-/* $Id: cgi.c,v 1.143 2017/01/19 13:55:56 schwarze Exp $ */
+/* $Id: cgi.c,v 1.156 2017/06/24 14:38:32 schwarze Exp $ */
/*
* Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
* Copyright (c) 2014, 2015, 2016, 2017 Ingo Schwarze <schwarze@usta.de>
#include <sys/time.h>
#include <ctype.h>
+#if HAVE_ERR
#include <err.h>
+#endif
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
static void pg_error_internal(void);
static void pg_index(const struct req *);
static void pg_noresult(const struct req *, const char *);
+static void pg_redirect(const struct req *, const char *);
static void pg_search(const struct req *);
static void pg_searchres(const struct req *,
struct manpage *, size_t);
static void pg_show(struct req *, const char *);
-static void resp_begin_html(int, const char *);
+static void resp_begin_html(int, const char *, const char *);
static void resp_begin_http(int, const char *);
static void resp_catman(const struct req *, const char *);
static void resp_copy(const char *);
static const int sec_MAX = sizeof(sec_names) / sizeof(char *);
static const char *const arch_names[] = {
- "amd64", "alpha", "armv7",
+ "amd64", "alpha", "armv7", "arm64",
"hppa", "i386", "landisk",
"loongson", "luna88k", "macppc", "mips64",
"octeon", "sgi", "socppc", "sparc64",
{
switch (c) {
- case ('"'):
+ case '"':
printf(""");
break;
- case ('&'):
+ case '&':
printf("&");
break;
- case ('>'):
+ case '>':
printf(">");
break;
- case ('<'):
+ case '<':
printf("<");
break;
default:
}
static void
-resp_begin_html(int code, const char *msg)
+resp_begin_html(int code, const char *msg, const char *file)
{
+ char *cp;
resp_begin_http(code, msg);
" <meta charset=\"UTF-8\"/>\n"
" <link rel=\"stylesheet\" href=\"%s/mandoc.css\""
" type=\"text/css\" media=\"all\">\n"
- " <title>%s</title>\n"
+ " <title>",
+ CSS_DIR);
+ if (file != NULL) {
+ if ((cp = strrchr(file, '/')) != NULL)
+ file = cp + 1;
+ if ((cp = strrchr(file, '.')) != NULL) {
+ printf("%.*s(%s) - ", (int)(cp - file), file, cp + 1);
+ } else
+ printf("%s - ", file);
+ }
+ printf("%s</title>\n"
"</head>\n"
"<body>\n",
- CSS_DIR, CUSTOMIZE_TITLE);
+ CUSTOMIZE_TITLE);
resp_copy(MAN_DIR "/header.html");
}
pg_index(const struct req *req)
{
- resp_begin_html(200, NULL);
+ resp_begin_html(200, NULL, NULL);
resp_searchform(req, FOCUS_QUERY);
printf("<p>\n"
"This web interface is documented in the\n"
- "<a href=\"/%s%sman.cgi.8\">man.cgi(8)</a>\n"
+ "<a class=\"Xr\" href=\"/%s%sman.cgi.8\">man.cgi(8)</a>\n"
"manual, and the\n"
- "<a href=\"/%s%sapropos.1\">apropos(1)</a>\n"
+ "<a class=\"Xr\" href=\"/%s%sapropos.1\">apropos(1)</a>\n"
"manual explains the query syntax.\n"
"</p>\n",
scriptname, *scriptname == '\0' ? "" : "/",
static void
pg_noresult(const struct req *req, const char *msg)
{
- resp_begin_html(200, NULL);
+ resp_begin_html(200, NULL, NULL);
resp_searchform(req, FOCUS_QUERY);
puts("<p>");
puts(msg);
pg_error_badrequest(const char *msg)
{
- resp_begin_html(400, "Bad Request");
+ resp_begin_html(400, "Bad Request", NULL);
puts("<h1>Bad Request</h1>\n"
"<p>\n");
puts(msg);
static void
pg_error_internal(void)
{
- resp_begin_html(500, "Internal Server Error");
+ resp_begin_html(500, "Internal Server Error", NULL);
puts("<p>Internal Server Error</p>");
resp_end_html();
}
+static void
+pg_redirect(const struct req *req, const char *name)
+{
+ printf("Status: 303 See Other\r\n"
+ "Location: /");
+ if (*scriptname != '\0')
+ printf("%s/", scriptname);
+ if (strcmp(req->q.manpath, req->p[0]))
+ printf("%s/", req->q.manpath);
+ if (req->q.arch != NULL)
+ printf("%s/", req->q.arch);
+ printf("%s", name);
+ if (req->q.sec != NULL)
+ printf(".%s", req->q.sec);
+ printf("\r\nContent-Type: text/html; charset=utf-8\r\n\r\n");
+}
+
static void
pg_searchres(const struct req *req, struct manpage *r, size_t sz)
{
* If we have just one result, then jump there now
* without any delay.
*/
- printf("Status: 303 See Other\r\n");
- printf("Location: http://%s/%s%s%s/%s",
- HTTP_HOST, scriptname,
- *scriptname == '\0' ? "" : "/",
- req->q.manpath, r[0].file);
- printf("\r\n"
- "Content-Type: text/html; charset=utf-8\r\n"
- "\r\n");
+ printf("Status: 303 See Other\r\n"
+ "Location: /");
+ if (*scriptname != '\0')
+ printf("%s/", scriptname);
+ if (strcmp(req->q.manpath, req->p[0]))
+ printf("%s/", req->q.manpath);
+ printf("%s\r\n"
+ "Content-Type: text/html; charset=utf-8\r\n\r\n",
+ r[0].file);
return;
}
- resp_begin_html(200, NULL);
- resp_searchform(req,
- req->q.equal || sz == 1 ? FOCUS_NONE : FOCUS_QUERY);
-
- if (sz > 1) {
- puts("<div class=\"results\">");
- puts("<table>");
-
- for (i = 0; i < sz; i++) {
- printf(" <tr>\n"
- " <td class=\"title\">"
- "<a href=\"/%s%s%s/%s",
- scriptname, *scriptname == '\0' ? "" : "/",
- req->q.manpath, r[i].file);
- printf("\">");
- html_print(r[i].names);
- printf("</a></td>\n"
- " <td class=\"desc\">");
- html_print(r[i].output);
- puts("</td>\n"
- " </tr>");
- }
-
- puts("</table>\n"
- "</div>");
- }
-
/*
* In man(1) mode, show one of the pages
* even if more than one is found.
*/
+ iuse = 0;
if (req->q.equal || sz == 1) {
- puts("<hr>");
- iuse = 0;
priouse = 20;
archpriouse = 3;
for (i = 0; i < sz; i++) {
priouse = prio;
iuse = i;
}
+ resp_begin_html(200, NULL, r[iuse].file);
+ } else
+ resp_begin_html(200, NULL, NULL);
+
+ resp_searchform(req,
+ req->q.equal || sz == 1 ? FOCUS_NONE : FOCUS_QUERY);
+
+ if (sz > 1) {
+ puts("<table class=\"results\">");
+ for (i = 0; i < sz; i++) {
+ printf(" <tr>\n"
+ " <td>"
+ "<a class=\"Xr\" href=\"/");
+ if (*scriptname != '\0')
+ printf("%s/", scriptname);
+ if (strcmp(req->q.manpath, req->p[0]))
+ printf("%s/", req->q.manpath);
+ printf("%s\">", r[i].file);
+ html_print(r[i].names);
+ printf("</a></td>\n"
+ " <td><span class=\"Nd\">");
+ html_print(r[i].output);
+ puts("</span></td>\n"
+ " </tr>");
+ }
+ puts("</table>");
+ }
+
+ if (req->q.equal || sz == 1) {
+ puts("<hr>");
resp_show(req, r[iuse].file);
}
mchars_alloc();
mp = mparse_alloc(MPARSE_SO | MPARSE_UTF8 | MPARSE_LATIN1,
- MANDOCLEVEL_BADARG, NULL, req->q.manpath);
+ MANDOCERR_MAX, NULL, MANDOC_OS_OTHER, req->q.manpath);
mparse_readfd(mp, fd, file);
close(fd);
memset(&conf, 0, sizeof(conf));
conf.fragment = 1;
+ conf.style = mandoc_strdup(CSS_DIR "/mandoc.css");
usepath = strcmp(req->q.manpath, req->p[0]);
- mandoc_asprintf(&conf.man, "/%s%s%%N.%%S",
+ mandoc_asprintf(&conf.man, "/%s%s%s%s%%N.%%S",
+ scriptname, *scriptname == '\0' ? "" : "/",
usepath ? req->q.manpath : "", usepath ? "/" : "");
mparse_result(mp, &man, NULL);
mparse_free(mp);
mchars_free();
free(conf.man);
+ free(conf.style);
}
static void
return;
}
- resp_begin_html(200, NULL);
+ resp_begin_html(200, NULL, file);
resp_searchform(req, FOCUS_NONE);
resp_show(req, file);
resp_end_html();
}
}
- if (0 == mansearch(&search, &paths, argc, argv, &res, &ressz))
+ res = NULL;
+ ressz = 0;
+ if (req->isquery && req->q.equal && argc == 1)
+ pg_redirect(req, argv[0]);
+ else if (mansearch(&search, &paths, argc, argv, &res, &ressz) == 0)
pg_noresult(req, "You entered an invalid query.");
- else if (0 == ressz)
+ else if (ressz == 0)
pg_noresult(req, "No results found.");
else
pg_searchres(req, res, ressz);
const char *querystring;
int i;
+#if HAVE_PLEDGE
+ /*
+ * The "rpath" pledge could be revoked after mparse_readfd()
+ * if the file desciptor to "/footer.html" would be opened
+ * up front, but it's probably not worth the complication
+ * of the code it would cause: it would require scattering
+ * pledge() calls in multiple low-level resp_*() functions.
+ */
+
+ if (pledge("stdio rpath", NULL) == -1) {
+ warn("pledge");
+ pg_error_internal();
+ return EXIT_FAILURE;
+ }
+#endif
+
/* Poor man's ReDoS mitigation. */
itimer.it_value.tv_sec = 2;
if (*path != '\0') {
parse_path_info(&req, path);
- if (req.q.manpath == NULL || access(path, F_OK) == -1)
+ if (req.q.manpath == NULL || req.q.sec == NULL ||
+ *req.q.query == '\0' || access(path, F_OK) == -1)
path = "";
} else if ((querystring = getenv("QUERY_STRING")) != NULL)
parse_query_string(&req, querystring);