| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
is "const unsigned char *", which causes warnings with GCC on Linux.
Explicitly cast to "const char *" to avoid this.
Issue noticed by kristaps@.
|
| |
|
|
|
|
|
|
|
| |
provide a dummy fallback implementation.
Do not bother to decode the error, SQLite error codes
are not useful enough for that to be worthwhile.
Note that using sqlite3_errmsg(db) would be a bad idea:
On malloc() failure, db is NULL, which would cause a segfault.
Issue noticed by kristaps@.
|
| |
|
|
|
| |
simply ignore it, as using it is merely an optimization.
Issue noticed by kristaps@.
|
| |
|
|
|
|
|
|
| |
* POSIX syntax is 'include Makefile.depend', not '.include "Makefile.depend"'
* gmake(1) runs the build rule for the included file (duh), so delete the rule
* consequently, we have to mark the 'depend' maintainer target .PHONY
* as it's now .PHONY anyway, drop some prerequisites that are now useless
Issue noticed by kristaps@.
|
| |
|
|
|
| |
Split mandoc_escape(3), mandoc_malloc(3), and mchars_alloc(3)
out of mandoc(3), adding lots of new information.
|
| |
|
|
| |
Provide a maintainer target to regenerate them.
|
| |
|
|
|
|
|
|
|
|
|
| |
* Introduce targets base-build, db-build, cgi-build.
* Introduce targets base-install, db-install, cgi-install.
* Introduce a BUILD_TARGETS variable to contain db-build and cgi-build.
* Introduce an INSTALL_TARGETS variable and fill it using BUILD_TARGETS.
* Install the whatis(1) and makewhatis(8) binaries.
* Install the apropos(1), whatis(1), and makewhatis(8) manuals.
* Install mandoc_aux.h.
* Do not build manpage(1) by default.
|
| |
|
|
|
|
|
|
| |
* Do not unconditionally use -I/usr/local/include and -L/usr/local/lib.
* Do not install programs and libs root-writeable.
* Add missing test-strcasestr.c and test-strsep.c to TESTSRCS.
* Add missing cgi.h.example and mandoc_html.3 to SRCS.
* Add missing mandoc_html.3.html to WWW_MANS.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Saves 36 static arrays and 10 lines of code
at the expense of only five new trivial static functions.
No functional change.
|
| |
|
|
|
| |
Saves 12 static arrays and 19 lines of code.
No functional change.
|
| |
|
|
|
|
|
|
|
| |
Drop pre-handlers, they were almost unused.
Drop the needless complexity of allowing more than one post-handler.
This saves one internal interface function, one static function, one
private struct definition, sixteen static arrays, and 45 lines of code.
No functional change.
|
| |
|
|
|
|
|
|
|
| |
properly round to the nearest M (=0.001m), which is the smallest
available unit.
This avoids weirdness like (size_t)(0.6 * 10.0) == 5
by instead calculating (size_t)(0.6 * 10.0 + 0.0005) == 6,
and so it fixes the indentation of the readline(3) manual.
|
| |
|
|
|
|
| |
Write double constants as double rather than integer literals.
Remove useless explicit (double) cast done at one place and nowhere else.
No functional change.
|
| | |
|
| | |
|
| |
|
|
| |
and thus get rid of the last useless fatal error.
|
| |
|
|
| |
and report the macro name and argument.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
right after the -column argument and some at the very end of the
argument list, after some other arguments like -compact, concatenate
the column lists.
This gets rid of one of the last useless FATAL errors
and actually shortens the code by a few lines.
This fixes an issue introduced more than five years ago, at first
causing an assert() since mdoc_action.c rev. 1.14 (June 17, 2009),
then later a FATAL error since mdoc_validate rev. 1.130 (Nov. 30, 2010),
and marked as "TODO" ever since.
|
| |
|
|
|
|
| |
The last remaining instance was .It in .Bl -column with more than one
excessive .Ta. However, simply downgrading from FATAL to ERROR, it just
works fine, almost the same way as in groff, without any other changes.
|
| |
|
|
|
|
| |
Detect the condition earlier, report in the error message
which block is broken, and delete the broken block.
Consequently, empty section headers can no longer happen.
|
| | |
|
| |
|
|
| |
No functional change.
|
| |
|
|
|
| |
When finding items outside lists, simply skip them and throw an ERROR.
Handle subsections before the first section instead of bailing out.
|
| |
|
|
|
| |
When a file contains neither text nor macros, treat it as an empty document.
When the mdoc(7) document prologue is incomplete, use some default values.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* let .Nm fall back to the empty string, not to UNKNOWN
* never let .Rv copy an argument from .Nm
* avoid spurious \fR after empty .Nm in -Tman
* correct handling of .Ex and .Rv in -Tman
* correct the wording of the output for .Rv without arguments
* use non-breaking spaces in .Ex and .Rv output where required
* split MANDOCERR_NONAME into a warning for .Ex and an error for .Nm
|
| |
|
|
| |
and remove some items that have already been taken care of
|
| |
|
|
|
|
|
|
|
| |
In groff, .Bd -centered operates in fill mode, which is relatively
hard to implement, while this implementation operates in non-fill
mode so far. As long as you pay attention that your lines do not
overflow, it works. To make sure that rendering is the same for
mandoc and groff, it is recommended to insert .br between lines
for now. This implementation will need improvement later.
|
| | |
|
| |
|
|
| |
as a normal space character, and not width 0. Bug reported by bentley@.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Printing query strings for URIs *always* needs URI-encoding, and when
embedding the URI into an HTML document, it needs replacement of
the "&" separators by "&" *in addition to that*, not instead.
Delete the function html_primtquery(), it was completely wrong.
You can see the badness by entering "mandoc &sec=2" into the query input
box before this patch and click "Submit". You come to the right page at
first (...man.cgi?query=mandoc+%26sec%3D2&apropos=0&sec=0&...), but now
the link to mandoc(1) is wrong: ...mandoc.1?query=mandoc &sec=2&...
Clicking on that, the "&sec=2" disappears from the query input box and
suddenly you have the first dropdown set to "2 - System Calls". Oops.
|
| |
|
|
|
| |
and leave out the manpath when it is the default.
For building the HTML formatter options, do not use a static buffer.
|
| |
|
|
| |
fixing an oversight introduced in rev. 1.77
|
| |
|
|
|
|
|
|
|
|
|
|
| |
by the search form, it's just the order of the fields in the form.
Actually, that's not too bad; the generated URI resembles the
generating form.
To minimize confusion for people looking at URIs, give the keys
in the same order when generating URIs for search listings and
search redirections, the latter being used instead of search
listings that would have only one single entry. Also, if the
manpath is the default, remove it form the generated URIs.
|
| |
|
|
| |
and avoid empty arch= keys.
|
| |
|
|
| |
of XHTML syntax. Also add some cosmetic newlines to the HTML code.
|
| |
|
|
|
|
| |
QUERY_STRING keys, so rename "expr" to "query".
Also add some missing function prototypes.
No functional change.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
1. Make sure the last occurrence of each key is used, even if
it is empty, in which case it resets the value to the default.
2. When there is an HTTP encoding error, skip the affected
key-value pair only, but not all subsequent key-value pairs.
3. Do not modify a string returned from getenv(3).
4. Do not assume the NULL pointer is all null bits.
|
| |
|
|
|
|
|
|
| |
By moving the sort from cgi.c to mansearch.c, we get two advantages:
Easier access to the data needed for sorting, in particular the section
number, and the apropos(1) command line utility profits as well.
Feature requested by deraadt@.
|
| |
|
|
|
|
|
| |
Still, amd64 remains the default in the following sense:
If a man(1) mode search returns more than one page of the same name,
prefer amd64 over other architectures for immediate display.
ok deraadt@ daniel@
|
| | |
|
| |
|
|
| |
Stuff i learnt during my audit for XSS vulnerabilities.
|
| |
|
|
|
|
|
|
|
|
| |
After decoding numeric (\N) and one-character (\<, \> etc.)
character escape sequences, do not forget to HTML-encode the
resulting ASCII character. Malicious manuals were able to smuggle
XSS content by roff-escaping the HTML-special characters they need.
That's a classic bug type in many web applications, actually... :-(
Found myself while auditing the HTML formatter for safe output handling.
|
| |
|
|
|
|
|
|
|
|
| |
The function print_encode() is used both for plain text
and for quoted attribute values.
Escape the '"' character such that malicious manuals cannot pull off
XSS attacks using malformed .Lk, .Mt, .%U, and .UR macros (and maybe
others) to trigger the latter case.
In the former case, escaping does no harm.
Issue found by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
|
Ingo Schwarze