===================================================================
RCS file: /cvs/mandoc/cgi.c,v
retrieving revision 1.141
retrieving revision 1.149
diff -u -p -r1.141 -r1.149
--- mandoc/cgi.c	2016/09/12 00:06:20	1.141
+++ mandoc/cgi.c	2017/03/15 10:17:29	1.149
@@ -1,7 +1,7 @@
-/*	$Id: cgi.c,v 1.141 2016/09/12 00:06:20 schwarze Exp $ */
+/*	$Id: cgi.c,v 1.149 2017/03/15 10:17:29 schwarze Exp $ */
 /*
  * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
- * Copyright (c) 2014, 2015, 2016 Ingo Schwarze <schwarze@usta.de>
+ * Copyright (c) 2014, 2015, 2016, 2017 Ingo Schwarze <schwarze@usta.de>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -21,7 +21,9 @@
 #include <sys/time.h>
 
 #include <ctype.h>
+#if HAVE_ERR
 #include <err.h>
+#endif
 #include <errno.h>
 #include <fcntl.h>
 #include <limits.h>
@@ -74,6 +76,7 @@ static	void		 pg_error_badrequest(const char *);
 static	void		 pg_error_internal(void);
 static	void		 pg_index(const struct req *);
 static	void		 pg_noresult(const struct req *, const char *);
+static	void		 pg_redirect(const struct req *, const char *);
 static	void		 pg_search(const struct req *);
 static	void		 pg_searchres(const struct req *,
 				struct manpage *, size_t);
@@ -113,7 +116,7 @@ static	const char *const sec_names[] = {
 static	const int sec_MAX = sizeof(sec_names) / sizeof(char *);
 
 static	const char *const arch_names[] = {
-    "amd64",       "alpha",       "armv7",
+    "amd64",       "alpha",       "armv7",	"arm64",
     "hppa",        "i386",        "landisk",
     "loongson",    "luna88k",     "macppc",      "mips64",
     "octeon",      "sgi",         "socppc",      "sparc64",
@@ -351,13 +354,12 @@ resp_begin_html(int code, const char *msg)
 	printf("<!DOCTYPE html>\n"
 	       "<html>\n"
 	       "<head>\n"
-	       "<meta charset=\"UTF-8\"/>\n"
-	       "<link rel=\"stylesheet\" href=\"%s/mandoc.css\""
+	       "  <meta charset=\"UTF-8\"/>\n"
+	       "  <link rel=\"stylesheet\" href=\"%s/mandoc.css\""
 	       " type=\"text/css\" media=\"all\">\n"
-	       "<title>%s</title>\n"
+	       "  <title>%s</title>\n"
 	       "</head>\n"
-	       "<body>\n"
-	       "<!-- Begin page content. //-->\n",
+	       "<body>\n",
 	       CSS_DIR, CUSTOMIZE_TITLE);
 
 	resp_copy(MAN_DIR "/header.html");
@@ -378,16 +380,14 @@ resp_searchform(const struct req *req, enum focus focu
 {
 	int		 i;
 
-	puts("<!-- Begin search form. //-->");
-	printf("<div id=\"mancgi\">\n"
-	       "<form action=\"/%s\" method=\"get\">\n"
-	       "<fieldset>\n"
-	       "<legend>Manual Page Search Parameters</legend>\n",
+	printf("<form action=\"/%s\" method=\"get\">\n"
+	       "  <fieldset>\n"
+	       "    <legend>Manual Page Search Parameters</legend>\n",
 	       scriptname);
 
 	/* Write query input box. */
 
-	printf("<input type=\"text\" name=\"query\" value=\"");
+	printf("    <input type=\"text\" name=\"query\" value=\"");
 	if (req->q.query != NULL)
 		html_print(req->q.query);
 	printf( "\" size=\"40\"");
@@ -397,45 +397,46 @@ resp_searchform(const struct req *req, enum focus focu
 
 	/* Write submission buttons. */
 
-	printf(	"<button type=\"submit\" name=\"apropos\" value=\"0\">"
+	printf(	"    <button type=\"submit\" name=\"apropos\" value=\"0\">"
 		"man</button>\n"
-		"<button type=\"submit\" name=\"apropos\" value=\"1\">"
-		"apropos</button>\n<br/>\n");
+		"    <button type=\"submit\" name=\"apropos\" value=\"1\">"
+		"apropos</button>\n"
+		"    <br/>\n");
 
 	/* Write section selector. */
 
-	puts("<select name=\"sec\">");
+	puts("    <select name=\"sec\">");
 	for (i = 0; i < sec_MAX; i++) {
-		printf("<option value=\"%s\"", sec_numbers[i]);
+		printf("      <option value=\"%s\"", sec_numbers[i]);
 		if (NULL != req->q.sec &&
 		    0 == strcmp(sec_numbers[i], req->q.sec))
 			printf(" selected=\"selected\"");
 		printf(">%s</option>\n", sec_names[i]);
 	}
-	puts("</select>");
+	puts("    </select>");
 
 	/* Write architecture selector. */
 
-	printf(	"<select name=\"arch\">\n"
-		"<option value=\"default\"");
+	printf(	"    <select name=\"arch\">\n"
+		"      <option value=\"default\"");
 	if (NULL == req->q.arch)
 		printf(" selected=\"selected\"");
 	puts(">All Architectures</option>");
 	for (i = 0; i < arch_MAX; i++) {
-		printf("<option value=\"%s\"", arch_names[i]);
+		printf("      <option value=\"%s\"", arch_names[i]);
 		if (NULL != req->q.arch &&
 		    0 == strcmp(arch_names[i], req->q.arch))
 			printf(" selected=\"selected\"");
 		printf(">%s</option>\n", arch_names[i]);
 	}
-	puts("</select>");
+	puts("    </select>");
 
 	/* Write manpath selector. */
 
 	if (req->psz > 1) {
-		puts("<select name=\"manpath\">");
+		puts("    <select name=\"manpath\">");
 		for (i = 0; i < (int)req->psz; i++) {
-			printf("<option ");
+			printf("      <option ");
 			if (strcmp(req->q.manpath, req->p[i]) == 0)
 				printf("selected=\"selected\" ");
 			printf("value=\"");
@@ -444,13 +445,11 @@ resp_searchform(const struct req *req, enum focus focu
 			html_print(req->p[i]);
 			puts("</option>");
 		}
-		puts("</select>");
+		puts("    </select>");
 	}
 
-	puts("</fieldset>\n"
-	     "</form>\n"
-	     "</div>");
-	puts("<!-- End search form. //-->");
+	puts("  </fieldset>\n"
+	     "</form>");
 }
 
 static int
@@ -498,9 +497,9 @@ pg_index(const struct req *req)
 	resp_searchform(req, FOCUS_QUERY);
 	printf("<p>\n"
 	       "This web interface is documented in the\n"
-	       "<a href=\"/%s%sman.cgi.8\">man.cgi(8)</a>\n"
+	       "<a class=\"Xr\" href=\"/%s%sman.cgi.8\">man.cgi(8)</a>\n"
 	       "manual, and the\n"
-	       "<a href=\"/%s%sapropos.1\">apropos(1)</a>\n"
+	       "<a class=\"Xr\" href=\"/%s%sapropos.1\">apropos(1)</a>\n"
 	       "manual explains the query syntax.\n"
 	       "</p>\n",
 	       scriptname, *scriptname == '\0' ? "" : "/",
@@ -542,6 +541,23 @@ pg_error_internal(void)
 }
 
 static void
+pg_redirect(const struct req *req, const char *name)
+{
+	printf("Status: 303 See Other\r\n");
+	printf("Location: http://%s/", HTTP_HOST);
+	if (*scriptname != '\0')
+		printf("%s/", scriptname);
+	if (strcmp(req->q.manpath, req->p[0]))
+		printf("%s/", req->q.manpath);
+	if (req->q.arch != NULL)
+		printf("%s/", req->q.arch);
+	printf("%s", name);
+	if (req->q.sec != NULL)
+		printf(".%s", req->q.sec);
+	printf("\r\nContent-Type: text/html; charset=utf-8\r\n\r\n");
+}
+
+static void
 pg_searchres(const struct req *req, struct manpage *r, size_t sz)
 {
 	char		*arch, *archend;
@@ -580,27 +596,21 @@ pg_searchres(const struct req *req, struct manpage *r,
 	    req->q.equal || sz == 1 ? FOCUS_NONE : FOCUS_QUERY);
 
 	if (sz > 1) {
-		puts("<div class=\"results\">");
-		puts("<table>");
-
+		puts("<table class=\"results\">");
 		for (i = 0; i < sz; i++) {
-			printf("<tr>\n"
-			       "<td class=\"title\">\n"
-			       "<a href=\"/%s%s%s/%s",
+			printf("  <tr>\n"
+			       "    <td>"
+			       "<a class=\"Xr\" href=\"/%s%s%s/%s\">",
 			    scriptname, *scriptname == '\0' ? "" : "/",
 			    req->q.manpath, r[i].file);
-			printf("\">");
 			html_print(r[i].names);
-			printf("</a>\n"
-			       "</td>\n"
-			       "<td class=\"desc\">");
+			printf("</a></td>\n"
+			       "    <td><span class=\"Nd\">");
 			html_print(r[i].output);
-			puts("</td>\n"
-			     "</tr>");
+			puts("</span></td>\n"
+			     "  </tr>");
 		}
-
-		puts("</table>\n"
-		     "</div>");
+		puts("</table>");
 	}
 
 	/*
@@ -809,6 +819,7 @@ resp_format(const struct req *req, const char *file)
 
 	memset(&conf, 0, sizeof(conf));
 	conf.fragment = 1;
+	conf.style = mandoc_strdup(CSS_DIR "/mandoc.css");
 	usepath = strcmp(req->q.manpath, req->p[0]);
 	mandoc_asprintf(&conf.man, "/%s%s%%N.%%S",
 	    usepath ? req->q.manpath : "", usepath ? "/" : "");
@@ -836,6 +847,7 @@ resp_format(const struct req *req, const char *file)
 	mparse_free(mp);
 	mchars_free();
 	free(conf.man);
+	free(conf.style);
 }
 
 static void
@@ -962,9 +974,13 @@ pg_search(const struct req *req)
 		}
 	}
 
-	if (0 == mansearch(&search, &paths, argc, argv, &res, &ressz))
+	res = NULL;
+	ressz = 0;
+	if (req->isquery && req->q.equal && argc == 1)
+		pg_redirect(req, argv[0]);
+	else if (mansearch(&search, &paths, argc, argv, &res, &ressz) == 0)
 		pg_noresult(req, "You entered an invalid query.");
-	else if (0 == ressz)
+	else if (ressz == 0)
 		pg_noresult(req, "No results found.");
 	else
 		pg_searchres(req, res, ressz);
@@ -983,6 +999,22 @@ main(void)
 	const char	*path;
 	const char	*querystring;
 	int		 i;
+
+#if HAVE_PLEDGE
+	/*
+	 * The "rpath" pledge could be revoked after mparse_readfd()
+	 * if the file desciptor to "/footer.html" would be opened
+	 * up front, but it's probably not worth the complication
+	 * of the code it would cause: it would require scattering
+	 * pledge() calls in multiple low-level resp_*() functions.
+	 */
+
+	if (pledge("stdio rpath", NULL) == -1) {
+		warn("pledge");
+		pg_error_internal();
+		return EXIT_FAILURE;
+	}
+#endif
 
 	/* Poor man's ReDoS mitigation. */