Return the protocol (http or https currently)

3162

####

3163

sub protocol {

3164

105

local($^W)=0;

3165

my $self = shift;

3166

return 'https' if uc($self->https()) eq 'ON';

3167

return 'https' if $self->server_port == 443;

3168

my $prot = $self->server_protocol;

3169

111

my($protocol,$version) = split('/',$prot);

3170

102

return "\L$protocol\E";

3171

}

3172

3173

#### Method: remote_ident

3174

# Return the identity of the remote user

3175

# (but only if his host is running identd)

3176

####

3177

sub remote_ident {

3178

return (defined $ENV{'REMOTE_IDENT'}) ? $ENV{'REMOTE_IDENT'} : undef;

3179

}

3180

3181

#### Method: auth_type

3182

# Return the type of use verification/authorization in use, if any.

3183

####

3184

sub auth_type {

3185

return (defined $ENV{'AUTH_TYPE'}) ? $ENV{'AUTH_TYPE'} : undef;

3186

}

3187

3188

#### Method: remote_user

3189

# Return the authorization name used for user

3190

# verification.

3191

####

3192

sub remote_user {

3193

return (defined $ENV{'REMOTE_USER'}) ? $ENV{'REMOTE_USER'} : undef;

3194

}

3195

3196

#### Method: user_name

3197

# Try to return the remote user's name by hook or by

3198

# crook

3199

####

3200

sub user_name {

3201

my ($self) = self_or_CGI(@_);

3202

return $self->http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'};

3203

}

3204

3205

#### Method: nosticky

3206

# Set or return the NOSTICKY global flag

3207

####

3208

sub nosticky {

3209

my ($self,$param) = self_or_CGI(@_);

3210

$CGI::NOSTICKY = $param if defined($param);

3211

return $CGI::NOSTICKY;

3212

}

3213

3214

#### Method: nph

3215

# Set or return the NPH global flag

3216

####

3217

sub nph {

3218

my ($self,$param) = self_or_CGI(@_);

3219

$CGI::NPH = $param if defined($param);

3220

return $CGI::NPH;

3221

}

3222

3223

#### Method: private_tempfiles

3224

# Set or return the private_tempfiles global flag

3225

####

3226

sub private_tempfiles {

3227

warn "private_tempfiles has been deprecated";

3228

return 0;

3229

}

3230

#### Method: close_upload_files

3231

# Set or return the close_upload_files global flag

3232

####

3233

sub close_upload_files {

3234

my ($self,$param) = self_or_CGI(@_);

3235

$CGI::CLOSE_UPLOAD_FILES = $param if defined($param);

3236

return $CGI::CLOSE_UPLOAD_FILES;

3237

}

3238

3239

#### Method: default_dtd

3240

# Set or return the default_dtd global

3241

####

3242

sub default_dtd {

3243

my ($self,$param,$param2) = self_or_CGI(@_);

3244

if (defined $param2 && defined $param) {

3245

$CGI::DEFAULT_DTD = [ $param, $param2 ];

3246

} elsif (defined $param) {

3247

$CGI::DEFAULT_DTD = $param;

3248

}

3249

return $CGI::DEFAULT_DTD;

3250

}

3251

3252

# -------------- really private subroutines -----------------

3253

sub _maybe_escapeHTML {

3254

# hack to work around earlier hacks

3255

318

561

push @_,$_[0] if @_==1 && $_[0] eq 'CGI';

3256

318

338

my ($self,$toencode,$newlinestoo) = CGI::self_or_default(@_);

3257

318

100

457

return undef unless defined($toencode);

3258

304

100

909

return $toencode if ref($self) && !$self->{'escape'};

3259

244

316

return $self->escapeHTML($toencode, $newlinestoo);

3260

}

3261

3262

sub previous_or_default {

3263

my($self,$name,$defaults,$override) = @_;

3264

my(%selected);

3265

3266

100

if (!$override && ($self->{'.fieldnames'}->{$name} ||

100

3267

defined($self->param($name)) ) ) {

3268

$selected{$_}++ for $self->param($name);

3269

} elsif (defined($defaults) && ref($defaults) &&

3270

(ref($defaults) eq 'ARRAY')) {

3271

$selected{$_}++ for @{$defaults};

3272

} else {

3273

100

$selected{$defaults}++ if defined($defaults);

3274

}

3275

3276

return %selected;

3277

}

3278

3279

sub register_parameter {

3280

my($self,$param) = @_;

3281

$self->{'.parametersToAdd'}->{$param}++;

3282

}

3283

3284

sub get_fields {

3285

my($self) = @_;

3286

return $self->CGI::hidden('-name'=>'.cgifields',

3287

'-values'=>[keys %{$self->{'.parametersToAdd'}}],

3288

'-override'=>1);

3289

}

3290

3291

sub read_from_cmdline {

3292

167

my($input,@words);

3293

my($query_string);

3294

my($subpath);

3295

369

if ($DEBUG && @ARGV) {

3296

@words = @ARGV;

3297

} elsif ($DEBUG > 1) {

3298

require Text::ParseWords;

3299

print STDERR "(offline mode: enter name=value pairs on standard input; press ^D or ^Z when done)\n";

3300

chomp(@lines = ); # remove newlines

3301

$input = join(" ",@lines);

3302

@words = &Text::ParseWords::old_shellwords($input);

3303

}

3304

153

for (@words) {

3305

s/\\=/%3D/g;

3306

s/\\&/%26/g;

3307

}

3308

3309

238

if ("@words"=~/=/) {

3310

$query_string = join('&',@words);

3311

} else {

3312

129

$query_string = join('+',@words);

3313

}

3314

168

if ($query_string =~ /^(.*?)\?(.*)$/)

3315

{

3316

$query_string = $2;

3317

$subpath = $1;

3318

}

3319

208

return { 'query_string' => $query_string, 'subpath' => $subpath };

3320

}

3321

3322

#####

3323

# subroutine: read_multipart

3324

3325

# Read multipart data and store it into our parameters.

3326

# An interesting feature is that if any of the parts is a file, we

3327

# create a temporary file and open up a filehandle on it so that the

3328

# caller can read from it if necessary.

3329

#####

3330

sub read_multipart {

3331

my($self,$boundary,$length) = @_;

3332

my($buffer) = $self->new_MultipartBuffer($boundary,$length);

3333

return unless $buffer;

3334

my(%header,$body);

3335

my $filenumber = 0;

3336

while (!$buffer->eof) {

3337

%header = $buffer->readHeader;

3338

3339

unless (%header) {

3340

$self->cgi_error("400 Bad request (malformed multipart POST)");

3341

return;

3342

}

3343

3344

$header{'Content-Disposition'} ||= ''; # quench uninit variable warning

3345

3346

my($param)= $header{'Content-Disposition'}=~/[\s;]name="([^"]*)"/;

3347

$param .= $TAINTED;

3348

3349

# See RFC 1867, 2183, 2045

3350

# NB: File content will be loaded into memory should

3351

# content-disposition parsing fail.

3352

my ($filename) = $header{'Content-Disposition'}

3353

=~/ filename=(("[^"]*")|([a-z\d!\#'\*\+,\.^_\`\{\}\|\~]*))/i;

3354

3355

$filename ||= ''; # quench uninit variable warning

3356

3357

$filename =~ s/^"([^"]*)"$/$1/;

3358

# Test for Opera's multiple upload feature

3359

my($multipart) = ( defined( $header{'Content-Type'} ) &&

3360

$header{'Content-Type'} =~ /multipart\/mixed/ ) ?

3361

1 : 0;

3362

3363

# add this parameter to our list

3364

$self->add_parameter($param);

3365

3366

# If no filename specified, then just read the data and assign it

3367

# to our parameter list.

3368

if ( ( !defined($filename) || $filename eq '' ) && !$multipart ) {

3369

my($value) = $buffer->readBody;

3370

$value .= $TAINTED;

3371

push(@{$self->{param}{$param}},$value);

3372

next;

3373

}

3374

3375

UPLOADS: {

3376

# If we get here, then we are dealing with a potentially large

3377

# uploaded form. Save the data to a temporary file, then open

3378

# the file for reading.

3379

3380

# skip the file if uploads disabled

3381

if ($DISABLE_UPLOADS) {

3382

while (defined($data = $buffer->read)) { }

3383

last UPLOADS;

3384

}

3385

3386

# set the filename to some recognizable value

3387

if ( ( !defined($filename) || $filename eq '' ) && $multipart ) {

3388

$filename = "multipart/mixed";

3389

}

3390

3391

my $tmp_dir = $CGI::OS eq 'WINDOWS'

3392

? ( $ENV{TEMP} || $ENV{TMP} || ( $ENV{WINDIR} ? ( $ENV{WINDIR} . $SL . 'TEMP' ) : undef ) )

3393

: undef; # File::Temp defaults to TMPDIR

3394

3395

984

require CGI::File::Temp;

3396

my $filehandle = CGI::File::Temp->new(

3397

UNLINK => $UNLINK_TMP_FILES,

3398

DIR => $tmp_dir,

3399

);

3400

3246

$filehandle->_mp_filename( $filename );

3401

3402

$CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode

3403

&& defined fileno($filehandle);

3404

3405

# if this is an multipart/mixed attachment, save the header

3406

# together with the body for later parsing with an external

3407

# MIME parser module

3408

if ( $multipart ) {

3409

for ( keys %header ) {

3410

print $filehandle "$_: $header{$_}${CRLF}";

3411

}

3412

print $filehandle "${CRLF}";

3413

}

3414

3415

my ($data);

3416

local($\) = '';

3417

my $totalbytes = 0;

3418

while (defined($data = $buffer->read)) {

3419

if (defined $self->{'.upload_hook'})

3420

{

3421

$totalbytes += length($data);

3422

&{$self->{'.upload_hook'}}($filename ,$data, $totalbytes, $self->{'.upload_data'});

3423

}

3424

print $filehandle $data if ($self->{'use_tempfile'});

3425

}

3426

3427

# back up to beginning of file

3428

299

seek($filehandle,0,0);

3429

3430

## Close the filehandle if requested this allows a multipart MIME

3431

## upload to contain many files, and we won't die due to too many

3432

## open file handles. The user can access the files using the hash

3433

## below.

3434

close $filehandle if $CLOSE_UPLOAD_FILES;

3435

$CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;

3436

3437

# Save some information about the uploaded file where we can get

3438

# at it later.

3439

# Use the typeglob + filename as the key, as this is guaranteed to be

3440

# unique for each filehandle. Don't use the file descriptor as

3441

# this will be re-used for each filehandle if the

3442

# close_upload_files feature is used.

3443

$self->{'.tmpfiles'}->{$$filehandle . $filehandle} = {

3444

hndl => $filehandle,

3445

name => $filehandle->filename,

3446

info => {%header},

3447

};

3448

push(@{$self->{param}{$param}},$filehandle);

3449

}

3450

}

3451

}

3452

3453

#####

3454

# subroutine: read_multipart_related

3455

3456

# Read multipart/related data and store it into our parameters. The

3457

# first parameter sets the start of the data. The part identified by

3458

# this Content-ID will not be stored as a file upload, but will be

3459

# returned by this method. All other parts will be available as file

3460

# uploads accessible by their Content-ID

3461

#####

3462

sub read_multipart_related {

3463

my($self,$start,$boundary,$length) = @_;

3464

my($buffer) = $self->new_MultipartBuffer($boundary,$length);

3465

return unless $buffer;

3466

my(%header,$body);

3467

my $filenumber = 0;

3468

my $returnvalue;

3469

while (!$buffer->eof) {

3470

%header = $buffer->readHeader;

3471

3472

unless (%header) {

3473

$self->cgi_error("400 Bad request (malformed multipart POST)");

3474

return;

3475

}

3476

3477

my($param) = $header{'Content-ID'}=~/\<([^\>]*)\>/;

3478

$param .= $TAINTED;

3479

3480

# If this is the start part, then just read the data and assign it

3481

# to our return variable.

3482

if ( $param eq $start ) {

3483

$returnvalue = $buffer->readBody;

3484

$returnvalue .= $TAINTED;

3485

next;

3486

}

3487

3488

# add this parameter to our list

3489

$self->add_parameter($param);

3490

3491

UPLOADS: {

3492

# If we get here, then we are dealing with a potentially large

3493

# uploaded form. Save the data to a temporary file, then open

3494

# the file for reading.

3495

3496

# skip the file if uploads disabled

3497

if ($DISABLE_UPLOADS) {

3498

while (defined($data = $buffer->read)) { }

3499

last UPLOADS;

3500

}

3501

3502

my $tmp_dir = $CGI::OS eq 'WINDOWS'

3503

? ( $ENV{TEMP} || $ENV{TMP} || ( $ENV{WINDIR} ? ( $ENV{WINDIR} . $SL . 'TEMP' ) : undef ) )

3504

: undef; # File::Temp defaults to TMPDIR

3505

3506

509

require CGI::File::Temp;

3507

my $filehandle = CGI::File::Temp->new(

3508

UNLINK => $UNLINK_TMP_FILES,

3509

DIR => $tmp_dir,

3510

);

3511

1029

$filehandle->_mp_filename( $filehandle->filename );

3512

3513

$CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode

3514

&& defined fileno($filehandle);

3515

3516

my ($data);

3517

local($\) = '';

3518

my $totalbytes;

3519

while (defined($data = $buffer->read)) {

3520

if (defined $self->{'.upload_hook'})

3521

{

3522

$totalbytes += length($data);

3523

&{$self->{'.upload_hook'}}($param ,$data, $totalbytes, $self->{'.upload_data'});

3524

}

3525

print $filehandle $data if ($self->{'use_tempfile'});

3526

}

3527

3528

# back up to beginning of file

3529

37359

seek($filehandle,0,0);

3530

3531

## Close the filehandle if requested this allows a multipart MIME

3532

## upload to contain many files, and we won't die due to too many

3533

## open file handles. The user can access the files using the hash

3534

## below.

3535

close $filehandle if $CLOSE_UPLOAD_FILES;

3536

$CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;

3537

3538

# Save some information about the uploaded file where we can get

3539

# at it later.

3540

# Use the typeglob + filename as the key, as this is guaranteed to be

3541

# unique for each filehandle. Don't use the file descriptor as

3542

# this will be re-used for each filehandle if the

3543

# close_upload_files feature is used.

3544

$self->{'.tmpfiles'}->{$$filehandle . $filehandle} = {

3545

hndl => $filehandle,

3546

name => $filehandle->filename,

3547

info => {%header},

3548

};

3549

push(@{$self->{param}{$param}},$filehandle);

3550

}

3551

}

3552

return $returnvalue;

3553

}

3554

3555

sub upload {

3556

2869

my($self,$param_name) = self_or_default(@_);

3557

my @param = grep {ref($_) && defined(fileno($_))} $self->param($param_name);

3558

return unless @param;

3559

100

return wantarray ? @param : $param[0];

3560

}

3561

3562

sub tmpFileName {

3563

204

my($self,$filename) = self_or_default(@_);

3564

3565

# preferred calling convention: $filename came directly from param or upload

3566

100

if (ref $filename) {

3567

return $self->{'.tmpfiles'}->{$$filename . $filename}->{name} || '';

3568

}

3569

3570

# backwards compatible with older versions: $filename is merely equal to

3571

# one of our filenames when compared as strings

3572

foreach my $param_name ($self->param) {

3573

foreach my $filehandle ($self->multi_param($param_name)) {

3574

100

if ($filehandle eq $filename) {

3575

return $self->{'.tmpfiles'}->{$$filehandle . $filehandle}->{name} || '';

3576

}

3577

}

3578

}

3579

3580

return '';

3581

}

3582

3583

sub uploadInfo {

3584

524

my($self,$filename) = self_or_default(@_);

3585

100

return if ! defined $$filename;

3586

return $self->{'.tmpfiles'}->{$$filename . $filename}->{info};

3587

}

3588

3589

# internal routine, don't use

3590

sub _set_values_and_labels {

3591

my $self = shift;

3592

my ($v,$l,$n) = @_;

3593

$$l = $v if ref($v) eq 'HASH' && !ref($$l);

3594

100

return $self->param($n) if !defined($v);

3595

return $v if !ref($v);

3596

return ref($v) eq 'HASH' ? keys %$v : @$v;

3597

}

3598

3599

# internal routine, don't use

3600

sub _set_attributes {

3601

my $self = shift;

3602

my($element, $attributes) = @_;

3603

100

163

return '' unless defined($attributes->{$element});

3604

$attribs = ' ';

3605

for my $attrib (keys %{$attributes->{$element}}) {

3606

(my $clean_attrib = $attrib) =~ s/^-//;

3607

$attribs .= "@{[lc($clean_attrib)]}=\"$attributes->{$element}{$attrib}\" ";

3608

}

3609

$attribs =~ s/ $//;

3610

return $attribs;

3611

}

3612

3613

#########################################################

3614

# Globals and stubs for other packages that we use.

3615

#########################################################

3616

3617

######################## CGI::MultipartBuffer ####################

3618

3619

package CGI::MultipartBuffer;

3620

3621

$_DEBUG = 0;

3622

3623

# how many bytes to read at a time. We use

3624

# a 4K buffer by default.

3625

$MultipartBuffer::INITIAL_FILLUNIT ||= 1024 * 4;

3626

$MultipartBuffer::TIMEOUT ||= 240*60; # 4 hour timeout for big files

3627

$MultipartBuffer::SPIN_LOOP_MAX ||= 2000; # bug fix for some Netscape servers

3628

$MultipartBuffer::CRLF ||= $CGI::CRLF;

3629

3630

$INITIAL_FILLUNIT = $MultipartBuffer::INITIAL_FILLUNIT;

3631

$TIMEOUT = $MultipartBuffer::TIMEOUT;

3632

$SPIN_LOOP_MAX = $MultipartBuffer::SPIN_LOOP_MAX;

3633

$CRLF = $MultipartBuffer::CRLF;

3634

3635

sub new {

3636

my($package,$interface,$boundary,$length) = @_;

3637

$FILLUNIT = $INITIAL_FILLUNIT;

3638

$CGI::DefaultClass->binmode($IN); # if $CGI::needs_binmode; # just do it always

3639

3640

# If the user types garbage into the file upload field,

3641

# then Netscape passes NOTHING to the server (not good).

3642

# We may hang on this read in that case. So we implement

3643

# a read timeout. If nothing is ready to read

3644

# by then, we return.

3645

3646

# Netscape seems to be a little bit unreliable

3647

# about providing boundary strings.

3648

my $boundary_read = 0;

3649

if ($boundary) {

3650

3651

# Under the MIME spec, the boundary consists of the

3652

# characters "--" PLUS the Boundary string

3653

3654

# BUG: IE 3.01 on the Macintosh uses just the boundary -- not

3655

# the two extra hyphens. We do a special case here on the user-agent!!!!

3656

$boundary = "--$boundary" unless CGI::user_agent('MSIE\s+3\.0[12];\s*Mac|DreamPassport');

3657

3658

} else { # otherwise we find it ourselves

3659

my($old);

3660

($old,$/) = ($/,$CRLF); # read a CRLF-delimited line

3661

$boundary = ; # BUG: This won't work correctly under mod_perl

3662

$length -= length($boundary);

3663

chomp($boundary); # remove the CRLF

3664

$/ = $old; # restore old line separator

3665

$boundary_read++;

3666

}

3667

3668

my $self = {LENGTH=>$length,

3669

CHUNKED=>!$length,

3670

BOUNDARY=>$boundary,

3671

INTERFACE=>$interface,

3672

BUFFER=>'',

3673

};

3674

3675

$FILLUNIT = length($boundary)

3676

if length($boundary) > $FILLUNIT;

3677

3678

my $retval = bless $self,ref $package || $package;

3679

3680

# Read the preamble and the topmost (boundary) line plus the CRLF.

3681

unless ($boundary_read) {

3682

while ($self->read(0)) { }

3683

}

3684

die "Malformed multipart POST: data truncated\n" if $self->eof;

3685

3686

return $retval;

3687

}

3688

3689

sub readHeader {

3690

my($self) = @_;

3691

my($end);

3692

my($ok) = 0;

3693

my($bad) = 0;

3694

3695

local($CRLF) = "\015\012" if $CGI::OS eq 'VMS' || $CGI::EBCDIC;

3696

3697

do {

3698

$self->fillBuffer($FILLUNIT);

3699

$ok++ if ($end = index($self->{BUFFER},"${CRLF}${CRLF}")) >= 0;

3700

$ok++ if $self->{BUFFER} eq '';

3701

$bad++ if !$ok && $self->{LENGTH} <= 0;

3702

# this was a bad idea

3703

# $FILLUNIT *= 2 if length($self->{BUFFER}) >= $FILLUNIT;

3704

} until $ok || $bad;

3705

return () if $bad;

3706

3707

#EBCDIC NOTE: translate header into EBCDIC, but watch out for continuation lines!

3708

3709

my($header) = substr($self->{BUFFER},0,$end+2);

3710

substr($self->{BUFFER},0,$end+4) = '';

3711

my %return;

3712

3713

if ($CGI::EBCDIC) {

3714

warn "untranslated header=$header\n" if $_DEBUG;

3715

$header = CGI::Util::ascii2ebcdic($header);

3716

warn "translated header=$header\n" if $_DEBUG;

3717

}

3718

3719

# See RFC 2045 Appendix A and RFC 822 sections 3.4.8

3720

# (Folding Long Header Fields), 3.4.3 (Comments)

3721

# and 3.4.5 (Quoted-Strings).

3722

3723

my $token = '[-\w!\#$%&\'*+.^_\`|{}~]';

3724

102

$header=~s/$CRLF\s+/ /og; # merge continuation lines

3725

3726

257

while ($header=~/($token+):\s+([^$CRLF]*)/mgox) {

3727

my ($field_name,$field_value) = ($1,$2);

3728

$field_name =~ s/\b(\w)/uc($1)/eg; #canonicalize

139

3729

128

$return{$field_name}=$field_value;

3730

}

3731

return %return;

3732

}

3733

3734

# This reads and returns the body as a single scalar value.

3735

sub readBody {

3736

my($self) = @_;

3737

my($data);

3738

my($returnval)='';

3739

3740

#EBCDIC NOTE: want to translate returnval into EBCDIC HERE

3741

3742

while (defined($data = $self->read)) {

3743

$returnval .= $data;

3744

}

3745

3746

if ($CGI::EBCDIC) {

3747

warn "untranslated body=$returnval\n" if $_DEBUG;

3748

$returnval = CGI::Util::ascii2ebcdic($returnval);

3749

warn "translated body=$returnval\n" if $_DEBUG;

3750

}

3751

return $returnval;

3752

}

3753

3754

# This will read $bytes or until the boundary is hit, whichever happens

3755

# first. After the boundary is hit, we return undef. The next read will

3756

# skip over the boundary and begin reading again;

3757

sub read {

3758

my($self,$bytes) = @_;

3759

3760

# default number of bytes to read

3761

$bytes = $bytes || $FILLUNIT;

3762

3763

# Fill up our internal buffer in such a way that the boundary

3764

# is never split between reads.

3765

$self->fillBuffer($bytes);

3766

3767

my $boundary_start = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY}) : $self->{BOUNDARY};

3768

my $boundary_end = $CGI::EBCDIC ? CGI::Util::ebcdic2ascii($self->{BOUNDARY}.'--') : $self->{BOUNDARY}.'--';

3769

3770

# Find the boundary in the buffer (it may not be there).

3771

my $start = index($self->{BUFFER},$boundary_start);

3772

3773

warn "boundary=$self->{BOUNDARY} length=$self->{LENGTH} start=$start\n" if $_DEBUG;

3774

3775

# protect against malformed multipart POST operations

3776

die "Malformed multipart POST\n" unless $self->{CHUNKED} || ($start >= 0 || $self->{LENGTH} > 0);

3777

3778

#EBCDIC NOTE: want to translate boundary search into ASCII here.

3779

3780

# If the boundary begins the data, then skip past it

3781

# and return undef.

3782

100

if ($start == 0) {

3783

3784

# clear us out completely if we've hit the last boundary.

3785

100

if (index($self->{BUFFER},$boundary_end)==0) {

3786

$self->{BUFFER}='';

3787

$self->{LENGTH}=0;

3788

return undef;

3789

}

3790

3791

# just remove the boundary.

3792

substr($self->{BUFFER},0,length($boundary_start))='';

3793

$self->{BUFFER} =~ s/^\012\015?//;

3794

return undef;

3795

}

3796

3797

my $bytesToReturn;

3798

if ($start > 0) { # read up to the boundary

3799

$bytesToReturn = $start-2 > $bytes ? $bytes : $start;

3800

} else { # read the requested number of bytes

3801

# leave enough bytes in the buffer to allow us to read

3802

# the boundary. Thanks to Kevin Hendrick for finding

3803

# this one.

3804

$bytesToReturn = $bytes - (length($boundary_start)+1);

3805

}

3806

3807

my $returnval=substr($self->{BUFFER},0,$bytesToReturn);

3808

substr($self->{BUFFER},0,$bytesToReturn)='';

3809

3810

# If we hit the boundary, remove the CRLF from the end.

3811

return ($bytesToReturn==$start)

3812

? substr($returnval,0,-2) : $returnval;

3813

}

3814

3815

# This fills up our internal buffer in such a way that the

3816

# boundary is never split between reads

3817

sub fillBuffer {

3818

my($self,$bytes) = @_;

3819

143

return unless $self->{CHUNKED} || $self->{LENGTH};

3820

3821

my($boundaryLength) = length($self->{BOUNDARY});

3822

my($bufferLength) = length($self->{BUFFER});

3823

my($bytesToRead) = $bytes - $bufferLength + $boundaryLength + 2;

3824

100

133

$bytesToRead = $self->{LENGTH} if !$self->{CHUNKED} && $self->{LENGTH} < $bytesToRead;

3825

3826

# Try to read some data. We may hang here if the browser is screwed up.

3827

my $bytesRead = $self->{INTERFACE}->read_from_client(\$self->{BUFFER},

3828

$bytesToRead,

3829

$bufferLength);

3830

warn "bytesToRead=$bytesToRead, bufferLength=$bufferLength, buffer=$self->{BUFFER}\n" if $_DEBUG;

3831

$self->{BUFFER} = '' unless defined $self->{BUFFER};

3832

3833

# An apparent bug in the Apache server causes the read()

3834

# to return zero bytes repeatedly without blocking if the

3835

# remote user aborts during a file transfer. I don't know how

3836

# they manage this, but the workaround is to abort if we get

3837

# more than SPIN_LOOP_MAX consecutive zero reads.

3838

100

if ($bytesRead <= 0) {

3839

die "CGI.pm: Server closed socket during multipart read (client aborted?).\n"

3840

if ($self->{ZERO_LOOP_COUNTER}++ >= $SPIN_LOOP_MAX);

3841

} else {

3842

$self->{ZERO_LOOP_COUNTER}=0;

3843

}

3844

3845

100

118

$self->{LENGTH} -= $bytesRead if !$self->{CHUNKED} && $bytesRead;

3846

}

3847

3848

# Return true when we've finished reading

3849

sub eof {

3850

my($self) = @_;

3851

return 1 if (length($self->{BUFFER}) == 0)

3852

100

&& ($self->{LENGTH} <= 0);

3853

undef;

3854

}

3855

3856

3857

3858

package CGI;

3859

3860

# We get a whole bunch of warnings about "possibly uninitialized variables"

3861

# when running with the -w switch. Touch them all once to get rid of the

3862

# warnings. This is ugly and I hate it.

3863

if ($^W) {

3864

$CGI::CGI = '';

3865

$CGI::CGI=<

3866

$CGI::VERSION;

3867

$CGI::MultipartBuffer::SPIN_LOOP_MAX;

3868

$CGI::MultipartBuffer::CRLF;

3869

$CGI::MultipartBuffer::TIMEOUT;

3870

$CGI::MultipartBuffer::INITIAL_FILLUNIT;

3871

EOF

3872

;

3873

}

3874

3875