package CGI; require 5.001; # COMMENT OUT THIS LINE IF YOU ARE NOT USING THE SELF LOADER. # ALSO COMMENT OUT THE LINE BEGINNING WITH __DATA__ A BIT FURTHER DOWN use SelfLoader; # See the bottom of this file for the POD documentation. Search for the # string '=head'. # You can run this file through either pod2man or pod2html to produce pretty # documentation in manual or html file format (these utilities are part of the # Perl 5 distribution). # Copyright 1995,1996, Lincoln D. Stein. All rights reserved. # It may be used and modified freely, but I do request that this copyright # notice remain attached to the file. You may modify this module as you # wish, but if you redistribute a modified version, please attach a note # listing the modifications you have made. # The most recent version and complete docs are available at: # http://www-genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html # ftp://ftp-genome.wi.mit.edu/pub/software/WWW/ $SelfLoader::DEBUG=0; $CGI::revision = '$Id: CGI.pm,v 2.18 1996/03/30 15:21:31 lstein Exp $'; $CGI::VERSION='2.18'; # ------------------ START OF THE LIBRARY ------------ %OVERLOAD = ('""'=>'as_string'); sub URL_ENCODED {'application/x-www-form-urlencoded'; } sub MULTIPART { 'multipart/form-data'; } # NT/WINDOWS USERS -- SET $needs_binmode to 1 !! $needs_binmode = 0; # This is really "\r\n", but the meaning of \n is different # in MacPerl, so we resort to octal here. $CRLF = "\015\012"; if ($needs_binmode) { binmode(main::STDOUT); binmode(main::STDIN); binmode(main::STDERR); } #### Method: new # The new routine. This will check the current environment # for an existing query string, and initialize itself, if so. #### sub new { my($class,$filehandle) = @_; my($IN); if ($filehandle) { my($package) = caller; # force into caller's package if necessary $IN = $filehandle=~/[':]/ ? $filehandle : "$package\:\:$filehandle"; } my $self = {}; bless $self,$class; $self->initialize($IN); return $self; } # We provide a DESTROY method # that does nothing so that the # autoloader doesn't bother searching # for one if it isn't defined sub DESTROY {} #### Method: param # Returns the value(s)of a named parameter. # If invoked in a list context, returns the # entire list. Otherwise returns the first # member of the list. # If name is not provided, return a list of all # the known parameters names available. # If more than one argument is provided, the # second and subsequent arguments are used to # set the value of the parameter. #### sub param { my($self,@p) = @_; return $self->all_parameters unless @p; my($name,$value,@other) = $self->rearrange([NAME,[VALUE,VALUES]],@p); my(@values); if (defined($value) && ref($value) && (ref($value) eq 'ARRAY')) { @values = @{$value}; } else { foreach ($value,@other) { push(@values,$_) if defined($_) && ($_ ne ''); } } # If values is provided, then we set it. if (@values) { $self->add_parameter($name); $self->{$name}=[@values]; } return () unless $self->{$name}; return wantarray ? @{$self->{$name}} : $self->{$name}->[0]; } #### Method: delete # Deletes the named parameter entirely. #### sub delete { my($self,$name) = @_; delete $self->{$name}; @{$self->{'.parameters'}}=grep($_ ne $name,$self->param()); return wantarray ? () : undef; } #### Method: import # Import all parameters into the given namespace. # Assumes namespace 'Q' if not specified #### sub import_names { my($self,$namespace) = @_; $namespace = 'Q' unless defined($namespace); die "Can't import names into 'main'\n" if $namespace eq 'main'; my($param,@value,$var); foreach $param ($self->param) { # protect against silly names $param=~tr/a-zA-Z0-9_/_/c; $var = "${namespace}::$param"; @value = $self->param($param); @{$var} = @value; ${$var} = $value[$#value]; } } sub import { import_names(@_); } #### Method: keywords # Keywords acts a bit differently. Calling it in a list context # returns the list of keywords. # Calling it in a scalar context gives you the size of the list. #### sub keywords { my($self,@values) = @_; # If values is provided, then we set it. $self->{'keywords'}=[@values] if @values; my(@result) = @{$self->{'keywords'}}; @result; } #### Method: use_named_parameters # Force CGI.pm to use named parameter-style method calls # rather than positional parameters. The same effect # will happen automatically if the first parameter # begins with a -. sub use_named_parameters { my($self,$use_named) = @_; return $self->{'.named'} unless defined ($use_named); # stupidity to avoid annoying warnings return $self->{'.named'}=$use_named; } ######################################## # THESE METHODS ARE MORE OR LESS PRIVATE # GO TO THE __DATA__ SECTION TO SEE MORE # PUBLIC METHODS ######################################## # Initialize the query object from the environment. # If a parameter list is found, this object will be set # to an associative array in which parameter names are keys # and the values are stored as lists # If a keyword list is found, this method creates a bogus # parameter list with the single parameter 'keywords'. sub initialize { my($self,$filehandle) = @_; my($query_string,@lines); my($meth) = ''; # if we get called more than once, we want to initialize # ourselves from the original query (which may be gone # if it was read from STDIN originally.) if (defined(@QUERY_PARAM) && !$filehandle) { $self->{'.init'}++; # flag we've been inited foreach (@QUERY_PARAM) { $self->add_parameter($_); $self->{$_}=$QUERY_PARAM{$_}; } return; } else { $meth=$ENV{'REQUEST_METHOD'} if defined($ENV{'REQUEST_METHOD'}); # If filehandle is defined, then read parameters # from it. if ($filehandle) { binmode($filehandle) if $needs_binmode; chomp(@lines = <$filehandle>); # massage back into standard format if ("@lines" =~ /=/) { $query_string=join("&",@lines); } else { $query_string=join("+",@lines); } # If method is GET or HEAD, fetch the query from # the environment. } elsif ($meth=~/^(GET|HEAD)$/) { $query_string = $ENV{'QUERY_STRING'}; # If the method is POST, fetch the query from standard # input. } elsif ($meth eq 'POST') { if ($ENV{'CONTENT_TYPE'}=~m|^multipart/form-data|) { my($boundary) = $ENV{'CONTENT_TYPE'}=~/boundary=(\S+)/; $self->read_multipart($boundary,$ENV{'CONTENT_LENGTH'}); } else { $query_string =''; # hack to avoid 'uninitialized variable' warnings read(STDIN,$query_string,$ENV{'CONTENT_LENGTH'}) if $ENV{'CONTENT_LENGTH'} > 0; } # If neither is set, assume we're being debugged offline. # Check the command line and then the standard input for data. # We use the shellwords package in order to behave the way that # UN*X programmers expect. } else { require "shellwords.pl"; my($input,@words); if (@ARGV) { $input = join(" ",@ARGV); } else { print STDERR "(offline mode: enter name=value pairs on standard input)\n"; chomp(@lines = <>); # remove newlines $input = join(" ",@lines); } # minimal handling of escape characters $input=~s/\\=/%3D/g; $input=~s/\\&/%26/g; @words = &shellwords($input); if ("@words"=~/=/) { $query_string = join('&',@words); } else { $query_string = join('+',@words); } } } # We now have the query string in hand. We do slightly # different things for keyword lists and parameter lists. if ($query_string) { if ($query_string =~ /=/) { $self->parse_params($query_string); } else { $self->add_parameter('keywords'); $self->{'keywords'} = [$self->parse_keywordlist($query_string)]; } } # Special case. Erase everything if there is a field named # .defaults. if ($self->param('.defaults')) { undef %{$self}; } # flag that we've been inited $self->{'.init'}++ if $self->param; # Clear out our default submission button flag if present $self->delete('.submit'); $self->save_request; } # unescape URL-encoded data sub unescape { my($todecode) = @_; $todecode =~ tr/+/ /; # pluses become spaces $todecode =~ s/%([0-9a-fA-F]{2})/pack("c",hex($1))/ge; return $todecode; } # URL-encode data sub escape { my($toencode) = @_; $toencode=~s/([^a-zA-Z0-9_\-.])/uc sprintf("%%%02x",ord($1))/eg; return $toencode; } sub save_request { my($self) = @_; # We're going to play with the package globals now so that if we get called # again, we initialize ourselves in exactly the same way. This allows # us to have several of these objects. @QUERY_PARAM = $self->param; # save list of parameters foreach (@QUERY_PARAM) { $QUERY_PARAM{$_}=$self->{$_}; } } sub parse_keywordlist { my($self,$tosplit) = @_; $tosplit = &unescape($tosplit); # unescape the keywords $tosplit=~tr/+/ /; # pluses to spaces my(@keywords) = split(/\s+/,$tosplit); return @keywords; } sub parse_params { my($self,$tosplit) = @_; my(@pairs) = split('&',$tosplit); my($param,$value); foreach (@pairs) { ($param,$value) = split('='); $param = &unescape($param); $value = &unescape($value); $self->add_parameter($param); push (@{$self->{$param}},$value); } } sub add_parameter { my($self,$param)=@_; push (@{$self->{'.parameters'}},$param) unless defined($self->{$param}); } sub all_parameters { my $self = shift; return () unless defined($self) && $self->{'.parameters'}; return () unless @{$self->{'.parameters'}}; return @{$self->{'.parameters'}}; } # Smart rearrangement of parameters to allow named parameter # calling. We do the rearangement if: # 1. The first parameter begins with a - # 2. The use_named_parameters() method returns true sub rearrange { my($self,$order,@param) = @_; return ('') x $#$order unless @param; return @param unless (defined($param[0]) && $param[0]=~/^-/) || $self->use_named_parameters; my $i; for ($i=0;$i<@param;$i+=2) { $param[$i]=~s/^\-//; # get rid of initial - if present $param[$i]=~tr/a-z/A-Z/; # parameters are upper case } my(%param) = @param; # convert into associative array my(@return_array); my($key); foreach $key (@$order) { my($value) = ''; # this is an awful hack to fix spurious warnings when the # -w switch is set. if (ref($key) && ref($key) eq 'ARRAY') { foreach (@$key) { $value = $param{$_} unless defined($value) && ($value ne ''); delete $param{$_}; } } else { $value = $param{$key}; } delete $param{$key}; push(@return_array,$value); } return (@return_array,$self->make_attributes(%param)); } sub make_attributes { my($self,%att) = @_; return () unless %att; my(@att); foreach (keys %att) { push(@att,qq/$_="$att{$_}"/); } return @att; } #### Method as_string # # synonym for "dump" #### sub as_string { &dump(@_); } # Globals and stubs for other packages that we use package MultipartBuffer; # how many bytes to read at a time. We use # a 5K buffer by default. $FILLUNIT = 1024 * 5; $TIMEOUT = 10*60; # 10 minute timeout $SPIN_LOOP_MAX = 100; # bug fix for some Netscape servers $CRLF=$CGI::CRLF; package TempFile; @TEMP=('/usr/tmp','/var/tmp','/tmp',); foreach (@TEMP) { do {$TMPDIRECTORY = $_; last} if -w $_; } $TMPDIRECTORY = "." unless $TMPDIRECTORY; $SEQUENCE="CGItemp$$0000"; %OVERLOAD = ('""'=>'as_string'); package CGI; # We get a whole bunch of warnings about "possibly uninitialized variables" # when running with the -w switch. Touch them all once to get rid of the # warnings. This is ugly and I hate it. if ($^W) { $CGI::CGI=<{'dontescape'}=!$escape; } #### Method: version # Return the current version #### sub version { return $VERSION; } #### Method: dump # Returns a string in which all the known parameter/value # pairs are represented as nested lists, mainly for the purposes # of debugging. #### sub dump { my($self) = @_; my($param,$value,@result); return '' unless $self->param; push(@result,"\n"); return join("\n",@result); } #### Method: save # Write values out to a filehandle in such a way that they can # be reinitialized by the filehandle form of the new() method #### sub save { my($self,$filehandle) = @_; my($param); my($package) = caller; $filehandle = $filehandle=~/[':]/ ? $filehandle : "$package\:\:$filehandle"; foreach $param ($self->param) { my($escaped_param) = &escape($param); my($value); foreach $value ($self->param($param)) { print $filehandle "$escaped_param=",escape($value),"\n"; } } } #### Method: header # Return a Content-Type: style header # #### sub header { my($self,@p) = @_; my($type,$status,$cookie,$target,@other) = $self->rearrange([TYPE,STATUS,COOKIE,TARGET],@p); # rearrange() was designed for the HTML portion, so we # need to fix it up a little. foreach (@other) { next unless my($header,$value) = /^(.*)=(.*)$/; substr($header,1,1000)=~tr/A-Z/a-z/; ($value)=$value=~/^"(.*)"$/; $_ = "$header: $value"; } $type = $type || 'text/html'; push(@other,"Pragma: no-cache") if $self->cache(); my(@header); push(@header,"Status: $status") if $status; push(@header,"Set-cookie: $cookie") if $cookie; push(@header,"Window-target: $target") if $target; push(@header,@other) if @other; push(@header,"Content-type: $type"); my $header = join($CRLF,@header); return $header . "${CRLF}${CRLF}"; } #### Method: cache # Control whether header() will produce the no-cache # Pragma directive. #### sub cache { my($self,$new_value) = @_; $new_value = '' unless $new_value; if ($new_value ne '') { $self->{'cache'} = $new_value; } return $self->{'cache'}; } #### Method: redirect # Return a Location: style header # #### sub redirect { my($self,$url) = @_; $url = $url || $self->self_url; return join($CRLF,"Status: 302 Found", "Location: ${url}", "URI: <$url>", "Content-type: text/html"). # patches a bug in some servers "${CRLF}${CRLF}"; } #### Method: start_html # Canned HTML header # # Parameters: # $title -> (optional) The title for this HTML document (-title) # $author -> (optional) e-mail address of the author (-author) # $base -> (option) if set to true, will enter the BASE address of this document # for resolving relative references (-base) # $xbase -> (option) alternative base at some remote location (-xbase) # $script -> (option) Javascript code (-script) # @other -> (option) any other named parameters you'd like to incorporate into # the tag. #### sub start_html { my($self,@p) = @_; my($title,$author,$base,$xbase,$script,@other) = $self->rearrange([TITLE,AUTHOR,BASE,XBASE,SCRIPT],@p); # strangely enough, the title needs to be escaped as HTML # while the author needs to be escaped as a URL $title = $self->escapeHTML($title || 'Untitled Document'); $author = $self->escapeHTML($author); my(@result); push(@result,"$title"); push(@result,"") if $author; push(@result,"server_name.":".$self->server_port.$self->script_name."\">") if $base && !$xbase; push(@result,"") if $xbase; push(@result,< END ; push(@result,""); return join("\n",@result); } #### Method: end_html # End an HTML document. # Trivial method for completeness. Just returns "" #### sub end_html { return ""; } ################################ # METHODS USED IN BUILDING FORMS ################################ #### Method: isindex # Just prints out the isindex tag. # Parameters: # $action -> optional URL of script to run # Returns: # A string containing a tag sub isindex { my($self,@p) = @_; my($action,@other) = $self->rearrange([ACTION],@p); $action = qq/ACTION="$action"/ if $action; return ""; } #### Method: startform # Start a form # Parameters: # $method -> optional submission method to use (GET or POST) # $action -> optional URL of script to run # $enctype ->encoding to use (URL_ENCODED or MULTIPART) sub startform { my($self,@p) = @_; my($method,$action,$enctype,@other) = $self->rearrange([METHOD,ACTION,ENCTYPE],@p); $method = $method || 'POST'; $enctype = $enctype || URL_ENCODED; $action = $action ? qq/ACTION="$action"/ : ''; return qq/
\n/; } #### Method: start_form # synonym for startform sub start_form { &startform(@_); } #### Method: start_multipart_form # synonym for startform sub start_multipart_form { my($self,@p) = @_; my($method,$action,$enctype,@other) = $self->rearrange([METHOD,ACTION,ENCTYPE],@p); $self->startform($method,$action,$enctype || MULTIPART,@other); } #### Method: endform # End a form sub endform { return "
\n"; } #### Method: end_form # synonym for endform sub end_form { &endform(@_); } #### Method: textfield # Parameters: # $name -> Name of the text field # $default -> Optional default value of the field if not # already defined. # $size -> Optional width of field in characaters. # $maxlength -> Optional maximum number of characters. # Returns: # A string containing a field # sub textfield { my($self,@p) = @_; my($name,$default,$size,$maxlength,$override,@other) = $self->rearrange([NAME,[DEFAULT,VALUE],SIZE,MAXLENGTH,[OVERRIDE,FORCE]],@p); my $current = $override ? $default : (defined($self->param($name)) ? $self->param($name) : $default); $current = defined($current) ? $self->escapeHTML($current) : ''; $name = defined($name) ? $self->escapeHTML($name) : ''; my($s) = defined($size) ? qq/SIZE=$size/ : ''; my($m) = defined($maxlength) ? qq/MAXLENGTH=$maxlength/ : ''; return qq//; } #### Method: filefield # Parameters: # $name -> Name of the file upload field # $size -> Optional width of field in characaters. # $maxlength -> Optional maximum number of characters. # Returns: # A string containing a field # sub filefield { my($self,@p) = @_; my($name,$default,$size,$maxlength,$override,@other) = $self->rearrange([NAME,[DEFAULT,VALUE],SIZE,MAXLENGTH,[OVERRIDE,FORCE]],@p); my($current); $current = $override ? $default : (defined($self->param($name)) ? $self->param($name) : $default); $name = defined($name) ? $self->escapeHTML($name) : ''; my($s) = defined($size) ? qq/SIZE=$size/ : ''; my($m) = defined($maxlength) ? qq/MAXLENGTH=$maxlength/ : ''; return qq//; } #### Method: password # Create a "secret password" entry field # Parameters: # $name -> Name of the field # $default -> Optional default value of the field if not # already defined. # $size -> Optional width of field in characters. # $maxlength -> Optional maximum characters that can be entered. # Returns: # A string containing a field # sub password_field { my ($self,@p) = @_; my($name,$default,$size,$maxlength,$override,@other) = $self->rearrange([NAME,[DEFAULT,VALUE],SIZE,MAXLENGTH,[OVERRIDE,FORCE]],@p); my($current) = $override ? $default : (defined($self->param($name)) ? $self->param($name) : $default); $name = defined($name) ? $self->escapeHTML($name) : ''; $current = defined($current) ? $self->escapeHTML($current) : ''; my($s) = defined($size) ? qq/SIZE=$size/ : ''; my($m) = defined($maxlength) ? qq/MAXLENGTH=$maxlength/ : ''; return qq//; } #### Method: textarea # Parameters: # $name -> Name of the text field # $default -> Optional default value of the field if not # already defined. # $rows -> Optional number of rows in text area # $columns -> Optional number of columns in text area # Returns: # A string containing a tag # sub textarea { my($self,@p) = @_; my($name,$default,$rows,$cols,$override,@other) = $self->rearrange([NAME,[DEFAULT,VALUE],ROWS,[COLS,COLUMNS],[OVERRIDE,FORCE]],@p); my($current)= $override ? $default : (defined($self->param($name)) ? $self->param($name) : $default); $name = defined($name) ? $self->escapeHTML($name) : ''; $current = defined($current) ? $self->escapeHTML($current) : ''; my($r) = $rows ? "ROWS=$rows" : ''; my($c) = $cols ? "COLS=$cols" : ''; return qq{}; } #### Method: button # Create a javascript button. # Parameters: # $name -> (optional) Name for the button. (-name) # $value -> (optional) Value of the button when selected (and visible name) (-value) # $onclick -> (optional) Text of the JavaScript to run when the button is # clicked. # Returns: # A string containing a tag #### sub button { my($self,@p) = @_; my($label,$value,$script,@other) = $self->rearrange([NAME,VALUE,[ONCLICK,SCRIPT]],@p); $label=$self->escapeHTML($label); $value=$self->escapeHTML($value); $script=$self->escapeHTML($script); my($name) = ''; $name = qq/NAME="$label"/ if $label; $value = $value || $label; my($val) = ''; $val = qq/VALUE="$value"/ if $value; $script = qq/ONCLICK="$script"/ if $script; return qq//; } #### Method: submit # Create a "submit query" button. # Parameters: # $name -> (optional) Name for the button. # $value -> (optional) Value of the button when selected. # Returns: # A string containing a tag #### sub submit { my($self,@p) = @_; my($label,$value,@other) = $self->rearrange([NAME,VALUE],@p); $label=$self->escapeHTML($label); $value=$self->escapeHTML($value); my($name) = 'NAME=".submit"'; $name = qq/NAME="$label"/ if $label; $value = $value || $label; my($val) = ''; $val = qq/VALUE="$value"/ if $value; return qq//; } #### Method: reset # Create a "reset" button. # Parameters: # $name -> (optional) Name for the button. # Returns: # A string containing a tag #### sub reset { my($self,@p) = @_; my($label,@other) = $self->rearrange([NAME],@p); $label=$self->escapeHTML($label); my($value) = $label ? qq/VALUE="$label"/ : ''; return qq//; } #### Method: defaults # Create a "defaults" button. # Parameters: # $name -> (optional) Name for the button. # Returns: # A string containing a tag # # Note: this button has a special meaning to the initialization script, # and tells it to ERASE the current query string so that your defaults # are used again! #### sub defaults { my($self,@p) = @_; my($label,@other) = $self->rearrange([NAME],@p); $label=$self->escapeHTML($label); $label = $label || "Defaults"; my($value) = qq/VALUE="$label"/; return qq//; } #### Method: checkbox # Create a checkbox that is not logically linked to any others. # The field value is "on" when the button is checked. # Parameters: # $name -> Name of the checkbox # $checked -> (optional) turned on by default if true # $value -> (optional) value of the checkbox, 'on' by default # $label -> (optional) a user-readable label printed next to the box. # Otherwise the checkbox name is used. # Returns: # A string containing a field #### sub checkbox { my($self,@p) = @_; my($name,$checked,$value,$label,$override,@other) = $self->rearrange([NAME,[CHECKED,SELECTED,ON],VALUE,LABEL,[OVERRIDE,FORCE]],@p); if (!$override && $self->inited) { $checked = $self->param($name) ? 'CHECKED' : ''; $value = defined $self->param($name) ? $self->param($name) : (defined $value ? $value : 'on'); } else { $checked = defined($checked) ? 'CHECKED' : ''; $value = defined $value ? $value : 'on'; } my($the_label) = defined $label ? $label : $name; $name = $self->escapeHTML($name); $value = $self->escapeHTML($value); $the_label = $self->escapeHTML($the_label); return <$the_label END } #### Method: checkbox_group # Create a list of logically-linked checkboxes. # Parameters: # $name -> Common name for all the check boxes # $values -> A pointer to a regular array containing the # values for each checkbox in the group. # $defaults -> (optional) # 1. If a pointer to a regular array of checkbox values, # then this will be used to decide which # checkboxes to turn on by default. # 2. If a scalar, will be assumed to hold the # value of a single checkbox in the group to turn on. # $linebreak -> (optional) Set to true to place linebreaks # between the buttons. # $labels -> (optional) # A pointer to an associative array of labels to print next to each checkbox # in the form $label{'value'}="Long explanatory label". # Otherwise the provided values are used as the labels. # Returns: # An ARRAY containing a series of fields #### sub checkbox_group { my($self,@p) = @_; my($name,$values,$defaults,$linebreak,$labels,$rows,$columns, $rowheaders,$colheaders,$override,$nolabels,@other) = $self->rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT], LINEBREAK,LABELS,ROWS,[COLUMNS,COLS], ROWHEADERS,COLHEADERS, [OVERRIDE,FORCE],NOLABELS],@p); my($checked,$break,$result,$label); my(%checked) = $self->previous_or_default($name,$defaults,$override); $break = $linebreak ? "
" : ''; $name=$self->escapeHTML($name); # Create the elements my(@elements); my(@values) = @$values ? @$values : $self->param($name); foreach (@values) { $checked = $checked{$_} ? 'CHECKED' : ''; $label = ''; unless (defined($nolabels) && $nolabels) { $label = $_; $label = $labels->{$_} if defined($labels) && $labels->{$_}; $label = $self->escapeHTML($label); } $_ = $self->escapeHTML($_); push(@elements,qq/${label} ${break}/); } return @elements unless $columns; return _tableize($rows,$columns,$rowheaders,$colheaders,@elements); } # Escape HTML -- used internally sub escapeHTML { my($self,$toencode) = @_; return undef unless defined($toencode); return $toencode if $self->{'dontescape'}; $toencode=~s/&/&/g; $toencode=~s/\"/"/g; $toencode=~s/>/>/g; $toencode=~s/"; my($row,$column); unshift(@$colheaders,'') if @$colheaders && @$rowheaders; $result .= "" . join ("",@{$colheaders}) if @{$colheaders}; for ($row=0;$row<$rows;$row++) { $result .= ""; $result .= "$rowheaders->[$row]" if @$rowheaders; for ($column=0;$column<$columns;$column++) { $result .= "" . $elements[$column*$rows + $row]; } } $result .= ""; return $result; } #### Method: radio_group # Create a list of logically-linked radio buttons. # Parameters: # $name -> Common name for all the buttons. # $values -> A pointer to a regular array containing the # values for each button in the group. # $default -> (optional) Value of the button to turn on by default. Pass '-' # to turn _nothing_ on. # $linebreak -> (optional) Set to true to place linebreaks # between the buttons. # $labels -> (optional) # A pointer to an associative array of labels to print next to each checkbox # in the form $label{'value'}="Long explanatory label". # Otherwise the provided values are used as the labels. # Returns: # An ARRAY containing a series of fields #### sub radio_group { my($self,@p) = @_; my($self,@p) = @_; my($name,$values,$default,$linebreak,$labels, $rows,$columns,$rowheaders,$colheaders,$override,$nolabels,@other) = $self->rearrange([NAME,[VALUES,VALUE],DEFAULT,LINEBREAK,LABELS, ROWS,[COLUMNS,COLS], ROWHEADERS,COLHEADERS, [OVERRIDE,FORCE],NOLABELS],@p); my($result,$checked); if (!$override && defined($self->param($name))) { $checked = $self->param($name); } else { $checked = $default; } # If no check array is specified, check the first by default $checked = $values->[0] unless $checked; $name=$self->escapeHTML($name); my(@elements); my(@values) = @$values ? @$values : $self->param($name); foreach (@values) { my($checkit) = $checked eq $_ ? 'CHECKED' : ''; my($break) = $linebreak ? '
' : ''; my($label)=''; unless (defined($nolabels) && $nolabels) { $label = $_; $label = $labels->{$_} if defined($labels) && $labels->{$_}; $label = $self->escapeHTML($label); } $_=$self->escapeHTML($_); push(@elements,qq/${label} ${break}/); } return @elements unless $columns; return _tableize($rows,$columns,$rowheaders,$colheaders,@elements); } #### Method: popup_menu # Create a popup menu. # Parameters: # $name -> Name for all the menu # $values -> A pointer to a regular array containing the # text of each menu item. # $default -> (optional) Default item to display # $labels -> (optional) # A pointer to an associative array of labels to print next to each checkbox # in the form $label{'value'}="Long explanatory label". # Otherwise the provided values are used as the labels. # Returns: # A string containing the definition of a popup menu. #### sub popup_menu { my($self,@p) = @_; my($name,$values,$default,$labels,$override,@other) = $self->rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LABELS,[OVERRIDE,FORCE]],@p); my($result,$selected); if (!$override && defined($self->param($name))) { $selected = $self->param($name); } else { $selected = $default; } $name=$self->escapeHTML($name); $result = qq/\n"; return $result; } #### Method: scrolling_list # Create a scrolling list. # Parameters: # $name -> name for the list # $values -> A pointer to a regular array containing the # values for each option line in the list. # $defaults -> (optional) # 1. If a pointer to a regular array of options, # then this will be used to decide which # lines to turn on by default. # 2. Otherwise holds the value of the single line to turn on. # $size -> (optional) Size of the list. # $multiple -> (optional) If set, allow multiple selections. # $labels -> (optional) # A pointer to an associative array of labels to print next to each checkbox # in the form $label{'value'}="Long explanatory label". # Otherwise the provided values are used as the labels. # Returns: # A string containing the definition of a scrolling list. #### sub scrolling_list { my($self,@p) = @_; my($name,$values,$defaults,$size,$multiple,$labels,$override,@other) = $self->rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT], SIZE,MULTIPLE,LABELS,[OVERRIDE,FORCE]],@p); my($result); $size = $size || scalar(@{$values}); my(%selected) = $self->previous_or_default($name,$defaults,$override); my($is_multiple) = $multiple ? 'MULTIPLE' : ''; my($has_size) = $size ? "SIZE=$size" : ''; $name=$self->escapeHTML($name); $result = qq/\n"; return $result; } #### Method: hidden # Parameters: # $name -> Name of the hidden field # @default -> (optional) Initial values of field (may be an array) # or # $default->[initial values of field] # Returns: # A string containing a #### sub hidden { my($self,@p) = @_; # this is the one place where we departed from our standard # calling scheme, so we have to special-case (darn) my(@result,@value); my($name,$default,$override,@other) = $self->rearrange([NAME,[DEFAULT,VALUE,VALUES],[OVERRIDE,FORCE]],@p); my($do_override); if ( $p[0]=~/^-/ || $self->use_named_parameters ) { @value = ref($default) ? @{$default} : $default; $do_override = $override; } else { foreach ($default,$override,@other) { push(@value,$_) if defined($_) && ($_ ne ''); } } # use previous values if override is not set @value = $self->param($name) if !$do_override && $self->param($name) ne ''; $name=$self->escapeHTML($name); foreach (@value) { $_=$self->escapeHTML($_); push(@result,qq//); } return join("\n",@result); } #### Method: image_button # Parameters: # $name -> Name of the button # $src -> URL of the image source # $align -> Alignment style (TOP, BOTTOM or MIDDLE) # Returns: # A string containing a #### sub image_button { my($self,@p) = @_; my($name,$src,$alignment,@other) = $self->rearrange([NAME,SRC,ALIGN],@p); my($align) = $alignment ? "ALIGN=\U$alignment" : ''; $name=$self->escapeHTML($name); return qq//; } #### Method: self_url # Returns a URL containing the current script and all its # param/value pairs arranged as a query. You can use this # to create a link that, when selected, will reinvoke the # script with all its state information preserved. #### sub self_url { my($self) = @_; my($query_string) = $self->query_string; my $name = "http://" . $self->server_name; $name .= ":" . $self->server_port unless $self->server_port == 80; $name .= $self->script_name; $name .= $self->path_info if $self->path_info; return $name unless $query_string; return "$name?$query_string"; } # This is provided as a synonym to self_url() for people unfortunate # enough to have incorporated it into their programs already! sub state { &self_url; } #### Method: url # Like self_url, but doesn't return the query string part of # the URL. #### sub url { my($self) = @_; my $name = "http://" . $self->server_name; $name .= ":" . $self->server_port unless $self->server_port == 80; $name .= $self->script_name; return $name; } ############################################### # OTHER INFORMATION PROVIDED BY THE ENVIRONMENT ############################################### #### Method: path_info # Return the extra virtual path information provided # after the URL (if any) #### sub path_info { return $ENV{'PATH_INFO'}; } #### Method: request_method # Returns 'POST', 'GET', 'PUT' or 'HEAD' #### sub request_method { return $ENV{'REQUEST_METHOD'}; } #### Method: path_translated # Return the physical path information provided # by the URL (if any) #### sub path_translated { return $ENV{'PATH_TRANSLATED'}; } #### Method: query_string # Synthesize a query string from our current # parameters #### sub query_string { my $self = shift; my($param,$value,@pairs); foreach $param ($self->param) { my($eparam) = &escape($param); foreach $value ($self->param($param)) { $value = &escape($value); push(@pairs,"$eparam=$value"); } } return join("&",@pairs); } #### Method: accept # Without parameters, returns an array of the # MIME types the browser accepts. # With a single parameter equal to a MIME # type, will return undef if the browser won't # accept it, 1 if the browser accepts it but # doesn't give a preference, or a floating point # value between 0.0 and 1.0 if the browser # declares a quantitative score for it. # This handles MIME type globs correctly. #### sub accept { my($self,$search) = @_; my(%prefs,$type,$pref,$pat); my(@accept) = split(',',$ENV{'HTTP_ACCEPT'}); foreach (@accept) { ($pref) = /q=(\d\.\d+|\d+)/; ($type) = m#(\S+/[^;]+)#; next unless $type; $prefs{$type}=$pref || 1; } return keys %prefs unless $search; # if a search type is provided, we may need to # perform a pattern matching operation. # The MIME types use a glob mechanism, which # is easily translated into a perl pattern match # First return the preference for directly supported # types: return $prefs{$search} if $prefs{$search}; # Didn't get it, so try pattern matching. foreach (keys %prefs) { next unless /\*/; # not a pattern match ($pat = $_) =~ s/([^\w*])/\\$1/g; # escape meta characters $pat =~ s/\*/.*/g; # turn it into a pattern return $prefs{$_} if $search=~/$pat/; } } #### Method: user_agent # If called with no parameters, returns the user agent. # If called with one parameter, does a pattern match (case # insensitive) on the user agent. #### sub user_agent { my($self,$match)=@_; return $ENV{'HTTP_USER_AGENT'} unless $match; return ($ENV{'HTTP_USER_AGENT'} =~ /$match/i); } #### Method: cookie # Returns the magic cookie for the session. # To set the magic cookie for new transations, # try print $q->header('-Set-cookie'=>'my cookie') #### sub cookie { return $ENV{'HTTP_COOKIE'}; } #### Method: remote_host # Return the name of the remote host, or its IP # address if unavailable. If this variable isn't # defined, it returns "localhost" for debugging # purposes. #### sub remote_host { return $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'} || 'localhost'; } #### Method: remote_addr # Return the IP addr of the remote host. #### sub remote_addr { return $ENV{'REMOTE_ADDR'} || '127.0.0.1'; } #### Method: script_name # Return the partial URL to this script for # self-referencing scripts. Also see # self_url(), which returns a URL with all state information # preserved. #### sub script_name { return $ENV{'SCRIPT_NAME'} if $ENV{'SCRIPT_NAME'}; # These are for debugging return "/$0" unless $0=~/^\//; return $0; } #### Method: referer # Return the HTTP_REFERER: useful for generating # a GO BACK button. #### sub referer { return $ENV{'HTTP_REFERER'}; } #### Method: server_name # Return the name of the server #### sub server_name { return $ENV{'SERVER_NAME'} || 'dummy.host.name'; } #### Method: server_port # Return the tcp/ip port the server is running on #### sub server_port { return $ENV{'SERVER_PORT'} || 80; # for debugging } #### Method: remote_ident # Return the identity of the remote user # (but only if his host is running identd) #### sub remote_ident { return $ENV{'REMOTE_IDENT'}; } #### Method: auth_type # Return the type of use verification/authorization in use, if any. #### sub auth_type { return $ENV{'AUTH_TYPE'}; } #### Method: remote_user # Return the authorization name used for user # verification. #### sub remote_user { return $ENV{'REMOTE_USER'}; } #### Method: user_name # Try to return the remote user's name by hook or by # crook #### sub user_name { return $ENV{'HTTP_FROM'} || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'}; } # Return true if we've been initialized with a query # string. sub inited { my($self) = shift; return $self->{'.init'}; } # -------------- really private subroutines ----------------- sub previous_or_default { my($self,$name,$defaults,$override) = @_; my(%selected); if (!$override && ($self->inited || $self->param($name))) { grep($selected{$_}++,$self->param($name)); } elsif (defined($defaults) && ref($defaults) && (ref($defaults) eq 'ARRAY')) { grep($selected{$_}++,@{$defaults}); } else { $selected{$defaults}++ if defined($defaults); } return %selected; } ############ SUPPORT ROUTINES FOR THE NEW MULTIPART ENCODING ########## package MultipartBuffer; sub new { my($package,$boundary,$length,$filehandle) = @_; my $IN; if ($filehandle) { my($package) = caller; # force into caller's package if necessary $IN = $filehandle=~/[':]/ ? $filehandle : "$package\:\:$filehandle"; } $IN = "main::STDIN" unless $IN; binmode($IN) if $CGI::needs_binmode; # If the user types garbage into the file upload field, # then Netscape passes NOTHING to the server (not good). # We may hang on this read in that case. So we implement # a read timeout. If nothing is ready to read # by then, we return. return undef if wouldBlock($IN,$TIMEOUT); # Netscape seems to be a little bit unreliable # about providing boundary strings if ($boundary) { # Under the MIME spec, the boundary consists of the # characters "--" PLUS the Boundary string $boundary = "--$boundary"; # Read the topmost (boundary) line plus the CRLF my($null) = ''; read($IN,$null,length($boundary)+2); $length -= (length($boundary) + 2); } else { # otherwise we find it ourselves my($old); ($old,$/) = ($/,$CRLF); # read a CRLF-delimited line $boundary = <$IN>; $length -= length($boundary); chomp($boundary); # remove the CRLF $/ = $old; # restore old line separator } my $self = {LENGTH=>$length, BOUNDARY=>$boundary, IN=>$IN, BUFFER=>'', }; $FILLUNIT = length($boundary) if length($boundary) > $FILLUNIT; return bless $self,$package; } # This reads and returns the header as an associative array. # It looks for the pattern CRLF/CRLF to terminate the header. sub readHeader { my($self) = @_; my($end); my($ok) = 0; do { $self->fillBuffer($FILLUNIT); $ok++ if ($end = index($self->{BUFFER},"${CRLF}${CRLF}")) >= 0; $ok++ if $self->{BUFFER} eq ''; $FILLUNIT *= 2 if length($self->{BUFFER}) >= $FILLUNIT; } until $ok; my($header) = substr($self->{BUFFER},0,$end+2); substr($self->{BUFFER},0,$end+4) = ''; my %return; while ($header=~/^([\w-]+): (.*)$CRLF/mog) { $return{$1}=$2; } return %return; } # This reads and returns the body as a single scalar value. sub readBody { my($self) = @_; my($data); my($returnval)=''; while (defined($data = $self->read)) { $returnval .= $data; } return $returnval; } # This will read $bytes or until the boundary is hit, whichever happens # first. After the boundary is hit, we return undef. The next read will # skip over the boundary and begin reading again; sub read { my($self,$bytes) = @_; # default number of bytes to read $bytes = $bytes || $FILLUNIT; # Fill up our internal buffer in such a way that the boundary # is never split between reads. $self->fillBuffer($bytes); # Find the boundary in the buffer (it may not be there). my $start = index($self->{BUFFER},$self->{BOUNDARY}); # If the boundary begins the data, then skip past it # and return undef. The +2 here is a fiendish plot to # remove the CR/LF pair at the end of the boundary. if ($start == 0) { # clear us out completely if we've hit the last boundary. if (index($self->{BUFFER},"$self->{BOUNDARY}--")==0) { $self->{BUFFER}=''; $self->{LENGTH}=0; return undef; } # just remove the boundary. substr($self->{BUFFER},0,length($self->{BOUNDARY})+2)=''; return undef; } my $bytesToReturn; if ($start > 0) { # read up to the boundary $bytesToReturn = $start > $bytes ? $bytes : $start; } else { # read the requested number of bytes # leave enough bytes in the buffer to allow us to read # the boundary. Thanks to Kevin Hendrick for finding # this one. $bytesToReturn = $bytes - (length($self->{BOUNDARY})+1); } my $returnval=substr($self->{BUFFER},0,$bytesToReturn); substr($self->{BUFFER},0,$bytesToReturn)=''; # If we hit the boundary, remove the CRLF from the end. return ($start > 0) ? substr($returnval,0,-2) : $returnval; } # This fills up our internal buffer in such a way that the # boundary is never split between reads sub fillBuffer { my($self,$bytes) = @_; my($boundaryLength) = length($self->{BOUNDARY}); my($bufferLength) = length($self->{BUFFER}); my($bytesToRead) = $bytes - $bufferLength + $boundaryLength + 2; $bytesToRead = $self->{LENGTH} if $self->{LENGTH} < $bytesToRead; # Client may have aborted. Make sure we time out if the read # will block for more than TIMEOUT seconds. die "CGI.pm: Client timed out during multipart read.\n" if wouldBlock($self->{IN},$TIMEOUT); my $bytesRead = read($self->{IN},$self->{BUFFER},$bytesToRead,$bufferLength); # An apparent bug in the Netscape Commerce server causes the read() # to return zero bytes repeatedly without blocking if the # remote user aborts during a file transfer. I don't know how # they manage this, but the workaround is to abort if we get # more than SPIN_LOOP_MAX consecutive zero reads. if ($bytesRead == 0) { die "CGI.pm: Server closed socket during multipart read (client aborted?).\n" if ($self->{ZERO_LOOP_COUNTER}++ >= $SPIN_LOOP_MAX); } else { $self->{ZERO_LOOP_COUNTER}=0; } $self->{LENGTH} -= $bytesRead; } # Return true when we've finished reading sub eof { my($self) = @_; return 1 if (length($self->{BUFFER}) == 0) && ($self->{LENGTH} <= 0); } # utility function -- return TRUE if a read on the filehandle # blocks for more than the specified timeout. # NOTE: This piece of code has been commented out because it # causes problems on Solaris and DEC Unix 3.2 systems (and # maybe others) sub wouldBlock { return undef; my($handle,$timeout) = @_; my($rin) = ''; vec($rin,fileno($handle),1)=1; my($nfound,$timeleft) = select($rin,undef,undef,$timeout); return !$nfound; } package TempFile; # Create a temporary file that will be automatically # unlinked when finished. sub new { my($package) = @_; $SEQUENCE++; my $directory = "$TMPDIRECTORY/$SEQUENCE"; return bless \$directory; } sub DESTROY { my($self) = @_; unlink $$self; # get rid of the file } sub as_string { my($self) = @_; return $$self; } package CGI; ##### # subroutine: read_multipart # # Read multipart data and store it into our parameters. # An interesting feature is that if any of the parts is a file, we # create a temporary file and open up a filehandle on it so that the # caller can read from it if necessary. ##### sub read_multipart { my($self,$boundary,$length) = @_; my($buffer) = new MultipartBuffer($boundary,$length); return unless $buffer; my(%header,$body); while (!$buffer->eof) { %header = $buffer->readHeader; # In beta1 it was "Content-disposition". In beta2 it's "Content-Disposition" # Sheesh. my($key) = $header{'Content-disposition'} ? 'Content-disposition' : 'Content-Disposition'; my($param)= $header{$key}=~/ name="([^\"]*)"/; # possible bug: our regular expression expects the filename= part to fall # at the end of the line. Netscape doesn't escape quotation marks in file names!!! my($filename) = $header{$key}=~/ filename="(.*)"$/; # add this parameter to our list $self->add_parameter($param); # If no filename specified, then just read the data and assign it # to our parameter list. unless ($filename) { my($value) = $buffer->readBody; push(@{$self->{$param}},$value); next; } # If we get here, then we are dealing with a potentially large # uploaded form. Save the data to a temporary file, then open # the file for reading. my($tmpfile) = new TempFile; open (OUT,">$tmpfile") || die "CGI open of $tmpfile: $!\n"; chmod 0666,$tmpfile; # make sure anyone can delete it. my $data; while ($data = $buffer->read) { print OUT $data; } close OUT; # Now create a new filehandle in the caller's namespace. # The name of this filehandle just happens to be identical # to the original filename (NOT the name of the temporary # file, which is hidden!) my($filehandle); if ($filename=~/^[a-zA-Z_]/) { my($frame,$cp)=(1); do { $cp = caller($frame++); } until $cp!~/^CGI/; $filehandle = "$cp\:\:$filename"; } else { $filehandle = "\:\:$filename"; } open($filehandle,$tmpfile) || die "CGI open of $tmpfile: $!\n"; binmode($filehandle) if $CGI::needs_binmode; push(@{$self->{$param}},$filename); # Under Unix, it would be safe to let the temporary file # be deleted immediately. However, I fear that other operating # systems are not so forgiving. Therefore we save a reference # to the temporary file in the CGI object so that the file # isn't unlinked until the CGI object itself goes out of # scope. This is a bit hacky, but it has the interesting side # effect that one can access the name of the tmpfile by # asking for $query->{$query->param('foo')}, where 'foo' # is the name of the file upload field. $self->{'.tmpfiles'}->{$filename}=$tmpfile; } } sub tmpFileName { my($self,$filename) = @_; return $self->{'.tmpfiles'}->{$filename}; } # so that require() returns true and to prevent # warnings with the -w switch; $CGI::revision || 1; __END__ =head1 NAME CGI - Simple Common Gateway Interface Class =head1 ABSTRACT This perl library uses perl5 objects to make it easy to create Web fill-out forms and parse their contents. This package defines CGI objects, entities that contain the values of the current query string and other state variables. Using a CGI object's methods, you can examine keywords and parameters passed to your script, and create forms whose initial values are taken from the current query (thereby preserving state information). The current version of CGI.pm is available at http://www-genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html ftp://ftp-genome.wi.mit.edu/pub/software/WWW/ =head1 INSTALLATION: To install this package, just change to the directory in which this file is found and type the following: perl Makefile.PL make make install This will copy CGI.pm to your perl library directory for use by all perl scripts. You probably must be root to do this. Now you can load the CGI routines in your Perl scripts with the line: use CGI; If you don't have sufficient privileges to install CGI.pm in the Perl library directory, you can put CGI.pm into some convenient spot, such as your home directory, or in cgi-bin itself and prefix all Perl scripts that call it with something along the lines of the following preamble: BEGIN { unshift(@INC,'/home/davis/lib'); } use CGI; The CGI distribution also comes with a cute module called L. It redefines the die(), warn(), confess() and croak() error routines so that they write nicely formatted error messages into the server's error log (or to the output stream of your choice). This avoids long hours of groping through the error and access logs, trying to figure out which CGI script is generating fatal error messages. =head1 DESCRIPTION =head2 CREATING A NEW QUERY OBJECT: $query = new CGI This will parse the input (from both POST and GET methods) and store it into a perl5 object called $query. =head2 CREATING A NEW QUERY OBJECT FROM AN INPUT FILE $query = new CGI(INPUTFILE) If you provide a file handle to the new() method, it will read parameters from the file (or STDIN, or whatever). The file can be in any of the forms describing below under debugging (i.e. a series of newline delimited TAG=VALUE pairs will work). Conveniently, this type of file is created by the save() method (see below). =head2 FETCHING A LIST OF KEYWORDS FROM THE QUERY: @keywords = $query->keywords If the script was invoked as the result of an search, the parsed keywords can be obtained as an array using the keywords() method. =head2 FETCHING THE NAMES OF ALL THE PARAMETERS PASSED TO YOUR SCRIPT: @names = $query->param If the script was invoked with a parameter list (e.g. "name1=value1&name2=value2&name3=value3"), the param() method will return the parameter names as a list. If the script was invoked as an script, there will be a single parameter named 'keywords'. NOTE: As of version 1.5, the array of parameter names returned will be in the same order as they were submitted by the browser. Usually this order is the same as the order in which the parameters are defined in the form (however, this isn't part of the spec, and so isn't guaranteed). =head2 FETCHING THE VALUE OR VALUES OF A SINGLE NAMED PARAMETER: @values = $query->param('foo'); -or- $value = $query->param('foo'); Pass the param() method a single argument to fetch the value of the named parameter. If the parameter is multivalued (e.g. from multiple selections in a scrolling list), you can ask to receive an array. Otherwise the method will return a single value. =head2 SETTING THE VALUE(S) OF A NAMED PARAMETER: $query->param('foo','an','array','of','values'); This sets the value for the named parameter 'foo' to an array of values. This is one way to change the value of a field AFTER the script has been invoked once before. (Another way is with the -override parameter accepted by all methods that generate form elements.) param() also recognizes the named parameter style of calling described below: $query->param(-name=>'foo',-values=>['an','array','of','values']); -or- $query->param(-name=>'foo',-value=>'the value'); =head2 IMPORTING ALL PARAMETERS INTO A NAMESPACE: $query->import_names('R'); This creates a series of variables in the 'R' namespace. For example, $R::foo, @R:foo. For keyword lists, a variable @R::keywords will appear. If no namespace is given, this method will assume 'Q'. WARNING: don't import anything into 'main'; this is a major security risk!!!! In older versions, this method was called import(). While the old name is maintained for compatability, use import_names() for consistency with the CGI:: modules. =head2 DELETING A PARAMETER COMPLETELY: $query->delete('foo'); This completely clears a parameter. It sometimes useful for resetting parameters that you don't want passed down between script invocations. =head2 SAVING THE STATE OF THE FORM TO A FILE: $query->save(FILEHANDLE) This will write the current state of the form to the provided filehandle. You can read it back in by providing a filehandle to the new() method. Note that the filehandle can be a file, a pipe, or whatever! =head2 CREATING A SELF-REFERENCING URL THAT PRESERVES STATE INFORMATION: $myself = $query->self_url print "I'm talking to myself. self_url() will return a URL, that, when selected, will reinvoke this script with all its state information intact. This is most useful when you want to jump around within the document using internal anchors but you don't want to disrupt the current contents of the form(s). Something like this will do the trick. $myself = $query->self_url print "See table 1 print "See table 2 print "See for yourself If you don't want to get the whole query string, call the method url() to return just the URL for the script: $myself = $query->url print "No query string in this baby! =head2 CALLING CGI FUNCTIONS THAT TAKE MULTIPLE ARGUMENTS In versions of CGI.pm prior to 2.0, it could get difficult to remember the proper order of arguments in CGI function calls that accepted five or six different arguments. As of 2.0, there's a better way to pass arguments to the various CGI functions. In this style, you pass a series of name=>argument pairs, like this: $field = $query->radio_group(-name=>'OS', -values=>[Unix,Windows,Macintosh], -default=>'Unix'); The advantages of this style are that you don't have to remember the exact order of the arguments, and if you leave out a parameter, in most cases it will default to some reasonable value. If you provide a parameter that the method doesn't recognize, it will usually do something useful with it, such as incorporating it into the HTML form tag. For example if Netscape decides next week to add a new JUSTIFICATION parameter to the text field tags, you can start using the feature without waiting for a new version of CGI.pm: $field = $query->textfield(-name=>'State', -default=>'gaseous', -justification=>'RIGHT'); This will result in an HTML tag that looks like this: Parameter names are case insensitive: you can use -name, or -Name or -NAME. You don't have to use the hyphen if you don't want to. After creating a CGI object, call the B method with a nonzero value. This will tell CGI.pm that you intend to use named parameters exclusively: $query = new CGI; $query->use_named_parameters(1); $field = $query->radio_group('name'=>'OS', 'values'=>['Unix','Windows','Macintosh'], 'default'=>'Unix'); Actually, CGI.pm only looks for a hyphen in the first parameter. So you can leave it off subsequent parameters if you like. Something to be wary of is the potential that a string constant like "values" will collide with a keyword (and in fact it does!) While Perl usually figures out when you're referring to a function and when you're referring to a string, you probably should put quotation marks around all string constants just to play it safe. =head2 CREATING THE HTTP HEADER: print $query->header; -or- print $query->header('image/gif'); -or- print $query->header('text/html','204 No response'); -or- print $query->header(-type=>'image/gif', -status=>'402 Payment required', -cookie=>&get_random_cookie(), -Cost=>'$2.00'); header() returns the Content-type: header. You can provide your own MIME type if you choose, otherwise it defaults to text/html. An optional second paramer specifies the status code and a human-readable message. For example, you can specify 204, "No response" to create a script that tells the browser to do nothing at all. If you want to add additional fields to the header, just tack them on to the end: print $query->header('text/html','200 OK','Content-Length: 3002'); The last example shows the named argument style for passing arguments to the CGI methods using named parameters. Recognized parameters are B<-type>, B<-status>, and B<-cookie>. Any other parameters will be stripped of their initial hyphens and turned into header fields. The cookie parameter generates a header that tells the browser to provide a "magic cookie" during all subsequent transactions with your script. The value of the cookie can be almost anything you like (I doubt that newlines will work though), and can be used as a unique session ID or even to store a small number of state variables. You can retrieve the value of the browser's magic cookie with the cookie() method. As of version 1.56, all HTTP headers produced by CGI.pm contain the Pragma: no-cache instruction. However, as of version 1.57, this is turned OFF by default because it causes Netscape 2.0 beta to produce an annoying warning message every time the "back" button is hit. Turn it on again with the method cache(). =head2 GENERATING A REDIRECTION INSTRUCTION print $query->redirect('http://somewhere.else/in/movie/land'); redirects the browser elsewhere. If you use redirection like this, you should B print out a header as well. As of version 2.0, we produce both the unofficial Location: header and the official URI: header. This should satisfy most servers and browsers. One hint I can offer is that relative links may not work correctly when when you generate a redirection to another document on your site. This is due to a well-intentioned optimization that some servers use. The solution to this is to use the full URL (including the http: part) of the document you are redirecting to. =head2 CREATING THE HTML HEADER: print $query->start_html(-title=>'Secrets of the Pyramids', -author=>'fred@capricorn.org', -base=>'true', -BGCOLOR=>"#00A0A0"'); -or- print $query->start_html('Secrets of the Pyramids', 'fred@capricorn.org','true', 'BGCOLOR="#00A0A0"'); This will return a canned HTML header and the opening tag. All parameters are optional. In the named parameter form, recognized parameters are -title, -author and -base (see below for the explanation). Any additional parameters you provide, such as the Netscape unofficial BGCOLOR attribute, are added to the tag. Version 2.16 adds the argument -xbase, which you can use to provide an HREF for the tag different from the current location, as in -xbase=>"http://home.mcom.com/" JAVASCRIPTING: Version 2.17 adds the B<-script>, B<-onLoad> and B<-onUnload> parameters, which are used to add Netscape JavaScript calls to your pages. B<-script> should point to a block of text containing JavaScript function definitions. This block will be placed within a