Many fixes, incompatible changes, improvements...

[MyWeb.git] / Web.pm

# $Id$
# Common functions for HTML/XHTML output generation
# Copyright (C) 2003-2005 Jan Kratochvil <project-www.jankratochvil.net@jankratochvil.net>
# 
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; exactly version 2 of June 1991 is required
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA


package My::Web;
require 5.6.0;  # at least 'use warnings;' but we need some 5.6.0+ modules anyway
our $VERSION=do { my @r=(q$Revision$=~/\d+/g); sprintf "%d.".("%03d"x$#r),@r; };
our $CVS_ID=q$Id$;
use strict;
use warnings;

use Exporter;
sub Wrequire($);
sub Wuse($@);
our $W;
our @EXPORT=qw(
                &Wrequire &Wuse
                &path_web &path_abs_disk
                &uri_escaped
                &a_href &a_href_cc
                &vskip
                &img &centerimg &rightimg
                $W
                &input_hidden_persistents
                &escapeHTML
                );
our @ISA=qw(Tie::Handle Exporter);

my %packages_used_hash; # $packages_used_hash{$W->{"__PACKAGE__"}}{"_done"}=1;
my %packages_used_array;

BEGIN
{
        use Carp qw(cluck confess);
        $W->{"__My::Web_init"}=1;

        sub Wrequire ($)
        {
        my($file)=@_;

#               print STDERR "Wrequire $file\n";
                $file=~s#/#::#g;
                $file=~s/[.]pm$//;
                my $class=$file;
                $file=~s#::#/#g;
                $file.=".pm";
                my %callers;
                for (my $depth=0;defined caller($depth);$depth++) {
                        $callers{caller($depth)}=1;
                        }
                my $selfpkg=__PACKAGE__;
                $callers{$selfpkg}=1;
                for my $target ($class,__PACKAGE__) {
                        for my $caller (keys(%callers)) {
                                next if $caller eq $target;
                                next if $packages_used_hash{$caller}{$target}++;
                                cluck "Appending to the '_done' package list: caller=$caller,target=$target"
                                                if $packages_used_hash{$caller}{"_done"};
                                push @{$packages_used_array{$caller}},$target;
                                }
                        }
                eval { CORE::require "$file"; } or confess $@;
                1;      # Otherwise 'require' would already file above.
        }

        sub Wuse ($@)
        {
        my($file,@list)=@_;

#               print STDERR "Wuse $file\n";
                Wrequire $file;
                local $Exporter::ExportLevel=$Exporter::ExportLevel+1;
                $file->import(@list);
                1;
        }

        sub import
        {
        my($class,@rest)=@_;

                local $Exporter::ExportLevel=$Exporter::ExportLevel+1;
                Wrequire("$class");
                return $class->SUPER::import(@rest);
        }
}

use WebConfig;  # see also below: Wuse 'WebConfig';
require CGI;
require Image::Size;    # for &imgsize
use File::Basename;     # &basename
use Carp qw(cluck confess);
use URI::Escape;
require HTTP::BrowserDetect;
require HTTP::Negotiate;
our $have_Geo_IP; BEGIN { $have_Geo_IP=eval { require Geo::IP; 1; }; }
# Do not: use ModPerl::Util qw(exit);
# to prevent in mod_perl2: "exit" is not exported by the ModPerl::Util module
# I do not know why.
use POSIX qw(strftime);
use Tie::Handle;
use Apache2::Const qw(HTTP_MOVED_TEMPORARILY OK HTTP_OK);
use URI;
use URI::QueryParam;
use Cwd;
require HTTP::Date;
require Storable;
require Digest::MD5;
require Data::Compare;
use Data::Dumper;
require Encode;
use Apache2::Filter;
use Apache2::Connection;
require MIME::Base64;
use Apache2::ServerUtil;
require MIME::Types;


#our $W;

sub init ($%)
{
my($class,%args)=@_;

        print STDERR "$class->init ".Apache2::RequestUtil->request()->unparsed_uri()."\n";

        # We need to track package dependencies, so we need to call it from &init.
        # We cannot do it in BEGIN { } block
        # as it would not be tracked for each of the toplevel users later.
        Wuse 'WebConfig';
        Wrequire 'My::Hash';

        # $W={} can get somehow created very easily.
        cluck "W not empty:\n".Dumper($W) if keys(%$W);
        $W=bless My::Hash->new({}),$class;
        $W=My::Hash->new($W,"My::Hash::Sub","My::Hash::Push");
        %$W=(
                "__PACKAGE__"=>scalar(caller()),
                %WebConfig,
                %args,  # override %WebConfig settings
                );

        # {"__PACKAGE__"} is mandatory for mod_perl-2.0;
        # $Apache2::Registry::curstash is no longer supported.
        do { cluck "No $_" if !$W->{$_}; } for "__PACKAGE__";
        exit_hook_start();

        # See: &escapeHTML
        do { cluck "charset==$_, expecting ISO-8859-1" if $_ ne "ISO-8859-1"; } for CGI::charset();
        CGI::charset("utf-8");

        do { $W->{$_}=0  if !defined $W->{$_}; } for "detect_ent";
        do { $W->{$_}=0  if !defined $W->{$_}; } for "detect_js";
        do { $W->{$_}=1  if !defined $W->{$_}; } for "have_css";        # AFAIK it does not hurt anyone.
        do { $W->{$_}=0  if !defined $W->{$_}; } for "css_inherit";
        do { $W->{$_}=1  if !defined $W->{$_}; } for "footer";
        do { $W->{$_}=1  if !defined $W->{$_}; } for "footer_delimit";
        do { $W->{$_}=1  if !defined $W->{$_}; } for "footer_ids";
        do { $W->{$_}=1  if !defined $W->{$_}; } for "indexme";
        do { $W->{$_}="" if !defined $W->{$_}; } for "head";
        do { $W->{$_}="" if !defined $W->{$_}; } for "body_attr";
        do { $W->{$_}="en-US" if !defined $W->{$_}; } for "language";

        my $footer_any=0;
        for (qw(footer_ids)) {
                $W->{$_}=0 if !$W->{"footer"};
                $footer_any=1 if $W->{$_};
                }
        $W->{"footer"}=0 if !$footer_any;
        $W->{"footer_delimit"}=0 if !$W->{"footer"};

        $W->{"r"}=Apache2::RequestUtil->request();

        $W->{"r"}->push_handlers("PerlCleanupHandler"=>\&cleanup);

        $W->{"web_hostname"}||=$W->{"r"}->hostname();

        tie *STDOUT,$W->{"r"};
        select *STDOUT;
        $|=1;

        $W->{"QUERY_STRING"}=$W->{"r"}->args() || "";
        if ($W->{"detect_ent"}) {
                         if ($W->{"QUERY_STRING"}=~/[&]amp;have_ent/)
                        { $W->{"have_ent"}=0; }
                elsif ($W->{"QUERY_STRING"}=~    /[&]have_ent/)
                        { $W->{"have_ent"}=1; }
                else
                        { delete $W->{"have_ent"}; }
                if (!defined $W->{"have_ent"} && $W->{"r"}->method() eq "GET") {
                        $W->{"head"}.='<meta http-equiv="Refresh" content="0; URL='
                                        .escapeHTML("http://".$W->{"web_hostname"}."/".($W->{"r"}->uri()=~m#^/*(.*)$#)[0]
                                                        ."?".($W->{"QUERY_STRING"} || "detect_ent_glue=1").'&have_ent=detect')
                                        .'" />'."\n";
                        }
                }
        $W->{"QUERY_STRING"}=~s/([&])amp;/$1/g;
        $W->{"r"}->args($W->{"QUERY_STRING"});
        # Workaround: &CGI::Vars behaves weird if strings passed both as POST data and in: $QUERY_STRING
        do { $W->{"r"}->args(""); delete $ENV{"QUERY_STRING"}; } if $W->{"r"}->method() eq "POST";
        # Do not: $W->{"r"}->args()
        # as it parses only QUERY_STRING (not POST data).
        $W->{"args_orig_array"}=[ CGI->new($W->{"r"})->Vars() ];
        $W->{"args"}={ @{$W->{"args_orig_array"}} };
        for my $name (keys(%{$W->{"args"}})) {
                my @vals=split /\x00/,$W->{"args"}{$name};
                next if @vals<=1;
                $W->{"args"}{$name}=[@vals];
                }

        $W->{"headers_in"}=$W->{"r"}->headers_in();
        Wrequire 'My::Hash::Merge';
        $W->{"headers_in"}=My::Hash::Merge->new(
                        $W->{"headers_in"},
                        My::Hash::Sub->new({
                                "_remote_ip"=>sub { return $W->{"r"}->connection()->remote_ip(); },
                                }),
                        );
        Wrequire 'My::Hash::Readonly';
        $W->{"headers_in"}=My::Hash::Readonly->new($W->{"headers_in"});
        
        if ($W->{"r"}->method() eq "GET" || $W->{"r"}->method() eq "HEAD") {
                for (\$W->{"http_safe"}) {
                        # Do not: # Extend the current ETag system instead if you would need it:
                        #         cluck "Explicitely NOT HTTP-Safe for method \"".$W->{"r"}->method()."\"?!?"
                        #                       if defined($$_) && !$$_;
                        # as sometimes it just does not make sense to cache it.
                        $$_=1 if !defined $$_;
                        }
                }
        else {
                for (\$W->{"http_safe"}) {
                        cluck "Undefined HTTP-Safe-ty for method \"".$W->{"r"}->method()."\"!"
                                        if !defined($$_);
                        $$_=0 if !defined $$_;
                        }
                }
        if ($W->{"http_safe"}) {
                Wrequire 'My::Hash::RecordKeys';
                $W->{"headers_in_RecordKeys"}=My::Hash::RecordKeys->new($W->{"headers_in"});
                $W->{"headers_in"}=$W->{"headers_in_RecordKeys"};
                }

        $W->{"browser"}=sub {
                # Lazy-evaluation, we may not need the "User-Agent" header at all.
                return our $r||=HTTP::BrowserDetect->new($W->{"headers_in"}{"User-Agent"});
                };

        if (!defined $W->{"have_style"}) {
                $W->{"have_style"}=(!$W->{"browser"}->netscape() || ($W->{"browser"}->major() && $W->{"browser"}->major()>4) ? 1 : 0);
                }

        $W->{"have_js"}=($W->{"args"}{"have_js"} ? 1 : 0);
        if ($W->{"detect_js"} && !$W->{"have_js"}) {
                $W->{"head"}.='<script type="text/javascript" src="'.uri_escaped(path_web('/My/HaveJS.pm')).'"></script>'."\n";
                }

        do { _args_check(%$_) if $_; } for ($W->{"args_check"});

        $W->{"_init_done"}=1;
        return $W;
}

sub cleanup($)
{
my($apache_request)=@_;

        cluck "CORE::GLOBAL::exit hook not ran" if !$W->{"_exit_done"};
        cluck "packages not finalized" if !$packages_used_hash{$W->{"__PACKAGE__"}}{"_done"};
        cache_finish();
        # Sanity protection.
        $W=undef();
        exit_hook_stop();
        return OK;
}

# PerlResponseHandler is RUN_FIRST and &ModPerl::Util::exit returns OK, so no (sane) go.
# PerlLogHandler is already too late to be able to produce any output.
my $exit_orig;
sub exit_hook
{
        cluck "Missing ->init while in exit_hook()" if !$W->{"_init_done"};
        # &footer will call us recursively!
        footer() if !$W->{"_exit_done"}++;
        return &{$exit_orig}(@_);
}
sub exit_hook_start
{
        cluck "exit_hook_start() twice?" if defined $exit_orig;
        $exit_orig=\&CORE::GLOBAL::exit;
        # Prevent: Subroutine CORE::GLOBAL::exit redefined
        no warnings 'redefine';
        *CORE::GLOBAL::exit=\&exit_hook;
}
sub exit_hook_stop
{
        do { cluck "exit_hook_stop() without exit_hook_start()?"; return; }
                        if \&exit_hook ne \&CORE::GLOBAL::exit;
        cluck "INTERNAL: exit_orig uninitialized" if !$exit_orig;
        # Prevent: Subroutine CORE::GLOBAL::exit redefined
        no warnings 'redefine';
        *CORE::GLOBAL::exit=$exit_orig;
        $exit_orig=undef();
}

# Be aware other parts of code (non-My::Web) will NOT use this function!
# Do not: Wprint $W->{"heading"},"undef"=>1;
# as we would need to undef() it to turn it off and it would get defaulted in such case.
# Do not: exists $W->{"heading"}
# as we use a lot of 'for $W->{"heading"}' which instantiates it with the value: undef()
sub Wprint($%)
{
my($text,%args)=@_;

        cluck "undef Wprint" if !defined $text && !$args{"undef"};
        delete $args{"undef"};
        cluck join(" ","Invalid arguments:",keys(%args)) if keys(%args);
        return if !defined $text;
        # Do not: cluck "utf-8 untested" if Encode::is_utf8($text);
        # as it is valid here.
        $W->{"r"}->puts($text);
}

sub request_check(;$)
{
my($self)=@_;

        # Use &eval to prevent: Global $r object is not available. Set:\n\tPerlOptions +GlobalRequest\nin ...
        # CGI requires valid "r": check it beforehand here.
        confess "Calling sensitive dynamic code from a static code" if !eval { Apache2::RequestUtil->request(); };
        # Do not: confess "Calling sensitive dynamic code without My::Web::init" if !$W->{"__PACKAGE__"};
        # as it is valid at least while preparing arguments to call: &project::Lib::init
}

sub escapeHTML($)
{
my($text)=@_;

        # Prevent &CGI::escapeHTML breaking utf-8 strings like: \xC4\x9B eq \x{11B}
        # Prevent case if we run under mod_perl but still just initializing:
        request_check() if $ENV{"MOD_PERL"};
        # Generally we are initialized from &init but we may be used without it without mod_perl
        # and in such case check the change on all non-first invocations.
        our $init;
        if (!$ENV{"MOD_PERL"} && $init++) {
                do { cluck "charset==$_" if $_ ne "utf-8"; } for CGI::charset();
                }
        CGI::charset("utf-8");

        return CGI::escapeHTML($text);
}

# /home/user/www/webdir
sub dir_top_abs_disk()
{
        our $dir_top_abs_disk;
        if (!$dir_top_abs_disk) {
                my $selfpkg_relpath=__PACKAGE__;
                $selfpkg_relpath=~s{::}{/}g;
                $selfpkg_relpath.=".pm";
                my $selfpkg_abspath=$INC{$selfpkg_relpath} or do {
                        cluck "Unable to find self package $selfpkg_relpath";
                        return;
                        };
                $selfpkg_abspath=~s{/*\Q$selfpkg_relpath\E$}{} or do {
                        cluck "Unable to strip myself \"$selfpkg_relpath\" from the abspath: $selfpkg_abspath";
                        return;
                        };
                cluck "INC{myself} is relative?: $selfpkg_abspath" if $selfpkg_abspath!~m{^/};
                $dir_top_abs_disk=$selfpkg_abspath;
                }
        return $dir_top_abs_disk;
}

sub unparsed_uri()
{
        request_check();
        if (!$W->{"unparsed_uri"}) {
                # Do not: $W->{"r"}
                # as we may be called before &init from: &My::Project::init
                my $r=Apache2::RequestUtil->request();
                cluck "Calling ".'&unparsed_uri'." from a static code, going to fail" if !$r;
                my $uri_string=$r->unparsed_uri() or cluck "Valid 'r' missing unparsed_uri()?";
                my $uri=URI->new_abs($uri_string,"http://".$W->{"web_hostname"}."/");
                $W->{"unparsed_uri"}=$uri;
                }
        return $W->{"unparsed_uri"};
}

sub in_to_uri_abs($)
{
my($in)=@_;

        # Otherwise we may have been already processed and thus legally relativized.
        # FIXME data: Currently disabled, all the data are too violating such rule.
        if (0 && !ref $in) {
                my $uri_check=URI->new($in);
                $uri_check->scheme() || $in=~m{^\Q./\E} || $in=~m{^/}
                                or cluck "Use './' or '/' prefix for all the local references: $in";
                }
        my $uri=URI->new_abs($in,unparsed_uri());
        $uri=$uri->canonical();
        return $uri;
}

# $args{"uri_as_in"}=1 to permit passing URI objects as: $in
# $args{"abs"}=1;
sub path_web($%)
{
my($in,%args)=@_;

        cluck if !$args{"uri_as_in"} && ref $in;
        my $uri=in_to_uri_abs($in);
        if (uri_is_local($uri)) {
                # Prefer the $uri values over "args_persistent" values.
                $uri->query_form_hash({
                                map({
                                        my $key=$_;
                                        my $val=$W->{"args"}{$key};
                                        (!defined $val ? () : ($key=>$val));
                                        } keys(%{$W->{"args_persistent"}})),
                                %{$uri->query_form_hash()},
                                });
                }
        return $uri->abs(unparsed_uri()) if $W->{"args"}{"Wabs"} || $args{"abs"};
        return $uri->rel(unparsed_uri());
}

sub path_abs_disk_register($)
{
my($path_abs_disk)=@_;

        $W->{"path_abs_disk_register"}{$path_abs_disk}=1;
}

# $args{"uri_as_in"}=1 to permit passing URI objects as: $in
sub path_abs_disk($%)
{
my($in,%args)=@_;

        cluck if !$args{"uri_as_in"} && ref $in;
        my $uri=in_to_uri_abs($in);
        cluck if !uri_is_local($uri);
        my $path=$uri->path();
        cluck "URI compatibility: ->path() not w/leading slash of URI \"$uri\"; path: $path" if $path!~m{^/};
        my $r=dir_top_abs_disk().$path;
        path_abs_disk_register $r if !defined $args{"register"} || $args{"register"};
        return $r;
}

sub fatal (;$);

sub _args_check (%)
{
my(%tmpl)=@_;

        while (my($name,$regex)=each(%tmpl)) {
                my $name_html="Parameter <span class=\"quote\">".escapeHTML($name)."</span>";
                $W->{"args"}{$name}="" if !defined $W->{"args"}{$name};
                $W->{"args"}{$name}=[ $W->{"args"}{$name} ] if !ref $W->{"args"}{$name} && ref $regex;
                fatal "$name_html passed as multivar although singlevar expected"
                                if ref $W->{"args"}{$name} && !ref $regex;
                $regex=$regex->[0] if ref $regex;
                for my $val (!ref $W->{"args"}{$name} ? $W->{"args"}{$name} : @{$W->{"args"}{$name}}) {
                        $val="" if !defined $val;
                        fatal "$name_html <span class=\"quote\">".escapeHTML($val)."</span>"
                                                        ." does not match the required regex <span class=\"quote\">".escapeHTML($regex)."</span> "
                                        if $regex ne "" && $val!~/$regex/;
                        }
                }
}

sub vskip (;$)
{
my($height)=@_;

        return '<p'.(!defined $height ? "" : ' style="height: '.$height.';"').'>&nbsp;</p>'."\n";
}

sub fatal (;$)
{
my($msg)=@_;

        $msg="UNKNOWN" if !$msg;
        cluck "FATAL: $msg";

        # Do not send it unconditionally.
        # The intial duplicated '<?xml...' crashes Gecko parser.
        $W->{"heading_done"}=0 if $W->{"header_only"};
        # Do not send it unconditionally.
        # Prevents warn: Headers already sent
        if (!$W->{"heading_done"}) {
                $W->{"indexme"}=0;      # For the case no heading was sent yet.
                $W->{"header_only"}=0;  # assurance for &heading
                My::Web->heading();
                }
        Wprint "\n".vskip("3ex")."<hr /><h1 class=\"error\">FATAL ERROR: $msg!</h1>\n"
                        ."<p>You can report this problem's details to"
                        ." ".a_href("mailto:".$W->{"admin_mail"},"admin of this website").".</p>\n";
        exit;
}

sub footer()
{
        cluck 'Explicit &footer call is deprecated, !_exit_dne' if !$W->{"_exit_done"};
        exit if $W->{"footer_done"}++;  # deadlock prevention:
        if ($W->{"header_only"}) {
                $packages_used_hash{$W->{"__PACKAGE__"}}{"_done"}=1;
                exit;
                }

        Wprint vskip if $W->{"footer_delimit"};
        &{$_}() for reverse @{$W->{"footing_delimit_sub_push"}};
        Wprint "<hr />\n" if $W->{"footer"};

        # Never update the package list while we examine it!
        $packages_used_hash{$W->{"__PACKAGE__"}}{"_done"}=1;

        my $packages_used=$packages_used_array{$W->{"__PACKAGE__"}};
        if ($W->{"footer_ids"}) {
                Wprint '<p class="cvs-id">';
                Wprint join("<br />\n",map({ my $package=$_;
                        my $cvs_id=(eval('$'.$package."::CVS_ID")
#                                       || $package     # debug
                                        );
                        if (!$cvs_id) {
                                ();
                                }
                        else {
                                $cvs_id='$'.$cvs_id.'$';        # Eaten by 'q' operator.
                                my @cvs_id_split=split / +/,$cvs_id;
                                if (@cvs_id_split==8) {
                                        my $file=$package;
                                        $file=~s#::#/#g;
                                        my $ext;
                                        my @tried;
                                        for (qw(.pm)) {
                                                $ext=$_;
                                                my $path_abs_disk=path_abs_disk("/$file$ext");
                                                push @tried,$path_abs_disk;
                                                last if -r $path_abs_disk;
                                                cluck "Class file $file not found; tried: ".join(" ",@tried) if !$ext;
                                                }
                                        $file.=$ext;
                                        $cvs_id_split[2]=""
                                                        .a_href((map({ my $s=$_; $s=~s#/viewcvs/#$&~checkout~/#; $s; } $W->{"viewcvs"}))[0]."$file?rev=".$cvs_id_split[2],
                                                                        $cvs_id_split[2]);
                                        $cvs_id_split[1]=a_href($W->{"viewcvs"}.$file,
                                                        ($package!~/^Apache2::/ ? $package : $cvs_id_split[1]));
                                        $cvs_id_split[5]=&{$W->{"cvs_id_author_sub"}}($cvs_id_split[5]);
                                        }
                                join " ",@cvs_id_split;
                                }
                        } @$packages_used));
                Wprint "</p>\n";
                }

        for my $package (@$packages_used) {
                my $cvs_id=(eval('$'.$package."::CVS_ID")
#                               || $package     # debug
                                );
                Wprint '<!-- '.$package.' - $'.$cvs_id.'$ -->'."\n" if $cvs_id;
                }

        do { Wprint $_ if $_; } for $W->{"footing"};

        Wprint "</body></html>\n";
        exit;
}

# Existing entries are overwritten.
sub header(%)
{
my(%pairs)=@_;

        while (my($key,$val)=each(%pairs)) {
                do { cluck "Headers already sent"; next; } if $W->{"heading_done"};
                $W->{"r"}->headers_out()->set($key,$val);
                }
}

sub size_display ($)
{
my($size)=@_;

           if ($size<4096)
                {}
        elsif ($size<1024*1024)
                { $size=sprintf "%.1fK",$size/1024; }
        else
                { $size=sprintf "%.1fM",$size/1024/1024; }
        $size.="B";
        return $size;
}

sub uri_is_local($)
{
my($in)=@_;

        my $uri_rel=in_to_uri_abs($in)->rel(unparsed_uri());
        # Do not: defined $uri_rel->("userinfo"|"host"|"port")();
        # as they fail to be called for schemes not supporting them.
        return 0 if $uri_rel->scheme();
        return 0 if $uri_rel->authority();
        return 1;
}

# &path_web still may be required for &uri_escaped !
sub uri_escaped($)
{
my($uri)=@_;

        cluck if !ref $uri;
        my $urient=escapeHTML($uri);
        return $uri    if $uri eq $urient;
        request_check();
        return $urient if uri_is_local $uri;
        return $uri    if defined $W->{"have_ent"} && !$W->{"have_ent"};        # non-ent client
        return $urient if $W->{"have_ent"};     # ent client
        # Unknown client, &escapeHTML should not be needed here:
        return escapeHTML(path_web('/My/Redirect.pm?location='.uri_escape($uri->abs(unparsed_uri()))));
}

our $a_href_inhibited;
sub a_href($;$%)
{
my($in,$contents,%args)=@_;

        request_check();
        do { $$_=1 if !defined $$_; } for (\$args{"size"});
        if (!defined $contents) {
                $contents=$in;
                $contents=File::Basename::basename($contents) if $args{"basename"};
                $contents=escapeHTML($contents);
                }
        $contents=~s#<a\b[^>]*>##gi;
        $contents=~s#</a>##gi;
        return $contents if $a_href_inhibited;

        my $path_web=path_web $in,%args;
        my $r="";
        $r.='<a href="';
        $r.=uri_escaped $path_web;
        $r.='"';
        do { $r.=" $_" if $_; } for ($args{"attr"});
        $r.='>'.$contents.'</a>';
        if ($args{"size"} && uri_is_local($in) && ($args{"size"}>=2 || $in=~/[.](?:gz|Z|rpm|zip|deb|lha)/)) {   # Downloadable?
                my $path_abs_disk=path_abs_disk $in,%args;
                cluck "File not readable: $path_abs_disk" if !-r $path_abs_disk;
                $r.='&nbsp;('.size_display((stat($path_abs_disk))[7]).')';
                }
        return $r;
}

sub a_href_inhibit($$;@)
{
my($self,$sub,@sub_args)=@_;

        local $a_href_inhibited=1;
        return &{$sub}(@sub_args);
}

sub input_hidden_persistents()
{
        request_check();
        return join("",map({
                my $key=$_;
                my $val=$W->{"args"}{$key};
                (!defined $val ? () : '<input type="hidden"'
                                .' name="'.escapeHTML($key).'"'
                                .' value="'.escapeHTML($val).'"'
                                .' />'."\n");
                } (keys(%{$W->{"args_persistent"}}))));
}

sub http_moved($$;$)
{
my($self,$url,$status)=@_;

        $url=path_web($url,"abs"=>1);
        $status||=HTTP_MOVED_TEMPORARILY;
        $W->{"r"}->status($status);
        $W->{"r"}->headers_out()->{"Location"}=$url;
        $W->{"header_only"}=1;
        $W->{"content_type"}=0;
        My::Web->heading();
        exit;
        die "NOTREACHED";
}

sub remote_ip ()
{
        # Do not: PerlModule                 Apache2::ForwardedFor
        #         PerlPostReadRequestHandler Apache2::ForwardedFor
        # As 'Apache2::ForwardedFor' takes the first of $ENV{"HTTP_X_FORWARDED_FOR"}
        # while the contents is '127.0.0.1, 213.220.195.171' if client has its own proxy.
        # We must take the last item ourselves.
        # Be VERY sure you always retrieve all the headers unconditionally to hit: My::Hash::RecordKeys
        my $x_forwarded_for=$W->{"headers_in"}{"X-Forwarded-For"};
        $x_forwarded_for=~s/^.*,\s*// if $x_forwarded_for;
        my $remote_ip=$W->{"headers_in"}{"_remote_ip"};
        my $r;
        $r||=$x_forwarded_for;
        $r||=$remote_ip;
        return $r;
}

# $url={"JP"=>"http://specific",...};
# $url={""=>"http://default",...};
sub a_href_cc($$;%)
{
my($url,$contents,%args)=@_;

        # A bit ineffective but we must process all the possibilities to get stable 'headers_in' hits!
        my %map=map(($_=>a_href($url->{$_},$contents,%args)),keys(%$url));
        my $cc;
        $cc||=Geo::IP->new()->country_code_by_addr(remote_ip()) if $have_Geo_IP;
        $cc||="";
        my $r=$map{$cc};
        return $r if $r;
        return $contents;
}

sub make ($)
{
my($cmd)=@_;

        # FIXME: &alarm, --timeout is now infinite.
        # FIXME: Try to remove bash(1).
        # FIXME: Use: @PATH_FLOCK@
        my @argv=('flock',dir_top_abs_disk(),'bash','-c',$cmd.' >&2');
        print STDERR join(" ","SPAWN:",@argv)."\n";
        system @argv;
}

sub make_file($$)
{
my($self,$file)=@_;

        cluck "Pathname not absolute: $file" if $file!~m{^/};
        return if -f $file;
        # TODO: Somehow quickly check dependencies?
        return make('make -s --no-print-directory'
                                        .' -C '."'".File::Basename::dirname($file)."' '".File::Basename::basename($file)."'");
}

sub img_size ($$)
{
my($width,$height)=@_;

        cluck if !defined $width || !defined $height;
        return ($W->{"have_style"} ? "style=\"border:0;width:${width}px;height:${height}px\"" : "border=\"0\"")
                        ." width=\"$width\" height=\"$height\"";
}

sub negotiate_variant (%)
{
my(%args)=@_;

        my @fields=("id","qs","content-type","encoding","charset","lang","size");
        return [ map(($args{$_}),@fields) ];
}

# Input: $self is required!
# Input: Put the fallback variant as the first one.
# Returns: always only scalar!
sub Negotiate_choose($$)
{
my($self,$variants)=@_;

        # Limit these entries to generate proper 'Vary' header.
        my %hash=(map(($_=>$W->{"headers_in"}{$_}),qw(
                        Accept
                        Accept-Charset
                        Accept-Encoding
                        Accept-Language
                        )));
        my $best=HTTP::Negotiate::choose($variants,
                        # Do not: $W->{"r"}
                        # to prevent: Can't locate object method "scan" via package "Apache2::RequestRec" at HTTP/Negotiate.pm line 84.
                        # Do not: $W->{"r"}->headers_in()
                        # to prevent: Can't locate object method "scan" via package "APR::Table" at HTTP/Negotiate.pm line 84.
                        # Do not: HTTP::Headers->new($W->{"r"}->headers_in());
                        # to prevent empty result or even: Odd number of elements in anonymous hash
                        HTTP::Headers->new(%hash));
        $best||=$variants->[0][0];      # $variants->[0]{"id"}; &HTTP::Negotiate::choose failed?
        return $best;
}

my @img_variants=(
                { "id"=>"png","qs"=>0.9,"content-type"=>"image/png" },
                { "id"=>"gif","qs"=>0.7,"content-type"=>"image/gif" },
                );
my $img_variants_re='[.](?:'.join('|',"jpeg",map(($_->{"id"}),@img_variants)).')$';

# Returns: ($path_web,$path_abs_disk)
# URI path segments support ignored here. Where it is used? (';' path segment options)
sub _img_src($%)
{
my($in,%args)=@_;

        cluck if !uri_is_local $in;
        my $uri=in_to_uri_abs $in;
        my $path_abs_disk=path_abs_disk $uri,%args,"uri_as_in"=>1,"register"=>0;

        # Known image extension?
        return path_web($uri,%args,"uri_as_in"=>1),$path_abs_disk if $uri->path()=~m#$img_variants_re#o;

        my @nego_variants;
        for my $var (@img_variants) {
                my $path_abs_disk_variant=$path_abs_disk.".".$var->{"id"};
                path_abs_disk_register($path_abs_disk_variant);
                __PACKAGE__->make_file($path_abs_disk_variant);
                push @nego_variants,negotiate_variant(
                                %$var,
                                "size"=>(stat $path_abs_disk_variant)[7],
                                );
                }
        my $ext=__PACKAGE__->Negotiate_choose(\@nego_variants);

        $uri->path($uri->path().".$ext");
        return path_web($uri,%args,"uri_as_in"=>1),path_abs_disk($uri,%args,"uri_as_in"=>1);
}

# $args{"attr"}
sub img ($$%)
{
my($in,$alt,%args)=@_;

        request_check();
        my($path_web,$path_abs_disk)=_img_src($in,%args);
        my($width,$height)=Image::Size::imgsize($path_abs_disk);
        $alt=~s/<[^>]*>//g;
        $alt=escapeHTML($alt);
        my $content="<img src=\"".uri_escaped($path_web)."\" alt=\"$alt\" title=\"$alt\" ".img_size($width,$height)
                        .(!$args{"attr"} ? "" : " ".$args{"attr"})." />";
        do { return a_href((_img_src($_))[0],$content,"uri_as_in"=>1) if $_; } for $args{"a_href_img"};
        do { return a_href $_,$content if $_; } for $args{"a_href"};
        return $content;
}

sub centerimg
{
        my $r="";
        $r.='<table border="0" width="100%"><tr>'."\n";
        @_=( [@_] ) if !ref $_[0];
        for (@_) {
                $r.="\t".'<td align="center">'.&{\&img}(@$_).'</td>'."\n";
                }
        $r.='</tr></table>'."\n";
        return $r;
}

sub rightimg
{
my($text,@args_img)=@_;

        # FIXME: Workaround bug of 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)':
        #        <col width="@{[ (!$W->{"browser"}->ie() ? "1*" : "90%" ) ]}" />
        #        <col width="@{[ (!$W->{"browser"}->ie() ? "0*" : "10%" ) ]}" />
        # causes whole invisible projects in: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050719 Galeon/1.3.21
        return <<"HERE";
<table border="0" width="100%">
        <tr>
                <td align="left">
                        @{[ $text ]}
                </td>
                <td align="right">
                        @{[ &{\&img}(@args_img) ]}
                </td>
        </tr>
</table>
HERE
}

sub readfile($$)
{
my($class,$filename)=@_;

        local *F;
        open F,$filename or cluck "Cannot open \"$filename\": $!";
        my $F=do { local $/=undef(); <F>; };
        close F or cluck "Cannot close \"$filename\": $!";
        return $F;
}

sub _no_cache($)
{
my($self)=@_;

        header("Expires"=>HTTP::Date::time2str(1000000000));    # date in the past
        header("Last-Modified"=>HTTP::Date::time2str());        # always modified
        header("Cache-Control"=>join(", ",
                        "no-cache",
                        "no-store",
                        "must-revalidate",
                        "max-age=0",
                        "pre-check=0",  # MSIE
                        "post-check=0", # MSIE
                        ));     # HTTP/1.1
        header("Pragma"=>"no-cache");   # HTTP/1.0
        header("Vary"=>"*");    # content may ba based on unpredictable sources
}

sub headers_in_filtered(@)
{
my(@keys)=@_;

        return map(($_=>$W->{"headers_in"}{$_}),@keys);
}

our %uri_args_frozen_to_headers_in_keys;
our %uri_args_headers_in_frozen_to_headers_out;

sub uri_args_headers_in_frozen_get($)
{
my($headers_in_keys_arrayref)=@_;

        my %uri_args_headers_in_hash=(
                "uri_args_frozen"=>$W->{"uri_args_frozen"},
                "headers_in"=>{ headers_in_filtered(@$headers_in_keys_arrayref) },
                );
        return do { local $Storable::canonical=1; Storable::freeze(\%uri_args_headers_in_hash); };
}

sub cache_output_filter($)
{
my($f)=@_;

        while ($f->read(my $text,0x400)) {
                cluck "utf-8 untested" if Encode::is_utf8($text);       # Possible here at all?
                $f->print($text);
                $W->{"digest-md5"}->add($text);
                }
        return OK;
}

sub cache_start()
{
        if (!$W->{"http_safe"}) {
                __PACKAGE__->_no_cache();
                return;
                }

        {
                # &Wrequire it here even if it will not be later used; to be stable!
                Wrequire 'My::Hash::RestrictTo';
                my %uri_args_hash=(
                        "uri"=>"http://".$W->{"web_hostname"}."/".$W->{"r"}->uri(),
                        "args"=>$W->{"args_orig_array"},
                        );
                $W->{"uri_args_frozen"}=do { local $Storable::canonical=1; Storable::freeze(\%uri_args_hash); };
                last if !(my $headers_in_keys_arrayref=$uri_args_frozen_to_headers_in_keys{$W->{"uri_args_frozen"}});

                # Protection to be sure we are stable:
                $W->{"headers_in"}=My::Hash::RestrictTo->new($W->{"headers_in"},@$headers_in_keys_arrayref);

                $W->{"uri_args_headers_in_frozen"}=uri_args_headers_in_frozen_get($headers_in_keys_arrayref);
                last if !(my $headers_out_hashref=$uri_args_headers_in_frozen_to_headers_out{$W->{"uri_args_headers_in_frozen"}});
                header(%$headers_out_hashref);
                my $status;
                {
                        # &meets_conditions will always deny the attempt if !2xx status().
                        # At least ap_read_request() sets: r->status=HTTP_REQUEST_TIME_OUT;     /* Until we get a request */
                        my $status_old=$W->{"r"}->status();
                        $W->{"r"}->status(HTTP_OK);
                        # Update httpd's 'r->mtime' as the header "Last-Modified" is just not enough for ap_meets_conditions():
                        # &update_mtime() argument is really in _secs_, not in _msecs_ as the docs claim.
                        # Be aware '*1000000' would overflow Perl integer anyway.
                        # &set_last_modified would also override the "Last-Modified" headers_out!
                        # &mtime may exist but somehow does not work.
                        $W->{"r"}->update_mtime(HTTP::Date::str2time($headers_out_hashref->{"Last-Modified"}));
                        $status=$W->{"r"}->meets_conditions();
                        $W->{"r"}->status($status_old);
                        }
                last if OK==$status;
                $W->{"r"}->status($status);
                $W->{"header_only"}=1;  # Inhibit &footer output.
                exit;
                die "NOTREACHED";
                }

        $W->{"digest-md5"}=Digest::MD5->new();
        $W->{"cache_active"}=1;
        $W->{"r"}->add_output_filter(\&cache_output_filter);
}

sub cache_finish_last_modified()
{
        cluck "Not yet done now? W __PACKAGE__: ".$W->{"__PACKAGE__"}
                        if !$packages_used_hash{$W->{"__PACKAGE__"}}{"_done"};
        for my $package_orig (@{$packages_used_array{$W->{"__PACKAGE__"}}}) {
                local $_=$package_orig.".pm";
                s{::}{/}g;
                path_abs_disk "/$_","register"=>1;
                }
        my $mtime_newest;
        for my $path_abs_disk (keys(%{$W->{"path_abs_disk_register"}})) {
                my $mtime=(stat $path_abs_disk)[9];
                do { cluck "No mtime for: $path_abs_disk"; next; } if !$mtime;
                $mtime_newest=$mtime if !$mtime_newest || $mtime_newest<$mtime;
                }
        cluck "No mtime_newest found for the current W __PACKAGE__: ".$W->{"__PACKAGE__"}
                        if !$mtime_newest;
        return HTTP::Date::time2str($mtime_newest);
}


sub cache_finish()
{
        # Do not: return if !$W->{"uri_args_frozen"};
        # as we may have just gave 304 and 'exit;' without starting the caching.
        return if !$W->{"cache_active"};

        # Fill-in/check: %uri_args_frozen_to_headers_in_keys
        my $headers_in_keys_stored_arrayref_ref=\$uri_args_frozen_to_headers_in_keys{$W->{"uri_args_frozen"}};
        my @headers_in_keys=tied(%{$W->{"headers_in_RecordKeys"}})->accessed();
        if (!$$headers_in_keys_stored_arrayref_ref
                        || !Data::Compare::Compare(\@headers_in_keys,$$headers_in_keys_stored_arrayref_ref)) {
                cluck "Non-matching generated 'headers_in_keys' per 'uri_args_frozen' key:\n"
                                                .Dumper(\@headers_in_keys,$$headers_in_keys_stored_arrayref_ref)
                                if $$headers_in_keys_stored_arrayref_ref;
                # Build or possibly prevent such further warn dupes:
                $$headers_in_keys_stored_arrayref_ref=\@headers_in_keys;
                # Build or regenerate as obsoleted now:
                $W->{"uri_args_headers_in_frozen"}=uri_args_headers_in_frozen_get(\@headers_in_keys);
                }

        # Prepare 'headers_out' for the future reusal:
        my %headers_out;
        # Do not: $W->{"digest-md5"}->b64digest();
        # as it will not provide the trailing filling '='s.
        # RFC 1864 is not clear if they should be there but its sample provides them.
        # Do not try to provide canonical "\r\n" form of newlines as is said by RFC 1864.
        # RFC 2068 (HTTP/1.1) section 14.16 says the newlines should NOT be converted for HTTP.
        # ',""' to avoid breaking the headers by its default "\n".
        $headers_out{"Content-MD5"}=MIME::Base64::encode_base64($W->{"digest-md5"}->digest(),"");
        # In fact we could also use MD5 for ETag as if we know ETag we also know MD5.
        # But this way we do not need to calculate MD5 and we still can provide such ETag. So.
        # $W->{"r"}->set_etag() ?
        $headers_out{"ETag"}='"'.Digest::MD5::md5_base64($W->{"uri_args_headers_in_frozen"}).'"';
        # $W->{"r"}->set_content_length() ?
        $headers_out{"Content-Length"}=$W->{"r"}->bytes_sent();
        my %Vary=map(($_=>1),(@headers_in_keys));
        for (keys(%Vary)) {
                next if !/^_/;
                $Vary{"*"}=1;
                delete $Vary{$_};
                }
        %Vary=("*"=>1) if $Vary{"*"};
        $headers_out{"Vary"}=join(", ",sort keys(%Vary)) if keys(%Vary);
        # $W->{"r"}->set_last_modified() ?
        $headers_out{"Last-Modified"}=cache_finish_last_modified();

        # Fill-in/check: %uri_args_headers_in_frozen_to_headers_out
        my $headers_out_stored_hashref_ref=\$uri_args_headers_in_frozen_to_headers_out{$W->{"uri_args_headers_in_frozen"}};
        if (!$$headers_out_stored_hashref_ref
                        || !Data::Compare::Compare(\%headers_out,$$headers_out_stored_hashref_ref)) {
                cluck "Non-matching generated 'headers_out' per 'uri_args_headers_in_frozen' key:\n"
                                                .Dumper(\%headers_out,$$headers_out_stored_hashref_ref)
                                if $$headers_out_stored_hashref_ref;
                # Build or possibly prevent such further warn dupes:
                $$headers_out_stored_hashref_ref=\%headers_out;
                }

###print STDERR Dumper(\%uri_args_frozen_to_headers_in_keys,\%uri_args_headers_in_frozen_to_headers_out);
}

sub heading()
{
my($class)=@_;

        if (!$W->{"header_only"}) {
                header("Content-Style-Type"=>"text/css");
                header("Content-Script-Type"=>"text/javascript");
                # $W->{"r"}->content_languages() ?
                do { header("Content-Language"=>$_) if $_; } for $W->{"language"};
                }
        # TODO: Support also: private
        header("Cache-Control"=>"public");      # HTTP/1.1

        # Use $W->{"charset"}=0 to disable charset.
        $W->{"charset"}="us-ascii" if !defined $W->{"charset"} && !defined($W->{"content_type"}) || $W->{"content_type"};

        # Workaround bug
        #   https://bugzilla.mozilla.org/show_bug.cgi?id=120556
        # of at least
        #   Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b) Gecko/20050217
        # http://validator.w3.org/ does not send ANY "Accept" headers!
        $W->{"content_type"}="application/xhtml+xml" if !defined $W->{"content_type"}
                        && !$W->{"headers_in"}{"Accept"}
                        && ($W->{"headers_in"}{"User-Agent"}||"")=~m{^W3C_Validator/}i;
        defined($W->{"content_type"}) or $W->{"content_type"}=$class->Negotiate_choose([
                        # Put the fallback variant as the first one.
                        # Rate both variants the same to prefer "text/html" for undecided clients.
                        # At least
                        #   Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b) Gecko/20050217
                        # prefers "application/xhtml+xml" over "text/html" itself:
                        #   text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
                        negotiate_variant(
                                        "id"=>"text/html",
                                        "content-type"=>"text/html",
                                        "qs"=>0.6,
                                        (!$W->{"charset"} ? () : "charset"=>$W->{"charset"}),
                                        "lang"=>$W->{"language"},
                                        ),
                        negotiate_variant(
                                        "id"=>"application/xhtml+xml",
                                        "content-type"=>"application/xhtml+xml",
                                        "qs"=>0.6,
                                        (!$W->{"charset"} ? () : "charset"=>$W->{"charset"}),
                                        "lang"=>$W->{"language"},
                                        ),
                        # application/xml ?
                        # text/xml ?
                        ]);
        # mod_perl doc: If you set this header via the headers_out table directly, it
        #               will be ignored by Apache. So do not do that.
        my $type;
        if ($W->{"content_type"}) {
                $type=MIME::Types->new()->type($W->{"content_type"});
                cluck "MIME::Types type '".$W->{"content_type"}."' not known" if !$type;
                }
        cluck "charset='".$W->{"charset"}."' does not match content-type='".$W->{"content_type"}."'"
                        if ($W->{"charset"} ? 1 : 0) != (!$type ? 0 : $type->isAscii());
        $W->{"r"}->content_type($W->{"content_type"}.(!$W->{"charset"} ? "" : "; charset=".$W->{"charset"}))
                        if $W->{"content_type"};

        cache_start();
        # We still can append headers before we put out some text.
        # FIXME: It is not clean to still append them without overwriting.
        return if $W->{"heading_done"};
        Wprint '<?xml version="1.0" encoding="'.$W->{"charset"}.'"?>'."\n"
                        if (!$W->{"header_only"} || $W->{"header_only"} eq "xml") && $W->{"content_type"}=~m{^application/\w+[+]xml$};
        return if $W->{"header_only"};
        # Split 'heading_done' for the proper handling of: /project/Rel.pm
        $W->{"heading_done"}++;

        Wprint '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">'."\n";
        Wprint '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="'.$W->{"language"}.'">'."\n";
        my $title=$W->{"title_prefix"}.join("",map({ ': '.$_; } ($W->{"title"} || ())));
        # Do not: cluck if $title=~/[<>]/;
        # as it is not solved just by: &a_href_inhibit
        # as sometimes titles use also: <i>...</i>
        $title=~s#<[^>]*>##g;
        Wprint "<head>";
        Wprint "<title>$title</title>\n";
        if ($W->{"have_css"}) {
                # Everything can get overriden later.
                for my $css ("/My/Web.css",@{$W->{"css_push"}}) {
                        Wprint <<"HERE";
<link rel="stylesheet" type="text/css" href="@{[ uri_escaped(path_web $css) ]}" />
HERE
                        }
                if ($W->{"css_inherit"}) {
                        Wprint <<"HERE";
<script type="text/javascript" src="@{[ uri_escaped(path_web('/My/css_inherit.js')) ]}" />
HERE
                        }
                }
        Wprint '<meta name="robots" content="'.($W->{"indexme"} ? "" : "no" ).'index,follow" />'."\n";
        Wprint $W->{"head"};
        for my $type (qw(prev next index contents start up)) {
                do { Wprint '<link rel="'.$type.'" href="'.uri_escaped(path_web $_).'" />'."\n" if $_; }
                                for ($W->{"rel_$type"});
                }
        Wprint "</head><body";
#       Wprint ' bgcolor="black" text="white" link="aqua" vlink="teal"'
#                       if $W->{"browser"}->netscape() && (!$W->{"browser"}->major() || $W->{"browser"}->major()<=4);
        Wprint $W->{"body_attr"};
        Wprint ">\n";

        do { Wprint $_ if $_; } for $W->{"heading"};
}

BEGIN {
        delete $W->{"__My::Web_init"};
        }

1;