2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# cgi.rb - cgi support library
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# Copyright (C) 2000 Network Applied Communication Laboratory, Inc.
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# Copyright (C) 2000 Information-technology Promotion Agency, Japan
|
|
|
|
#
|
|
|
|
# Author: Wakou Aoyama <wakou@ruby-lang.org>
|
|
|
|
#
|
2009-03-05 22:56:38 -05:00
|
|
|
# Documentation: Wakou Aoyama (RDoc'd and embellished by William Webber)
|
|
|
|
#
|
2011-05-16 17:21:35 -04:00
|
|
|
|
|
|
|
raise "Please, use ruby 1.9.0 or later." if RUBY_VERSION < "1.9.0"
|
|
|
|
|
2003-08-19 10:39:47 -04:00
|
|
|
# == Overview
|
|
|
|
#
|
2011-05-16 17:21:35 -04:00
|
|
|
# The Common Gateway Interface (CGI) is a simple protocol for passing an HTTP
|
|
|
|
# request from a web server to a standalone program, and returning the output
|
|
|
|
# to the web browser. Basically, a CGI program is called with the parameters
|
|
|
|
# of the request passed in either in the environment (GET) or via $stdin
|
|
|
|
# (POST), and everything it prints to $stdout is returned to the client.
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2011-05-16 17:21:35 -04:00
|
|
|
# This file holds the CGI class. This class provides functionality for
|
|
|
|
# retrieving HTTP request parameters, managing cookies, and generating HTML
|
|
|
|
# output.
|
2003-08-19 10:39:47 -04:00
|
|
|
#
|
2011-05-16 17:21:35 -04:00
|
|
|
# The file CGI::Session provides session management functionality; see that
|
|
|
|
# class for more details.
|
2003-08-19 10:39:47 -04:00
|
|
|
#
|
2011-05-16 17:21:35 -04:00
|
|
|
# See http://www.w3.org/CGI/ for more information on the CGI protocol.
|
2003-08-19 10:39:47 -04:00
|
|
|
#
|
|
|
|
# == Introduction
|
|
|
|
#
|
|
|
|
# CGI is a large class, providing several categories of methods, many of which
|
|
|
|
# are mixed in from other modules. Some of the documentation is in this class,
|
|
|
|
# some in the modules CGI::QueryExtension and CGI::HtmlExtension. See
|
|
|
|
# CGI::Cookie for specific information on handling cookies, and cgi/session.rb
|
|
|
|
# (CGI::Session) for information on sessions.
|
|
|
|
#
|
|
|
|
# For queries, CGI provides methods to get at environmental variables,
|
|
|
|
# parameters, cookies, and multipart request data. For responses, CGI provides
|
|
|
|
# methods for writing output and generating HTML.
|
|
|
|
#
|
|
|
|
# Read on for more details. Examples are provided at the bottom.
|
|
|
|
#
|
|
|
|
# == Queries
|
|
|
|
#
|
|
|
|
# The CGI class dynamically mixes in parameter and cookie-parsing
|
|
|
|
# functionality, environmental variable access, and support for
|
|
|
|
# parsing multipart requests (including uploaded files) from the
|
|
|
|
# CGI::QueryExtension module.
|
|
|
|
#
|
|
|
|
# === Environmental Variables
|
|
|
|
#
|
|
|
|
# The standard CGI environmental variables are available as read-only
|
|
|
|
# attributes of a CGI object. The following is a list of these variables:
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# AUTH_TYPE HTTP_HOST REMOTE_IDENT
|
|
|
|
# CONTENT_LENGTH HTTP_NEGOTIATE REMOTE_USER
|
|
|
|
# CONTENT_TYPE HTTP_PRAGMA REQUEST_METHOD
|
|
|
|
# GATEWAY_INTERFACE HTTP_REFERER SCRIPT_NAME
|
|
|
|
# HTTP_ACCEPT HTTP_USER_AGENT SERVER_NAME
|
|
|
|
# HTTP_ACCEPT_CHARSET PATH_INFO SERVER_PORT
|
|
|
|
# HTTP_ACCEPT_ENCODING PATH_TRANSLATED SERVER_PROTOCOL
|
|
|
|
# HTTP_ACCEPT_LANGUAGE QUERY_STRING SERVER_SOFTWARE
|
|
|
|
# HTTP_CACHE_CONTROL REMOTE_ADDR
|
|
|
|
# HTTP_FROM REMOTE_HOST
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# For each of these variables, there is a corresponding attribute with the
|
2009-03-05 22:56:38 -05:00
|
|
|
# same name, except all lower case and without a preceding HTTP_.
|
2003-08-19 10:39:47 -04:00
|
|
|
# +content_length+ and +server_port+ are integers; the rest are strings.
|
|
|
|
#
|
|
|
|
# === Parameters
|
|
|
|
#
|
|
|
|
# The method #params() returns a hash of all parameters in the request as
|
|
|
|
# name/value-list pairs, where the value-list is an Array of one or more
|
2009-03-05 22:56:38 -05:00
|
|
|
# values. The CGI object itself also behaves as a hash of parameter names
|
|
|
|
# to values, but only returns a single value (as a String) for each
|
2003-08-19 10:39:47 -04:00
|
|
|
# parameter name.
|
|
|
|
#
|
2009-03-05 22:56:38 -05:00
|
|
|
# For instance, suppose the request contains the parameter
|
2003-08-19 10:39:47 -04:00
|
|
|
# "favourite_colours" with the multiple values "blue" and "green". The
|
|
|
|
# following behaviour would occur:
|
|
|
|
#
|
|
|
|
# cgi.params["favourite_colours"] # => ["blue", "green"]
|
|
|
|
# cgi["favourite_colours"] # => "blue"
|
|
|
|
#
|
|
|
|
# If a parameter does not exist, the former method will return an empty
|
|
|
|
# array, the latter an empty string. The simplest way to test for existence
|
|
|
|
# of a parameter is by the #has_key? method.
|
|
|
|
#
|
|
|
|
# === Cookies
|
|
|
|
#
|
|
|
|
# HTTP Cookies are automatically parsed from the request. They are available
|
|
|
|
# from the #cookies() accessor, which returns a hash from cookie name to
|
|
|
|
# CGI::Cookie object.
|
|
|
|
#
|
|
|
|
# === Multipart requests
|
|
|
|
#
|
2009-03-05 22:56:38 -05:00
|
|
|
# If a request's method is POST and its content type is multipart/form-data,
|
2003-08-19 10:39:47 -04:00
|
|
|
# then it may contain uploaded files. These are stored by the QueryExtension
|
|
|
|
# module in the parameters of the request. The parameter name is the name
|
|
|
|
# attribute of the file input field, as usual. However, the value is not
|
|
|
|
# a string, but an IO object, either an IOString for small files, or a
|
|
|
|
# Tempfile for larger ones. This object also has the additional singleton
|
|
|
|
# methods:
|
|
|
|
#
|
|
|
|
# #local_path():: the path of the uploaded file on the local filesystem
|
|
|
|
# #original_filename():: the name of the file on the client computer
|
|
|
|
# #content_type():: the content type of the file
|
|
|
|
#
|
|
|
|
# == Responses
|
|
|
|
#
|
|
|
|
# The CGI class provides methods for sending header and content output to
|
|
|
|
# the HTTP client, and mixes in methods for programmatic HTML generation
|
|
|
|
# from CGI::HtmlExtension and CGI::TagMaker modules. The precise version of HTML
|
|
|
|
# to use for HTML generation is specified at object creation time.
|
|
|
|
#
|
|
|
|
# === Writing output
|
|
|
|
#
|
2003-11-06 22:52:02 -05:00
|
|
|
# The simplest way to send output to the HTTP client is using the #out() method.
|
2003-08-19 10:39:47 -04:00
|
|
|
# This takes the HTTP headers as a hash parameter, and the body content
|
2012-11-04 06:48:05 -05:00
|
|
|
# via a block. The headers can be generated as a string using the #http_header()
|
2003-08-19 10:39:47 -04:00
|
|
|
# method. The output stream can be written directly to using the #print()
|
|
|
|
# method.
|
|
|
|
#
|
|
|
|
# === Generating HTML
|
|
|
|
#
|
|
|
|
# Each HTML element has a corresponding method for generating that
|
|
|
|
# element as a String. The name of this method is the same as that
|
2009-03-05 22:56:38 -05:00
|
|
|
# of the element, all lowercase. The attributes of the element are
|
2003-08-19 10:39:47 -04:00
|
|
|
# passed in as a hash, and the body as a no-argument block that evaluates
|
|
|
|
# to a String. The HTML generation module knows which elements are
|
|
|
|
# always empty, and silently drops any passed-in body. It also knows
|
|
|
|
# which elements require matching closing tags and which don't. However,
|
|
|
|
# it does not know what attributes are legal for which elements.
|
|
|
|
#
|
|
|
|
# There are also some additional HTML generation methods mixed in from
|
|
|
|
# the CGI::HtmlExtension module. These include individual methods for the
|
|
|
|
# different types of form inputs, and methods for elements that commonly
|
|
|
|
# take particular attributes where the attributes can be directly specified
|
|
|
|
# as arguments, rather than via a hash.
|
|
|
|
#
|
|
|
|
# == Examples of use
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# === Get form values
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# require "cgi"
|
|
|
|
# cgi = CGI.new
|
|
|
|
# value = cgi['field_name'] # <== value string for 'field_name'
|
|
|
|
# # if not 'field_name' included, then return "".
|
|
|
|
# fields = cgi.keys # <== array of field names
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# # returns true if form has 'field_name'
|
|
|
|
# cgi.has_key?('field_name')
|
|
|
|
# cgi.has_key?('field_name')
|
|
|
|
# cgi.include?('field_name')
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
|
|
|
# CAUTION! cgi['field_name'] returned an Array with the old
|
2003-08-19 10:39:47 -04:00
|
|
|
# cgi.rb(included in ruby 1.6)
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# === Get form values as hash
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# require "cgi"
|
|
|
|
# cgi = CGI.new
|
|
|
|
# params = cgi.params
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# cgi.params is a hash.
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# cgi.params['new_field_name'] = ["value"] # add new param
|
|
|
|
# cgi.params['field_name'] = ["new_value"] # change value
|
|
|
|
# cgi.params.delete('field_name') # delete param
|
|
|
|
# cgi.params.clear # delete all params
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# === Save form values to file
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# require "pstore"
|
|
|
|
# db = PStore.new("query.db")
|
|
|
|
# db.transaction do
|
|
|
|
# db["params"] = cgi.params
|
|
|
|
# end
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# === Restore form values from file
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# require "pstore"
|
|
|
|
# db = PStore.new("query.db")
|
|
|
|
# db.transaction do
|
|
|
|
# cgi.params = db["params"]
|
|
|
|
# end
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# === Get multipart form values
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# require "cgi"
|
|
|
|
# cgi = CGI.new
|
|
|
|
# value = cgi['field_name'] # <== value string for 'field_name'
|
|
|
|
# value.read # <== body of value
|
|
|
|
# value.local_path # <== path to local file of value
|
|
|
|
# value.original_filename # <== original filename of value
|
|
|
|
# value.content_type # <== content_type of value
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# and value has StringIO or Tempfile class methods.
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# === Get cookie values
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# require "cgi"
|
|
|
|
# cgi = CGI.new
|
|
|
|
# values = cgi.cookies['name'] # <== array of 'name'
|
|
|
|
# # if not 'name' included, then return [].
|
|
|
|
# names = cgi.cookies.keys # <== array of cookie names
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# and cgi.cookies is a hash.
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# === Get cookie objects
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# require "cgi"
|
|
|
|
# cgi = CGI.new
|
|
|
|
# for name, cookie in cgi.cookies
|
|
|
|
# cookie.expires = Time.now + 30
|
|
|
|
# end
|
|
|
|
# cgi.out("cookie" => cgi.cookies) {"string"}
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# cgi.cookies # { "name1" => cookie1, "name2" => cookie2, ... }
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# require "cgi"
|
|
|
|
# cgi = CGI.new
|
|
|
|
# cgi.cookies['name'].expires = Time.now + 30
|
|
|
|
# cgi.out("cookie" => cgi.cookies['name']) {"string"}
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# === Print http header and html string to $DEFAULT_OUTPUT ($>)
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# require "cgi"
|
2012-11-30 00:06:45 -05:00
|
|
|
# cgi = CGI.new("html4") # add HTML generation methods
|
|
|
|
# cgi.out do
|
|
|
|
# cgi.html do
|
|
|
|
# cgi.head do
|
|
|
|
# cgi.title { "TITLE" }
|
|
|
|
# end +
|
|
|
|
# cgi.body do
|
|
|
|
# cgi.form("ACTION" => "uri") do
|
|
|
|
# cgi.p do
|
|
|
|
# cgi.textarea("get_text") +
|
|
|
|
# cgi.br +
|
|
|
|
# cgi.submit
|
|
|
|
# end
|
2003-08-19 10:39:47 -04:00
|
|
|
# end +
|
2012-11-30 00:06:45 -05:00
|
|
|
# cgi.pre do
|
2003-08-19 10:39:47 -04:00
|
|
|
# CGI::escapeHTML(
|
2012-11-30 00:06:45 -05:00
|
|
|
# "params: #{cgi.params.inspect}\n" +
|
|
|
|
# "cookies: #{cgi.cookies.inspect}\n" +
|
|
|
|
# ENV.collect do |key, value|
|
|
|
|
# "#{key} --> #{value}\n"
|
2003-08-19 10:39:47 -04:00
|
|
|
# end.join("")
|
|
|
|
# )
|
|
|
|
# end
|
|
|
|
# end
|
|
|
|
# end
|
|
|
|
# end
|
2009-03-05 22:56:38 -05:00
|
|
|
#
|
2003-08-19 10:39:47 -04:00
|
|
|
# # add HTML generation methods
|
|
|
|
# CGI.new("html3") # html3.2
|
|
|
|
# CGI.new("html4") # html4.01 (Strict)
|
|
|
|
# CGI.new("html4Tr") # html4.01 Transitional
|
|
|
|
# CGI.new("html4Fr") # html4.01 Frameset
|
2012-11-04 06:48:05 -05:00
|
|
|
# CGI.new("html5") # html5
|
2003-08-19 10:39:47 -04:00
|
|
|
#
|
2011-05-16 17:21:35 -04:00
|
|
|
|
|
|
|
class CGI
|
|
|
|
end
|
|
|
|
|
2008-09-09 09:09:56 -04:00
|
|
|
require 'cgi/core'
|
|
|
|
require 'cgi/cookie'
|
|
|
|
require 'cgi/util'
|
2010-01-28 10:19:52 -05:00
|
|
|
CGI.autoload(:HtmlExtension, 'cgi/html')
|