X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCGI.pm;h=78bc931466a1aebadd0e82c21b9fb7d2faf91541;hb=f6d6199cd6711f5e8a8e6c1a57445fa6f848c822;hp=6b870545b308b36e680f7b00d7df7c141c06b0f9;hpb=0e06870bf080a38cda51c06c6612359afc2334e1;p=p5sagit%2Fp5-mst-13.2.git

diff --git a/lib/CGI.pm b/lib/CGI.pm
index 6b87054..78bc931 100644
--- a/lib/CGI.pm
+++ b/lib/CGI.pm
@@ -1,5 +1,6 @@
 package CGI;
 require 5.004;
+use Carp 'croak';
 
 # See the bottom of this file for the POD documentation.  Search for the
 # string '=head'.
@@ -17,22 +18,25 @@ require 5.004;
 # The most recent version and complete docs are available at:
 #   http://stein.cshl.org/WWW/software/CGI/
 
-$CGI::revision = '$Id: CGI.pm,v 1.45 2000/09/13 02:55:41 lstein Exp $';
-$CGI::VERSION='2.74';
+$CGI::revision = '$Id: CGI.pm,v 1.58 2002/01/12 02:44:56 lstein Exp $';
+$CGI::VERSION='2.80';
 
 # HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
 # UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
-# $TempFile::TMPDIRECTORY = '/usr/tmp';
+# $CGITempFile::TMPDIRECTORY = '/usr/tmp';
 use CGI::Util qw(rearrange make_attributes unescape escape expires);
 
+#use constant XHTML_DTD => ['-//W3C//DTD XHTML Basic 1.0//EN',
+#                           'http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd'];
+
 use constant XHTML_DTD => ['-//W3C//DTD XHTML 1.0 Transitional//EN',
-			   'DTD/xhtml1-transitional.dtd'];
+                           'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'];
 
 # >>>>> Here are some globals that you might want to adjust <<<<<<
 sub initialize_globals {
     # Set this to 1 to enable copious autoloader debugging messages
     $AUTOLOAD_DEBUG = 0;
-    
+
     # Set this to 1 to generate XTML-compatible output
     $XHTML = 1;
 
@@ -81,6 +85,10 @@ sub initialize_globals {
     # separate the name=value pairs by semicolons rather than ampersands
     $USE_PARAM_SEMICOLONS = 1;
 
+    # Do not include undefined params parsed from query string
+    # use CGI qw(-no_undef_params);
+    $NO_UNDEF_PARAMS = 0;
+
     # Other globals that you shouldn't worry about.
     undef $Q;
     $BEEN_THERE = 0;
@@ -135,7 +143,8 @@ $AutoloadClass = $DefaultClass unless defined $CGI::AutoloadClass;
 # The path separator is a slash, backslash or semicolon, depending
 # on the paltform.
 $SL = {
-    UNIX=>'/', EPOC=>'/', OS2=>'\\', WINDOWS=>'\\', DOS=>'\\', MACINTOSH=>':', VMS=>'/'
+       UNIX=>'/', OS2=>'\\', EPOC=>'/',
+       WINDOWS=>'\\', DOS=>'\\', MACINTOSH=>':', VMS=>'/'
     }->{$OS};
 
 # This no longer seems to be necessary
@@ -182,6 +191,9 @@ if ($needs_binmode) {
 			   input Select option comment charset escapeHTML/],
 		':html3'=>[qw/div table caption th td TR Tr sup Sub strike applet Param 
 			   embed basefont style span layer ilayer font frameset frame script small big/],
+                ':html4'=>[qw/abbr acronym bdo col colgroup del fieldset iframe
+                            ins label legend noframes noscript object optgroup Q 
+                            thead tbody tfoot/], 
 		':netscape'=>[qw/blink fontsize center/],
 		':form'=>[qw/textfield textarea filefield password_field hidden checkbox checkbox_group 
 			  submit reset defaults radio_group popup_menu button autoEscape
@@ -197,10 +209,10 @@ if ($needs_binmode) {
 		':ssl' => [qw/https/],
 		':imagemap' => [qw/Area Map/],
 		':cgi-lib' => [qw/ReadParse PrintHeader HtmlTop HtmlBot SplitParam Vars/],
-		':html' => [qw/:html2 :html3 :netscape/],
-		':standard' => [qw/:html2 :html3 :form :cgi/],
-		':push' => [qw/multipart_init multipart_start multipart_end/],
-		':all' => [qw/:html2 :html3 :netscape :form :cgi :internal/]
+		':html' => [qw/:html2 :html3 :html4 :netscape/],
+		':standard' => [qw/:html2 :html3 :html4 :form :cgi/],
+		':push' => [qw/multipart_init multipart_start multipart_end multipart_final/],
+		':all' => [qw/:html2 :html3 :netscape :form :cgi :internal :html4/]
 		);
 
 # to import symbols into caller
@@ -456,7 +468,7 @@ sub init {
 
     # We now have the query string in hand.  We do slightly
     # different things for keyword lists and parameter lists.
-    if (defined $query_string && $query_string) {
+    if (defined $query_string && length $query_string) {
 	if ($query_string =~ /[&=;]/) {
 	    $self->parse_params($query_string);
 	} else {
@@ -540,6 +552,7 @@ sub parse_params {
     my($param,$value);
     foreach (@pairs) {
 	($param,$value) = split('=',$_,2);
+	next if $NO_UNDEF_PARAMS and not defined $value;
 	$value = '' unless defined $value;
 	$param = unescape($param);
 	$value = unescape($value);
@@ -618,7 +631,7 @@ sub _compile {
         unless (%$sub) {
 	   my($auto) = \${"$pack\:\:AUTOLOADED_ROUTINES"};
 	   eval "package $pack; $$auto";
-	   die $@ if $@;
+	   croak("$AUTOLOAD: $@") if $@;
            $$auto = '';  # Free the unneeded storage (but don't undef it!!!)
        }
        my($code) = $sub->{$func_name};
@@ -634,17 +647,31 @@ sub _compile {
 	       $code = $CGI::DefaultClass->_make_tag_func($func_name);
 	   }
        }
-       die "Undefined subroutine $AUTOLOAD\n" unless $code;
+       croak("Undefined subroutine $AUTOLOAD\n") unless $code;
        eval "package $pack; $code";
        if ($@) {
 	   $@ =~ s/ at .*\n//;
-	   die $@;
+	   croak("$AUTOLOAD: $@");
        }
     }       
     CORE::delete($sub->{$func_name});  #free storage
     return "$pack\:\:$func_name";
 }
 
+sub _selected {
+  my $self = shift;
+  my $value = shift;
+  return '' unless $value;
+  return $XHTML ? qq( selected="selected") : qq( selected);
+}
+
+sub _checked {
+  my $self = shift;
+  my $value = shift;
+  return '' unless $value;
+  return $XHTML ? qq( checked="checked") : qq( checked);
+}
+
 sub _reset_globals { initialize_globals(); }
 
 sub _setup_symbols {
@@ -663,6 +690,7 @@ sub _setup_symbols {
 	$PRIVATE_TEMPFILES++,    next if /^[:-]private_tempfiles$/;
 	$EXPORT{$_}++,           next if /^[:-]any$/;
 	$compile++,              next if /^[:-]compile$/;
+	$NO_UNDEF_PARAMS++,      next if /^[:-]no_undef_params$/;
 	
 	# This is probably extremely evil code -- to be deleted some day.
 	if (/^[-]autoload$/) {
@@ -706,7 +734,7 @@ sub MULTIPART {  'multipart/form-data'; }
 END_OF_FUNC
 
 'SERVER_PUSH' => <<'END_OF_FUNC',
-sub SERVER_PUSH { 'multipart/x-mixed-replace; boundary="' . shift() . '"'; }
+sub SERVER_PUSH { 'multipart/x-mixed-replace;boundary="' . shift() . '"'; }
 END_OF_FUNC
 
 'new_MultipartBuffer' => <<'END_OF_FUNC',
@@ -1013,20 +1041,20 @@ END_OF_FUNC
 sub Dump {
     my($self) = self_or_default(@_);
     my($param,$value,@result);
-    return '<UL></UL>' unless $self->param;
-    push(@result,"<UL>");
+    return '<ul></ul>' unless $self->param;
+    push(@result,"<ul>");
     foreach $param ($self->param) {
 	my($name)=$self->escapeHTML($param);
-	push(@result,"<LI><STRONG>$param</STRONG>");
-	push(@result,"<UL>");
+	push(@result,"<li><strong>$param</strong>");
+	push(@result,"<ul>");
 	foreach $value ($self->param($param)) {
 	    $value = $self->escapeHTML($value);
-            $value =~ s/\n/<BR>\n/g;
-	    push(@result,"<LI>$value");
+            $value =~ s/\n/<br>\n/g;
+	    push(@result,"<li>$value");
 	}
-	push(@result,"</UL>");
+	push(@result,"</ul>");
     }
-    push(@result,"</UL>\n");
+    push(@result,"</ul>");
     return join("\n",@result);
 }
 END_OF_FUNC
@@ -1090,23 +1118,24 @@ END_OF_FUNC
 
 #### Method: multipart_init
 # Return a Content-Type: style header for server-push
-# This has to be NPH, and it is advisable to set $| = 1
+# This has to be NPH on most web servers, and it is advisable to set $| = 1
 #
 # Many thanks to Ed Jordan <ed@fidalgo.net> for this
-# contribution
+# contribution, updated by Andrew Benham (adsb@bigfoot.com)
 ####
 'multipart_init' => <<'END_OF_FUNC',
 sub multipart_init {
     my($self,@p) = self_or_default(@_);
     my($boundary,@other) = rearrange([BOUNDARY],@p);
     $boundary = $boundary || '------- =_aaaaaaaaaa0';
-    $self->{'separator'} = "\n--$boundary\n";
+    $self->{'separator'} = "$CRLF--$boundary$CRLF";
+    $self->{'final_separator'} = "$CRLF--$boundary--$CRLF";
     $type = SERVER_PUSH($boundary);
     return $self->header(
 	-nph => 1,
 	-type => $type,
 	(map { split "=", $_, 2 } @other),
-    ) . $self->multipart_end;
+    ) . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $self->multipart_end;
 }
 END_OF_FUNC
 
@@ -1115,23 +1144,31 @@ END_OF_FUNC
 # Return a Content-Type: style header for server-push, start of section
 #
 # Many thanks to Ed Jordan <ed@fidalgo.net> for this
-# contribution
+# contribution, updated by Andrew Benham (adsb@bigfoot.com)
 ####
 'multipart_start' => <<'END_OF_FUNC',
 sub multipart_start {
+    my(@header);
     my($self,@p) = self_or_default(@_);
     my($type,@other) = rearrange([TYPE],@p);
     $type = $type || 'text/html';
-    return $self->header(
-	-type => $type,
-	(map { split "=", $_, 2 } @other),
-    );
+    push(@header,"Content-Type: $type");
+
+    # rearrange() was designed for the HTML portion, so we
+    # need to fix it up a little.
+    foreach (@other) {
+        next unless my($header,$value) = /([^\s=]+)=\"?(.+?)\"?$/;
+	($_ = $header) =~ s/^(\w)(.*)/$1 . lc ($2) . ': '.$self->unescapeHTML($value)/e;
+    }
+    push(@header,@other);
+    my $header = join($CRLF,@header)."${CRLF}${CRLF}";
+    return $header;
 }
 END_OF_FUNC
 
 
 #### Method: multipart_end
-# Return a Content-Type: style header for server-push, end of section
+# Return a MIME boundary separator for server-push, end of section
 #
 # Many thanks to Ed Jordan <ed@fidalgo.net> for this
 # contribution
@@ -1144,6 +1181,19 @@ sub multipart_end {
 END_OF_FUNC
 
 
+#### Method: multipart_final
+# Return a MIME boundary separator for server-push, end of all sections
+#
+# Contributed by Andrew Benham (adsb@bigfoot.com)
+####
+'multipart_final' => <<'END_OF_FUNC',
+sub multipart_final {
+    my($self,@p) = self_or_default(@_);
+    return $self->{'final_separator'} . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $CRLF;
+}
+END_OF_FUNC
+
+
 #### Method: header
 # Return a Content-Type: style header
 #
@@ -1173,6 +1223,7 @@ sub header {
     foreach (@other) {
         next unless my($header,$value) = /([^\s=]+)=\"?(.+?)\"?$/;
 	($_ = $header) =~ s/^(\w)(.*)/$1 . lc ($2) . ': '.$self->unescapeHTML($value)/e;
+        $header = ucfirst($header);
     }
 
     $type ||= 'text/html' unless defined($type);
@@ -1181,6 +1232,7 @@ sub header {
     # Maybe future compatibility.  Maybe not.
     my $protocol = $ENV{SERVER_PROTOCOL} || 'HTTP/1.0';
     push(@header,$protocol . ' ' . ($status || '200 OK')) if $nph;
+    push(@header,"Server: " . &server_software()) if $nph;
 
     push(@header,"Status: $status") if $status;
     push(@header,"Window-Target: $target") if $target;
@@ -1197,10 +1249,10 @@ sub header {
     # uses OUR clock)
     push(@header,"Expires: " . expires($expires,'http'))
 	if $expires;
-    push(@header,"Date: " . expires(0,'http')) if $expires || $cookie;
+    push(@header,"Date: " . expires(0,'http')) if $expires || $cookie || $nph;
     push(@header,"Pragma: no-cache") if $self->cache();
     push(@header,"Content-Disposition: attachment; filename=\"$attachment\"") if $attachment;
-    push(@header,@other);
+    push(@header,map {ucfirst $_} @other);
     push(@header,"Content-Type: $type") if $type ne '';
 
     my $header = join($CRLF,@header)."${CRLF}${CRLF}";
@@ -1266,24 +1318,27 @@ END_OF_FUNC
 # $script -> (option) Javascript code (-script)
 # $no_script -> (option) Javascript <noscript> tag (-noscript)
 # $meta -> (optional) Meta information tags
-# $head -> (optional) any other elements you'd like to incorporate into the <HEAD> tag
+# $head -> (optional) any other elements you'd like to incorporate into the <head> tag
 #           (a scalar or array ref)
 # $style -> (optional) reference to an external style sheet
 # @other -> (optional) any other named parameters you'd like to incorporate into
-#           the <BODY> tag.
+#           the <body> tag.
 ####
 'start_html' => <<'END_OF_FUNC',
 sub start_html {
     my($self,@p) = &self_or_default(@_);
-    my($title,$author,$base,$xbase,$script,$noscript,$target,$meta,$head,$style,$dtd,$lang,@other) = 
-	rearrange([TITLE,AUTHOR,BASE,XBASE,SCRIPT,NOSCRIPT,TARGET,META,HEAD,STYLE,DTD,LANG],@p);
+    my($title,$author,$base,$xbase,$script,$noscript,
+        $target,$meta,$head,$style,$dtd,$lang,$encoding,@other) = 
+	rearrange([TITLE,AUTHOR,BASE,XBASE,SCRIPT,NOSCRIPT,TARGET,META,HEAD,STYLE,DTD,LANG,ENCODING],@p);
+
+    $encoding = 'utf-8' unless defined $encoding;
 
     # strangely enough, the title needs to be escaped as HTML
     # while the author needs to be escaped as a URL
     $title = $self->escapeHTML($title || 'Untitled Document');
     $author = $self->escape($author);
     $lang ||= 'en-US';
-    my(@result);
+    my(@result,$xml_dtd);
     if ($dtd) {
         if (defined(ref($dtd)) and (ref($dtd) eq 'ARRAY')) {
             $dtd = $DEFAULT_DTD unless $dtd->[0] =~ m|^-//|;
@@ -1293,8 +1348,13 @@ sub start_html {
     } else {
         $dtd = $XHTML ? XHTML_DTD : $DEFAULT_DTD;
     }
+
+    $xml_dtd++ if ref($dtd) eq 'ARRAY' && $dtd->[0] =~ /\bXHTML\b/i;
+    $xml_dtd++ if ref($dtd) eq '' && $dtd =~ /\bXHTML\b/i;
+    push @result,qq(<?xml version="1.0" encoding="$encoding"?>) if $xml_dtd; 
+
     if (ref($dtd) && ref($dtd) eq 'ARRAY') {
-        push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd->[0]"\n\t"$dtd->[1]">));
+        push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd->[0]"\n\tSYSTEM "$dtd->[1]">));
     } else {
         push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd">));
     }
@@ -1357,12 +1417,15 @@ sub _style {
      { # If it is, push a LINK tag for each one.
        foreach $src (@$src)
        {
-         push(@result,qq/<link rel="stylesheet" type="$type" href="$src">/) if $src;
+         push(@result,$XHTML ? qq(<link rel="stylesheet" type="$type" href="$src" />)
+                             : qq(<link rel="stylesheet" type="$type" href="$src">/)) if $src;
        }
      }
      else
      { # Otherwise, push the single -src, if it exists.
-       push(@result,qq/<link rel="stylesheet" type="$type" href="$src">/) if $src;
+       push(@result,$XHTML ? qq(<link rel="stylesheet" type="$type" href="$src" />)
+                           : qq(<link rel="stylesheet" type="$type" href="$src">)
+            ) if $src;
       }
      push(@result,style({'type'=>$type},"$cdata_start\n$code\n$cdata_end")) if $code;
     } else {
@@ -1409,7 +1472,7 @@ sub _script {
 	push(@satts,'src'=>$src) if $src;
 	push(@satts,'language'=>$language);
         push(@satts,'type'=>$type);
-	$code = "$cdata_start$code$cdata_end";
+	$code = "$cdata_start$code$cdata_end" if defined $code;
 	push(@result,script({@satts},$code || ''));
     }
     @result;
@@ -1418,7 +1481,7 @@ END_OF_FUNC
 
 #### Method: end_html
 # End an HTML document.
-# Trivial method for completeness.  Just returns "</BODY>"
+# Trivial method for completeness.  Just returns "</body>"
 ####
 'end_html' => <<'END_OF_FUNC',
 sub end_html {
@@ -1542,8 +1605,8 @@ sub _textfield {
 
     $current = defined($current) ? $self->escapeHTML($current,1) : '';
     $name = defined($name) ? $self->escapeHTML($name) : '';
-    my($s) = defined($size) ? qq/ size=$size/ : '';
-    my($m) = defined($maxlength) ? qq/ maxlength=$maxlength/ : '';
+    my($s) = defined($size) ? qq/ size="$size"/ : '';
+    my($m) = defined($maxlength) ? qq/ maxlength="$maxlength"/ : '';
     my($other) = @other ? " @other" : '';
     # this entered at cristy's request to fix problems with file upload fields
     # and WebTV -- not sure it won't break stuff
@@ -1613,7 +1676,7 @@ END_OF_FUNC
 #   $rows ->  Optional number of rows in text area
 #   $columns -> Optional number of columns in text area
 # Returns:
-#   A string containing a <TEXTAREA></TEXTAREA> tag
+#   A string containing a <textarea></textarea> tag
 #
 'textarea' => <<'END_OF_FUNC',
 sub textarea {
@@ -1627,8 +1690,8 @@ sub textarea {
 
     $name = defined($name) ? $self->escapeHTML($name) : '';
     $current = defined($current) ? $self->escapeHTML($current) : '';
-    my($r) = $rows ? " rows=$rows" : '';
-    my($c) = $cols ? " cols=$cols" : '';
+    my($r) = $rows ? qq/ rows="$rows"/ : '';
+    my($c) = $cols ? qq/ cols="$cols"/ : '';
     my($other) = @other ? " @other" : '';
     return qq{<textarea name="$name"$r$c$other>$current</textarea>};
 }
@@ -1657,7 +1720,7 @@ sub button {
     $script=$self->escapeHTML($script);
 
     my($name) = '';
-    $name = qq/ NAME="$label"/ if $label;
+    $name = qq/ name="$label"/ if $label;
     $value = $value || $label;
     my($val) = '';
     $val = qq/ value="$value"/ if $value;
@@ -1779,9 +1842,9 @@ sub checkbox {
 
     if (!$override && ($self->{'.fieldnames'}->{$name} || 
 		       defined $self->param($name))) {
-	$checked = grep($_ eq $value,$self->param($name)) ? ' checked' : '';
+	$checked = grep($_ eq $value,$self->param($name)) ? $self->_checked(1) : '';
     } else {
-	$checked = $checked ? qq/ checked/ : '';
+	$checked = $self->_checked($checked);
     }
     my($the_label) = defined $label ? $label : $name;
     $name = $self->escapeHTML($name);
@@ -1846,7 +1909,7 @@ sub checkbox_group {
 
     my($other) = @other ? " @other" : '';
     foreach (@values) {
-	$checked = $checked{$_} ? qq/ checked/ : '';
+	$checked = $self->_checked($checked{$_});
 	$label = '';
 	unless (defined($nolabels) && $nolabels) {
 	    $label = $_;
@@ -1867,6 +1930,8 @@ END_OF_FUNC
 # Escape HTML -- used internally
 'escapeHTML' => <<'END_OF_FUNC',
 sub escapeHTML {
+         # hack to work around  earlier hacks
+         push @_,$_[0] if @_==1 && $_[0] eq 'CGI';
          my ($self,$toencode,$newlinestoo) = CGI::self_or_default(@_);
          return undef unless defined($toencode);
          return $toencode if ref($self) && $self->{'dontescape'};
@@ -1877,6 +1942,7 @@ sub escapeHTML {
          my $latin = uc $self->{'.charset'} eq 'ISO-8859-1' ||
                      uc $self->{'.charset'} eq 'WINDOWS-1252';
          if ($latin) {  # bug in some browsers
+                $toencode =~ s{'}{&#39;}gso;
                 $toencode =~ s{\x8b}{&#139;}gso;
                 $toencode =~ s{\x9b}{&#155;}gso;
                 if (defined $newlinestoo && $newlinestoo) {
@@ -1991,13 +2057,13 @@ sub radio_group {
 
     my($other) = @other ? " @other" : '';
     foreach (@values) {
-	my($checkit) = $checked eq $_ ? qq/ checked/ : '';
+	my($checkit) = $checked eq $_ ? qq/ checked="checked"/ : '';
 	my($break);
 	if ($linebreak) {
-    $break = $XHTML ? "<br />" : "<br>";
+          $break = $XHTML ? "<br />" : "<br>";
 	}
 	else {
-	$break = '';
+	  $break = '';
 	}
 	my($label)='';
 	unless (defined($nolabels) && $nolabels) {
@@ -2052,15 +2118,15 @@ sub popup_menu {
 
     $result = qq/<select name="$name"$other>\n/;
     foreach (@values) {
-	my($selectit) = defined($selected) ? ($selected eq $_ ? qq/selected/ : '' ) : '';
+	my($selectit) = defined($selected) ? $self->_selected($selected eq $_) : '';
 	my($label) = $_;
 	$label = $labels->{$_} if defined($labels) && defined($labels->{$_});
 	my($value) = $self->escapeHTML($_);
 	$label=$self->escapeHTML($label,1);
-	$result .= "<option $selectit value=\"$value\">$label</option>\n";
+	$result .= "<option$selectit value=\"$value\">$label</option>\n";
     }
 
-    $result .= "</select>\n";
+    $result .= "</select>";
     return $result;
 }
 END_OF_FUNC
@@ -2099,21 +2165,21 @@ sub scrolling_list {
     $size = $size || scalar(@values);
 
     my(%selected) = $self->previous_or_default($name,$defaults,$override);
-    my($is_multiple) = $multiple ? qq/ multiple/ : '';
+    my($is_multiple) = $multiple ? qq/ multiple="multiple"/ : '';
     my($has_size) = $size ? qq/ size="$size"/: '';
     my($other) = @other ? " @other" : '';
 
     $name=$self->escapeHTML($name);
     $result = qq/<select name="$name"$has_size$is_multiple$other>\n/;
     foreach (@values) {
-	my($selectit) = $selected{$_} ? qq/selected/ : '';
+	my($selectit) = $self->_selected($selected{$_});
 	my($label) = $_;
 	$label = $labels->{$_} if defined($labels) && defined($labels->{$_});
 	$label=$self->escapeHTML($label);
 	my($value)=$self->escapeHTML($_,1);
-	$result .= "<option $selectit value=\"$value\">$label</option>\n";
+	$result .= "<option$selectit value=\"$value\">$label</option>\n";
     }
-    $result .= "</select>\n";
+    $result .= "</select>";
     $self->register_parameter($name);
     return $result;
 }
@@ -2156,7 +2222,7 @@ sub hidden {
     $name=$self->escapeHTML($name);
     foreach (@value) {
 	$_ = defined($_) ? $self->escapeHTML($_,1) : '';
-	push @result,$XHTMl ? qq(<input type="hidden" name="$name" value="$_" />)
+	push @result,$XHTML ? qq(<input type="hidden" name="$name" value="$_" />)
                             : qq(<input type="hidden" name="$name" value="$_">);
     }
     return wantarray ? @result : join('',@result);
@@ -2179,7 +2245,7 @@ sub image_button {
     my($name,$src,$alignment,@other) =
 	rearrange([NAME,SRC,ALIGN],@p);
 
-    my($align) = $alignment ? " align=\U$alignment" : '';
+    my($align) = $alignment ? " align=\U\"$alignment\"" : '';
     my($other) = @other ? " @other" : '';
     $name=$self->escapeHTML($name);
     return $XHTML ? qq(<input type="image" name="$name" src="$src"$align$other />)
@@ -2221,25 +2287,22 @@ sub url {
     my ($relative,$absolute,$full,$path_info,$query,$base) = 
 	rearrange(['RELATIVE','ABSOLUTE','FULL',['PATH','PATH_INFO'],['QUERY','QUERY_STRING'],'BASE'],@p);
     my $url;
-    $full++ if $base || !($relative || $absolute);
+    $full++      if $base || !($relative || $absolute);
 
     my $path = $self->path_info;
     my $script_name = $self->script_name;
 
-# If anybody knows why I ever wrote this please tell me!
-#    if (exists($ENV{REQUEST_URI})) {
-#        my $index;
-#	$script_name = $ENV{REQUEST_URI};
-#        # strip query string
-#        substr($script_name,$index) = '' if ($index = index($script_name,'?')) >= 0;
-#        # and path
-#        if (exists($ENV{PATH_INFO})) {
-#           (my $encoded_path = $ENV{PATH_INFO}) =~ s!([^a-zA-Z0-9_./-])!uc sprintf("%%%02x",ord($1))!eg;;
-#           substr($script_name,$index) = '' if ($index = rindex($script_name,$encoded_path)) >= 0;
-#         }
-#    } else {
-#	$script_name = $self->script_name;
-#    }
+    # for compatibility with Apache's MultiViews
+    if (exists($ENV{REQUEST_URI})) {
+        my $index;
+	$script_name = $ENV{REQUEST_URI};
+        $script_name =~ s/\?.+$//;   # strip query string
+        # and path
+        if (exists($ENV{PATH_INFO})) {
+           (my $encoded_path = $ENV{PATH_INFO}) =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/sprintf("%%%02X",ord($1))/eg;
+           $script_name      =~ s/$encoded_path$//i;
+         }
+    }
 
     if ($full) {
 	my $protocol = $self->protocol();
@@ -2265,7 +2328,7 @@ sub url {
     $url .= $path if $path_info and defined $path;
     $url .= "?" . $self->query_string if $query and $self->query_string;
     $url = '' unless defined $url;
-    $url =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/uc sprintf("%%%02x",ord($1))/eg;
+    $url =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/sprintf("%%%02X",ord($1))/eg;
     return $url;
 }
 
@@ -2306,7 +2369,7 @@ sub cookie {
     }
 
     # If we get here, we're creating a new cookie
-    return undef unless $name;	# this is an error
+    return undef unless defined($name) && $name ne '';	# this is an error
 
     my @param;
     push(@param,'-name'=>$name);
@@ -2870,12 +2933,12 @@ sub read_multipart {
 	  # choose a relatively unpredictable tmpfile sequence number
           my $seqno = unpack("%16C*",join('',localtime,values %ENV));
           for (my $cnt=10;$cnt>0;$cnt--) {
-	    next unless $tmpfile = new TempFile($seqno);
+	    next unless $tmpfile = new CGITempFile($seqno);
 	    $tmp = $tmpfile->as_string;
 	    last if defined($filehandle = Fh->new($filename,$tmp,$PRIVATE_TEMPFILES));
             $seqno += int rand(100);
           }
-          die "CGI open of tmpfile: $!\n" unless $filehandle;
+          die "CGI open of tmpfile: $!\n" unless defined $filehandle;
 	  $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode;
 
 	  my ($data);
@@ -2903,10 +2966,9 @@ END_OF_FUNC
 'upload' =><<'END_OF_FUNC',
 sub upload {
     my($self,$param_name) = self_or_default(@_);
-    my $param = $self->param($param_name);
-    return unless $param;
-    return unless ref($param) && fileno($param);
-    return $param;
+    my @param = grep(ref && fileno($_), $self->param($param_name));
+    return unless @param;
+    return wantarray ? @param : $param[0];
 }
 END_OF_FUNC
 
@@ -2975,7 +3037,7 @@ sub asString {
     my $self = shift;
     # get rid of package name
     (my $i = $$self) =~ s/^\*(\w+::fh\d{5})+//; 
-    $i =~ s/\\(.)/$1/g;
+    $i =~ s/%(..)/ chr(hex($1)) /eg;
     return $i;
 # BEGIN DEAD CODE
 # This was an extremely clever patch that allowed "use strict refs".
@@ -3000,7 +3062,8 @@ END_OF_FUNC
 sub new {
     my($pack,$name,$file,$delete) = @_;
     require Fcntl unless defined &Fcntl::O_RDWR;
-    my $fv = ++$FH . quotemeta($name);
+    (my $safename = $name) =~ s/([':%])/ sprintf '%%%02X', ord $1 /eg;
+    my $fv = ++$FH . $safename;
     my $ref = \*{"Fh::$fv"};
     sysopen($ref,$file,Fcntl::O_RDWR()|Fcntl::O_CREAT()|Fcntl::O_EXCL(),0600) || return;
     unlink($file) if $delete;
@@ -3072,7 +3135,7 @@ sub new {
 
 	# BUG: IE 3.01 on the Macintosh uses just the boundary -- not
 	# the two extra hyphens.  We do a special case here on the user-agent!!!!
-	$boundary = "--$boundary" unless CGI::user_agent('MSIE\s+3\.0[12];\s*Mac');
+	$boundary = "--$boundary" unless CGI::user_agent('MSIE\s+3\.0[12];\s*Mac|DreamPassport');
 
     } else { # otherwise we find it ourselves
 	my($old);
@@ -3208,7 +3271,8 @@ sub read {
     substr($self->{BUFFER},0,$bytesToReturn)='';
     
     # If we hit the boundary, remove the CRLF from the end.
-    return ($start > 0) ? substr($returnval,0,-2) : $returnval;
+    return (($start > 0) && ($start <= $bytes)) 
+           ? substr($returnval,0,-2) : $returnval;
 }
 END_OF_FUNC
 
@@ -3265,7 +3329,7 @@ END_OF_AUTOLOAD
 ####################################################################################
 ################################## TEMPORARY FILES #################################
 ####################################################################################
-package TempFile;
+package CGITempFile;
 
 $SL = $CGI::SL;
 $MAC = $CGI::OS eq 'MACINTOSH';
@@ -3274,7 +3338,8 @@ unless ($TMPDIRECTORY) {
     @TEMP=("${SL}usr${SL}tmp","${SL}var${SL}tmp",
 	   "C:${SL}temp","${SL}tmp","${SL}temp",
 	   "${vol}${SL}Temporary Items",
-           "${SL}WWW_ROOT", "${SL}SYS\$SCRATCH", "C:${SL}system${SL}temp");
+           "${SL}WWW_ROOT", "${SL}SYS\$SCRATCH",
+	   "C:${SL}system${SL}temp");
     unshift(@TEMP,$ENV{'TMPDIR'}) if exists $ENV{'TMPDIR'};
 
     # this feature was supposed to provide per-user tmpfiles, but
@@ -3296,7 +3361,12 @@ $MAXTRIES = 5000;
 
 # cute feature, but overload implementation broke it
 # %OVERLOAD = ('""'=>'as_string');
-*TempFile::AUTOLOAD = \&CGI::AUTOLOAD;
+*CGITempFile::AUTOLOAD = \&CGI::AUTOLOAD;
+
+sub DESTROY {
+    my($self) = @_;
+    unlink $$self;              # get rid of the file
+}
 
 ###############################################################################
 ################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
@@ -3313,19 +3383,12 @@ sub new {
 	last if ! -f ($filename = sprintf("${TMPDIRECTORY}${SL}CGItemp%d",$sequence++));
     }
     # untaint the darn thing
-    return unless $filename =~ m!^([a-zA-Z0-9_ '":/.\$\\]+)$!;
+    return unless $filename =~ m!^([a-zA-Z0-9_ '":/.\$\\-]+)$!;
     $filename = $1;
     return bless \$filename;
 }
 END_OF_FUNC
 
-'DESTROY' => <<'END_OF_FUNC',
-sub DESTROY {
-    my($self) = @_;
-    unlink $$self;              # get rid of the file
-}
-END_OF_FUNC
-
 'as_string' => <<'END_OF_FUNC'
 sub as_string {
     my($self) = @_;
@@ -3504,10 +3567,10 @@ this:
 
    Code                           Generated HTML
    ----                           --------------
-   h1()                           <H1>
-   h1('some','contents');         <H1>some contents</H1>
-   h1({-align=>left});            <H1 ALIGN="LEFT">
-   h1({-align=>left},'contents'); <H1 ALIGN="LEFT">contents</H1>
+   h1()                           <h1>
+   h1('some','contents');         <h1>some contents</h1>
+   h1({-align=>left});            <h1 ALIGN="LEFT">
+   h1({-align=>left},'contents'); <h1 ALIGN="LEFT">contents</h1>
 
 HTML tags are described in more detail later.  
 
@@ -3896,9 +3959,14 @@ Import all methods that generate HTML 2.0 standard elements.
 
 =item B<:html3>
 
-Import all methods that generate HTML 3.0 proposed elements (such as
+Import all methods that generate HTML 3.0 elements (such as
 <table>, <super> and <sub>).
 
+=item B<:html4>
+
+Import all methods that generate HTML 4 elements (such as
+<abbrev>, <acronym> and <thead>).
+
 =item B<:netscape>
 
 Import all methods that generate Netscape-specific HTML extensions.
@@ -3910,7 +3978,7 @@ Import all HTML-generating shortcuts (i.e. 'html2' + 'html3' +
 
 =item B<:standard>
 
-Import "standard" features, 'html2', 'html3', 'form' and 'cgi'.
+Import "standard" features, 'html2', 'html3', 'html4', 'form' and 'cgi'.
 
 =item B<:all>
 
@@ -3923,7 +3991,7 @@ If you import a function name that is not part of CGI.pm, the module
 will treat it as a new HTML tag and generate the appropriate
 subroutine.  You can then use it like any other HTML tag.  This is to
 provide for the rapidly-evolving HTML "standard."  For example, say
-Microsoft comes out with a new tag called <GRADIENT> (which causes the
+Microsoft comes out with a new tag called <gradient> (which causes the
 user's desktop to be flooded with a rotating gradient fill until his
 machine reboots).  You don't need to wait for a new version of CGI.pm
 to start using it immediately:
@@ -4027,6 +4095,10 @@ have the hidden fields appear in the querystring in a GET method.
 For example, a search script generated this way will have
 a very nice url with search parameters for bookmarking.
 
+=item -no_undef_params
+
+This keeps CGI.pm from including undef params in the parameter list.
+
 =item -no_xhtml
 
 By default, CGI.pm versions 2.69 and higher emit XHTML
@@ -4133,7 +4205,7 @@ For example:
 
 produces
 
-  <H1>Level 1 Header</H1>
+  <h1>Level 1 Header</h1>
 
 There will be some times when you want to produce the start and end
 tags yourself.  In this case, you can use the form start_I<tag_name>
@@ -4157,13 +4229,13 @@ the standard ones:
 
 =over 4
 
-=item 1. start_table() (generates a <TABLE> tag)
+=item 1. start_table() (generates a <table> tag)
 
-=item 2. end_table() (generates a </TABLE> tag)
+=item 2. end_table() (generates a </table> tag)
 
-=item 3. start_ul() (generates a <UL> tag)
+=item 3. start_ul() (generates a <ul> tag)
 
-=item 4. end_ul() (generates a </UL> tag)
+=item 4. end_ul() (generates a </ul> tag)
 
 =back
 
@@ -4248,7 +4320,7 @@ such as expiration time.  Use the cookie() method to create and retrieve
 session cookies.
 
 The B<-nph> parameter, if set to a true value, will issue the correct
-headers to work with a NPH (no-parse-header) script.  This is important
+headers to work with an NPH (no-parse-header) script.  This is important
 to use with certain servers that expect all their scripts to be NPH.
 
 The B<-charset> parameter can be used to control the character set
@@ -4285,7 +4357,7 @@ You can also use named arguments:
 			   -nph=>1);
 
 The B<-nph> parameter, if set to a true value, will issue the correct
-headers to work with a NPH (no-parse-header) script.  This is important
+headers to work with an NPH (no-parse-header) script.  This is important
 to use with certain servers, such as Microsoft Internet Explorer, which
 expect all their scripts to be NPH.
 
@@ -4305,15 +4377,15 @@ out an HTML document.  The start_html() routine creates the top of the
 page, along with a lot of optional information that controls the
 page's appearance and behavior.
 
-This method returns a canned HTML header and the opening <BODY> tag.
+This method returns a canned HTML header and the opening <body> tag.
 All parameters are optional.  In the named parameter form, recognized
 parameters are -title, -author, -base, -xbase, -dtd, -lang and -target
 (see below for the explanation).  Any additional parameters you
 provide, such as the Netscape unofficial BGCOLOR attribute, are added
-to the <BODY> tag.  Additional parameters must be proceeded by a
+to the <body> tag.  Additional parameters must be proceeded by a
 hyphen.
 
-The argument B<-xbase> allows you to provide an HREF for the <BASE> tag
+The argument B<-xbase> allows you to provide an HREF for the <base> tag
 different from the current location, as in
 
     -xbase=>"http://home.mcom.com/"
@@ -4332,12 +4404,12 @@ All relative links will be interpreted relative to this tag.
 You add arbitrary meta information to the header with the B<-meta>
 argument.  This argument expects a reference to an associative array
 containing name/value pairs of meta information.  These will be turned
-into a series of header <META> tags that look something like this:
+into a series of header <meta> tags that look something like this:
 
-    <META NAME="keywords" CONTENT="pharaoh secret mummy">
-    <META NAME="description" CONTENT="copyright 1996 King Tut">
+    <meta name="keywords" content="pharaoh secret mummy">
+    <meta name="description" content="copyright 1996 King Tut">
 
-To create an HTTP-EQUIV type of <META> tag, use B<-head>, described
+To create an HTTP-EQUIV type of <meta> tag, use B<-head>, described
 below.
 
 The B<-style> argument is used to incorporate cascading stylesheets
@@ -4345,19 +4417,22 @@ into your code.  See the section on CASCADING STYLESHEETS for more
 information.
 
 The B<-lang> argument is used to incorporate a language attribute into
-the <HTML> tag.  The default if not specified is "en-US" for US
+the <html> tag.  The default if not specified is "en-US" for US
 English.  For example:
 
-    print $q->header(-lang=>'fr-CA');
+    print $q->start_html(-lang=>'fr-CA');
 
-You can place other arbitrary HTML elements to the <HEAD> section with the
-B<-head> tag.  For example, to place the rarely-used <LINK> element in the
+The B<-encoding> argument can be used to specify the character set for
+XHTML.  It defaults to UTF-8 if not specified.
+
+You can place other arbitrary HTML elements to the <head> section with the
+B<-head> tag.  For example, to place the rarely-used <link> element in the
 head section, use this:
 
     print start_html(-head=>Link({-rel=>'next',
 		                  -href=>'http://www.capricorn.com/s2.html'}));
 
-To incorporate multiple HTML elements into the <HEAD> section, just pass an
+To incorporate multiple HTML elements into the <head> section, just pass an
 array reference:
 
     print start_html(-head=>[ 
@@ -4368,17 +4443,17 @@ array reference:
 			     ]
 		     );
 
-And here's how to create an HTTP-EQUIV <META> tag:
+And here's how to create an HTTP-EQUIV <meta> tag:
 
-      print header(-head=>meta({-http_equiv => 'Content-Type',
-                                -content    => 'text/html'}))
+      print start_html(-head=>meta({-http_equiv => 'Content-Type',
+                                    -content    => 'text/html'}))
 
 
 JAVASCRIPTING: The B<-script>, B<-noScript>, B<-onLoad>,
 B<-onMouseOver>, B<-onMouseOut> and B<-onUnload> parameters are used
 to add Netscape JavaScript calls to your pages.  B<-script> should
 point to a block of text containing JavaScript function definitions.
-This block will be placed within a <SCRIPT> block inside the HTML (not
+This block will be placed within a <script> block inside the HTML (not
 HTTP) header.  The block is placed in the header in order to give your
 page a fighting chance of having all its JavaScript functions in place
 even if the user presses the stop button before the page has loaded
@@ -4417,7 +4492,7 @@ Use the B<-noScript> parameter to pass some HTML text that will be displayed on
 browsers that do not have JavaScript (or browsers where JavaScript is turned
 off).
 
-Netscape 3.0 recognizes several attributes of the <SCRIPT> tag,
+Netscape 3.0 recognizes several attributes of the <script> tag,
 including LANGUAGE and SRC.  The latter is particularly interesting,
 as it allows you to keep the JavaScript code in a file or CGI script
 rather than cluttering up each page with the source.  To use these
@@ -4435,7 +4510,7 @@ one or more of -language, -src, or -code:
 	       );
 
 
-A final feature allows you to incorporate multiple <SCRIPT> sections into the
+A final feature allows you to incorporate multiple <script> sections into the
 header.  Just pass the list of script sections as an array reference.
 this allows you to specify different source files for different dialects
 of JavaScript.  Example:     
@@ -4456,7 +4531,6 @@ of JavaScript.  Example:
                                     }
                                  ]
                              );
-     </pre>
 
 If this looks a bit extreme, take my advice and stick with straight CGI scripting.  
 
@@ -4478,17 +4552,17 @@ The title
 
 =item 2.
 
-The author's e-mail address (will create a <LINK REV="MADE"> tag if present
+The author's e-mail address (will create a <link rev="MADE"> tag if present
 
 =item 3.
 
-A 'true' flag if you want to include a <BASE> tag in the header.  This
+A 'true' flag if you want to include a <base> tag in the header.  This
 helps resolve relative addresses to absolute ones when the document is moved, 
 but makes the document hierarchy non-portable.  Use with care!
 
 =item 4, 5, 6...
 
-Any other parameters you want to include in the <BODY> tag.  This is a good
+Any other parameters you want to include in the <body> tag.  This is a good
 place to put Netscape extensions, such as colors and wallpaper patterns.
 
 =back
@@ -4497,12 +4571,12 @@ place to put Netscape extensions, such as colors and wallpaper patterns.
 
 	print $query->end_html
 
-This ends an HTML document by printing the </BODY></HTML> tags.
+This ends an HTML document by printing the </body></html> tags.
 
 =head2 CREATING A SELF-REFERENCING URL THAT PRESERVES STATE INFORMATION:
 
     $myself = $query->self_url;
-    print q(<A HREF="$myself">I'm talking to myself.</A>);
+    print q(<a href="$myself">I'm talking to myself.</a>);
 
 self_url() will return a URL, that, when selected, will reinvoke
 this script with all its state information intact.  This is most
@@ -4511,9 +4585,9 @@ internal anchors but you don't want to disrupt the current contents
 of the form(s).  Something like this will do the trick.
 
      $myself = $query->self_url;
-     print "<A HREF=$myself#table1>See table 1</A>";
-     print "<A HREF=$myself#table2>See table 2</A>";
-     print "<A HREF=$myself#yourself>See for yourself</A>";
+     print "<a href=$myself#table1>See table 1</a>";
+     print "<a href=$myself#table2>See table 2</a>";
+     print "<a href=$myself#yourself>See for yourself</a>";
 
 If you want more control over what's returned, using the B<url()>
 method instead.
@@ -4622,7 +4696,7 @@ added for readability):
 
    <blockquote>
    Many years ago on the island of
-   <a HREF="http://crete.org/">Crete</a> there lived
+   <a href="http://crete.org/">Crete</a> there lived
    a minotaur named <strong>Fred.</strong> 
    </blockquote>
    <hr>
@@ -4645,12 +4719,12 @@ completely (see the next section for more details):
 The HTML methods will accept zero, one or multiple arguments.  If you
 provide no arguments, you get a single tag:
 
-   print hr;  	#  <HR>
+   print hr;  	#  <hr>
 
 If you provide one or more string arguments, they are concatenated
 together with spaces and placed between opening and closing tags:
 
-   print h1("Chapter","1"); # <H1>Chapter 1</H1>"
+   print h1("Chapter","1"); # <h1>Chapter 1</h1>"
 
 If the first argument is an associative array reference, then the keys
 and values of the associative array become the HTML tag's attributes:
@@ -4658,29 +4732,29 @@ and values of the associative array become the HTML tag's attributes:
    print a({-href=>'fred.html',-target=>'_new'},
       "Open a new frame");
 
-	    <A HREF="fred.html",TARGET="_new">Open a new frame</A>
+	    <a href="fred.html",target="_new">Open a new frame</a>
 
 You may dispense with the dashes in front of the attribute names if
 you prefer:
 
    print img {src=>'fred.gif',align=>'LEFT'};
 
-	   <IMG ALIGN="LEFT" SRC="fred.gif">
+	   <img align="LEFT" src="fred.gif">
 
 Sometimes an HTML tag attribute has no argument.  For example, ordered
-lists can be marked as COMPACT.  The syntax for this is an argument that
+lists can be marked as COMPACT.  The syntax for this is an argument
 that points to an undef string:
 
    print ol({compact=>undef},li('one'),li('two'),li('three'));
 
 Prior to CGI.pm version 2.41, providing an empty ('') string as an
 attribute argument was the same as providing undef.  However, this has
-changed in order to accommodate those who want to create tags of the form 
-<IMG ALT="">.  The difference is shown in these two pieces of code:
+changed in order to accommodate those who want to create tags of the form
+<img alt="">.  The difference is shown in these two pieces of code:
 
-   CODE                   RESULT
-   img({alt=>undef})      <IMG ALT>
-   img({alt=>''})         <IMT ALT="">
+     CODE                   RESULT
+     img({alt=>undef})      <img alt>
+     img({alt=>''})         <img alt="">
 
 =head2 THE DISTRIBUTIVE PROPERTY OF HTML SHORTCUTS
 
@@ -4696,12 +4770,12 @@ list:
 
 This example will result in HTML output that looks like this:
 
-   <UL>
-     <LI TYPE="disc">Sneezy</LI>
-     <LI TYPE="disc">Doc</LI>
-     <LI TYPE="disc">Sleepy</LI>
-     <LI TYPE="disc">Happy</LI>
-   </UL>
+   <ul>
+     <li type="disc">Sneezy</li>
+     <li type="disc">Doc</li>
+     <li type="disc">Sleepy</li>
+     <li type="disc">Happy</li>
+   </ul>
 
 This is extremely useful for creating tables.  For example:
 
@@ -4725,7 +4799,7 @@ Consider this bit of code:
 
 It will ordinarily return the string that you probably expect, namely:
 
-   <BLOCKQUOTE><EM>Hi</EM> mom!</BLOCKQUOTE>
+   <blockquote><em>Hi</em> mom!</blockquote>
 
 Note the space between the element "Hi" and the element "mom!".
 CGI.pm puts the extra space there using array interpolation, which is
@@ -4863,7 +4937,7 @@ autoEscape() method with a false value immediately after creating the CGI object
 
    print $query->isindex($action);
 
-Prints out an <ISINDEX> tag.  Not very exciting.  The parameter
+Prints out an <isindex> tag.  Not very exciting.  The parameter
 -action specifies the URL of the script to process the query.  The
 default is to process the query with the current script.
 
@@ -4881,14 +4955,14 @@ default is to process the query with the current script.
       <... various form stuff ...>
     print $query->endform;
 
-start_form() will return a <FORM> tag with the optional method,
+start_form() will return a <form> tag with the optional method,
 action and form encoding that you specify.  The defaults are:
 
     method: POST
     action: this script
     enctype: application/x-www-form-urlencoded
 
-endform() returns the closing </FORM> tag.  
+endform() returns the closing </form> tag.  
 
 Start_form()'s enctype argument tells the browser how to package the various
 fields of the form before sending the form to the server.  Two
@@ -4937,7 +5011,7 @@ for consistency and completeness.  If you find something wrong, you
 can put up an alert box or maybe fix things up yourself.  You can 
 abort the submission by returning false from this function.  
 
-Usually the bulk of JavaScript functions are defined in a <SCRIPT>
+Usually the bulk of JavaScript functions are defined in a <script>
 block in the HTML header and -onSubmit points to one of these function
 call.  See start_html() for details.
 
@@ -5137,6 +5211,10 @@ filehandle, or undef if the parameter is not a valid filehandle.
 	   print;
      }
 
+In an array context, upload() will return an array of filehandles.
+This makes it possible to create forms that use the same name for
+multiple upload fields.
+
 This is the recommended idiom.
 
 When a file is uploaded the browser usually sends along some
@@ -5174,6 +5252,12 @@ Example:
 You are free to create a custom HTML page to complain about the error,
 if you wish.
 
+If you are using CGI.pm on a Windows platform and find that binary
+files get slightly larger when uploaded but that text files remain the
+same, then you have forgotten to activate binary mode on the output
+filehandle.  Be sure to call binmode() on any handle that you create
+to write the uploaded file to disk.
+
 JAVASCRIPTING: The B<-onChange>, B<-onFocus>, B<-onBlur>,
 B<-onMouseOver>, B<-onMouseOut> and B<-onSelect> parameters are
 recognized.  See textfield() for details.
@@ -5407,7 +5491,7 @@ of the particular button clicked on using the "this" variable.
 =head2 CREATING A STANDALONE CHECKBOX
 
     print $query->checkbox(-name=>'checkbox_name',
-			   -checked=>'checked',
+			   -checked=>1,
 			   -value=>'ON',
 			   -label=>'CLICK ME');
 
@@ -5860,11 +5944,11 @@ techniques for defining new frames programmatically:
 =item 1. Create a <Frameset> document
 
 After writing out the HTTP header, instead of creating a standard
-HTML document using the start_html() call, create a <FRAMESET> 
+HTML document using the start_html() call, create a <frameset> 
 document that defines the frames on the page.  Specify your script(s)
 (with appropriate parameters) as the SRC for each of the frames.
 
-There is no specific support for creating <FRAMESET> sections 
+There is no specific support for creating <frameset> sections 
 in CGI.pm, but the HTML is very simple to write.  See the frame
 documentation in Netscape's home pages for details 
 
@@ -5883,7 +5967,7 @@ document into that.  There are a number of magic names that you can
 use for targets.  See the frame documents on Netscape's home pages for
 details.
 
-=item 3. Specify the destination for the document in the <FORM> tag
+=item 3. Specify the destination for the document in the <form> tag
 
 You can specify the frame to load in the FORM tag itself.  With
 CGI.pm it looks like this:
@@ -5906,11 +5990,11 @@ CGI.pm has limited support for HTML3's cascading style sheets (css).
 To incorporate a stylesheet into your document, pass the
 start_html() method a B<-style> parameter.  The value of this
 parameter may be a scalar, in which case it is incorporated directly
-into a <STYLE> section, or it may be a hash reference.  In the latter
+into a <style> section, or it may be a hash reference.  In the latter
 case you should provide the hash with one or more of B<-src> or
 B<-code>.  B<-src> points to a URL where an externally-defined
 stylesheet can be found.  B<-code> points to a scalar value to be
-incorporated into a <STYLE> section.  Style definitions in B<-code>
+incorporated into a <style> section.  Style definitions in B<-code>
 override similarly-named ones in B<-src>, hence the name "cascading."
 
 You may also specify the type of the stylesheet by adding the optional
@@ -6020,23 +6104,23 @@ for debugging purposes:
 
 Produces something that looks like:
 
-    <UL>
-    <LI>name1
-	<UL>
-	<LI>value1
-	<LI>value2
-	</UL>
-    <LI>name2
-	<UL>
-	<LI>value1
-	</UL>
-    </UL>
+    <ul>
+    <li>name1
+	<ul>
+	<li>value1
+	<li>value2
+	</ul>
+    <li>name2
+	<ul>
+	<li>value1
+	</ul>
+    </ul>
 
 As a shortcut, you can interpolate the entire CGI object into a string
 and it will be replaced with the a nice HTML dump shown above:
 
     $query=new CGI;
-    print "<H2>Current Values</H2> $query\n";
+    print "<h2>Current Values</h2> $query\n";
 
 =head1 FETCHING ENVIRONMENT VARIABLES
 
@@ -6206,12 +6290,17 @@ mode, CGI.pm will output the necessary extra header information when
 the header() and redirect() methods are
 called.
 
-The Microsoft Internet Information Server requires NPH mode.  As of version
-2.30, CGI.pm will automatically detect when the script is running under IIS
-and put itself into this mode.  You do not need to do this manually, although
-it won't hurt anything if you do.
-
-There are a number of ways to put CGI.pm into NPH mode:
+The Microsoft Internet Information Server requires NPH mode.  As of
+version 2.30, CGI.pm will automatically detect when the script is
+running under IIS and put itself into this mode.  You do not need to
+do this manually, although it won't hurt anything if you do.  However,
+note that if you have applied Service Pack 6, much of the
+functionality of NPH scripts, including the ability to redirect while
+setting a cookie, b<do not work at all> on IIS without a special patch
+from Microsoft.  See
+http://support.microsoft.com/support/kb/articles/Q280/3/41.ASP:
+Non-Parsed Headers Stripped From CGI Applications That Have nph-
+Prefix in Name.
 
 =over 4
 
@@ -6238,7 +6327,7 @@ in the B<header()> and B<redirect()>  statements:
 
 =head1 Server Push
 
-CGI.pm provides three simple functions for producing multipart
+CGI.pm provides four simple functions for producing multipart
 documents of the type needed to implement server push.  These
 functions were graciously provided by Ed Jordan <ed@fidalgo.net>.  To
 import these into your namespace, you must import the ":push" set.
@@ -6250,19 +6339,25 @@ Here is a simple script that demonstrates server push:
   #!/usr/local/bin/perl
   use CGI qw/:push -nph/;
   $| = 1;
-  print multipart_init(-boundary=>'----------------here we go!');
-  while (1) {
+  print multipart_init(-boundary=>'----here we go!');
+  foreach (0 .. 4) {
       print multipart_start(-type=>'text/plain'),
-            "The current time is ",scalar(localtime),"\n",
-            multipart_end;
+            "The current time is ",scalar(localtime),"\n";
+      if ($_ < 4) {
+              print multipart_end;
+      } else {
+              print multipart_final;
+      }
       sleep 1;
   }
 
 This script initializes server push by calling B<multipart_init()>.
-It then enters an infinite loop in which it begins a new multipart
-section by calling B<multipart_start()>, prints the current local time,
+It then enters a loop in which it begins a new multipart section by
+calling B<multipart_start()>, prints the current local time,
 and ends a multipart section with B<multipart_end()>.  It then sleeps
-a second, and begins again.
+a second, and begins again. On the final iteration, it ends the
+multipart section with B<multipart_final()> rather than with
+B<multipart_end()>.
 
 =over 4
 
@@ -6286,13 +6381,24 @@ type.  If not specified, text/html is assumed.
   multipart_end()
 
 End a part.  You must remember to call multipart_end() once for each
-multipart_start().
+multipart_start(), except at the end of the last part of the multipart
+document when multipart_final() should be called instead of multipart_end().
+
+=item multipart_final()
+
+  multipart_final()
+
+End all parts.  You should call multipart_final() rather than
+multipart_end() at the end of the last part of the multipart document.
 
 =back
 
 Users interested in server push applications should also have a look
 at the CGI::Push module.
 
+Only Netscape Navigator supports server push.  Internet Explorer
+browsers do not.
+
 =head1 Avoiding Denial of Service Attacks
 
 A potential problem with CGI.pm is that, by default, it attempts to
@@ -6491,7 +6597,7 @@ for suggestions and bug fixes.
 
 	print $query->header;
 	print $query->start_html("Example CGI.pm Form");
-	print "<H1> Example CGI.pm Form</H1>\n";
+	print "<h1> Example CGI.pm Form</h1>\n";
 	&print_prompt($query);
 	&do_work($query);
 	&print_tail;
@@ -6501,31 +6607,31 @@ for suggestions and bug fixes.
 	   my($query) = @_;
 
 	   print $query->start_form;
-	   print "<EM>What's your name?</EM><BR>";
+	   print "<em>What's your name?</em><br>";
 	   print $query->textfield('name');
 	   print $query->checkbox('Not my real name');
 
-	   print "<P><EM>Where can you find English Sparrows?</EM><BR>";
+	   print "<p><em>Where can you find English Sparrows?</em><br>";
 	   print $query->checkbox_group(
 				 -name=>'Sparrow locations',
 				 -values=>[England,France,Spain,Asia,Hoboken],
 				 -linebreak=>'yes',
 				 -defaults=>[England,Asia]);
 
-	   print "<P><EM>How far can they fly?</EM><BR>",
+	   print "<p><em>How far can they fly?</em><br>",
 		$query->radio_group(
 			-name=>'how far',
 			-values=>['10 ft','1 mile','10 miles','real far'],
 			-default=>'1 mile');
 
-	   print "<P><EM>What's your favorite color?</EM>  ";
+	   print "<p><em>What's your favorite color?</em>  ";
 	   print $query->popup_menu(-name=>'Color',
 				    -values=>['black','brown','red','yellow'],
 				    -default=>'red');
 
 	   print $query->hidden('Reference','Monty Python and the Holy Grail');
 
-	   print "<P><EM>What have you got there?</EM><BR>";
+	   print "<p><em>What have you got there?</em><br>";
 	   print $query->scrolling_list(
 			 -name=>'possessions',
 			 -values=>['A Coconut','A Grail','An Icon',
@@ -6533,36 +6639,36 @@ for suggestions and bug fixes.
 			 -size=>5,
 			 -multiple=>'true');
 
-	   print "<P><EM>Any parting comments?</EM><BR>";
+	   print "<p><em>Any parting comments?</em><br>";
 	   print $query->textarea(-name=>'Comments',
 				  -rows=>10,
 				  -columns=>50);
 
-	   print "<P>",$query->reset;
+	   print "<p>",$query->reset;
 	   print $query->submit('Action','Shout');
 	   print $query->submit('Action','Scream');
 	   print $query->endform;
-	   print "<HR>\n";
+	   print "<hr>\n";
 	}
 
 	sub do_work {
 	   my($query) = @_;
 	   my(@values,$key);
 
-	   print "<H2>Here are the current settings in this form</H2>";
+	   print "<h2>Here are the current settings in this form</h2>";
 
 	   foreach $key ($query->param) {
-	      print "<STRONG>$key</STRONG> -> ";
+	      print "<strong>$key</strong> -> ";
 	      @values = $query->param($key);
-	      print join(", ",@values),"<BR>\n";
+	      print join(", ",@values),"<br>\n";
 	  }
 	}
 
 	sub print_tail {
 	   print <<END;
-	<HR>
-	<ADDRESS>Lincoln D. Stein</ADDRESS><BR>
-	<A HREF="/">Home Page</A>
+	<hr>
+	<address>Lincoln D. Stein</address><br>
+	<a href="/">Home Page</a>
 	END
 	}