-/* $Id: cgi.c,v 1.97 2014/09/14 19:44:28 schwarze Exp $ */
+/* $Id: cgi.c,v 1.109 2015/10/06 18:32:19 schwarze Exp $ */
/*
* Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
- * Copyright (c) 2014 Ingo Schwarze <schwarze@usta.de>
+ * Copyright (c) 2014, 2015 Ingo Schwarze <schwarze@usta.de>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
#include <string.h>
#include <unistd.h>
-#include "mandoc.h"
#include "mandoc_aux.h"
+#include "mandoc.h"
+#include "roff.h"
#include "main.h"
-#include "manpath.h"
+#include "manconf.h"
#include "mansearch.h"
#include "cgi.h"
static void format(const struct req *, const char *);
static void html_print(const char *);
static void html_putchar(char);
-static int http_decode(char *);
+static int http_decode(char *);
static void http_parse(struct req *, const char *);
static void http_print(const char *);
-static void http_putchar(char);
+static void http_putchar(char);
static void http_printquery(const struct req *, const char *);
static void pathgen(struct req *);
static void pg_error_badrequest(const char *);
printf("%sarch=", sep);
http_print(req->q.arch);
}
- if (NULL != req->q.manpath &&
- strcmp(req->q.manpath, req->p[0])) {
+ if (strcmp(req->q.manpath, req->p[0])) {
printf("%smanpath=", sep);
http_print(req->q.manpath);
}
static void
html_print(const char *p)
{
-
+
if (NULL == p)
return;
while ('\0' != *p)
if (*qs != '\0')
qs++;
}
-
- /* Fall back to the default manpath. */
-
- if (req->q.manpath == NULL)
- req->q.manpath = mandoc_strdup(req->p[0]);
}
static void
for ( ; '\0' != *p; p++, q++) {
if ('%' == *p) {
if ('\0' == (hex[0] = *(p + 1)))
- return(0);
+ return 0;
if ('\0' == (hex[1] = *(p + 2)))
- return(0);
+ return 0;
if (1 != sscanf(hex, "%x", &c))
- return(0);
+ return 0;
if ('\0' == c)
- return(0);
+ return 0;
*q = (char)c;
p += 2;
}
*q = '\0';
- return(1);
+ return 1;
}
static void
resp_begin_http(code, msg);
- printf("<!DOCTYPE HTML PUBLIC "
- " \"-//W3C//DTD HTML 4.01//EN\""
- " \"http://www.w3.org/TR/html4/strict.dtd\">\n"
+ printf("<!DOCTYPE html>\n"
"<HTML>\n"
"<HEAD>\n"
- "<META HTTP-EQUIV=\"Content-Type\""
- " CONTENT=\"text/html; charset=utf-8\">\n"
+ "<META CHARSET=\"UTF-8\" />\n"
"<LINK REL=\"stylesheet\" HREF=\"%s/man-cgi.css\""
" TYPE=\"text/css\" media=\"all\">\n"
"<LINK REL=\"stylesheet\" HREF=\"%s/man.css\""
puts("<SELECT NAME=\"manpath\">");
for (i = 0; i < (int)req->psz; i++) {
printf("<OPTION ");
- if (NULL == req->q.manpath ? 0 == i :
- 0 == strcmp(req->q.manpath, req->p[i]))
+ if (strcmp(req->q.manpath, req->p[i]) == 0)
printf("SELECTED=\"selected\" ");
printf("VALUE=\"");
html_print(req->p[i]);
if ( ! (isalnum((unsigned char)*frag) ||
'-' == *frag || '.' == *frag ||
'/' == *frag || '_' == *frag))
- return(0);
+ return 0;
frag++;
}
- return(1);
+ return 1;
}
static int
size_t i;
if ( ! strcmp(manpath, "mandoc"))
- return(1);
+ return 1;
for (i = 0; i < req->psz; i++)
if ( ! strcmp(manpath, req->p[i]))
- return(1);
+ return 1;
- return(0);
+ return 0;
}
static int
if ('.' == file[0] && '/' == file[1])
file += 2;
- return ( ! (strstr(file, "../") || strstr(file, "/..") ||
- (strncmp(file, "man", 3) && strncmp(file, "cat", 3))));
+ return ! (strstr(file, "../") || strstr(file, "/..") ||
+ (strncmp(file, "man", 3) && strncmp(file, "cat", 3)));
}
static void
for (i = 0; i < sz; i++) {
printf("<TR>\n"
"<TD CLASS=\"title\">\n"
- "<A HREF=\"%s/%s/%s?",
+ "<A HREF=\"%s/%s/%s?",
scriptname, req->q.manpath, r[i].file);
http_printquery(req, "&");
printf("\">");
while (NULL != (p = fgetln(f, &len))) {
bold = italic = 0;
for (i = 0; i < (int)len - 1; i++) {
- /*
+ /*
* This means that the catpage is out of state.
* Ignore it and keep going (although the
* catpage is bogus).
continue;
}
- /*
+ /*
* Handle funny behaviour troff-isms.
* These grok'd from the original man2html.c.
*/
}
/* Bold mode. */
-
+
if (italic)
printf("</I>");
if ( ! bold)
html_putchar(p[i]);
}
- /*
+ /*
* Clean up the last character.
- * We can get to a newline; don't print that.
+ * We can get to a newline; don't print that.
*/
if (italic)
static void
format(const struct req *req, const char *file)
{
+ struct manoutput conf;
struct mparse *mp;
- struct mdoc *mdoc;
- struct man *man;
+ struct mchars *mchars;
+ struct roff_man *man;
void *vp;
- char *opts;
- enum mandoclevel rc;
int fd;
int usepath;
return;
}
- mp = mparse_alloc(MPARSE_SO, MANDOCLEVEL_FATAL, NULL,
- req->q.manpath);
- rc = mparse_readfd(mp, fd, file);
+ mchars = mchars_alloc();
+ mp = mparse_alloc(MPARSE_SO, MANDOCLEVEL_BADARG, NULL,
+ mchars, req->q.manpath);
+ mparse_readfd(mp, fd, file);
close(fd);
- if (rc >= MANDOCLEVEL_FATAL) {
- fprintf(stderr, "fatal mandoc error: %s/%s\n",
- req->q.manpath, file);
- pg_error_internal();
- return;
- }
-
+ memset(&conf, 0, sizeof(conf));
+ conf.fragment = 1;
usepath = strcmp(req->q.manpath, req->p[0]);
- mandoc_asprintf(&opts,
- "fragment,man=%s?query=%%N&sec=%%S%s%s%s%s",
+ mandoc_asprintf(&conf.man, "%s?query=%%N&sec=%%S%s%s%s%s",
scriptname,
req->q.arch ? "&arch=" : "",
req->q.arch ? req->q.arch : "",
usepath ? "&manpath=" : "",
usepath ? req->q.manpath : "");
- mparse_result(mp, &mdoc, &man, NULL);
- if (NULL == man && NULL == mdoc) {
+ mparse_result(mp, &man, NULL);
+ if (man == NULL) {
fprintf(stderr, "fatal mandoc error: %s/%s\n",
req->q.manpath, file);
pg_error_internal();
mparse_free(mp);
+ mchars_free(mchars);
return;
}
- vp = html_alloc(opts);
+ vp = html_alloc(mchars, &conf);
- if (NULL != mdoc)
- html_mdoc(vp, mdoc);
+ if (man->macroset == MACROSET_MDOC)
+ html_mdoc(vp, man);
else
html_man(vp, man);
html_free(vp);
mparse_free(mp);
- free(opts);
+ mchars_free(mchars);
+ free(conf.man);
}
static void
pg_error_badrequest(
"You did not specify a page to show.");
return;
- }
+ }
manpath = mandoc_strndup(fullpath, file - fullpath);
file++;
search.sec = req->q.sec;
search.outkey = "Nd";
search.argmode = req->q.equal ? ARG_NAME : ARG_EXPR;
+ search.firstmatch = 1;
paths.sz = 1;
paths.paths = mandoc_malloc(sizeof(char *));
/* Poor man's ReDoS mitigation. */
- itimer.it_value.tv_sec = 1;
+ itimer.it_value.tv_sec = 2;
itimer.it_value.tv_usec = 0;
- itimer.it_interval.tv_sec = 1;
+ itimer.it_interval.tv_sec = 2;
itimer.it_interval.tv_usec = 0;
if (setitimer(ITIMER_VIRTUAL, &itimer, NULL) == -1) {
fprintf(stderr, "setitimer: %s\n", strerror(errno));
pg_error_internal();
- return(EXIT_FAILURE);
+ return EXIT_FAILURE;
}
/* Scan our run-time environment. */
fprintf(stderr, "unsafe SCRIPT_NAME \"%s\"\n",
scriptname);
pg_error_internal();
- return(EXIT_FAILURE);
+ return EXIT_FAILURE;
}
/*
fprintf(stderr, "MAN_DIR: %s: %s\n",
MAN_DIR, strerror(errno));
pg_error_internal();
- return(EXIT_FAILURE);
- }
+ return EXIT_FAILURE;
+ }
memset(&req, 0, sizeof(struct req));
pathgen(&req);
if (NULL != (querystring = getenv("QUERY_STRING")))
http_parse(&req, querystring);
- if ( ! (NULL == req.q.manpath ||
- validate_manpath(&req, req.q.manpath))) {
+ if (req.q.manpath == NULL)
+ req.q.manpath = mandoc_strdup(req.p[0]);
+ else if ( ! validate_manpath(&req, req.q.manpath)) {
pg_error_badrequest(
"You specified an invalid manpath.");
- return(EXIT_FAILURE);
+ return EXIT_FAILURE;
}
if ( ! (NULL == req.q.arch || validate_urifrag(req.q.arch))) {
pg_error_badrequest(
"You specified an invalid architecture.");
- return(EXIT_FAILURE);
+ return EXIT_FAILURE;
}
/* Dispatch to the three different pages. */
for (i = 0; i < (int)req.psz; i++)
free(req.p[i]);
free(req.p);
- return(EXIT_SUCCESS);
+ return EXIT_SUCCESS;
}
/*
git.ckatri.com / mandoc.git / blobdiff