=================================================================== RCS file: /cvs/mandoc/cgi.c,v retrieving revision 1.80 retrieving revision 1.92 diff -u -p -r1.80 -r1.92 --- mandoc/cgi.c 2014/07/22 18:14:13 1.80 +++ mandoc/cgi.c 2014/08/05 15:29:30 1.92 @@ -1,4 +1,4 @@ -/* $Id: cgi.c,v 1.80 2014/07/22 18:14:13 schwarze Exp $ */ +/* $Id: cgi.c,v 1.92 2014/08/05 15:29:30 schwarze Exp $ */ /* * Copyright (c) 2011, 2012 Kristaps Dzonsons * Copyright (c) 2014 Ingo Schwarze @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -39,10 +40,10 @@ * A query as passed to the search function. */ struct query { - const char *manpath; /* desired manual directory */ - const char *arch; /* architecture */ - const char *sec; /* manual section */ - const char *expr; /* unparsed expression string */ + char *manpath; /* desired manual directory */ + char *arch; /* architecture */ + char *sec; /* manual section */ + char *query; /* unparsed query expression */ int equal; /* match whole names, not substrings */ }; @@ -53,16 +54,14 @@ struct req { }; static void catman(const struct req *, const char *); -static int cmp(const void *, const void *); static void format(const struct req *, const char *); static void html_print(const char *); -static void html_printquery(const struct req *); static void html_putchar(char); static int http_decode(char *); -static void http_parse(struct req *, char *); +static void http_parse(struct req *, const char *); static void http_print(const char *); static void http_putchar(char); -static void http_printquery(const struct req *); +static void http_printquery(const struct req *, const char *); static void pathgen(struct req *); static void pg_error_badrequest(const char *); static void pg_error_internal(void); @@ -77,6 +76,10 @@ static void resp_begin_http(int, const char *); static void resp_end_html(void); static void resp_searchform(const struct req *); static void resp_show(const struct req *, const char *); +static void set_query_attr(char **, char **); +static int validate_filename(const char *); +static int validate_manpath(const struct req *, const char *); +static int validate_urifrag(const char *); static const char *scriptname; /* CGI script name */ @@ -142,54 +145,31 @@ html_putchar(char c) } static void -http_printquery(const struct req *req) +http_printquery(const struct req *req, const char *sep) { - if (NULL != req->q.manpath) { - printf("&manpath="); - http_print(req->q.manpath); + if (NULL != req->q.query) { + printf("query="); + http_print(req->q.query); } + if (0 == req->q.equal) + printf("%sapropos=1", sep); if (NULL != req->q.sec) { - printf("&sec="); + printf("%ssec=", sep); http_print(req->q.sec); } if (NULL != req->q.arch) { - printf("&arch="); + printf("%sarch=", sep); http_print(req->q.arch); } - if (NULL != req->q.expr) { - printf("&query="); - http_print(req->q.expr); + if (NULL != req->q.manpath && + strcmp(req->q.manpath, req->p[0])) { + printf("%smanpath=", sep); + http_print(req->q.manpath); } - if (0 == req->q.equal) - printf("&apropos=1"); } static void -html_printquery(const struct req *req) -{ - - if (NULL != req->q.manpath) { - printf("&manpath="); - html_print(req->q.manpath); - } - if (NULL != req->q.sec) { - printf("&sec="); - html_print(req->q.sec); - } - if (NULL != req->q.arch) { - printf("&arch="); - html_print(req->q.arch); - } - if (NULL != req->q.expr) { - printf("&query="); - html_print(req->q.expr); - } - if (0 == req->q.equal) - printf("&apropos=1"); -} - -static void http_print(const char *p) { @@ -214,65 +194,114 @@ html_print(const char *p) } /* - * Parse out key-value pairs from an HTTP request variable. - * This can be either a cookie or a POST/GET string, although man.cgi - * uses only GET for simplicity. + * Transfer the responsibility for the allocated string *val + * to the query structure. */ static void -http_parse(struct req *req, char *p) +set_query_attr(char **attr, char **val) { - char *key, *val; - memset(&req->q, 0, sizeof(struct query)); - req->q.manpath = req->p[0]; - req->q.equal = 1; + free(*attr); + if (**val == '\0') { + *attr = NULL; + free(*val); + } else + *attr = *val; + *val = NULL; +} - while ('\0' != *p) { - key = p; - val = NULL; +/* + * Parse the QUERY_STRING for key-value pairs + * and store the values into the query structure. + */ +static void +http_parse(struct req *req, const char *qs) +{ + char *key, *val; + size_t keysz, valsz; - p += (int)strcspn(p, ";&"); - if ('\0' != *p) - *p++ = '\0'; - if (NULL != (val = strchr(key, '='))) - *val++ = '\0'; + req->q.manpath = NULL; + req->q.arch = NULL; + req->q.sec = NULL; + req->q.query = NULL; + req->q.equal = 1; - if ('\0' == *key || NULL == val || '\0' == *val) - continue; + key = val = NULL; + while (*qs != '\0') { - /* Just abort handling. */ + /* Parse one key. */ - if ( ! http_decode(key)) - break; - if (NULL != val && ! http_decode(val)) - break; + keysz = strcspn(qs, "=;&"); + key = mandoc_strndup(qs, keysz); + qs += keysz; + if (*qs != '=') + goto next; - if (0 == strcmp(key, "query")) - req->q.expr = val; - else if (0 == strcmp(key, "manpath")) { + /* Parse one value. */ + + valsz = strcspn(++qs, ";&"); + val = mandoc_strndup(qs, valsz); + qs += valsz; + + /* Decode and catch encoding errors. */ + + if ( ! (http_decode(key) && http_decode(val))) + goto next; + + /* Handle key-value pairs. */ + + if ( ! strcmp(key, "query")) + set_query_attr(&req->q.query, &val); + + else if ( ! strcmp(key, "apropos")) + req->q.equal = !strcmp(val, "0"); + + else if ( ! strcmp(key, "manpath")) { #ifdef COMPAT_OLDURI - if (0 == strncmp(val, "OpenBSD ", 8)) { + if ( ! strncmp(val, "OpenBSD ", 8)) { val[7] = '-'; if ('C' == val[8]) val[8] = 'c'; } #endif - req->q.manpath = val; - } else if (0 == strcmp(key, "apropos")) - req->q.equal = !strcmp(val, "0"); - else if (0 == strcmp(key, "sec")) { - if (strcmp(val, "0")) - req->q.sec = val; + set_query_attr(&req->q.manpath, &val); + } + + else if ( ! (strcmp(key, "sec") #ifdef COMPAT_OLDURI - } else if (0 == strcmp(key, "sektion")) { - if (strcmp(val, "0")) - req->q.sec = val; + && strcmp(key, "sektion") #endif - } else if (0 == strcmp(key, "arch")) { - if (strcmp(val, "default")) - req->q.arch = val; + )) { + if ( ! strcmp(val, "0")) + *val = '\0'; + set_query_attr(&req->q.sec, &val); } + + else if ( ! strcmp(key, "arch")) { + if ( ! strcmp(val, "default")) + *val = '\0'; + set_query_attr(&req->q.arch, &val); + } + + /* + * The key must be freed in any case. + * The val may have been handed over to the query + * structure, in which case it is now NULL. + */ +next: + free(key); + key = NULL; + free(val); + val = NULL; + + if (*qs != '\0') + qs++; } + + /* Fall back to the default manpath. */ + + if (req->q.manpath == NULL) + req->q.manpath = mandoc_strdup(req->p[0]); } static void @@ -389,8 +418,8 @@ resp_searchform(const struct req *req) printf( "
\n" "q.expr) - html_print(req->q.expr); + if (NULL != req->q.query) + html_print(req->q.query); puts("\" SIZE=\"40\">"); /* Write submission and reset buttons. */ @@ -403,31 +432,35 @@ resp_searchform(const struct req *req) printf( "\n" "q.equal) - printf("CHECKED "); + printf("CHECKED=\"checked\" "); printf( "NAME=\"apropos\" ID=\"show\" VALUE=\"0\">\n" "\n"); /* Write section selector. */ - printf( "
\n" + puts( "
\n" ""); /* Write architecture selector. */ - puts("\n" + ""); for (i = 0; i < arch_MAX; i++) { printf("\n", arch_names[i]); } puts(""); @@ -440,7 +473,7 @@ resp_searchform(const struct req *req) printf("\n" "q.equal) - printf("CHECKED "); + printf("CHECKED=\"checked\" "); printf( "NAME=\"apropos\" ID=\"search\" VALUE=\"1\">\n" "\n"); @@ -513,10 +546,10 @@ pg_index(const struct req *req) resp_begin_html(200, NULL); resp_searchform(req); printf("

\n" - "This web interface is documented in the " - "man.cgi " - "manual, and the " - "apropos " + "This web interface is documented in the\n" + "man.cgi\n" + "manual, and the\n" + "apropos\n" "manual explains the query syntax.\n" "

\n", scriptname, scriptname); @@ -559,7 +592,9 @@ pg_error_internal(void) static void pg_searchres(const struct req *req, struct manpage *r, size_t sz) { + char *arch, *archend; size_t i, iuse, isec; + int archprio, archpriouse; int prio, priouse; char sec; @@ -580,15 +615,13 @@ pg_searchres(const struct req *req, struct manpage *r, printf("Status: 303 See Other\r\n"); printf("Location: http://%s%s/%s/%s?", HTTP_HOST, scriptname, req->q.manpath, r[0].file); - http_printquery(req); + http_printquery(req, "&"); printf("\r\n" "Content-Type: text/html; charset=utf-8\r\n" "\r\n"); return; } - qsort(r, sz, sizeof(struct manpage), cmp); - resp_begin_html(200, NULL); resp_searchform(req); puts("
"); @@ -599,7 +632,7 @@ pg_searchres(const struct req *req, struct manpage *r, "
\n" "q.manpath, r[i].file); - html_printquery(req); + http_printquery(req, "&"); printf("\">"); html_print(r[i].names); printf("\n" @@ -622,12 +655,30 @@ pg_searchres(const struct req *req, struct manpage *r, puts("
"); iuse = 0; priouse = 10; + archpriouse = 3; for (i = 0; i < sz; i++) { isec = strcspn(r[i].file, "123456789"); sec = r[i].file[isec]; if ('\0' == sec) continue; prio = sec_prios[sec - '1']; + if (NULL == req->q.arch) { + archprio = + (NULL == (arch = strchr( + r[i].file + isec, '/'))) ? 3 : + (NULL == (archend = strchr( + arch + 1, '/'))) ? 0 : + strncmp(arch, "amd64/", + archend - arch) ? 2 : 1; + if (archprio < archpriouse) { + archpriouse = archprio; + priouse = prio; + iuse = i; + continue; + } + if (archprio > archpriouse) + continue; + } if (prio >= priouse) continue; priouse = prio; @@ -775,12 +826,13 @@ static void format(const struct req *req, const char *file) { struct mparse *mp; - int fd; struct mdoc *mdoc; struct man *man; void *vp; + char *opts; enum mandoclevel rc; - char opts[PATH_MAX + 128]; + int fd; + int usepath; if (-1 == (fd = open(file, O_RDONLY, 0))) { puts("

You specified an invalid manual file.

"); @@ -799,10 +851,14 @@ format(const struct req *req, const char *file) return; } - snprintf(opts, sizeof(opts), "fragment,man=%s?" - "manpath=%s&query=%%N&sec=%%S&arch=%s", - scriptname, req->q.manpath, - req->q.arch ? req->q.arch : ""); + usepath = strcmp(req->q.manpath, req->p[0]); + mandoc_asprintf(&opts, + "fragment,man=%s?query=%%N&sec=%%S%s%s%s%s", + scriptname, + req->q.arch ? "&arch=" : "", + req->q.arch ? req->q.arch : "", + usepath ? "&manpath=" : "", + usepath ? req->q.manpath : ""); mparse_result(mp, &mdoc, &man, NULL); if (NULL == man && NULL == mdoc) { @@ -822,6 +878,7 @@ format(const struct req *req, const char *file) html_free(vp); mparse_free(mp); + free(opts); } static void @@ -838,20 +895,23 @@ resp_show(const struct req *req, const char *file) } static void -pg_show(struct req *req, const char *path) +pg_show(struct req *req, const char *fullpath) { - char *sub; + char *manpath; + const char *file; - if (NULL == path || NULL == (sub = strchr(path, '/'))) { + if ((file = strchr(fullpath, '/')) == NULL) { pg_error_badrequest( "You did not specify a page to show."); return; } - *sub++ = '\0'; + manpath = mandoc_strndup(fullpath, file - fullpath); + file++; - if ( ! validate_manpath(req, path)) { + if ( ! validate_manpath(req, manpath)) { pg_error_badrequest( "You specified an invalid manpath."); + free(manpath); return; } @@ -861,25 +921,29 @@ pg_show(struct req *req, const char *path) * relative to the manpath root. */ - if (-1 == chdir(path)) { + if (chdir(manpath) == -1) { fprintf(stderr, "chdir %s: %s\n", - path, strerror(errno)); + manpath, strerror(errno)); pg_error_internal(); + free(manpath); return; } - if ( ! validate_filename(sub)) { + if (strcmp(manpath, "mandoc")) { + free(req->q.manpath); + req->q.manpath = manpath; + } else + free(manpath); + + if ( ! validate_filename(file)) { pg_error_badrequest( "You specified an invalid manual file."); return; } - if (strcmp(path, "mandoc")) - req->q.manpath = path; - resp_begin_html(200, NULL); resp_searchform(req); - resp_show(req, sub); + resp_show(req, file); resp_end_html(); } @@ -921,7 +985,7 @@ pg_search(const struct req *req) * Yes, this is half-ass. But it works for now. */ - ep = req->q.expr; + ep = req->q.query; while (ep && isspace((unsigned char)*ep)) ep++; @@ -966,7 +1030,7 @@ main(void) { struct req req; const char *path; - char *querystring; + const char *querystring; int i; /* Scan our run-time environment. */ @@ -1002,7 +1066,8 @@ main(void) if (NULL != (querystring = getenv("QUERY_STRING"))) http_parse(&req, querystring); - if ( ! validate_manpath(&req, req.q.manpath)) { + if ( ! (NULL == req.q.manpath || + validate_manpath(&req, req.q.manpath))) { pg_error_badrequest( "You specified an invalid manpath."); return(EXIT_FAILURE); @@ -1024,23 +1089,19 @@ main(void) if ('\0' != *path) pg_show(&req, path); - else if (NULL != req.q.expr) + else if (NULL != req.q.query) pg_search(&req); else pg_index(&req); + free(req.q.manpath); + free(req.q.arch); + free(req.q.sec); + free(req.q.query); for (i = 0; i < (int)req.psz; i++) free(req.p[i]); free(req.p); return(EXIT_SUCCESS); -} - -static int -cmp(const void *p1, const void *p2) -{ - - return(strcasecmp(((const struct manpage *)p1)->names, - ((const struct manpage *)p2)->names)); } /*