===================================================================
RCS file: /cvs/mandoc/cgi.c,v
retrieving revision 1.157
retrieving revision 1.162
diff -u -p -r1.157 -r1.162
--- mandoc/cgi.c	2018/05/18 14:23:00	1.157
+++ mandoc/cgi.c	2018/12/13 11:55:46	1.162
@@ -1,7 +1,7 @@
-/*	$Id: cgi.c,v 1.157 2018/05/18 14:23:00 schwarze Exp $ */
+/*	$Id: cgi.c,v 1.162 2018/12/13 11:55:46 schwarze Exp $ */
 /*
  * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
- * Copyright (c) 2014, 2015, 2016, 2017 Ingo Schwarze <schwarze@usta.de>
+ * Copyright (c) 2014, 2015, 2016, 2017, 2018 Ingo Schwarze <schwarze@usta.de>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -38,6 +38,7 @@
 #include "roff.h"
 #include "mdoc.h"
 #include "man.h"
+#include "mandoc_parse.h"
 #include "main.h"
 #include "manconf.h"
 #include "mansearch.h"
@@ -69,6 +70,7 @@ enum	focus {
 static	void		 html_print(const char *);
 static	void		 html_putchar(char);
 static	int		 http_decode(char *);
+static	void		 http_encode(const char *p);
 static	void		 parse_manpath_conf(struct req *);
 static	void		 parse_path_info(struct req *req, const char *path);
 static	void		 parse_query_string(struct req *, const char *);
@@ -90,6 +92,7 @@ static	void		 resp_format(const struct req *, const ch
 static	void		 resp_searchform(const struct req *, enum focus);
 static	void		 resp_show(const struct req *, const char *);
 static	void		 set_query_attr(char **, char **);
+static	int		 validate_arch(const char *);
 static	int		 validate_filename(const char *);
 static	int		 validate_manpath(const struct req *, const char *);
 static	int		 validate_urifrag(const char *);
@@ -316,6 +319,18 @@ http_decode(char *p)
 }
 
 static void
+http_encode(const char *p)
+{
+	for (; *p != '\0'; p++) {
+		if (isalnum((unsigned char)*p) == 0 &&
+		    strchr("-._~", *p) == NULL)
+			printf("%%%02.2X", (unsigned char)*p);
+		else
+			putchar(*p);
+	}
+}
+
+static void
 resp_begin_http(int code, const char *msg)
 {
 
@@ -400,7 +415,7 @@ resp_searchform(const struct req *req, enum focus focu
 
 	/* Write query input box. */
 
-	printf("    <input type=\"text\" name=\"query\" value=\"");
+	printf("    <input type=\"search\" name=\"query\" value=\"");
 	if (req->q.query != NULL)
 		html_print(req->q.query);
 	printf( "\" size=\"40\"");
@@ -436,7 +451,7 @@ resp_searchform(const struct req *req, enum focus focu
 		printf(" selected=\"selected\"");
 	puts(">All Architectures</option>");
 	for (i = 0; i < arch_MAX; i++) {
-		printf("      <option value=\"%s\"", arch_names[i]);
+		printf("      <option");
 		if (NULL != req->q.arch &&
 		    0 == strcmp(arch_names[i], req->q.arch))
 			printf(" selected=\"selected\"");
@@ -449,13 +464,11 @@ resp_searchform(const struct req *req, enum focus focu
 	if (req->psz > 1) {
 		puts("    <select name=\"manpath\">");
 		for (i = 0; i < (int)req->psz; i++) {
-			printf("      <option ");
+			printf("      <option");
 			if (strcmp(req->q.manpath, req->p[i]) == 0)
-				printf("selected=\"selected\" ");
-			printf("value=\"");
+				printf(" selected=\"selected\"");
+			printf(">");
 			html_print(req->p[i]);
-			printf("\">");
-			html_print(req->p[i]);
 			puts("</option>");
 		}
 		puts("    </select>");
@@ -492,6 +505,18 @@ validate_manpath(const struct req *req, const char* ma
 }
 
 static int
+validate_arch(const char *arch)
+{
+	int	 i;
+
+	for (i = 0; i < arch_MAX; i++)
+		if (strcmp(arch, arch_names[i]) == 0)
+			return 1;
+
+	return 0;
+}
+
+static int
 validate_filename(const char *file)
 {
 
@@ -564,9 +589,11 @@ pg_redirect(const struct req *req, const char *name)
 		printf("%s/", req->q.manpath);
 	if (req->q.arch != NULL)
 		printf("%s/", req->q.arch);
-	printf("%s", name);
-	if (req->q.sec != NULL)
-		printf(".%s", req->q.sec);
+	http_encode(name);
+	if (req->q.sec != NULL) {
+		putchar('.');
+		http_encode(req->q.sec);
+	}
 	printf("\r\nContent-Type: text/html; charset=utf-8\r\n\r\n");
 }
 
@@ -841,6 +868,7 @@ resp_format(const struct req *req, const char *file)
 	memset(&conf, 0, sizeof(conf));
 	conf.fragment = 1;
 	conf.style = mandoc_strdup(CSS_DIR "/mandoc.css");
+	conf.toc = 1;
 	usepath = strcmp(req->q.manpath, req->p[0]);
 	mandoc_asprintf(&conf.man, "/%s%s%s%s%%N.%%S",
 	    scriptname, *scriptname == '\0' ? "" : "/",
@@ -1091,7 +1119,7 @@ main(void)
 		return EXIT_FAILURE;
 	}
 
-	if ( ! (NULL == req.q.arch || validate_urifrag(req.q.arch))) {
+	if (req.q.arch != NULL && validate_arch(req.q.arch) == 0) {
 		pg_error_badrequest(
 		    "You specified an invalid architecture.");
 		return EXIT_FAILURE;
@@ -1117,80 +1145,74 @@ main(void)
 }
 
 /*
- * If PATH_INFO is not a file name, translate it to a query.
+ * Translate PATH_INFO to a query.
  */
 static void
 parse_path_info(struct req *req, const char *path)
 {
-	char	*dir[4];
-	int	 i;
+	const char	*name, *sec, *end;
 
 	req->isquery = 0;
 	req->q.equal = 1;
-	req->q.manpath = mandoc_strdup(path);
+	req->q.manpath = NULL;
 	req->q.arch = NULL;
 
 	/* Mandatory manual page name. */
-	if ((req->q.query = strrchr(req->q.manpath, '/')) == NULL) {
-		req->q.query = req->q.manpath;
-		req->q.manpath = NULL;
-	} else
-		*req->q.query++ = '\0';
+	if ((name = strrchr(path, '/')) == NULL)
+		name = path;
+	else
+		name++;
 
 	/* Optional trailing section. */
-	if ((req->q.sec = strrchr(req->q.query, '.')) != NULL) {
-		if(isdigit((unsigned char)req->q.sec[1])) {
-			*req->q.sec++ = '\0';
-			req->q.sec = mandoc_strdup(req->q.sec);
-		} else
-			req->q.sec = NULL;
+	sec = strrchr(name, '.');
+	if (sec != NULL && isdigit((unsigned char)*++sec)) {
+		req->q.query = mandoc_strndup(name, sec - name - 1);
+		req->q.sec = mandoc_strdup(sec);
+	} else {
+		req->q.query = mandoc_strdup(name);
+		req->q.sec = NULL;
 	}
 
 	/* Handle the case of name[.section] only. */
-	if (req->q.manpath == NULL)
+	if (name == path)
 		return;
-	req->q.query = mandoc_strdup(req->q.query);
 
-	/* Split directory components. */
-	dir[i = 0] = req->q.manpath;
-	while ((dir[i + 1] = strchr(dir[i], '/')) != NULL) {
-		if (++i == 3) {
-			pg_error_badrequest(
-			    "You specified too many directory components.");
-			exit(EXIT_FAILURE);
-		}
-		*dir[i]++ = '\0';
-	}
-
 	/* Optional manpath. */
-	if ((i = validate_manpath(req, req->q.manpath)) == 0)
+	end = strchr(path, '/');
+	req->q.manpath = mandoc_strndup(path, end - path);
+	if (validate_manpath(req, req->q.manpath)) {
+		path = end + 1;
+		if (name == path)
+			return;
+	} else {
+		free(req->q.manpath);
 		req->q.manpath = NULL;
-	else if (dir[1] == NULL)
-		return;
+	}
 
 	/* Optional section. */
-	if (strncmp(dir[i], "man", 3) == 0) {
+	if (strncmp(path, "man", 3) == 0) {
+		path += 3;
+		end = strchr(path, '/');
 		free(req->q.sec);
-		req->q.sec = mandoc_strdup(dir[i++] + 3);
+		req->q.sec = mandoc_strndup(path, end - path);
+		path = end + 1;
+		if (name == path)
+			return;
 	}
-	if (dir[i] == NULL) {
-		if (req->q.manpath == NULL)
-			free(dir[0]);
-		return;
+
+	/* Optional architecture. */
+	end = strchr(path, '/');
+	if (end + 1 != name) {
+		pg_error_badrequest(
+		    "You specified too many directory components.");
+		exit(EXIT_FAILURE);
 	}
-	if (dir[i + 1] != NULL) {
+	req->q.arch = mandoc_strndup(path, end - path);
+	if (validate_arch(req->q.arch) == 0) {
 		pg_error_badrequest(
 		    "You specified an invalid directory component.");
 		exit(EXIT_FAILURE);
 	}
-
-	/* Optional architecture. */
-	if (i) {
-		req->q.arch = mandoc_strdup(dir[i]);
-		if (req->q.manpath == NULL)
-			free(dir[0]);
-	} else
-		req->q.arch = dir[0];
 }
 
 /*