1 files changed, 59 insertions, 18 deletions
diff --git a/lib/cgi-lib.rb b/lib/cgi-lib.rb
index afadbff3b6..5234e046cc 100644
--- a/lib/cgi-lib.rb
+++ b/lib/cgi-lib.rb
@@ -9,29 +9,59 @@
 # foo.keys       <== array of fields
 # foo.inputs     <== hash of { <field> => <value> }
 
+# if running on Windows(IIS or PWS) then change cwd.
+if ENV['SERVER_SOFTWARE'] =~ /^Microsoft-/ then
+  Dir.chdir ENV['PATH_TRANSLATED'].sub(/[^\\]+$/, '')
+end
+
+require "shellwords.rb"
+
 class CGI
+  include Shellwords
+
   attr("inputs")
+
+  # original is CGI.pm
+  def read_from_cmdline
+    words = shellwords(if not ARGV.empty? then
+                         ARGV.join(' ')
+                       else
+                         print "(offline mode: enter name=value pairs on standard input)\n"
+                         readlines.join(' ').gsub(/\n/, '')
+                       end.gsub(/\\=/, '%3D').gsub(/\\&/, '%26'))
+
+    if words.find{|x| x =~ /=/} then words.join('&') else words.join('+') end
+  end
   
+  # escape url encode
+  def escape(str)
+    str.gsub!(/[^a-zA-Z0-9_\-.]/n){ sprintf("%%%02X", $&.unpack("C")[0]) }
+    str
+  end
+
+  # unescape url encoded
+  def unescape(str)
+    str.gsub! /\+/, ' '
+    str.gsub!(/%([0-9a-fA-F]{2})/){ [$1.hex].pack("c") }
+    str
+  end
+  module_function :escape, :unescape
+
   def initialize
-    str = if ENV['REQUEST_METHOD'] == "GET"
-            ENV['QUERY_STRING']
-         elsif ENV['REQUEST_METHOD'] == "POST"
-           $stdin.read ENV['CONTENT_LENGTH'].to_i
-         else
-           ""
-         end
-    arr = str.split(/&/)
+    # exception messages should be printed to stdout.
+    STDERR.reopen(STDOUT)
+
     @inputs = {}
-    arr.each do |x|
-      x.gsub!(/\+/, ' ')
-      key, val = x.split(/=/, 2)
-      val = "" unless val
-      
-      key.gsub!(/%(..)/) { [$1.hex].pack("c") }
-      val.gsub!(/%(..)/) { [$1.hex].pack("c") }
-
-      @inputs[key] += "\0" if @inputs[key]
-      @inputs[key] += val
+    case ENV['REQUEST_METHOD']
+    when "GET"
+      ENV['QUERY_STRING'] or ""
+    when "POST"
+      $stdin.read ENV['CONTENT_LENGTH'].to_i
+    else
+      read_from_cmdline
+    end.split(/&/).each do |x|
+      key, val = x.split(/=/,2).collect{|x|unescape(x)}
+      @inputs[key] += ("\0" if @inputs[key]) + (val or "")
     end
   end
 
@@ -53,4 +83,15 @@ class CGI
     TRUE
   end
 
+  def CGI.error
+    m = $!.dup
+    m.gsub!(/&/, '&amp;')
+    m.gsub!(/</, '&lt;')
+    m.gsub!(/>/, '&gt;')
+    msgs = ["<pre>ERROR: <strong>#{m}</strong>"]
+    msgs << $@
+    msgs << "</pre>"
+    CGI.message(msgs.join("\n"), "ERROR")
+    exit
+  end
 end