X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCGI.pm;h=bd9c3354f7290faac2c15d0d09e6418b04fc2c08;hb=3b0db4f96671dacfd3421850abb588b84e2ce6da;hp=3e8ed35be48fa69e63a790c3acd12655bd050deb;hpb=69c89ae7c8e657da80c1a551520c53d86073f166;p=p5sagit%2Fp5-mst-13.2.git

diff --git a/lib/CGI.pm b/lib/CGI.pm
index 3e8ed35..bd9c335 100644
--- a/lib/CGI.pm
+++ b/lib/CGI.pm
@@ -18,22 +18,29 @@ use Carp 'croak';
 # The most recent version and complete docs are available at:
 #   http://stein.cshl.org/WWW/software/CGI/
 
-$CGI::revision = '$Id: CGI.pm,v 1.51 2001/08/07 12:28:43 lstein Exp $';
-$CGI::VERSION='2.77';
+$CGI::revision = '$Id: CGI.pm,v 1.75 2002/10/16 17:48:37 lstein Exp $';
+$CGI::VERSION='2.89';
 
 # HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
 # UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
-# $TempFile::TMPDIRECTORY = '/usr/tmp';
+# $CGITempFile::TMPDIRECTORY = '/usr/tmp';
 use CGI::Util qw(rearrange make_attributes unescape escape expires);
 
-use constant XHTML_DTD => ['-//W3C//DTD XHTML Basic 1.0//EN',
-                           'http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd'];
+#use constant XHTML_DTD => ['-//W3C//DTD XHTML Basic 1.0//EN',
+#                           'http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd'];
+
+use constant XHTML_DTD => ['-//W3C//DTD XHTML 1.0 Transitional//EN',
+                           'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'];
+
+$TAINTED = substr("$0$^X",0,0);
+
+my @SAVED_SYMBOLS;
 
 # >>>>> Here are some globals that you might want to adjust <<<<<<
 sub initialize_globals {
     # Set this to 1 to enable copious autoloader debugging messages
     $AUTOLOAD_DEBUG = 0;
-    
+
     # Set this to 1 to generate XTML-compatible output
     $XHTML = 1;
 
@@ -82,9 +89,9 @@ sub initialize_globals {
     # separate the name=value pairs by semicolons rather than ampersands
     $USE_PARAM_SEMICOLONS = 1;
 
-	# Do not include undefined params parsed from query string
-	# use CGI qw(-no_undef_params);
-	$NO_UNDEF_PARAMS = 0;
+    # Do not include undefined params parsed from query string
+    # use CGI qw(-no_undef_params);
+    $NO_UNDEF_PARAMS = 0;
 
     # Other globals that you shouldn't worry about.
     undef $Q;
@@ -124,12 +131,14 @@ if ($OS =~ /^MSWin/i) {
     $OS = 'OS2';
 } elsif ($OS =~ /^epoc/i) {
     $OS = 'EPOC';
+} elsif ($OS =~ /^cygwin/i) {
+    $OS = 'CYGWIN';
 } else {
     $OS = 'UNIX';
 }
 
 # Some OS logic.  Binary mode enabled on DOS, NT and VMS
-$needs_binmode = $OS=~/^(WINDOWS|DOS|OS2|MSWin)/;
+$needs_binmode = $OS=~/^(WINDOWS|DOS|OS2|MSWin|CYGWIN)/;
 
 # This is the default class for the CGI object to use when all else fails.
 $DefaultClass = 'CGI' unless defined $CGI::DefaultClass;
@@ -140,8 +149,8 @@ $AutoloadClass = $DefaultClass unless defined $CGI::AutoloadClass;
 # The path separator is a slash, backslash or semicolon, depending
 # on the paltform.
 $SL = {
-    UNIX=>'/', OS2=>'\\', EPOC=>'/', 
-    WINDOWS=>'\\', DOS=>'\\', MACINTOSH=>':', VMS=>'/'
+    UNIX    => '/',  OS2 => '\\', EPOC      => '/', CYGWIN => '/',
+    WINDOWS => '\\', DOS => '\\', MACINTOSH => ':', VMS    => '/'
     }->{$OS};
 
 # This no longer seems to be necessary
@@ -150,13 +159,19 @@ $SL = {
 $IIS++ if defined($ENV{'SERVER_SOFTWARE'}) && $ENV{'SERVER_SOFTWARE'}=~/IIS/;
 
 # Turn on special checking for Doug MacEachern's modperl
-if (exists $ENV{'GATEWAY_INTERFACE'} 
-    && 
+if (exists $ENV{'GATEWAY_INTERFACE'}
+    &&
     ($MOD_PERL = $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-Perl\//))
-{
+  {
     $| = 1;
-    require Apache;
-}
+    require mod_perl;
+    if ($mod_perl::VERSION >= 1.99) {
+      require Apache::compat;
+    } else {
+      require Apache;
+    }
+  }
+
 # Turn on special checking for ActiveState's PerlEx
 $PERLEX++ if defined($ENV{'GATEWAY_INTERFACE'}) && $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-PerlEx/;
 
@@ -188,6 +203,9 @@ if ($needs_binmode) {
 			   input Select option comment charset escapeHTML/],
 		':html3'=>[qw/div table caption th td TR Tr sup Sub strike applet Param 
 			   embed basefont style span layer ilayer font frameset frame script small big/],
+                ':html4'=>[qw/abbr acronym bdo col colgroup del fieldset iframe
+                            ins label legend noframes noscript object optgroup Q 
+                            thead tbody tfoot/], 
 		':netscape'=>[qw/blink fontsize center/],
 		':form'=>[qw/textfield textarea filefield password_field hidden checkbox checkbox_group 
 			  submit reset defaults radio_group popup_menu button autoEscape
@@ -203,19 +221,19 @@ if ($needs_binmode) {
 		':ssl' => [qw/https/],
 		':imagemap' => [qw/Area Map/],
 		':cgi-lib' => [qw/ReadParse PrintHeader HtmlTop HtmlBot SplitParam Vars/],
-		':html' => [qw/:html2 :html3 :netscape/],
-		':standard' => [qw/:html2 :html3 :form :cgi/],
+		':html' => [qw/:html2 :html3 :html4 :netscape/],
+		':standard' => [qw/:html2 :html3 :html4 :form :cgi/],
 		':push' => [qw/multipart_init multipart_start multipart_end multipart_final/],
-		':all' => [qw/:html2 :html3 :netscape :form :cgi :internal/]
+		':all' => [qw/:html2 :html3 :netscape :form :cgi :internal :html4/]
 		);
 
 # to import symbols into caller
 sub import {
     my $self = shift;
 
-# This causes modules to clash.  
-#    undef %EXPORT_OK;
-#    undef %EXPORT;
+    # This causes modules to clash.
+    undef %EXPORT_OK;
+    undef %EXPORT;
 
     $self->_setup_symbols(@_);
     my ($callpack, $callfile, $callline) = caller;
@@ -375,6 +393,9 @@ sub init {
     # set charset to the safe ISO-8859-1
     $self->charset('ISO-8859-1');
 
+    # set autoescaping to on
+    $self->{'escape'} = 1;
+
   METHOD: {
 
       # avoid unreasonably large postings
@@ -546,6 +567,7 @@ sub parse_params {
     my($param,$value);
     foreach (@pairs) {
 	($param,$value) = split('=',$_,2);
+	next unless defined $param;
 	next if $NO_UNDEF_PARAMS and not defined $value;
 	$value = '' unless defined $value;
 	$param = unescape($param);
@@ -652,11 +674,29 @@ sub _compile {
     return "$pack\:\:$func_name";
 }
 
+sub _selected {
+  my $self = shift;
+  my $value = shift;
+  return '' unless $value;
+  return $XHTML ? qq( selected="selected") : qq( selected);
+}
+
+sub _checked {
+  my $self = shift;
+  my $value = shift;
+  return '' unless $value;
+  return $XHTML ? qq( checked="checked") : qq( checked);
+}
+
 sub _reset_globals { initialize_globals(); }
 
 sub _setup_symbols {
     my $self = shift;
     my $compile = 0;
+
+    # to avoid reexporting unwanted variables
+    undef %EXPORT;
+
     foreach (@_) {
 	$HEADERS_ONCE++,         next if /^[:-]unique_headers$/;
 	$NPH++,                  next if /^[:-]nph$/;
@@ -689,6 +729,7 @@ sub _setup_symbols {
 	}
     }
     _compile_all(keys %EXPORT) if $compile;
+    @SAVED_SYMBOLS = @_;
 }
 
 sub charset {
@@ -741,11 +782,12 @@ END_OF_FUNC
 ####
 sub delete {
     my($self,@p) = self_or_default(@_);
-    my($name) = rearrange([NAME],@p);
-    CORE::delete $self->{$name};
-    CORE::delete $self->{'.fieldnames'}->{$name};
-    @{$self->{'.parameters'}}=grep($_ ne $name,$self->param());
-    return wantarray ? () : undef;
+    my(@names) = rearrange([NAME],@p);
+    for my $name (@names) {
+      CORE::delete $self->{$name};
+      CORE::delete $self->{'.fieldnames'}->{$name};
+      @{$self->{'.parameters'}}=grep($_ ne $name,$self->param());
+    }
 }
 END_OF_FUNC
 
@@ -967,7 +1009,9 @@ EOF
 'autoEscape' => <<'END_OF_FUNC',
 sub autoEscape {
     my($self,$escape) = self_or_default(@_);
-    $self->{'dontescape'}=!$escape;
+    my $d = $self->{'escape'};
+    $self->{'escape'} = $escape;
+    $d;
 }
 END_OF_FUNC
 
@@ -1021,20 +1065,20 @@ END_OF_FUNC
 sub Dump {
     my($self) = self_or_default(@_);
     my($param,$value,@result);
-    return '<UL></UL>' unless $self->param;
-    push(@result,"<UL>");
+    return '<ul></ul>' unless $self->param;
+    push(@result,"<ul>");
     foreach $param ($self->param) {
 	my($name)=$self->escapeHTML($param);
-	push(@result,"<LI><STRONG>$param</STRONG>");
-	push(@result,"<UL>");
+	push(@result,"<li><strong>$param</strong>");
+	push(@result,"<ul>");
 	foreach $value ($self->param($param)) {
 	    $value = $self->escapeHTML($value);
-            $value =~ s/\n/<BR>\n/g;
-	    push(@result,"<LI>$value");
+            $value =~ s/\n/<br>\n/g;
+	    push(@result,"<li>$value");
 	}
-	push(@result,"</UL>");
+	push(@result,"</ul>");
     }
-    push(@result,"</UL>");
+    push(@result,"</ul>");
     return join("\n",@result);
 }
 END_OF_FUNC
@@ -1298,17 +1342,20 @@ END_OF_FUNC
 # $script -> (option) Javascript code (-script)
 # $no_script -> (option) Javascript <noscript> tag (-noscript)
 # $meta -> (optional) Meta information tags
-# $head -> (optional) any other elements you'd like to incorporate into the <HEAD> tag
+# $head -> (optional) any other elements you'd like to incorporate into the <head> tag
 #           (a scalar or array ref)
 # $style -> (optional) reference to an external style sheet
 # @other -> (optional) any other named parameters you'd like to incorporate into
-#           the <BODY> tag.
+#           the <body> tag.
 ####
 'start_html' => <<'END_OF_FUNC',
 sub start_html {
     my($self,@p) = &self_or_default(@_);
-    my($title,$author,$base,$xbase,$script,$noscript,$target,$meta,$head,$style,$dtd,$lang,@other) = 
-	rearrange([TITLE,AUTHOR,BASE,XBASE,SCRIPT,NOSCRIPT,TARGET,META,HEAD,STYLE,DTD,LANG],@p);
+    my($title,$author,$base,$xbase,$script,$noscript,
+        $target,$meta,$head,$style,$dtd,$lang,$encoding,@other) = 
+	rearrange([TITLE,AUTHOR,BASE,XBASE,SCRIPT,NOSCRIPT,TARGET,META,HEAD,STYLE,DTD,LANG,ENCODING],@p);
+
+    $encoding = 'iso-8859-1' unless defined $encoding;
 
     # strangely enough, the title needs to be escaped as HTML
     # while the author needs to be escaped as a URL
@@ -1328,14 +1375,14 @@ sub start_html {
 
     $xml_dtd++ if ref($dtd) eq 'ARRAY' && $dtd->[0] =~ /\bXHTML\b/i;
     $xml_dtd++ if ref($dtd) eq '' && $dtd =~ /\bXHTML\b/i;
-    push @result,q(<?xml version="1.0" encoding="utf-8"?>) if $xml_dtd; 
+    push @result,qq(<?xml version="1.0" encoding="$encoding"?>) if $xml_dtd; 
 
     if (ref($dtd) && ref($dtd) eq 'ARRAY') {
-        push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd->[0]"\n\t"$dtd->[1]">));
+        push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd->[0]"\n\t "$dtd->[1]">));
     } else {
         push(@result,qq(<!DOCTYPE html\n\tPUBLIC "$dtd">));
     }
-    push(@result,$XHTML ? qq(<html xmlns="http://www.w3.org/1999/xhtml" lang="$lang"><head><title>$title</title>)
+    push(@result,$XHTML ? qq(<html xmlns="http://www.w3.org/1999/xhtml" lang="$lang" xml:lang="$lang"><head><title>$title</title>)
                         : qq(<html lang="$lang"><head><title>$title</title>));
 	if (defined $author) {
     push(@result,$XHTML ? "<link rev=\"made\" href=\"mailto:$author\" />"
@@ -1395,7 +1442,7 @@ sub _style {
        foreach $src (@$src)
        {
          push(@result,$XHTML ? qq(<link rel="stylesheet" type="$type" href="$src" />)
-                             : qq(<link rel="stylesheet" type="$type" href="$src">/)) if $src;
+                             : qq(<link rel="stylesheet" type="$type" href="$src">)) if $src;
        }
      }
      else
@@ -1458,7 +1505,7 @@ END_OF_FUNC
 
 #### Method: end_html
 # End an HTML document.
-# Trivial method for completeness.  Just returns "</BODY>"
+# Trivial method for completeness.  Just returns "</body>"
 ####
 'end_html' => <<'END_OF_FUNC',
 sub end_html {
@@ -1476,14 +1523,14 @@ END_OF_FUNC
 # Parameters:
 #  $action -> optional URL of script to run
 # Returns:
-#   A string containing a <ISINDEX> tag
+#   A string containing a <isindex> tag
 'isindex' => <<'END_OF_FUNC',
 sub isindex {
     my($self,@p) = self_or_default(@_);
     my($action,@other) = rearrange([ACTION],@p);
-    $action = qq/action="$action"/ if $action;
+    $action = qq/ action="$action"/ if $action;
     my($other) = @other ? " @other" : '';
-    return $XHTML ? "<isindex $action$other />" : "<isindex $action$other>";
+    return $XHTML ? "<isindex$action$other />" : "<isindex$action$other>";
 }
 END_OF_FUNC
 
@@ -1505,7 +1552,9 @@ sub startform {
     $enctype = $enctype || &URL_ENCODED;
     unless (defined $action) {
        $action = $self->url(-absolute=>1,-path=>1);
-       $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
+       if (length($ENV{QUERY_STRING})>0) {
+           $action .= "?$ENV{QUERY_STRING}";
+       }
     }
     $action = qq(action="$action");
     my($other) = @other ? " @other" : '';
@@ -1589,7 +1638,7 @@ sub _textfield {
     # and WebTV -- not sure it won't break stuff
     my($value) = $current ne '' ? qq(value="$current") : '';
     return $XHTML ? qq(<input type="$tag" name="$name" $value$s$m$other />) 
-                  : qq/<input type="$tag" name="$name" $value$s$m$other>/;
+                  : qq(<input type="$tag" name="$name" $value$s$m$other>);
 }
 END_OF_FUNC
 
@@ -1601,7 +1650,7 @@ END_OF_FUNC
 #   $size ->  Optional width of field in characaters.
 #   $maxlength -> Optional maximum number of characters.
 # Returns:
-#   A string containing a <INPUT TYPE="text"> field
+#   A string containing a <input type="text"> field
 #
 'textfield' => <<'END_OF_FUNC',
 sub textfield {
@@ -1617,7 +1666,7 @@ END_OF_FUNC
 #   $size ->  Optional width of field in characaters.
 #   $maxlength -> Optional maximum number of characters.
 # Returns:
-#   A string containing a <INPUT TYPE="text"> field
+#   A string containing a <input type="file"> field
 #
 'filefield' => <<'END_OF_FUNC',
 sub filefield {
@@ -1636,7 +1685,7 @@ END_OF_FUNC
 #   $size ->  Optional width of field in characters.
 #   $maxlength -> Optional maximum characters that can be entered.
 # Returns:
-#   A string containing a <INPUT TYPE="password"> field
+#   A string containing a <input type="password"> field
 #
 'password_field' => <<'END_OF_FUNC',
 sub password_field {
@@ -1653,7 +1702,7 @@ END_OF_FUNC
 #   $rows ->  Optional number of rows in text area
 #   $columns -> Optional number of columns in text area
 # Returns:
-#   A string containing a <TEXTAREA></TEXTAREA> tag
+#   A string containing a <textarea></textarea> tag
 #
 'textarea' => <<'END_OF_FUNC',
 sub textarea {
@@ -1667,8 +1716,8 @@ sub textarea {
 
     $name = defined($name) ? $self->escapeHTML($name) : '';
     $current = defined($current) ? $self->escapeHTML($current) : '';
-    my($r) = $rows ? " rows=$rows" : '';
-    my($c) = $cols ? " cols=$cols" : '';
+    my($r) = $rows ? qq/ rows="$rows"/ : '';
+    my($c) = $cols ? qq/ cols="$cols"/ : '';
     my($other) = @other ? " @other" : '';
     return qq{<textarea name="$name"$r$c$other>$current</textarea>};
 }
@@ -1683,7 +1732,7 @@ END_OF_FUNC
 #   $onclick -> (optional) Text of the JavaScript to run when the button is
 #                clicked.
 # Returns:
-#   A string containing a <INPUT TYPE="button"> tag
+#   A string containing a <input type="button"> tag
 ####
 'button' => <<'END_OF_FUNC',
 sub button {
@@ -1704,7 +1753,7 @@ sub button {
     $script = qq/ onclick="$script"/ if $script;
     my($other) = @other ? " @other" : '';
     return $XHTML ? qq(<input type="button"$name$val$script$other />)
-                  : qq/<input type="button"$name$val$script$other>/;
+                  : qq(<input type="button"$name$val$script$other>);
 }
 END_OF_FUNC
 
@@ -1716,7 +1765,7 @@ END_OF_FUNC
 #   $value -> (optional) Value of the button when selected (also doubles as label).
 #   $label -> (optional) Label printed on the button(also doubles as the value).
 # Returns:
-#   A string containing a <INPUT TYPE="submit"> tag
+#   A string containing a <input type="submit"> tag
 ####
 'submit' => <<'END_OF_FUNC',
 sub submit {
@@ -1734,7 +1783,7 @@ sub submit {
     $val = qq/ value="$value"/ if defined($value);
     my($other) = @other ? " @other" : '';
     return $XHTML ? qq(<input type="submit"$name$val$other />)
-                  : qq/<input type="submit"$name$val$other>/;
+                  : qq(<input type="submit"$name$val$other>);
 }
 END_OF_FUNC
 
@@ -1744,7 +1793,7 @@ END_OF_FUNC
 # Parameters:
 #   $name -> (optional) Name for the button.
 # Returns:
-#   A string containing a <INPUT TYPE="reset"> tag
+#   A string containing a <input type="reset"> tag
 ####
 'reset' => <<'END_OF_FUNC',
 sub reset {
@@ -1754,7 +1803,7 @@ sub reset {
     my($value) = defined($label) ? qq/ value="$label"/ : '';
     my($other) = @other ? " @other" : '';
     return $XHTML ? qq(<input type="reset"$value$other />)
-                  : qq/<input type="reset"$value$other>/;
+                  : qq(<input type="reset"$value$other>);
 }
 END_OF_FUNC
 
@@ -1764,7 +1813,7 @@ END_OF_FUNC
 # Parameters:
 #   $name -> (optional) Name for the button.
 # Returns:
-#   A string containing a <INPUT TYPE="submit" NAME=".defaults"> tag
+#   A string containing a <input type="submit" name=".defaults"> tag
 #
 # Note: this button has a special meaning to the initialization script,
 # and tells it to ERASE the current query string so that your defaults
@@ -1806,7 +1855,7 @@ END_OF_FUNC
 #   $label -> (optional) a user-readable label printed next to the box.
 #             Otherwise the checkbox name is used.
 # Returns:
-#   A string containing a <INPUT TYPE="checkbox"> field
+#   A string containing a <input type="checkbox"> field
 ####
 'checkbox' => <<'END_OF_FUNC',
 sub checkbox {
@@ -1819,9 +1868,9 @@ sub checkbox {
 
     if (!$override && ($self->{'.fieldnames'}->{$name} || 
 		       defined $self->param($name))) {
-	$checked = grep($_ eq $value,$self->param($name)) ? ' checked' : '';
+	$checked = grep($_ eq $value,$self->param($name)) ? $self->_checked(1) : '';
     } else {
-	$checked = $checked ? qq/ checked/ : '';
+	$checked = $self->_checked($checked);
     }
     my($the_label) = defined $label ? $label : $name;
     $name = $self->escapeHTML($name);
@@ -1854,16 +1903,16 @@ END_OF_FUNC
 #             in the form $label{'value'}="Long explanatory label".
 #             Otherwise the provided values are used as the labels.
 # Returns:
-#   An ARRAY containing a series of <INPUT TYPE="checkbox"> fields
+#   An ARRAY containing a series of <input type="checkbox"> fields
 ####
 'checkbox_group' => <<'END_OF_FUNC',
 sub checkbox_group {
     my($self,@p) = self_or_default(@_);
 
-    my($name,$values,$defaults,$linebreak,$labels,$rows,$columns,
+    my($name,$values,$defaults,$linebreak,$labels,$attributes,$rows,$columns,
        $rowheaders,$colheaders,$override,$nolabels,@other) =
 	rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT],
-			  LINEBREAK,LABELS,ROWS,[COLUMNS,COLS],
+            LINEBREAK,LABELS,ATTRIBUTES,ROWS,[COLUMNS,COLS],
 			  ROWHEADERS,COLHEADERS,
 			  [OVERRIDE,FORCE],NOLABELS],@p);
 
@@ -1886,16 +1935,17 @@ sub checkbox_group {
 
     my($other) = @other ? " @other" : '';
     foreach (@values) {
-	$checked = $checked{$_} ? qq/ checked/ : '';
+	$checked = $self->_checked($checked{$_});
 	$label = '';
 	unless (defined($nolabels) && $nolabels) {
 	    $label = $_;
 	    $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
 	    $label = $self->escapeHTML($label);
 	}
+        my $attribs = $self->_set_attributes($_, $attributes);
 	$_ = $self->escapeHTML($_,1);
-	push(@elements,$XHTML ? qq(<input type="checkbox" name="$name" value="$_"$checked$other />${label}${break})
-                              : qq/<input type="checkbox" name="$name" value="$_"$checked$other>${label}${break}/);
+        push(@elements,$XHTML ? qq(<input type="checkbox" name="$name" value="$_"$checked$other$attribs />${label}${break})
+                              : qq/<input type="checkbox" name="$name" value="$_"$checked$other$attribs>${label}${break}/);
     }
     $self->register_parameter($name);
     return wantarray ? @elements : join(' ',@elements)            
@@ -1907,9 +1957,11 @@ END_OF_FUNC
 # Escape HTML -- used internally
 'escapeHTML' => <<'END_OF_FUNC',
 sub escapeHTML {
+         # hack to work around  earlier hacks
+         push @_,$_[0] if @_==1 && $_[0] eq 'CGI';
          my ($self,$toencode,$newlinestoo) = CGI::self_or_default(@_);
          return undef unless defined($toencode);
-         return $toencode if ref($self) && $self->{'dontescape'};
+         return $toencode if ref($self) && !$self->{'escape'};
          $toencode =~ s{&}{&amp;}gso;
          $toencode =~ s{<}{&lt;}gso;
          $toencode =~ s{>}{&gt;}gso;
@@ -1918,8 +1970,8 @@ sub escapeHTML {
                      uc $self->{'.charset'} eq 'WINDOWS-1252';
          if ($latin) {  # bug in some browsers
                 $toencode =~ s{'}{&#39;}gso;
-                $toencode =~ s{\x8b}{&#139;}gso;
-                $toencode =~ s{\x9b}{&#155;}gso;
+                $toencode =~ s{\x8b}{&#8249;}gso;
+                $toencode =~ s{\x9b}{&#8250;}gso;
                 if (defined $newlinestoo && $newlinestoo) {
                      $toencode =~ s{\012}{&#10;}gso;
                      $toencode =~ s{\015}{&#13;}gso;
@@ -2004,15 +2056,15 @@ END_OF_FUNC
 #             in the form $label{'value'}="Long explanatory label".
 #             Otherwise the provided values are used as the labels.
 # Returns:
-#   An ARRAY containing a series of <INPUT TYPE="radio"> fields
+#   An ARRAY containing a series of <input type="radio"> fields
 ####
 'radio_group' => <<'END_OF_FUNC',
 sub radio_group {
     my($self,@p) = self_or_default(@_);
 
-    my($name,$values,$default,$linebreak,$labels,
+    my($name,$values,$default,$linebreak,$labels,$attributes,
        $rows,$columns,$rowheaders,$colheaders,$override,$nolabels,@other) =
-	rearrange([NAME,[VALUES,VALUE],DEFAULT,LINEBREAK,LABELS,
+  rearrange([NAME,[VALUES,VALUE],DEFAULT,LINEBREAK,LABELS,ATTRIBUTES,
 			  ROWS,[COLUMNS,COLS],
 			  ROWHEADERS,COLHEADERS,
 			  [OVERRIDE,FORCE],NOLABELS],@p);
@@ -2032,7 +2084,7 @@ sub radio_group {
 
     my($other) = @other ? " @other" : '';
     foreach (@values) {
-	my($checkit) = $checked eq $_ ? qq/ checked/ : '';
+	my($checkit) = $checked eq $_ ? qq/ checked="checked"/ : '';
 	my($break);
 	if ($linebreak) {
           $break = $XHTML ? "<br />" : "<br>";
@@ -2046,9 +2098,10 @@ sub radio_group {
 	    $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
 	    $label = $self->escapeHTML($label,1);
 	}
+  my $attribs = $self->_set_attributes($_, $attributes);
 	$_=$self->escapeHTML($_);
-	push(@elements,$XHTML ? qq(<input type="radio" name="$name" value="$_"$checkit$other />${label}${break})
-                              : qq/<input type="radio" name="$name" value="$_"$checkit$other>${label}${break}/);
+  push(@elements,$XHTML ? qq(<input type="radio" name="$name" value="$_"$checkit$other$attribs />${label}${break})
+                              : qq/<input type="radio" name="$name" value="$_"$checkit$other$attribs>${label}${break}/);
     }
     $self->register_parameter($name);
     return wantarray ? @elements : join(' ',@elements) 
@@ -2076,8 +2129,9 @@ END_OF_FUNC
 sub popup_menu {
     my($self,@p) = self_or_default(@_);
 
-    my($name,$values,$default,$labels,$override,@other) =
-	rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LABELS,[OVERRIDE,FORCE]],@p);
+    my($name,$values,$default,$labels,$attributes,$override,@other) =
+       rearrange([NAME,[VALUES,VALUE],[DEFAULT,DEFAULTS],LABELS,
+       ATTRIBUTES,[OVERRIDE,FORCE]],@p);
     my($result,$selected);
 
     if (!$override && defined($self->param($name))) {
@@ -2093,12 +2147,22 @@ sub popup_menu {
 
     $result = qq/<select name="$name"$other>\n/;
     foreach (@values) {
-	my($selectit) = defined($selected) ? ($selected eq $_ ? qq/selected/ : '' ) : '';
+        if (/<optgroup/) {
+            foreach (split(/\n/)) {
+                my $selectit = $XHTML ? 'selected="selected"' : 'selected';
+                s/(value="$selected")/$selectit $1/ if defined $selected;
+                $result .= "$_\n";
+            }
+        }
+        else {
+            my $attribs = $self->_set_attributes($_, $attributes);
+	my($selectit) = defined($selected) ? $self->_selected($selected eq $_) : '';
 	my($label) = $_;
 	$label = $labels->{$_} if defined($labels) && defined($labels->{$_});
 	my($value) = $self->escapeHTML($_);
 	$label=$self->escapeHTML($label,1);
-	$result .= "<option $selectit value=\"$value\">$label</option>\n";
+            $result .= "<option$selectit$attribs value=\"$value\">$label</option>\n";
+        }
     }
 
     $result .= "</select>";
@@ -2107,6 +2171,66 @@ sub popup_menu {
 END_OF_FUNC
 
 
+#### Method: optgroup
+# Create a optgroup.
+# Parameters:
+#   $name -> Label for the group
+#   $values -> A pointer to a regular array containing the
+#              values for each option line in the group.
+#   $labels -> (optional)
+#              A pointer to an associative array of labels to print next to each item
+#              in the form $label{'value'}="Long explanatory label".
+#              Otherwise the provided values are used as the labels.
+#   $labeled -> (optional)
+#               A true value indicates the value should be used as the label attribute
+#               in the option elements.
+#               The label attribute specifies the option label presented to the user.
+#               This defaults to the content of the <option> element, but the label
+#               attribute allows authors to more easily use optgroup without sacrificing
+#               compatibility with browsers that do not support option groups.
+#   $novals -> (optional)
+#              A true value indicates to suppress the val attribute in the option elements
+# Returns:
+#   A string containing the definition of an option group.
+####
+'optgroup' => <<'END_OF_FUNC',
+sub optgroup {
+    my($self,@p) = self_or_default(@_);
+    my($name,$values,$attributes,$labeled,$noval,$labels,@other)
+        = rearrange([NAME,[VALUES,VALUE],ATTRIBUTES,LABELED,NOVALS,LABELS],@p);
+
+    my($result,@values);
+    @values = $self->_set_values_and_labels($values,\$labels,$name,$labeled,$novals);
+    my($other) = @other ? " @other" : '';
+
+    $name=$self->escapeHTML($name);
+    $result = qq/<optgroup label="$name"$other>\n/;
+    foreach (@values) {
+        if (/<optgroup/) {
+            foreach (split(/\n/)) {
+                my $selectit = $XHTML ? 'selected="selected"' : 'selected';
+                s/(value="$selected")/$selectit $1/ if defined $selected;
+                $result .= "$_\n";
+            }
+        }
+        else {
+            my $attribs = $self->_set_attributes($_, $attributes);
+            my($label) = $_;
+            $label = $labels->{$_} if defined($labels) && defined($labels->{$_});
+            $label=$self->escapeHTML($label);
+            my($value)=$self->escapeHTML($_,1);
+            $result .= $labeled ? $novals ? "<option$attribs label=\"$value\">$label</option>\n"
+                                          : "<option$attribs label=\"$value\" value=\"$value\">$label</option>\n"
+                                : $novals ? "<option$attribs>$label</option>\n"
+                                          : "<option$attribs value=\"$value\">$label</option>\n";
+        }
+    }
+    $result .= "</optgroup>";
+    return $result;
+}
+END_OF_FUNC
+
+
 #### Method: scrolling_list
 # Create a scrolling list.
 # Parameters:
@@ -2130,9 +2254,9 @@ END_OF_FUNC
 'scrolling_list' => <<'END_OF_FUNC',
 sub scrolling_list {
     my($self,@p) = self_or_default(@_);
-    my($name,$values,$defaults,$size,$multiple,$labels,$override,@other)
+    my($name,$values,$defaults,$size,$multiple,$labels,$attributes,$override,@other)
 	= rearrange([NAME,[VALUES,VALUE],[DEFAULTS,DEFAULT],
-			    SIZE,MULTIPLE,LABELS,[OVERRIDE,FORCE]],@p);
+          SIZE,MULTIPLE,LABELS,ATTRIBUTES,[OVERRIDE,FORCE]],@p);
 
     my($result,@values);
     @values = $self->_set_values_and_labels($values,\$labels,$name);
@@ -2140,19 +2264,20 @@ sub scrolling_list {
     $size = $size || scalar(@values);
 
     my(%selected) = $self->previous_or_default($name,$defaults,$override);
-    my($is_multiple) = $multiple ? qq/ multiple/ : '';
+    my($is_multiple) = $multiple ? qq/ multiple="multiple"/ : '';
     my($has_size) = $size ? qq/ size="$size"/: '';
     my($other) = @other ? " @other" : '';
 
     $name=$self->escapeHTML($name);
     $result = qq/<select name="$name"$has_size$is_multiple$other>\n/;
     foreach (@values) {
-	my($selectit) = $selected{$_} ? qq/selected/ : '';
+	my($selectit) = $self->_selected($selected{$_});
 	my($label) = $_;
 	$label = $labels->{$_} if defined($labels) && defined($labels->{$_});
 	$label=$self->escapeHTML($label);
 	my($value)=$self->escapeHTML($_,1);
-	$result .= "<option $selectit value=\"$value\">$label</option>\n";
+        my $attribs = $self->_set_attributes($_, $attributes);
+        $result .= "<option$selectit$attribs value=\"$value\">$label</option>\n";
     }
     $result .= "</select>";
     $self->register_parameter($name);
@@ -2168,7 +2293,7 @@ END_OF_FUNC
 #      or
 #   $default->[initial values of field]
 # Returns:
-#   A string containing a <INPUT TYPE="hidden" NAME="name" VALUE="value">
+#   A string containing a <input type="hidden" name="name" value="value">
 ####
 'hidden' => <<'END_OF_FUNC',
 sub hidden {
@@ -2211,7 +2336,7 @@ END_OF_FUNC
 #   $src ->  URL of the image source
 #   $align -> Alignment style (TOP, BOTTOM or MIDDLE)
 # Returns:
-#   A string containing a <INPUT TYPE="image" NAME="name" SRC="url" ALIGN="alignment">
+#   A string containing a <input type="image" name="name" src="url" align="alignment">
 ####
 'image_button' => <<'END_OF_FUNC',
 sub image_button {
@@ -2220,7 +2345,7 @@ sub image_button {
     my($name,$src,$alignment,@other) =
 	rearrange([NAME,SRC,ALIGN],@p);
 
-    my($align) = $alignment ? " align=\U$alignment" : '';
+    my($align) = $alignment ? " align=\U\"$alignment\"" : '';
     my($other) = @other ? " @other" : '';
     $name=$self->escapeHTML($name);
     return $XHTML ? qq(<input type="image" name="$name" src="$src"$align$other />)
@@ -2262,25 +2387,22 @@ sub url {
     my ($relative,$absolute,$full,$path_info,$query,$base) = 
 	rearrange(['RELATIVE','ABSOLUTE','FULL',['PATH','PATH_INFO'],['QUERY','QUERY_STRING'],'BASE'],@p);
     my $url;
-    $full++ if $base || !($relative || $absolute);
+    $full++      if $base || !($relative || $absolute);
 
     my $path = $self->path_info;
     my $script_name = $self->script_name;
 
-# If anybody knows why I ever wrote this please tell me!
-#    if (exists($ENV{REQUEST_URI})) {
-#        my $index;
-#	$script_name = $ENV{REQUEST_URI};
-#        # strip query string
-#        substr($script_name,$index) = '' if ($index = index($script_name,'?')) >= 0;
-#        # and path
-#        if (exists($ENV{PATH_INFO})) {
-#           (my $encoded_path = $ENV{PATH_INFO}) =~ s!([^a-zA-Z0-9_./-])!uc sprintf("%%%02x",ord($1))!eg;;
-#           substr($script_name,$index) = '' if ($index = rindex($script_name,$encoded_path)) >= 0;
-#         }
-#    } else {
-#	$script_name = $self->script_name;
-#    }
+    # for compatibility with Apache's MultiViews
+    if (exists($ENV{REQUEST_URI})) {
+        my $index;
+	$script_name = $ENV{REQUEST_URI};
+        $script_name =~ s/\?.+$//;   # strip query string
+        # and path
+        if (exists($ENV{PATH_INFO})) {
+           (my $encoded_path = $ENV{PATH_INFO}) =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/sprintf("%%%02X",ord($1))/eg;
+           $script_name      =~ s/$encoded_path$//i;
+         }
+    }
 
     if ($full) {
 	my $protocol = $self->protocol();
@@ -2306,7 +2428,7 @@ sub url {
     $url .= $path if $path_info and defined $path;
     $url .= "?" . $self->query_string if $query and $self->query_string;
     $url = '' unless defined $url;
-    $url =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/uc sprintf("%%%02x",ord($1))/eg;
+    $url =~ s/([^a-zA-Z0-9_.%;&?\/\\:+=~-])/sprintf("%%%02X",ord($1))/eg;
     return $url;
 }
 
@@ -2881,6 +3003,7 @@ sub read_multipart {
 	}
 
 	my($param)= $header{'Content-Disposition'}=~/ name="?([^\";]*)"?/;
+        $param .= $TAINTED;
 
 	# Bug:  Netscape doesn't escape quotation marks in file names!!!
 	my($filename) = $header{'Content-Disposition'}=~/ filename="?([^\"]*)"?/;
@@ -2892,6 +3015,7 @@ sub read_multipart {
 	# to our parameter list.
 	if ( !defined($filename) || $filename eq '' ) {
 	    my($value) = $buffer->readBody;
+            $value .= $TAINTED;
 	    push(@{$self->{$param}},$value);
 	    next;
 	}
@@ -2911,7 +3035,7 @@ sub read_multipart {
 	  # choose a relatively unpredictable tmpfile sequence number
           my $seqno = unpack("%16C*",join('',localtime,values %ENV));
           for (my $cnt=10;$cnt>0;$cnt--) {
-	    next unless $tmpfile = new TempFile($seqno);
+	    next unless $tmpfile = new CGITempFile($seqno);
 	    $tmp = $tmpfile->as_string;
 	    last if defined($filehandle = Fh->new($filename,$tmp,$PRIVATE_TEMPFILES));
             $seqno += int rand(100);
@@ -2978,6 +3102,22 @@ sub _set_values_and_labels {
 }
 END_OF_FUNC
 
+# internal routine, don't use
+'_set_attributes' => <<'END_OF_FUNC',
+sub _set_attributes {
+    my $self = shift;
+    my($element, $attributes) = @_;
+    return '' unless defined($attributes->{$element});
+    $attribs = ' ';
+    foreach my $attrib (keys %{$attributes->{$element}}) {
+        $attrib =~ s/^-//;
+        $attribs .= "@{[lc($attrib)]}=\"$attributes->{$element}{$attrib}\" ";
+    }
+    $attribs =~ s/ $//;
+    return $attribs;
+}
+END_OF_FUNC
+
 '_compile_all' => <<'END_OF_FUNC',
 sub _compile_all {
     foreach (@_) {
@@ -3016,7 +3156,7 @@ sub asString {
     # get rid of package name
     (my $i = $$self) =~ s/^\*(\w+::fh\d{5})+//; 
     $i =~ s/%(..)/ chr(hex($1)) /eg;
-    return $i;
+    return $i.$CGI::TAINTED;
 # BEGIN DEAD CODE
 # This was an extremely clever patch that allowed "use strict refs".
 # Unfortunately it relied on another bug that caused leaky file descriptors.
@@ -3039,12 +3179,15 @@ END_OF_FUNC
 'new'  => <<'END_OF_FUNC',
 sub new {
     my($pack,$name,$file,$delete) = @_;
+    _setup_symbols(@SAVED_SYMBOLS) if @SAVED_SYMBOLS;
     require Fcntl unless defined &Fcntl::O_RDWR;
     (my $safename = $name) =~ s/([':%])/ sprintf '%%%02X', ord $1 /eg;
     my $fv = ++$FH . $safename;
     my $ref = \*{"Fh::$fv"};
-    sysopen($ref,$file,Fcntl::O_RDWR()|Fcntl::O_CREAT()|Fcntl::O_EXCL(),0600) || return;
-    unlink($file) if $delete;
+    $file =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return;
+    my $safe = $1;
+    sysopen($ref,$safe,Fcntl::O_RDWR()|Fcntl::O_CREAT()|Fcntl::O_EXCL(),0600) || return;
+    unlink($safe) if $delete;
     CORE::delete $Fh::{$fv};
     return bless $ref,$pack;
 }
@@ -3170,15 +3313,15 @@ sub readHeader {
     substr($self->{BUFFER},0,$end+4) = '';
     my %return;
 
-    
     # See RFC 2045 Appendix A and RFC 822 sections 3.4.8
     #   (Folding Long Header Fields), 3.4.3 (Comments)
     #   and 3.4.5 (Quoted-Strings).
 
     my $token = '[-\w!\#$%&\'*+.^_\`|{}~]';
     $header=~s/$CRLF\s+/ /og;		# merge continuation lines
+
     while ($header=~/($token+):\s+([^$CRLF]*)/mgox) {
-	my ($field_name,$field_value) = ($1,$2); # avoid taintedness
+        my ($field_name,$field_value) = ($1,$2);
 	$field_name =~ s/\b(\w)/uc($1)/eg; #canonicalize
 	$return{$field_name}=$field_value;
     }
@@ -3249,7 +3392,8 @@ sub read {
     substr($self->{BUFFER},0,$bytesToReturn)='';
     
     # If we hit the boundary, remove the CRLF from the end.
-    return ($start > 0) ? substr($returnval,0,-2) : $returnval;
+    return (($start > 0) && ($start <= $bytes)) 
+           ? substr($returnval,0,-2) : $returnval;
 }
 END_OF_FUNC
 
@@ -3306,7 +3450,7 @@ END_OF_AUTOLOAD
 ####################################################################################
 ################################## TEMPORARY FILES #################################
 ####################################################################################
-package TempFile;
+package CGITempFile;
 
 $SL = $CGI::SL;
 $MAC = $CGI::OS eq 'MACINTOSH';
@@ -3317,7 +3461,7 @@ unless ($TMPDIRECTORY) {
 	   "${vol}${SL}Temporary Items",
            "${SL}WWW_ROOT", "${SL}SYS\$SCRATCH",
 	   "C:${SL}system${SL}temp");
-    unshift(@TEMP,$ENV{'TMPDIR'}) if exists $ENV{'TMPDIR'};
+    unshift(@TEMP,$ENV{'TMPDIR'}) if defined $ENV{'TMPDIR'};
 
     # this feature was supposed to provide per-user tmpfiles, but
     # it is problematic.
@@ -3338,7 +3482,14 @@ $MAXTRIES = 5000;
 
 # cute feature, but overload implementation broke it
 # %OVERLOAD = ('""'=>'as_string');
-*TempFile::AUTOLOAD = \&CGI::AUTOLOAD;
+*CGITempFile::AUTOLOAD = \&CGI::AUTOLOAD;
+
+sub DESTROY {
+    my($self) = @_;
+    $$self =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$! || return;
+    my $safe = $1;             # untaint operation
+    unlink $safe;              # get rid of the file
+}
 
 ###############################################################################
 ################# THESE FUNCTIONS ARE AUTOLOADED ON DEMAND ####################
@@ -3354,20 +3505,14 @@ sub new {
     for (my $i = 0; $i < $MAXTRIES; $i++) {
 	last if ! -f ($filename = sprintf("${TMPDIRECTORY}${SL}CGItemp%d",$sequence++));
     }
-    # untaint the darn thing
-    return unless $filename =~ m!^([a-zA-Z0-9_ '":/.\$\\-]+)$!;
-    $filename = $1;
+    # check that it is a more-or-less valid filename
+    return unless $filename =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$!;
+    # this used to untaint, now it doesn't
+    # $filename = $1;
     return bless \$filename;
 }
 END_OF_FUNC
 
-'DESTROY' => <<'END_OF_FUNC',
-sub DESTROY {
-    my($self) = @_;
-    unlink $$self;              # get rid of the file
-}
-END_OF_FUNC
-
 'as_string' => <<'END_OF_FUNC'
 sub as_string {
     my($self) = @_;
@@ -3546,12 +3691,12 @@ this:
 
    Code                           Generated HTML
    ----                           --------------
-   h1()                           <H1>
-   h1('some','contents');         <H1>some contents</H1>
-   h1({-align=>left});            <H1 ALIGN="LEFT">
-   h1({-align=>left},'contents'); <H1 ALIGN="LEFT">contents</H1>
+   h1()                           <h1>
+   h1('some','contents');         <h1>some contents</h1>
+   h1({-align=>left});            <h1 align="LEFT">
+   h1({-align=>left},'contents'); <h1 align="LEFT">contents</h1>
 
-HTML tags are described in more detail later.  
+HTML tags are described in more detail later.
 
 Many newcomers to CGI.pm are puzzled by the difference between the
 calling conventions for the HTML shortcuts, which require curly braces
@@ -3759,11 +3904,11 @@ Perl module B<import> operator.
 
 =head2 DELETING A PARAMETER COMPLETELY:
 
-    $query->delete('foo');
+    $query->delete('foo','bar','baz');
 
-This completely clears a parameter.  It sometimes useful for
-resetting parameters that you don't want passed down between
-script invocations.
+This completely clears a list of parameters.  It sometimes useful for
+resetting parameters that you don't want passed down between script
+invocations.
 
 If you are using the function call interface, use "Delete()" instead
 to avoid conflicts with Perl's built-in delete operator.
@@ -3938,9 +4083,14 @@ Import all methods that generate HTML 2.0 standard elements.
 
 =item B<:html3>
 
-Import all methods that generate HTML 3.0 proposed elements (such as
+Import all methods that generate HTML 3.0 elements (such as
 <table>, <super> and <sub>).
 
+=item B<:html4>
+
+Import all methods that generate HTML 4 elements (such as
+<abbrev>, <acronym> and <thead>).
+
 =item B<:netscape>
 
 Import all methods that generate Netscape-specific HTML extensions.
@@ -3952,7 +4102,7 @@ Import all HTML-generating shortcuts (i.e. 'html2' + 'html3' +
 
 =item B<:standard>
 
-Import "standard" features, 'html2', 'html3', 'form' and 'cgi'.
+Import "standard" features, 'html2', 'html3', 'html4', 'form' and 'cgi'.
 
 =item B<:all>
 
@@ -3965,7 +4115,7 @@ If you import a function name that is not part of CGI.pm, the module
 will treat it as a new HTML tag and generate the appropriate
 subroutine.  You can then use it like any other HTML tag.  This is to
 provide for the rapidly-evolving HTML "standard."  For example, say
-Microsoft comes out with a new tag called <GRADIENT> (which causes the
+Microsoft comes out with a new tag called <gradient> (which causes the
 user's desktop to be flooded with a rotating gradient fill until his
 machine reboots).  You don't need to wait for a new version of CGI.pm
 to start using it immediately:
@@ -4059,7 +4209,14 @@ or even
 Note that using the -compile pragma in this way will always have
 the effect of importing the compiled functions into the current
 namespace.  If you want to compile without importing use the
-compile() method instead (see below).
+compile() method instead:
+
+   use CGI();
+   CGI->compile();
+
+This is particularly useful in a mod_perl environment, in which you
+might want to precompile all CGI routines in a startup script, and
+then import the functions individually in each mod_perl script.
 
 =item -nosticky
 
@@ -4179,7 +4336,7 @@ For example:
 
 produces
 
-  <H1>Level 1 Header</H1>
+  <h1>Level 1 Header</h1>
 
 There will be some times when you want to produce the start and end
 tags yourself.  In this case, you can use the form start_I<tag_name>
@@ -4203,13 +4360,13 @@ the standard ones:
 
 =over 4
 
-=item 1. start_table() (generates a <TABLE> tag)
+=item 1. start_table() (generates a <table> tag)
 
-=item 2. end_table() (generates a </TABLE> tag)
+=item 2. end_table() (generates a </table> tag)
 
-=item 3. start_ul() (generates a <UL> tag)
+=item 3. start_ul() (generates a <ul> tag)
 
-=item 4. end_ul() (generates a </UL> tag)
+=item 4. end_ul() (generates a </ul> tag)
 
 =back
 
@@ -4294,7 +4451,7 @@ such as expiration time.  Use the cookie() method to create and retrieve
 session cookies.
 
 The B<-nph> parameter, if set to a true value, will issue the correct
-headers to work with a NPH (no-parse-header) script.  This is important
+headers to work with an NPH (no-parse-header) script.  This is important
 to use with certain servers that expect all their scripts to be NPH.
 
 The B<-charset> parameter can be used to control the character set
@@ -4331,7 +4488,7 @@ You can also use named arguments:
 			   -nph=>1);
 
 The B<-nph> parameter, if set to a true value, will issue the correct
-headers to work with a NPH (no-parse-header) script.  This is important
+headers to work with an NPH (no-parse-header) script.  This is important
 to use with certain servers, such as Microsoft Internet Explorer, which
 expect all their scripts to be NPH.
 
@@ -4351,15 +4508,15 @@ out an HTML document.  The start_html() routine creates the top of the
 page, along with a lot of optional information that controls the
 page's appearance and behavior.
 
-This method returns a canned HTML header and the opening <BODY> tag.
+This method returns a canned HTML header and the opening <body> tag.
 All parameters are optional.  In the named parameter form, recognized
 parameters are -title, -author, -base, -xbase, -dtd, -lang and -target
 (see below for the explanation).  Any additional parameters you
 provide, such as the Netscape unofficial BGCOLOR attribute, are added
-to the <BODY> tag.  Additional parameters must be proceeded by a
+to the <body> tag.  Additional parameters must be proceeded by a
 hyphen.
 
-The argument B<-xbase> allows you to provide an HREF for the <BASE> tag
+The argument B<-xbase> allows you to provide an HREF for the <base> tag
 different from the current location, as in
 
     -xbase=>"http://home.mcom.com/"
@@ -4378,12 +4535,12 @@ All relative links will be interpreted relative to this tag.
 You add arbitrary meta information to the header with the B<-meta>
 argument.  This argument expects a reference to an associative array
 containing name/value pairs of meta information.  These will be turned
-into a series of header <META> tags that look something like this:
+into a series of header <meta> tags that look something like this:
 
-    <META NAME="keywords" CONTENT="pharaoh secret mummy">
-    <META NAME="description" CONTENT="copyright 1996 King Tut">
+    <meta name="keywords" content="pharaoh secret mummy">
+    <meta name="description" content="copyright 1996 King Tut">
 
-To create an HTTP-EQUIV type of <META> tag, use B<-head>, described
+To create an HTTP-EQUIV type of <meta> tag, use B<-head>, described
 below.
 
 The B<-style> argument is used to incorporate cascading stylesheets
@@ -4391,19 +4548,22 @@ into your code.  See the section on CASCADING STYLESHEETS for more
 information.
 
 The B<-lang> argument is used to incorporate a language attribute into
-the <HTML> tag.  The default if not specified is "en-US" for US
+the <html> tag.  The default if not specified is "en-US" for US
 English.  For example:
 
     print $q->start_html(-lang=>'fr-CA');
 
-You can place other arbitrary HTML elements to the <HEAD> section with the
-B<-head> tag.  For example, to place the rarely-used <LINK> element in the
+The B<-encoding> argument can be used to specify the character set for
+XHTML.  It defaults to iso-8859-1 if not specified.
+
+You can place other arbitrary HTML elements to the <head> section with the
+B<-head> tag.  For example, to place the rarely-used <link> element in the
 head section, use this:
 
     print start_html(-head=>Link({-rel=>'next',
 		                  -href=>'http://www.capricorn.com/s2.html'}));
 
-To incorporate multiple HTML elements into the <HEAD> section, just pass an
+To incorporate multiple HTML elements into the <head> section, just pass an
 array reference:
 
     print start_html(-head=>[ 
@@ -4414,7 +4574,7 @@ array reference:
 			     ]
 		     );
 
-And here's how to create an HTTP-EQUIV <META> tag:
+And here's how to create an HTTP-EQUIV <meta> tag:
 
       print start_html(-head=>meta({-http_equiv => 'Content-Type',
                                     -content    => 'text/html'}))
@@ -4424,7 +4584,7 @@ JAVASCRIPTING: The B<-script>, B<-noScript>, B<-onLoad>,
 B<-onMouseOver>, B<-onMouseOut> and B<-onUnload> parameters are used
 to add Netscape JavaScript calls to your pages.  B<-script> should
 point to a block of text containing JavaScript function definitions.
-This block will be placed within a <SCRIPT> block inside the HTML (not
+This block will be placed within a <script> block inside the HTML (not
 HTTP) header.  The block is placed in the header in order to give your
 page a fighting chance of having all its JavaScript functions in place
 even if the user presses the stop button before the page has loaded
@@ -4463,7 +4623,7 @@ Use the B<-noScript> parameter to pass some HTML text that will be displayed on
 browsers that do not have JavaScript (or browsers where JavaScript is turned
 off).
 
-Netscape 3.0 recognizes several attributes of the <SCRIPT> tag,
+Netscape 3.0 recognizes several attributes of the <script> tag,
 including LANGUAGE and SRC.  The latter is particularly interesting,
 as it allows you to keep the JavaScript code in a file or CGI script
 rather than cluttering up each page with the source.  To use these
@@ -4481,7 +4641,7 @@ one or more of -language, -src, or -code:
 	       );
 
 
-A final feature allows you to incorporate multiple <SCRIPT> sections into the
+A final feature allows you to incorporate multiple <script> sections into the
 header.  Just pass the list of script sections as an array reference.
 this allows you to specify different source files for different dialects
 of JavaScript.  Example:     
@@ -4502,7 +4662,6 @@ of JavaScript.  Example:
                                     }
                                  ]
                              );
-     </pre>
 
 If this looks a bit extreme, take my advice and stick with straight CGI scripting.  
 
@@ -4524,17 +4683,17 @@ The title
 
 =item 2.
 
-The author's e-mail address (will create a <LINK REV="MADE"> tag if present
+The author's e-mail address (will create a <link rev="MADE"> tag if present
 
 =item 3.
 
-A 'true' flag if you want to include a <BASE> tag in the header.  This
+A 'true' flag if you want to include a <base> tag in the header.  This
 helps resolve relative addresses to absolute ones when the document is moved, 
 but makes the document hierarchy non-portable.  Use with care!
 
 =item 4, 5, 6...
 
-Any other parameters you want to include in the <BODY> tag.  This is a good
+Any other parameters you want to include in the <body> tag.  This is a good
 place to put Netscape extensions, such as colors and wallpaper patterns.
 
 =back
@@ -4543,12 +4702,12 @@ place to put Netscape extensions, such as colors and wallpaper patterns.
 
 	print $query->end_html
 
-This ends an HTML document by printing the </BODY></HTML> tags.
+This ends an HTML document by printing the </body></html> tags.
 
 =head2 CREATING A SELF-REFERENCING URL THAT PRESERVES STATE INFORMATION:
 
     $myself = $query->self_url;
-    print q(<A HREF="$myself">I'm talking to myself.</A>);
+    print q(<a href="$myself">I'm talking to myself.</a>);
 
 self_url() will return a URL, that, when selected, will reinvoke
 this script with all its state information intact.  This is most
@@ -4557,9 +4716,9 @@ internal anchors but you don't want to disrupt the current contents
 of the form(s).  Something like this will do the trick.
 
      $myself = $query->self_url;
-     print "<A HREF=$myself#table1>See table 1</A>";
-     print "<A HREF=$myself#table2>See table 2</A>";
-     print "<A HREF=$myself#yourself>See for yourself</A>";
+     print "<a href=\"$myself#table1\">See table 1</a>";
+     print "<a href=\"$myself#table2\">See table 2</a>";
+     print "<a href=\"$myself#yourself\">See for yourself</a>";
 
 If you want more control over what's returned, using the B<url()>
 method instead.
@@ -4668,7 +4827,7 @@ added for readability):
 
    <blockquote>
    Many years ago on the island of
-   <a HREF="http://crete.org/">Crete</a> there lived
+   <a href="http://crete.org/">Crete</a> there lived
    a minotaur named <strong>Fred.</strong> 
    </blockquote>
    <hr>
@@ -4691,12 +4850,12 @@ completely (see the next section for more details):
 The HTML methods will accept zero, one or multiple arguments.  If you
 provide no arguments, you get a single tag:
 
-   print hr;  	#  <HR>
+   print hr;  	#  <hr>
 
 If you provide one or more string arguments, they are concatenated
 together with spaces and placed between opening and closing tags:
 
-   print h1("Chapter","1"); # <H1>Chapter 1</H1>"
+   print h1("Chapter","1"); # <h1>Chapter 1</h1>"
 
 If the first argument is an associative array reference, then the keys
 and values of the associative array become the HTML tag's attributes:
@@ -4704,29 +4863,29 @@ and values of the associative array become the HTML tag's attributes:
    print a({-href=>'fred.html',-target=>'_new'},
       "Open a new frame");
 
-	    <A HREF="fred.html",TARGET="_new">Open a new frame</A>
+	    <a href="fred.html",target="_new">Open a new frame</a>
 
 You may dispense with the dashes in front of the attribute names if
 you prefer:
 
    print img {src=>'fred.gif',align=>'LEFT'};
 
-	   <IMG ALIGN="LEFT" SRC="fred.gif">
+	   <img align="LEFT" src="fred.gif">
 
 Sometimes an HTML tag attribute has no argument.  For example, ordered
-lists can be marked as COMPACT.  The syntax for this is an argument that
+lists can be marked as COMPACT.  The syntax for this is an argument
 that points to an undef string:
 
    print ol({compact=>undef},li('one'),li('two'),li('three'));
 
 Prior to CGI.pm version 2.41, providing an empty ('') string as an
 attribute argument was the same as providing undef.  However, this has
-changed in order to accommodate those who want to create tags of the form 
-<IMG ALT="">.  The difference is shown in these two pieces of code:
+changed in order to accommodate those who want to create tags of the form
+<img alt="">.  The difference is shown in these two pieces of code:
 
-   CODE                   RESULT
-   img({alt=>undef})      <IMG ALT>
-   img({alt=>''})         <IMT ALT="">
+     CODE                   RESULT
+     img({alt=>undef})      <img alt>
+     img({alt=>''})         <img alt="">
 
 =head2 THE DISTRIBUTIVE PROPERTY OF HTML SHORTCUTS
 
@@ -4742,12 +4901,12 @@ list:
 
 This example will result in HTML output that looks like this:
 
-   <UL>
-     <LI TYPE="disc">Sneezy</LI>
-     <LI TYPE="disc">Doc</LI>
-     <LI TYPE="disc">Sleepy</LI>
-     <LI TYPE="disc">Happy</LI>
-   </UL>
+   <ul>
+     <li type="disc">Sneezy</li>
+     <li type="disc">Doc</li>
+     <li type="disc">Sleepy</li>
+     <li type="disc">Happy</li>
+   </ul>
 
 This is extremely useful for creating tables.  For example:
 
@@ -4771,7 +4930,7 @@ Consider this bit of code:
 
 It will ordinarily return the string that you probably expect, namely:
 
-   <BLOCKQUOTE><EM>Hi</EM> mom!</BLOCKQUOTE>
+   <blockquote><em>Hi</em> mom!</blockquote>
 
 Note the space between the element "Hi" and the element "mom!".
 CGI.pm puts the extra space there using array interpolation, which is
@@ -4830,9 +4989,9 @@ Provided that you have specified a character set of ISO-8859-1 (the
 default), the standard HTML escaping rules will be used.  The "<"
 character becomes "&lt;", ">" becomes "&gt;", "&" becomes "&amp;", and
 the quote character becomes "&quot;".  In addition, the hexadecimal
-0x8b and 0x9b characters, which many windows-based browsers interpret
+0x8b and 0x9b characters, which some browsers incorrectly interpret
 as the left and right angle-bracket characters, are replaced by their
-numeric HTML entities ("&#139" and "&#155;").  If you manually change
+numeric character entities ("&#8249" and "&#8250;").  If you manually change
 the charset, either by calling the charset() method explicitly or by
 passing a -charset argument to header(), then B<all> characters will
 be replaced by their numeric entities, since CGI.pm has no lookup
@@ -4842,7 +5001,7 @@ The automatic escaping does not apply to other shortcuts, such as
 h1().  You should call escapeHTML() yourself on untrusted data in
 order to protect your pages against nasty tricks that people may enter
 into guestbooks, etc..  To change the character set, use charset().
-To turn autoescaping off completely, use autoescape():
+To turn autoescaping off completely, use autoEscape(0):
 
 =over 4
 
@@ -4909,7 +5068,7 @@ autoEscape() method with a false value immediately after creating the CGI object
 
    print $query->isindex($action);
 
-Prints out an <ISINDEX> tag.  Not very exciting.  The parameter
+Prints out an <isindex> tag.  Not very exciting.  The parameter
 -action specifies the URL of the script to process the query.  The
 default is to process the query with the current script.
 
@@ -4927,14 +5086,14 @@ default is to process the query with the current script.
       <... various form stuff ...>
     print $query->endform;
 
-start_form() will return a <FORM> tag with the optional method,
+start_form() will return a <form> tag with the optional method,
 action and form encoding that you specify.  The defaults are:
 
     method: POST
     action: this script
     enctype: application/x-www-form-urlencoded
 
-endform() returns the closing </FORM> tag.  
+endform() returns the closing </form> tag.  
 
 Start_form()'s enctype argument tells the browser how to package the various
 fields of the form before sending the form to the server.  Two
@@ -4983,7 +5142,7 @@ for consistency and completeness.  If you find something wrong, you
 can put up an alert box or maybe fix things up yourself.  You can 
 abort the submission by returning false from this function.  
 
-Usually the bulk of JavaScript functions are defined in a <SCRIPT>
+Usually the bulk of JavaScript functions are defined in a <script>
 block in the HTML header and -onSubmit points to one of these function
 call.  See start_html() for details.
 
@@ -5245,16 +5404,18 @@ recognized.  See textfield() for details.
    %labels = ('eenie'=>'your first choice',
 	      'meenie'=>'your second choice',
 	      'minie'=>'your third choice');
+   %attributes = ('eenie'=>{'class'=>'class of first choice'});
    print $query->popup_menu('menu_name',
 			    ['eenie','meenie','minie'],
-			    'meenie',\%labels);
+          'meenie',\%labels,\%attributes);
 
 	-or (named parameter style)-
 
    print $query->popup_menu(-name=>'menu_name',
 			    -values=>['eenie','meenie','minie'],
 			    -default=>'meenie',
-			    -labels=>\%labels);
+          -labels=>\%labels,
+          -attributes=>\%attributes);
 
 popup_menu() creates a menu.
 
@@ -5281,11 +5442,19 @@ The values of the previous choice will be maintained across queries.
 
 The optional fourth parameter (-labels) is provided for people who
 want to use different values for the user-visible label inside the
-popup menu nd the value returned to your script.  It's a pointer to an
+popup menu and the value returned to your script.  It's a pointer to an
 associative array relating menu values to user-visible labels.  If you
 leave this parameter blank, the menu values will be displayed by
 default.  (You can also leave a label undefined if you want to).
 
+=item 5.
+
+The optional fifth parameter (-attributes) is provided to assign
+any of the common HTML attributes to an individual menu item. It's
+a pointer to an associative array relating menu values to another
+associative array with the attribute's name as the key and the
+attribute's value as the value.
+
 =back
 
 When the form is processed, the selected value of the popup menu can
@@ -5298,17 +5467,90 @@ B<-onChange>, B<-onFocus>, B<-onMouseOver>, B<-onMouseOut>, and
 B<-onBlur>.  See the textfield() section for details on when these
 handlers are called.
 
+=head2 CREATING AN OPTION GROUP
+
+Named parameter style
+
+  print $query->popup_menu(-name=>'menu_name',
+                  -values=>[qw/eenie meenie minie/,
+                            $q->optgroup(-name=>'optgroup_name',
+                                         -values ['moe','catch'],
+                                         -attributes=>{'catch'=>{'class'=>'red'}}),
+                  -labels=>{'eenie'=>'one',
+                            'meenie'=>'two',
+                            'minie'=>'three'},
+                  -default=>'meenie');
+
+  Old style
+  print $query->popup_menu('menu_name',
+                  ['eenie','meenie','minie',
+                   $q->optgroup('optgroup_name', ['moe', 'catch'],
+                         {'catch'=>{'class'=>'red'}})],'meenie',
+                  {'eenie'=>'one','meenie'=>'two','minie'=>'three'});
+
+optgroup creates an option group within a popup menu.
+
+=over 4
+
+=item 1.
+
+The required first argument (B<-name>) is the label attribute of the
+optgroup and is B<not> inserted in the parameter list of the query.
+
+=item 2.
+
+The required second argument (B<-values>)  is an array reference
+containing the list of menu items in the menu.  You can pass the
+method an anonymous array, as shown in the example, or a reference
+to a named array, such as \@foo.  If you pass a HASH reference,
+the keys will be used for the menu values, and the values will be
+used for the menu labels (see -labels below).
+
+=item 3.
+
+The optional third parameter (B<-labels>) allows you to pass a reference
+to an associative array containing user-visible labels for one or more
+of the menu items.  You can use this when you want the user to see one
+menu string, but have the browser return your program a different one.
+If you don't specify this, the value string will be used instead
+("eenie", "meenie" and "minie" in this example).  This is equivalent
+to using a hash reference for the -values parameter.
+
+=item 4.
+
+An optional fourth parameter (B<-labeled>) can be set to a true value
+and indicates that the values should be used as the label attribute
+for each option element within the optgroup.
+
+=item 5.
+
+An optional fifth parameter (-novals) can be set to a true value and
+indicates to suppress the val attribut in each option element within
+the optgroup.
+
+See the discussion on optgroup at W3C
+(http://www.w3.org/TR/REC-html40/interact/forms.html#edef-OPTGROUP)
+for details.
+
+=item 6.
+
+An optional sixth parameter (-attributes) is provided to assign
+any of the common HTML attributes to an individual menu item. It's
+a pointer to an associative array relating menu values to another
+associative array with the attribute's name as the key and the
+attribute's value as the value.
+
 =head2 CREATING A SCROLLING LIST
 
    print $query->scrolling_list('list_name',
 				['eenie','meenie','minie','moe'],
-				['eenie','moe'],5,'true');
+        ['eenie','moe'],5,'true',{'moe'=>{'class'=>'red'}});
       -or-
 
    print $query->scrolling_list('list_name',
 				['eenie','meenie','minie','moe'],
 				['eenie','moe'],5,'true',
-				\%labels);
+        \%labels,%attributes);
 
 	-or-
 
@@ -5317,7 +5559,8 @@ handlers are called.
 				-default=>['eenie','moe'],
 				-size=>5,
 				-multiple=>'true',
-				-labels=>\%labels);
+        -labels=>\%labels,
+        -attributes=>\%attributes);
 
 scrolling_list() creates a scrolling list.  
 
@@ -5356,6 +5599,14 @@ The optional sixth argument is a pointer to an associative array
 containing long user-visible labels for the list items (-labels).
 If not provided, the values will be displayed.
 
+=item 6.
+
+The optional sixth parameter (-attributes) is provided to assign
+any of the common HTML attributes to an individual menu item. It's
+a pointer to an associative array relating menu values to another
+associative array with the attribute's name as the key and the
+attribute's value as the value.
+
 When this form is processed, all selected list items will be returned as
 a list under the parameter name 'list_name'.  The values of the
 selected items can be retrieved with:
@@ -5375,11 +5626,13 @@ handlers are called.
 				-values=>['eenie','meenie','minie','moe'],
 				-default=>['eenie','moe'],
 				-linebreak=>'true',
-				-labels=>\%labels);
+        -labels=>\%labels,
+        -attributes=>\%attributes);
 
    print $query->checkbox_group('group_name',
 				['eenie','meenie','minie','moe'],
-				['eenie','moe'],'true',\%labels);
+        ['eenie','moe'],'true',\%labels,
+        {'moe'=>{'class'=>'red'}});
 
    HTML3-COMPATIBLE BROWSERS ONLY:
 
@@ -5432,6 +5685,14 @@ the checkbox group formatted with the specified number of rows and
 columns.  You can provide just the -columns parameter if you wish;
 checkbox_group will calculate the correct number of rows for you.
 
+=item 6.
+
+The optional sixth parameter (-attributes) is provided to assign
+any of the common HTML attributes to an individual menu item. It's
+a pointer to an associative array relating menu values to another
+associative array with the attribute's name as the key and the
+attribute's value as the value.
+
 To include row and column headings in the returned table, you
 can use the B<-rowheaders> and B<-colheaders> parameters.  Both
 of these accept a pointer to an array of headings to use.
@@ -5463,7 +5724,7 @@ of the particular button clicked on using the "this" variable.
 =head2 CREATING A STANDALONE CHECKBOX
 
     print $query->checkbox(-name=>'checkbox_name',
-			   -checked=>'checked',
+			   -checked=>1,
 			   -value=>'ON',
 			   -label=>'CLICK ME');
 
@@ -5516,12 +5777,13 @@ parameter.  See checkbox_group() for further details.
 			     -values=>['eenie','meenie','minie'],
 			     -default=>'meenie',
 			     -linebreak=>'true',
-			     -labels=>\%labels);
+           -labels=>\%labels,
+           -attributes=>\%attributes);
 
 	-or-
 
    print $query->radio_group('group_name',['eenie','meenie','minie'],
-					  'meenie','true',\%labels);
+            'meenie','true',\%labels,\%attributes);
 
 
    HTML3-COMPATIBLE BROWSERS ONLY:
@@ -5579,6 +5841,14 @@ and columns.  You can provide just the -columns parameter if you
 wish; radio_group will calculate the correct number of rows
 for you.
 
+=item 6.
+
+The optional sixth parameter (-attributes) is provided to assign
+any of the common HTML attributes to an individual menu item. It's
+a pointer to an associative array relating menu values to another
+associative array with the attribute's name as the key and the
+attribute's value as the value.
+
 To include row and column headings in the returned table, you
 can use the B<-rowheader> and B<-colheader> parameters.  Both
 of these accept a pointer to an array of headings to use.
@@ -5916,11 +6186,11 @@ techniques for defining new frames programmatically:
 =item 1. Create a <Frameset> document
 
 After writing out the HTTP header, instead of creating a standard
-HTML document using the start_html() call, create a <FRAMESET> 
+HTML document using the start_html() call, create a <frameset> 
 document that defines the frames on the page.  Specify your script(s)
 (with appropriate parameters) as the SRC for each of the frames.
 
-There is no specific support for creating <FRAMESET> sections 
+There is no specific support for creating <frameset> sections 
 in CGI.pm, but the HTML is very simple to write.  See the frame
 documentation in Netscape's home pages for details 
 
@@ -5939,7 +6209,7 @@ document into that.  There are a number of magic names that you can
 use for targets.  See the frame documents on Netscape's home pages for
 details.
 
-=item 3. Specify the destination for the document in the <FORM> tag
+=item 3. Specify the destination for the document in the <form> tag
 
 You can specify the frame to load in the FORM tag itself.  With
 CGI.pm it looks like this:
@@ -5962,11 +6232,11 @@ CGI.pm has limited support for HTML3's cascading style sheets (css).
 To incorporate a stylesheet into your document, pass the
 start_html() method a B<-style> parameter.  The value of this
 parameter may be a scalar, in which case it is incorporated directly
-into a <STYLE> section, or it may be a hash reference.  In the latter
+into a <style> section, or it may be a hash reference.  In the latter
 case you should provide the hash with one or more of B<-src> or
 B<-code>.  B<-src> points to a URL where an externally-defined
 stylesheet can be found.  B<-code> points to a scalar value to be
-incorporated into a <STYLE> section.  Style definitions in B<-code>
+incorporated into a <style> section.  Style definitions in B<-code>
 override similarly-named ones in B<-src>, hence the name "cascading."
 
 You may also specify the type of the stylesheet by adding the optional
@@ -6076,23 +6346,23 @@ for debugging purposes:
 
 Produces something that looks like:
 
-    <UL>
-    <LI>name1
-	<UL>
-	<LI>value1
-	<LI>value2
-	</UL>
-    <LI>name2
-	<UL>
-	<LI>value1
-	</UL>
-    </UL>
+    <ul>
+    <li>name1
+	<ul>
+	<li>value1
+	<li>value2
+	</ul>
+    <li>name2
+	<ul>
+	<li>value1
+	</ul>
+    </ul>
 
 As a shortcut, you can interpolate the entire CGI object into a string
 and it will be replaced with the a nice HTML dump shown above:
 
     $query=new CGI;
-    print "<H2>Current Values</H2> $query\n";
+    print "<h2>Current Values</h2> $query\n";
 
 =head1 FETCHING ENVIRONMENT VARIABLES
 
@@ -6569,7 +6839,7 @@ for suggestions and bug fixes.
 
 	print $query->header;
 	print $query->start_html("Example CGI.pm Form");
-	print "<H1> Example CGI.pm Form</H1>\n";
+	print "<h1> Example CGI.pm Form</h1>\n";
 	&print_prompt($query);
 	&do_work($query);
 	&print_tail;
@@ -6579,31 +6849,31 @@ for suggestions and bug fixes.
 	   my($query) = @_;
 
 	   print $query->start_form;
-	   print "<EM>What's your name?</EM><BR>";
+	   print "<em>What's your name?</em><br>";
 	   print $query->textfield('name');
 	   print $query->checkbox('Not my real name');
 
-	   print "<P><EM>Where can you find English Sparrows?</EM><BR>";
+	   print "<p><em>Where can you find English Sparrows?</em><br>";
 	   print $query->checkbox_group(
 				 -name=>'Sparrow locations',
 				 -values=>[England,France,Spain,Asia,Hoboken],
 				 -linebreak=>'yes',
 				 -defaults=>[England,Asia]);
 
-	   print "<P><EM>How far can they fly?</EM><BR>",
+	   print "<p><em>How far can they fly?</em><br>",
 		$query->radio_group(
 			-name=>'how far',
 			-values=>['10 ft','1 mile','10 miles','real far'],
 			-default=>'1 mile');
 
-	   print "<P><EM>What's your favorite color?</EM>  ";
+	   print "<p><em>What's your favorite color?</em>  ";
 	   print $query->popup_menu(-name=>'Color',
 				    -values=>['black','brown','red','yellow'],
 				    -default=>'red');
 
 	   print $query->hidden('Reference','Monty Python and the Holy Grail');
 
-	   print "<P><EM>What have you got there?</EM><BR>";
+	   print "<p><em>What have you got there?</em><br>";
 	   print $query->scrolling_list(
 			 -name=>'possessions',
 			 -values=>['A Coconut','A Grail','An Icon',
@@ -6611,54 +6881,46 @@ for suggestions and bug fixes.
 			 -size=>5,
 			 -multiple=>'true');
 
-	   print "<P><EM>Any parting comments?</EM><BR>";
+	   print "<p><em>Any parting comments?</em><br>";
 	   print $query->textarea(-name=>'Comments',
 				  -rows=>10,
 				  -columns=>50);
 
-	   print "<P>",$query->reset;
+	   print "<p>",$query->reset;
 	   print $query->submit('Action','Shout');
 	   print $query->submit('Action','Scream');
 	   print $query->endform;
-	   print "<HR>\n";
+	   print "<hr>\n";
 	}
 
 	sub do_work {
 	   my($query) = @_;
 	   my(@values,$key);
 
-	   print "<H2>Here are the current settings in this form</H2>";
+	   print "<h2>Here are the current settings in this form</h2>";
 
 	   foreach $key ($query->param) {
-	      print "<STRONG>$key</STRONG> -> ";
+	      print "<strong>$key</strong> -> ";
 	      @values = $query->param($key);
-	      print join(", ",@values),"<BR>\n";
+	      print join(", ",@values),"<br>\n";
 	  }
 	}
 
 	sub print_tail {
 	   print <<END;
-	<HR>
-	<ADDRESS>Lincoln D. Stein</ADDRESS><BR>
-	<A HREF="/">Home Page</A>
+	<hr>
+	<address>Lincoln D. Stein</address><br>
+	<a href="/">Home Page</a>
 	END
 	}
 
 =head1 BUGS
 
-This module has grown large and monolithic.  Furthermore it's doing many
-things, such as handling URLs, parsing CGI input, writing HTML, etc., that
-are also done in the LWP modules. It should be discarded in favor of
-the CGI::* modules, but somehow I continue to work on it.
-
-Note that the code is truly contorted in order to avoid spurious
-warnings when programs are run with the B<-w> switch.
+Please report them.
 
 =head1 SEE ALSO
 
-L<CGI::Carp>, L<URI::URL>, L<CGI::Request>, L<CGI::MiniSvr>,
-L<CGI::Base>, L<CGI::Form>, L<CGI::Push>, L<CGI::Fast>,
-L<CGI::Pretty>
+L<CGI::Carp>, L<CGI::Fast>, L<CGI::Pretty>
 
 =cut