This is the HISTORY file for cgi.tcl.

Date	Version	Description
-------	-------	------------------------------------------------------
9/13/01         Adding close tags to <dd> & <dt> to pacify HTML validators.
                Andreas Kupries, SF Bug [402552].

9/12/99 1.0.0	Bumped version to 1 to pacify management.

		Jeffrey Hobbs rewrote cgi_unquote_input to take advantage of
		8.2 features.  300% speed improvement!

7/16/99 0.8.1	Douglas Ridgway provided mod to make cgi_image_button handle
		optional args.

		Made code use straight cgi_input_multipart if on Tcl 8.1.

		Jeffrey Hobbs provided cgi_unquote_input that works better for
		8.1.

		Petrus Vloet <petrus.vloet@siemens.at> requested sample data
		files for examples that need them; ability to change example
		install destination.

2/22/98 0.8.0	Tore Morkemo noted that cookied_encode needed to convert \n's.

		Added example of how to produce a raw image.

		Upon suggestion of Jean-Yves Terrien
		<jeanyves.terrien@cnet.francetelecom.fr> experimented with
		version of cgi_puts that would indent HTML for readability.
		Code looked something like this:

		proc NEW_cgi_puts {args} {
		    global _cgi

		    if {$_cgi(preformatted)} {
			eval puts $args
		    } else {
			set indent_full [format "%-$_cgi(indent)s" ""]

			# if we're at the beginning of the line, use a full indent
			if {$_cgi(bol)} {
			    set indent $indent_full
			} else {
			    set indent ""
			}

			set tail [lindex $args end]
			set output ""
		
			# loop through output, breaking into \n-delimited lines
			while {[string length $tail]} {
			    # this regexp will always match
			    regexp "^(\[^\n]*)(\n?)(.*)" $tail dummy line nl tail
			    append output $indent$line
			    if {$nl == ""} {
				set _cgi(bol) 0
				break
			    }
			    append output \n
			    set $_cgi(bol) 1
			    set indent $indent_full
			}

			# handle optional -nonewline
			if {[llength $args] == 1} {
			    append output \n
			    set _cgi(bol) 1
			}
			puts -nonewline $output
		    }
		}

		Unfortunately, some tags are whitespace-sensitive such as
		textarea.  If you do cgi_buffer {p;textarea ...} how can cgi_
		puts possibly know that part of the buffer shouldn't be
		modified?  A user-level flag could be added to avoid corrupting
		the HTML but the source display could never be made perfect.
		Considering that programmers would have to be aware of these
		issues (via flags or options) and the payoff is so minute, it's
		just not worth it.  I think.  As an aside, does regexp on every
		line of output cost too much?  I doubt anyone would notice but
		it's something to ponder.

		Renamed internal cgi routines with _ prefix.

		Matthew Levine <mlevine@cisco.com> observed that cgi_eval
		did a #0 eval but a plain eval is more appropriate.

		Anthony Martin <anthony.n.martin@marconicomms.com> noted that
		cgi_cgi_set needs to rewrite #.

		Removed cgi_http_get.

		Added registry support to uid_check.

		Eddy Kim <ehkim@ibm.net> noted bug in doc regarding cgi_puts.

		cgi_file_button now verifies that form has correct encoding.

		Fixed doc to reflect more precise use of selected_if_equal.

		Ralph Billes <echo@iinet.net.au> fixed bug in cgi_uid_check.

		Began adding stylesheet support.  Made cgi_stylesheet and
		cgi_span.  Not yet documented.

		Douglas Ridgway <ridgway@gmcl.com> noted that lynx doesn't
		respond correctly to multipart form requests.  Added check and
		diagnostic.  Doug also found a bug in the multipart_binary
		because I forgot to turn off the timeout.

		Stefan Hornburg <racke@gundel.han.de> writes:
		"I've made a RPM package for cgi.tcl. Available at:
		http://www.han.de/~racke/linuxia/noarch/cgi.tcl-0.7.5-1.noarch.rpm
		http://www.han.de/~racke/linuxia/srpms/cgi.tcl-0.7.5-1.src.rpm 
		http://www.han.de/~racke/linuxia/specs/cgitcl.spec
		and hopefully soon at Redhat/Contrib."
		He also noted a missing example: download.cgi.

6/25/98	0.7.5	Henk-Jan Kooiman <hjk@cable.a2000.nl> fixed bugs in
		cgi_relationship and also provided MacOS instructions.

		Martin Schwenke <Martin.Schwenke@cs.anu.edu.au> and Ryan
		McCormack <ryanm@cam.nist.gov> both reported textarea lost
		newlines when using multipart.

		At urging of Robert Baptista <Robert.Baptista@vanmail.amd.com>,
		began adding HTML 4.0 support.  Changed cgi_center to avoid
		<center>.

		Added download.cgi example.

		John Koontz noted example in file upload documentation still
		used deprecated flags.

	0.7.4	Fixed bug in cgi_refresh.

		Added alt attr to cgi_area.

		Added vote.cgi example.

		Localized some init-time vars to avoid stomping on user's.

		Made cgi_quote_url also quote {"} so URLs.  This isn't strictly
		necessary, but since URLs will usually be embedded inside HTML,
		this simplifies embedding and doesn't hurt anything else.

		Tom Poindexter <tpoindex@nyx.net> added cgi_suffix.

		Removed reference to sendmail from documentation since sendmail
		is no longer required.

12/16/97 0.7.3	Provided SMTP dialogue to replace call to sendmail and removed
		all other UNIXisms (exec and direct refs to file system).

		Rewrote LUHN proc in credit card example to work correctly!

		Added type tag support to cgi_relationship.

11/10/97 0.7.2	Massaged documentation to describe installation on W95/NT....
		Made example.tcl and date.cgi portable.

		Added rm.cgi example.

		Beat Jucker <bj@glue.ch> fixed syntax error in oratcl.cgi
		example.

10/20/97 0.7.1	Fixed cgi_option so that value strings are quoted.  Also made
		selected_if_equal check value rather than visible string.

		Tore Morkemo <tore@bibsyst.no> provided patch so that cgi_set
		translated "=".

		Fixed buffering bug in push example.

		Added credit card example.

	 	Paul Saxe <saxe@connectnet.com> noted cgi_embed broke due to
		unprotected regexp pattern beginning with -.


8/22/97	0.7.0	INCOMPATIBILITY: cgi_anchor_name now returns the anchor tag
		instead of printing it.  Only after some experience do I see
		now that anchors always need to be embedded in something else
		for accuracy in the jump.

		Josh Lubell noted that file upload failed if there was
		whitespace in filename.  Problem was that filename-encoding
		doesn't encode whitespace or otherwise protect it.  There is
		no perfect fix since the spec doesn't explain how to know when
		fields end.  The implication is that they are delimited by
		" however an embedded " is not encoded either!  For now, assume
		filename field is at end of line.  This isn't the greatest idea
		for it allows future encoding changes to break the code, but
		for now it will pick up all filenames including really weird
		ones like 'a b"; foo="bar' that would otherwise appear to be
		additional fields!

		Jon Leech <leech@cs.unc.edu> provided code to allow user to
		temporarily use existing links but displaying differently.

		Alvaro Santamaria <alvaro.santamaria@stest.ch> noted that I
		forgot to include kill.cgi and oratcl.cgi in example directory.

		John Koontz noted cgi_buffer's defn of cgi_puts assumed "usual"
		newline generation - interacted badly inside of <pre> tags.
		Added cgi_buffer_nl to control this.

		James Ward requested option to change ".cgi" suffix.  Added
		-suffix to cgi_cgi.

		Someone's browser (Mozilla/4.01 [en] (WinNT; I) via proxy
		gateway CERN-HTTPD/3.0 libwww/2.17) supplied a boundary defn
		but no actual boundary.  Added test to
		cgi_input_multipart_binary.

		James Ward found cgi_import_list didn't return List vars.

		Diagnostics about broken multipart responses are now returned
		to users (who are using old browsers).

		Changed nbsp to numeric equiv to support NS2.

		Made cgi_debug always return old value.

6/4/97	0.6.6	Added cgi_buffer - force commands that normally generate output
		to return strings.

		Deprecated -local & -remote flags to import_filename.  Added
		support for -server & -client which are less confusing.

		Improved examples in numerous ways.

		James Ward <jew@mcmuse.mc.maricopa.edu> noted I forgot to
		document cgi_img.

		Upgraded cgi_quote as per HTML 3.2

		Mark Diekhans <markd@Grizzly.COM> provided bug fix to cgi_tr
		and optional level arg to all uplevel/upvar calls to avoid
		misinterpretation.  Also added cgi_th.

		Appears that NS3.0 has a bug wrt multipart.  It won't display
		last fragment on page unless followed by a <br> (even if it
		sees </body>).  Added cgi_br to multipart support code.

5/26/97	0.6.5	Added server-push example which required mods to cgi_title
		(bug fix actually), cgi_head, and related code to detect and
		handle multipart mime type.

		Added HTTP_HOST to list of things reported_HOST during errors.

		Looks like MS IE can generate cookies without an "=val" part.

		Added Oratcl example.

		Documented cgi_url.

		Fixed search for Tcl executable when look in Tcl's srcdir.

		Added support for detection/reporting of client errors.  For
		now this means missing CONTENT_LENGTH.

		Created cgi_redirect and deprecated cgi_location.  cgi_redirect
		is better named and more functional.  Added cgi_status.

		Modified unimail example so that it shows diagnostics about
		form problems to client - doesn't make sense to send them to
		unimail admin.

		Improved form-tour in various ways including making a backend
		that actually reports value.

		Fixed bug in textvar that caused args to be generated twice.

4/8/97  0.6.4	John LoVerso fixed regsub quote bug in cgi_quote_url.  Fixed
		similar bug cgi_cgi_set.

		Most general path cookies were being returned.  Changed to most
		specific and added -all to cookie_get so that all values could
		be retrieved.  Added cookie support to passwd example since
		that's a very reasonable use of it.

4/7/97  0.6.3	John LoVerso fixed bugs in cgi_meta and cgi_map.

		INCOMPATIBILITY: cgi_quote_url was inappropriate for non-cgi
		urls.  cgi_cgi and cgi_cgi_set should now be used for building
		GET-style cgi urls.

		Forgot to switch to cgi.tcl.in in distribution.

3/28/97	0.6.2	Made cgi.tcl.in autohandle embedded version number (see 0.6.1).

		Fixed display.cgi to prevent display of "." or ".." or "".

		Added cgi.tcl version to diagnostics.
		Fixed diagnostics to correctly print input.  (Totally missing!)

		John Koontz noted extra \r\n at end of uploaded text files.

3/24/97	0.6.1	Updated package provide version.  (Gotta automate this!)

3/20/97	0.6.0	Added kill.cgi example to kill/suspend runaway CGI processes.

		Modified passwd.cgi example to quote shell arg.

		Kevin.Christian requested hook for defining doctypes.

		John Robert LoVerso <john@loverso.southborough.ma.us> provided
		fixes to allow array-style variables names to be rewritten by
		cgi_input.  Parens had been left with embedded %s substituted.
		My research indicates cookies have similar problems but file-
		style encoding does not.

		Josh Lubell found bug in binary upload that would drop \r\n
		and \r*.

2/28/97	0.5.5	Combined many regexps that had parameterizably-common actions.
		The old regexps had some bugs in them, so it's a good thing.

		M. Katherine Pagoaga <pagoaga@boulder.nist.gov> and John
		Koontz <koontz@boulder.nist.gov> noted cgi_uid_check used
		whoami which isn't very portable.  Switched to "who am i".
		Its output isn't very portable but at least its existence is!

		Removed default call to cgi_uid_check.  It's my impression that
		most people turn this off anyway.  If you want it back, just
		call it yourself.

		Added cgi_import_filename to guarantee that a filename really
		did come from an upload.  This removes the security check that
		the user was responsible for - and which I forgot in the
		upload examples!

		Rolf Ade <rolf@storz.de> noted that configure could look for
		tcl executable in a few more locations.

2/26/97 0.5.4	Backed out type=text from 0.4.4.  This ruined type=password.
		If people demand, I'll make the code put in type=text but I now
		regret the detour.

		Made cgi_import_list return variables in order originally
		appearing in form.

2/24/97 0.5.3	Added tr/td as shortcut for simple table rows.

		Made cookie code look in COOKIE (O'Reilly's web server uses
		that instead of HTTP_COOKIE).

		Kevin.Christian@symbio.com requested warning when form
		incorrectly uses select without "List" suffix.  Also provided
		more obvious diagnostics when applying cgi_import* to non-
		existent variable.  At same time, I also noticed bug in
		cgi_import_cookie* preventing it from seeing user variables.

		Forgot to have cgi_root return root with no args.

2/11/97	0.5.2	Josh Lubell found binary upload broke, due to one send missing
		"--" protection.

		Massaged home page so that it works more intelligently with
		frames.  Massaged examples for both function and appearance.

2/10/97	0.5.1	Fixed display of validate example.

		Added cgi_unbreakable_string so that it returns a string.
		Compare with cgi_unbreakable.

		Added cgi_javascript and noscript.  javascript is like script
		but does the javascript-compatible hiding of <script> tags for
		older browsers.  Added some javascript examples.  Added support
		for java event types.  Netscape documentation is very unclear
		as to which tags support which attributions - so I guessed a
		lot!

2/4/97	0.5.0	Added cgi_body_args to make it easier to share and change body
		attributes.		

		Fixed bug in cookie encoder that caused double %-expansion.

		INCOMPATIBILITY: Modified cgi_preformatted to evaluate last
		argument.  More flexible this way.  Since <pre> forces line
		breaks, it's not like inline formatting commands.
		Removed cgi_code since it used the xmp tag which is gone.
		See documentation for workaround.

		INCOMPATIBILITY: Changed cgi_division to take a command list
		rather than a string.

		Added cgi_nl for inline breaks.  (Compare with cgi_br.)

2/3/97  0.4.9	Added support for package loading, now you just say:
		"package require cgi"

		Added/modified examples so that they could be put up on
		web servers.

		Added support to suppress binary upload when using Expect.

1/31/97 0.4.8	Andreas Kupries <a.kupries@westend.com> needed dynamic control
		of ouput.  Added user-defineable cgi_puts.

		Josh Lubell <lubell@cme.nist.gov> reported binary file upload
		was losing chars on large files.  Fixed.

		Fixed cgi_input to understand REQUEST_METHOD == HEAD should
		set input to "".

1/13/97 0.4.7	Braces in password script was wrong.

		Simplified command aliasing mechanism.

		Add some more bulletproofing to catch broken boundary defns...

		Evidentally QUERY_STRING doesn't have to be set even with GET.
		CGI spec is vague enough to permit this.

12/16/96 0.4.6	Giorgetti Federico <gio@egeo.unipg.it> noted text file upload
		wasn't working - forgot "_binary" on new upload proc name.

12/10/96 0.4.5	Added support for binary file upload if using Expect extension.

		Removed check for missing filenames in file upload.  This
		can evidentally happen.  It is now the programmer's
		responsibility to check for the length if null filenames are
		unwanted.

		Created HTML home page for cgi.tcl.

11/26/96 0.4.4	Added type=text for pedantic html checkers.
		Bob Lipman noted new if_equal handlers used name instead of
		value.

10/24/96 0.4.3	Forgot global _cgi decls in cgi_refresh and some other procs.

		Bob Lipman noted cgi_radio_button needs checked_if_equal.
		Added that and same to cgi_checkbox.

10/15/96 0.4.2	Remove line-delimiters in non-file elements in multipart enc.

		Added support for additional args to cgi_file_button.

9/19/96 0.4.1	Bob Lipman noted cookie containing = could not be imported.

		Fixed examples to reference .4 source.

9/9/96	0.4.0	Added cgi_error_occurred.
		In multipart handler, added test for "--" because some
		servers(?) don't provide explicit eof, but just hang.
		Bugs in close_procs support.
		Added auto-htmlquoting to cgi_option.
		Removed auto-quoting in cgi_cgi.
		Made cgi_root also return root if no arg.
		Messed up quoting in cgi_anchor_name and cgi_applet.
		cgi_parray was missing <xmp> tag.  How odd.

8/12/96 0.3.5	Mark Pahlavan <mark@vestek.com> provided new cgi_caption defn
		after noting that it must allow executable code.

		File upload broke in Tcl 7.5 due to auto-eol translation

6/19/96 0.3.4	Mark Harrison <mharriso@spdmail.spd.dsccc.com> noted ref to
		obsolete cgi_uid_ignore.

6/19/96 0.3.3	Was wrongly cookie-encoding cookie expiration.  cgi_imglink
		was confused.  Thanks again, Bob.

6/17/96 0.3.2	Reports from Bob Lipman <lipman@cam.nist.gov> about bad
		tables and missing </head>.  Fixed.

6/13/96	0.3.1	Added ";" to &-escapes.  Fixed bugs in cgi_unquote_input.
		Added cgi_embed.  Added doc directory with ref manual.

