mandoc/cgi.c - diff

Return to cgi.c CVS log

Up to [cvsweb.bsd.lv] / mandoc

Diff for /mandoc/cgi.c between version 1.86 and 1.95

version 1.86, 2014/07/25 17:34:06

version 1.95, 2014/08/21 16:05:21

Line 15

* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

#ifdef HAVE_CONFIG_H

#include "config.h"

#endif

#include <sys/types.h>

#include <sys/time.h>

#include <ctype.h>

#include <errno.h>

#include <fcntl.h>

#include <limits.h>

#include <stdint.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

Line 55 struct req {

Line 57 struct req {

static void catman(const struct req *, const char *);

static void format(const struct req *, const char *);

static void html_print(const char *);

static void html_printquery(const struct req *);

static void html_putchar(char);

static int http_decode(char *);

static void http_parse(struct req *, const char *);

static void http_print(const char *);

static void http_putchar(char);

static void http_printquery(const struct req *);

static void http_printquery(const struct req *, const char *);

static void pathgen(struct req *);

static void pg_error_badrequest(const char *);

static void pg_error_internal(void);

Line 145 html_putchar(char c)

Line 146 html_putchar(char c)

}

static void

http_printquery(const struct req *req)

http_printquery(const struct req *req, const char *sep)

{

if (NULL != req->q.manpath) {

printf("&manpath=");

http_print(req->q.manpath);

}

if (NULL != req->q.sec) {

printf("&sec=");

http_print(req->q.sec);

}

if (NULL != req->q.arch) {

printf("&arch=");

http_print(req->q.arch);

}

if (NULL != req->q.query) {

printf("&query=");

printf("query=");

http_print(req->q.query);

}

if (0 == req->q.equal)

printf("&apropos=1");

printf("%sapropos=1", sep);

}

static void

html_printquery(const struct req *req)

{

if (NULL != req->q.manpath) {

printf("&manpath=");

html_print(req->q.manpath);

}

if (NULL != req->q.sec) {

printf("&sec=");

printf("%ssec=", sep);

html_print(req->q.sec);

http_print(req->q.sec);

}

if (NULL != req->q.arch) {

printf("&arch=");

printf("%sarch=", sep);

html_print(req->q.arch);

http_print(req->q.arch);

}

if (NULL != req->q.query) {

if (NULL != req->q.manpath &&

printf("&query=");

strcmp(req->q.manpath, req->p[0])) {

html_print(req->q.query);

printf("%smanpath=", sep);

http_print(req->q.manpath);

}

if (0 == req->q.equal)

printf("&apropos=1");

}

static void

Line 638 pg_searchres(const struct req *req, struct manpage *r,

Line 616 pg_searchres(const struct req *req, struct manpage *r,

printf("Status: 303 See Other\r\n");

printf("Location: http://%s%s/%s/%s?",

HTTP_HOST, scriptname, req->q.manpath, r[0].file);

http_printquery(req);

http_printquery(req, "&");

printf("\r\n"

"Content-Type: text/html; charset=utf-8\r\n"

"\r\n");

Line 655 pg_searchres(const struct req *req, struct manpage *r,

Line 633 pg_searchres(const struct req *req, struct manpage *r,

"<TD CLASS=\"title\">\n"

"<A HREF=\"%s/%s/%s?",

scriptname, req->q.manpath, r[i].file);

html_printquery(req);

http_printquery(req, "&");

printf("\">");

html_print(r[i].names);

printf("</A>\n"

Line 849 static void

Line 827 static void

format(const struct req *req, const char *file)

{

struct mparse *mp;

int fd;

struct mdoc *mdoc;

struct man *man;

void *vp;

char *opts;

enum mandoclevel rc;

char opts[PATH_MAX + 128];

int fd;

int usepath;

if (-1 == (fd = open(file, O_RDONLY, 0))) {

puts("<P>You specified an invalid manual file.</P>");

Line 873 format(const struct req *req, const char *file)

Line 852 format(const struct req *req, const char *file)

return;

}

snprintf(opts, sizeof(opts), "fragment,man=%s?"

usepath = strcmp(req->q.manpath, req->p[0]);

"manpath=%s&query=%%N&sec=%%S&arch=%s",

mandoc_asprintf(&opts,

scriptname, req->q.manpath,

"fragment,man=%s?query=%%N&sec=%%S%s%s%s%s",

req->q.arch ? req->q.arch : "");

scriptname,

req->q.arch ? "&arch=" : "",

req->q.arch ? req->q.arch : "",

usepath ? "&manpath=" : "",

usepath ? req->q.manpath : "");

mparse_result(mp, &mdoc, &man, NULL);

if (NULL == man && NULL == mdoc) {

Line 896 format(const struct req *req, const char *file)

Line 879 format(const struct req *req, const char *file)

html_free(vp);

mparse_free(mp);

free(opts);

}

static void

Line 990 pg_search(const struct req *req)

Line 974 pg_search(const struct req *req)

search.arch = req->q.arch;

search.sec = req->q.sec;

search.deftype = req->q.equal ? TYPE_Nm : (TYPE_Nm | TYPE_Nd);

search.outkey = "Nd";

search.flags = req->q.equal ? MANSEARCH_MAN : 0;

search.argmode = req->q.equal ? ARG_NAME : ARG_EXPR;

paths.sz = 1;

paths.paths = mandoc_malloc(sizeof(char *));

Line 1020 pg_search(const struct req *req)

Line 1004 pg_search(const struct req *req)

ep++;

}

if (0 == mansearch(&search, &paths, sz, cp, "Nd", &res, &ressz))

if (0 == mansearch(&search, &paths, sz, cp, &res, &ressz))

pg_noresult(req, "You entered an invalid query.");

else if (0 == ressz)

pg_noresult(req, "No results found.");

Line 1046 int

Line 1030 int

main(void)

{

struct req req;

struct itimerval itimer;

const char *path;

const char *querystring;

int i;

/* Poor man's ReDoS mitigation. */

itimer.it_value.tv_sec = 1;

itimer.it_value.tv_usec = 0;

itimer.it_interval.tv_sec = 1;

itimer.it_interval.tv_usec = 0;

if (setitimer(ITIMER_VIRTUAL, &itimer, NULL) == -1) {

fprintf(stderr, "setitimer: %s\n", strerror(errno));

pg_error_internal();

return(EXIT_FAILURE);

}

/* Scan our run-time environment. */

if (NULL == (scriptname = getenv("SCRIPT_NAME")))

Line 1083 main(void)

Line 1080 main(void)

if (NULL != (querystring = getenv("QUERY_STRING")))

http_parse(&req, querystring);

if ( ! validate_manpath(&req, req.q.manpath)) {

if ( ! (NULL == req.q.manpath ||

validate_manpath(&req, req.q.manpath))) {

pg_error_badrequest(

"You specified an invalid manpath.");

return(EXIT_FAILURE);

CVSweb