=================================================================== RCS file: /cvs/mandoc/cgi.c,v retrieving revision 1.84 retrieving revision 1.88 diff -u -p -r1.84 -r1.88 --- mandoc/cgi.c 2014/07/25 16:43:37 1.84 +++ mandoc/cgi.c 2014/07/25 18:20:39 1.88 @@ -1,4 +1,4 @@ -/* $Id: cgi.c,v 1.84 2014/07/25 16:43:37 schwarze Exp $ */ +/* $Id: cgi.c,v 1.88 2014/07/25 18:20:39 schwarze Exp $ */ /* * Copyright (c) 2011, 2012 Kristaps Dzonsons * Copyright (c) 2014 Ingo Schwarze @@ -42,7 +42,7 @@ struct query { char *manpath; /* desired manual directory */ char *arch; /* architecture */ char *sec; /* manual section */ - char *expr; /* unparsed expression string */ + char *query; /* unparsed query expression */ int equal; /* match whole names, not substrings */ }; @@ -76,6 +76,10 @@ static void resp_begin_http(int, const char *); static void resp_end_html(void); static void resp_searchform(const struct req *); static void resp_show(const struct req *, const char *); +static void set_query_attr(char **, char **); +static int validate_filename(const char *); +static int validate_manpath(const struct req *, const char *); +static int validate_urifrag(const char *); static const char *scriptname; /* CGI script name */ @@ -144,10 +148,12 @@ static void http_printquery(const struct req *req) { - if (NULL != req->q.manpath) { - printf("&manpath="); - http_print(req->q.manpath); + if (NULL != req->q.query) { + printf("query="); + http_print(req->q.query); } + if (0 == req->q.equal) + printf("&apropos=1"); if (NULL != req->q.sec) { printf("&sec="); http_print(req->q.sec); @@ -156,22 +162,23 @@ http_printquery(const struct req *req) printf("&arch="); http_print(req->q.arch); } - if (NULL != req->q.expr) { - printf("&query="); - http_print(req->q.expr); + if (NULL != req->q.manpath && + strcmp(req->q.manpath, req->p[0])) { + printf("&manpath="); + http_print(req->q.manpath); } - if (0 == req->q.equal) - printf("&apropos=1"); } static void html_printquery(const struct req *req) { - if (NULL != req->q.manpath) { - printf("&manpath="); - html_print(req->q.manpath); + if (NULL != req->q.query) { + printf("query="); + html_print(req->q.query); } + if (0 == req->q.equal) + printf("&apropos=1"); if (NULL != req->q.sec) { printf("&sec="); html_print(req->q.sec); @@ -180,12 +187,11 @@ html_printquery(const struct req *req) printf("&arch="); html_print(req->q.arch); } - if (NULL != req->q.expr) { - printf("&query="); - html_print(req->q.expr); + if (NULL != req->q.manpath && + strcmp(req->q.manpath, req->p[0])) { + printf("&manpath="); + html_print(req->q.manpath); } - if (0 == req->q.equal) - printf("&apropos=1"); } static void @@ -242,7 +248,7 @@ http_parse(struct req *req, const char *qs) req->q.manpath = NULL; req->q.arch = NULL; req->q.sec = NULL; - req->q.expr = NULL; + req->q.query = NULL; req->q.equal = 1; key = val = NULL; @@ -270,7 +276,7 @@ http_parse(struct req *req, const char *qs) /* Handle key-value pairs. */ if ( ! strcmp(key, "query")) - set_query_attr(&req->q.expr, &val); + set_query_attr(&req->q.query, &val); else if ( ! strcmp(key, "apropos")) req->q.equal = !strcmp(val, "0"); @@ -437,8 +443,8 @@ resp_searchform(const struct req *req) printf( "
\n" "q.expr) - html_print(req->q.expr); + if (NULL != req->q.query) + html_print(req->q.query); puts("\" SIZE=\"40\">"); /* Write submission and reset buttons. */ @@ -451,19 +457,19 @@ resp_searchform(const struct req *req) printf( "\n" "q.equal) - printf("CHECKED "); + printf("CHECKED=\"checked\" "); printf( "NAME=\"apropos\" ID=\"show\" VALUE=\"0\">\n" "\n"); /* Write section selector. */ - printf( "
\n" + puts( "
\n" ""); @@ -473,13 +479,13 @@ resp_searchform(const struct req *req) printf( ""); @@ -492,7 +498,7 @@ resp_searchform(const struct req *req) printf("\n" "q.equal) - printf("CHECKED "); + printf("CHECKED=\"checked\" "); printf( "NAME=\"apropos\" ID=\"search\" VALUE=\"1\">\n" "\n"); @@ -565,10 +571,10 @@ pg_index(const struct req *req) resp_begin_html(200, NULL); resp_searchform(req); printf("

\n" - "This web interface is documented in the " - "man.cgi " - "manual, and the " - "apropos " + "This web interface is documented in the\n" + "man.cgi\n" + "manual, and the\n" + "apropos\n" "manual explains the query syntax.\n" "

\n", scriptname, scriptname); @@ -870,8 +876,9 @@ format(const struct req *req, const char *file) } snprintf(opts, sizeof(opts), "fragment,man=%s?" - "manpath=%s&query=%%N&sec=%%S&arch=%s", + "manpath=%s&query=%%N&sec=%%S%s%s", scriptname, req->q.manpath, + req->q.arch ? "&arch=" : "", req->q.arch ? req->q.arch : ""); mparse_result(mp, &mdoc, &man, NULL); @@ -998,7 +1005,7 @@ pg_search(const struct req *req) * Yes, this is half-ass. But it works for now. */ - ep = req->q.expr; + ep = req->q.query; while (ep && isspace((unsigned char)*ep)) ep++; @@ -1101,7 +1108,7 @@ main(void) if ('\0' != *path) pg_show(&req, path); - else if (NULL != req.q.expr) + else if (NULL != req.q.query) pg_search(&req); else pg_index(&req); @@ -1109,7 +1116,7 @@ main(void) free(req.q.manpath); free(req.q.arch); free(req.q.sec); - free(req.q.expr); + free(req.q.query); for (i = 0; i < (int)req.psz; i++) free(req.p[i]); free(req.p);