-/* $Id: cgi.c,v 1.133 2016/07/09 19:58:36 schwarze Exp $ */
+/* $Id: cgi.c,v 1.148 2017/02/22 16:20:01 schwarze Exp $ */
/*
* Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
- * Copyright (c) 2014, 2015, 2016 Ingo Schwarze <schwarze@usta.de>
+ * Copyright (c) 2014, 2015, 2016, 2017 Ingo Schwarze <schwarze@usta.de>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <sys/time.h>
#include <ctype.h>
+#if HAVE_ERR
#include <err.h>
+#endif
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
static const int sec_MAX = sizeof(sec_names) / sizeof(char *);
static const char *const arch_names[] = {
- "amd64", "alpha", "armish", "armv7",
- "hppa", "hppa64", "i386", "landisk",
+ "amd64", "alpha", "armv7", "arm64",
+ "hppa", "i386", "landisk",
"loongson", "luna88k", "macppc", "mips64",
- "octeon", "sgi", "socppc", "sparc",
- "sparc64", "zaurus",
- "amiga", "arc", "arm32", "atari",
- "aviion", "beagle", "cats", "hp300",
+ "octeon", "sgi", "socppc", "sparc64",
+ "amiga", "arc", "armish", "arm32",
+ "atari", "aviion", "beagle", "cats",
+ "hppa64", "hp300",
"ia64", "mac68k", "mvme68k", "mvme88k",
"mvmeppc", "palm", "pc532", "pegasos",
- "pmax", "powerpc", "solbourne", "sun3",
- "vax", "wgrisc", "x68k"
+ "pmax", "powerpc", "solbourne", "sparc",
+ "sun3", "vax", "wgrisc", "x68k",
+ "zaurus"
};
static const int arch_MAX = sizeof(arch_names) / sizeof(char *);
switch (c) {
case ('"'):
- printf(""e;");
+ printf(""");
break;
case ('&'):
printf("&");
fflush(stdout);
while ((sz = read(fd, buf, sizeof(buf))) > 0)
write(STDOUT_FILENO, buf, sz);
+ close(fd);
}
}
printf("<!DOCTYPE html>\n"
"<html>\n"
"<head>\n"
- "<meta charset=\"UTF-8\"/>\n"
- "<link rel=\"stylesheet\" href=\"%s/mandoc.css\""
+ " <meta charset=\"UTF-8\"/>\n"
+ " <link rel=\"stylesheet\" href=\"%s/mandoc.css\""
" type=\"text/css\" media=\"all\">\n"
- "<title>%s</title>\n"
+ " <title>%s</title>\n"
"</head>\n"
- "<body>\n"
- "<!-- Begin page content. //-->\n",
+ "<body>\n",
CSS_DIR, CUSTOMIZE_TITLE);
resp_copy(MAN_DIR "/header.html");
{
int i;
- puts("<!-- Begin search form. //-->");
- printf("<div id=\"mancgi\">\n"
- "<form action=\"/%s\" method=\"get\">\n"
- "<fieldset>\n"
- "<legend>Manual Page Search Parameters</legend>\n",
+ printf("<form action=\"/%s\" method=\"get\">\n"
+ " <fieldset>\n"
+ " <legend>Manual Page Search Parameters</legend>\n",
scriptname);
/* Write query input box. */
- printf("<input type=\"text\" name=\"query\" value=\"");
+ printf(" <input type=\"text\" name=\"query\" value=\"");
if (req->q.query != NULL)
html_print(req->q.query);
printf( "\" size=\"40\"");
/* Write submission buttons. */
- printf( "<button type=\"submit\" name=\"apropos\" value=\"0\">"
+ printf( " <button type=\"submit\" name=\"apropos\" value=\"0\">"
"man</button>\n"
- "<button type=\"submit\" name=\"apropos\" value=\"1\">"
- "apropos</button>\n<br/>\n");
+ " <button type=\"submit\" name=\"apropos\" value=\"1\">"
+ "apropos</button>\n"
+ " <br/>\n");
/* Write section selector. */
- puts("<select name=\"sec\">");
+ puts(" <select name=\"sec\">");
for (i = 0; i < sec_MAX; i++) {
- printf("<option value=\"%s\"", sec_numbers[i]);
+ printf(" <option value=\"%s\"", sec_numbers[i]);
if (NULL != req->q.sec &&
0 == strcmp(sec_numbers[i], req->q.sec))
printf(" selected=\"selected\"");
printf(">%s</option>\n", sec_names[i]);
}
- puts("</select>");
+ puts(" </select>");
/* Write architecture selector. */
- printf( "<select name=\"arch\">\n"
- "<option value=\"default\"");
+ printf( " <select name=\"arch\">\n"
+ " <option value=\"default\"");
if (NULL == req->q.arch)
printf(" selected=\"selected\"");
puts(">All Architectures</option>");
for (i = 0; i < arch_MAX; i++) {
- printf("<option value=\"%s\"", arch_names[i]);
+ printf(" <option value=\"%s\"", arch_names[i]);
if (NULL != req->q.arch &&
0 == strcmp(arch_names[i], req->q.arch))
printf(" selected=\"selected\"");
printf(">%s</option>\n", arch_names[i]);
}
- puts("</select>");
+ puts(" </select>");
/* Write manpath selector. */
if (req->psz > 1) {
- puts("<select name=\"manpath\">");
+ puts(" <select name=\"manpath\">");
for (i = 0; i < (int)req->psz; i++) {
- printf("<option ");
+ printf(" <option ");
if (strcmp(req->q.manpath, req->p[i]) == 0)
printf("selected=\"selected\" ");
printf("value=\"");
html_print(req->p[i]);
puts("</option>");
}
- puts("</select>");
+ puts(" </select>");
}
- puts("</fieldset>\n"
- "</form>\n"
- "</div>");
- puts("<!-- End search form. //-->");
+ puts(" </fieldset>\n"
+ "</form>");
}
static int
{
size_t i;
- if ( ! strcmp(manpath, "mandoc"))
- return 1;
-
for (i = 0; i < req->psz; i++)
if ( ! strcmp(manpath, req->p[i]))
return 1;
resp_searchform(req, FOCUS_QUERY);
printf("<p>\n"
"This web interface is documented in the\n"
- "<a href=\"/%s%smandoc/man8/man.cgi.8\">man.cgi</a>\n"
+ "<a class=\"Xr\" href=\"/%s%sman.cgi.8\">man.cgi(8)</a>\n"
"manual, and the\n"
- "<a href=\"/%s%smandoc/man1/apropos.1\">apropos</a>\n"
+ "<a class=\"Xr\" href=\"/%s%sapropos.1\">apropos(1)</a>\n"
"manual explains the query syntax.\n"
"</p>\n",
scriptname, *scriptname == '\0' ? "" : "/",
req->q.equal || sz == 1 ? FOCUS_NONE : FOCUS_QUERY);
if (sz > 1) {
- puts("<div class=\"results\">");
- puts("<table>");
-
+ puts("<table class=\"results\">");
for (i = 0; i < sz; i++) {
- printf("<tr>\n"
- "<td class=\"title\">\n"
- "<a href=\"/%s%s%s/%s",
+ printf(" <tr>\n"
+ " <td>"
+ "<a class=\"Xr\" href=\"/%s%s%s/%s\">",
scriptname, *scriptname == '\0' ? "" : "/",
req->q.manpath, r[i].file);
- printf("\">");
html_print(r[i].names);
- printf("</a>\n"
- "</td>\n"
- "<td class=\"desc\">");
+ printf("</a></td>\n"
+ " <td><span class=\"Nd\">");
html_print(r[i].output);
- puts("</td>\n"
- "</tr>");
+ puts("</span></td>\n"
+ " </tr>");
}
-
- puts("</table>\n"
- "</div>");
+ puts("</table>");
}
/*
}
mchars_alloc();
- mp = mparse_alloc(MPARSE_SO, MANDOCLEVEL_BADARG, NULL, req->q.manpath);
+ mp = mparse_alloc(MPARSE_SO | MPARSE_UTF8 | MPARSE_LATIN1,
+ MANDOCLEVEL_BADARG, NULL, req->q.manpath);
mparse_readfd(mp, fd, file);
close(fd);
memset(&conf, 0, sizeof(conf));
conf.fragment = 1;
+ conf.style = mandoc_strdup(CSS_DIR "/mandoc.css");
usepath = strcmp(req->q.manpath, req->p[0]);
mandoc_asprintf(&conf.man, "/%s%s%%N.%%S",
usepath ? req->q.manpath : "", usepath ? "/" : "");
mparse_free(mp);
mchars_free();
free(conf.man);
+ free(conf.style);
}
static void
free(manpath);
return;
}
-
- if (strcmp(manpath, "mandoc")) {
- free(req->q.manpath);
- req->q.manpath = manpath;
- } else
- free(manpath);
+ free(manpath);
if ( ! validate_filename(file)) {
pg_error_badrequest(
const char *querystring;
int i;
+#if HAVE_PLEDGE
+ /*
+ * The "rpath" pledge could be revoked after mparse_readfd()
+ * if the file desciptor to "/footer.html" would be opened
+ * up front, but it's probably not worth the complication
+ * of the code it would cause: it would require scattering
+ * pledge() calls in multiple low-level resp_*() functions.
+ */
+
+ if (pledge("stdio rpath", NULL) == -1) {
+ warn("pledge");
+ pg_error_internal();
+ return EXIT_FAILURE;
+ }
+#endif
+
/* Poor man's ReDoS mitigation. */
itimer.it_value.tv_sec = 2;
static void
parse_path_info(struct req *req, const char *path)
{
- char *dir;
+ char *dir[4];
+ int i;
req->isquery = 0;
req->q.equal = 1;
req->q.manpath = mandoc_strdup(path);
+ req->q.arch = NULL;
/* Mandatory manual page name. */
if ((req->q.query = strrchr(req->q.manpath, '/')) == NULL) {
}
/* Handle the case of name[.section] only. */
- if (req->q.manpath == NULL) {
- req->q.arch = NULL;
+ if (req->q.manpath == NULL)
return;
- }
req->q.query = mandoc_strdup(req->q.query);
- /* Optional architecture. */
- dir = strrchr(req->q.manpath, '/');
- if (dir != NULL && strncmp(dir + 1, "man", 3) != 0) {
- *dir++ = '\0';
- req->q.arch = mandoc_strdup(dir);
- dir = strrchr(req->q.manpath, '/');
- } else
- req->q.arch = NULL;
+ /* Split directory components. */
+ dir[i = 0] = req->q.manpath;
+ while ((dir[i + 1] = strchr(dir[i], '/')) != NULL) {
+ if (++i == 3) {
+ pg_error_badrequest(
+ "You specified too many directory components.");
+ exit(EXIT_FAILURE);
+ }
+ *dir[i]++ = '\0';
+ }
+
+ /* Optional manpath. */
+ if ((i = validate_manpath(req, req->q.manpath)) == 0)
+ req->q.manpath = NULL;
+ else if (dir[1] == NULL)
+ return;
- /* Optional directory name. */
- if (dir != NULL && strncmp(dir + 1, "man", 3) == 0) {
- *dir++ = '\0';
+ /* Optional section. */
+ if (strncmp(dir[i], "man", 3) == 0) {
free(req->q.sec);
- req->q.sec = mandoc_strdup(dir + 3);
+ req->q.sec = mandoc_strdup(dir[i++] + 3);
}
+ if (dir[i] == NULL) {
+ if (req->q.manpath == NULL)
+ free(dir[0]);
+ return;
+ }
+ if (dir[i + 1] != NULL) {
+ pg_error_badrequest(
+ "You specified an invalid directory component.");
+ exit(EXIT_FAILURE);
+ }
+
+ /* Optional architecture. */
+ if (i) {
+ req->q.arch = mandoc_strdup(dir[i]);
+ if (req->q.manpath == NULL)
+ free(dir[0]);
+ } else
+ req->q.arch = dir[0];
}
/*
git.ckatri.com / mandoc.git / blobdiff