diff options
| author | Ingo Schwarze <schwarze@openbsd.org> | 2016-03-18 13:22:27 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@openbsd.org> | 2016-03-18 13:22:27 +0000 |
| commit | d4eefc24c396ab1dee0b161ee7da851aecc16c36 (patch) | |
| tree | be98aa40817013838c05b5c82eecd873ca9f7951 /cgi.c | |
| parent | 0fa45817cf7eb87f808a954fb566fa6683a19d3f (diff) | |
| download | mandoc-d4eefc24c396ab1dee0b161ee7da851aecc16c36.tar.gz | |
Make the SCRIPT_NAME logic simpler, safer, and make it actually work;
in part based on ideas by bentley@.
While here, improve the documentation.
Diffstat (limited to 'cgi.c')
| -rw-r--r-- | cgi.c | 38 |
1 files changed, 15 insertions, 23 deletions
@@ -84,7 +84,7 @@ static int validate_filename(const char *); static int validate_manpath(const struct req *, const char *); static int validate_urifrag(const char *); -static const char *scriptname; /* CGI script name */ +static const char *scriptname = SCRIPT_NAME; static const int sec_prios[] = {1, 4, 5, 8, 6, 3, 7, 2, 9}; static const char *const sec_numbers[] = { @@ -370,7 +370,7 @@ resp_searchform(const struct req *req) puts("<!-- Begin search form. //-->"); printf("<DIV ID=\"mancgi\">\n" - "<FORM ACTION=\"%s\" METHOD=\"get\">\n" + "<FORM ACTION=\"/%s\" METHOD=\"get\">\n" "<FIELDSET>\n" "<LEGEND>Manual Page Search Parameters</LEGEND>\n", scriptname); @@ -507,12 +507,13 @@ pg_index(const struct req *req) resp_searchform(req); printf("<P>\n" "This web interface is documented in the\n" - "<A HREF=\"%s/mandoc/man8/man.cgi.8\">man.cgi</A>\n" + "<A HREF=\"/%s%smandoc/man8/man.cgi.8\">man.cgi</A>\n" "manual, and the\n" - "<A HREF=\"%s/mandoc/man1/apropos.1\">apropos</A>\n" + "<A HREF=\"/%s%smandoc/man1/apropos.1\">apropos</A>\n" "manual explains the query syntax.\n" "</P>\n", - scriptname, scriptname); + scriptname, *scriptname == '\0' ? "" : "/", + scriptname, *scriptname == '\0' ? "" : "/"); resp_end_html(); } @@ -536,7 +537,7 @@ pg_error_badrequest(const char *msg) "<P>\n"); puts(msg); printf("Try again from the\n" - "<A HREF=\"%s\">main page</A>.\n" + "<A HREF=\"/%s\">main page</A>.\n" "</P>", scriptname); resp_end_html(); } @@ -573,8 +574,10 @@ pg_searchres(const struct req *req, struct manpage *r, size_t sz) * without any delay. */ printf("Status: 303 See Other\r\n"); - printf("Location: http://%s%s/%s/%s", - HTTP_HOST, scriptname, req->q.manpath, r[0].file); + printf("Location: http://%s/%s%s%s/%s", + HTTP_HOST, scriptname, + *scriptname == '\0' ? "" : "/", + req->q.manpath, r[0].file); printf("\r\n" "Content-Type: text/html; charset=utf-8\r\n" "\r\n"); @@ -589,8 +592,9 @@ pg_searchres(const struct req *req, struct manpage *r, size_t sz) for (i = 0; i < sz; i++) { printf("<TR>\n" "<TD CLASS=\"title\">\n" - "<A HREF=\"%s/%s/%s", - scriptname, req->q.manpath, r[i].file); + "<A HREF=\"/%s%s%s/%s", + scriptname, *scriptname == '\0' ? "" : "/", + req->q.manpath, r[i].file); printf("\">"); html_print(r[i].names); printf("</A>\n" @@ -808,7 +812,7 @@ format(const struct req *req, const char *file) memset(&conf, 0, sizeof(conf)); conf.fragment = 1; usepath = strcmp(req->q.manpath, req->p[0]); - mandoc_asprintf(&conf.man, "%s?query=%%N&sec=%%S%s%s%s%s", + mandoc_asprintf(&conf.man, "/%s?query=%%N&sec=%%S%s%s%s%s", scriptname, req->q.arch ? "&arch=" : "", req->q.arch ? req->q.arch : "", @@ -1006,18 +1010,6 @@ main(void) return EXIT_FAILURE; } - /* Scan our run-time environment. */ - - if (NULL == (scriptname = getenv("SCRIPT_NAME"))) - scriptname = ""; - - if ( ! validate_urifrag(scriptname)) { - fprintf(stderr, "unsafe SCRIPT_NAME \"%s\"\n", - scriptname); - pg_error_internal(); - return EXIT_FAILURE; - } - /* * First we change directory into the MAN_DIR so that * subsequent scanning for manpath directories is rooted |