| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
* Do not unconditionally use -I/usr/local/include and -L/usr/local/lib.
* Do not install programs and libs root-writeable.
* Add missing test-strcasestr.c and test-strsep.c to TESTSRCS.
* Add missing cgi.h.example and mandoc_html.3 to SRCS.
* Add missing mandoc_html.3.html to WWW_MANS.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Saves 36 static arrays and 10 lines of code
at the expense of only five new trivial static functions.
No functional change.
|
| |
|
|
|
| |
Saves 12 static arrays and 19 lines of code.
No functional change.
|
| |
|
|
|
|
|
|
|
| |
Drop pre-handlers, they were almost unused.
Drop the needless complexity of allowing more than one post-handler.
This saves one internal interface function, one static function, one
private struct definition, sixteen static arrays, and 45 lines of code.
No functional change.
|
| |
|
|
|
|
|
|
|
| |
properly round to the nearest M (=0.001m), which is the smallest
available unit.
This avoids weirdness like (size_t)(0.6 * 10.0) == 5
by instead calculating (size_t)(0.6 * 10.0 + 0.0005) == 6,
and so it fixes the indentation of the readline(3) manual.
|
| |
|
|
|
|
| |
Write double constants as double rather than integer literals.
Remove useless explicit (double) cast done at one place and nowhere else.
No functional change.
|
| | |
|
| | |
|
| |
|
|
| |
and thus get rid of the last useless fatal error.
|
| |
|
|
| |
and report the macro name and argument.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
right after the -column argument and some at the very end of the
argument list, after some other arguments like -compact, concatenate
the column lists.
This gets rid of one of the last useless FATAL errors
and actually shortens the code by a few lines.
This fixes an issue introduced more than five years ago, at first
causing an assert() since mdoc_action.c rev. 1.14 (June 17, 2009),
then later a FATAL error since mdoc_validate rev. 1.130 (Nov. 30, 2010),
and marked as "TODO" ever since.
|
| |
|
|
|
|
| |
The last remaining instance was .It in .Bl -column with more than one
excessive .Ta. However, simply downgrading from FATAL to ERROR, it just
works fine, almost the same way as in groff, without any other changes.
|
| |
|
|
|
|
| |
Detect the condition earlier, report in the error message
which block is broken, and delete the broken block.
Consequently, empty section headers can no longer happen.
|
| | |
|
| |
|
|
| |
No functional change.
|
| |
|
|
|
| |
When finding items outside lists, simply skip them and throw an ERROR.
Handle subsections before the first section instead of bailing out.
|
| |
|
|
|
| |
When a file contains neither text nor macros, treat it as an empty document.
When the mdoc(7) document prologue is incomplete, use some default values.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* let .Nm fall back to the empty string, not to UNKNOWN
* never let .Rv copy an argument from .Nm
* avoid spurious \fR after empty .Nm in -Tman
* correct handling of .Ex and .Rv in -Tman
* correct the wording of the output for .Rv without arguments
* use non-breaking spaces in .Ex and .Rv output where required
* split MANDOCERR_NONAME into a warning for .Ex and an error for .Nm
|
| |
|
|
| |
and remove some items that have already been taken care of
|
| |
|
|
|
|
|
|
|
| |
In groff, .Bd -centered operates in fill mode, which is relatively
hard to implement, while this implementation operates in non-fill
mode so far. As long as you pay attention that your lines do not
overflow, it works. To make sure that rendering is the same for
mandoc and groff, it is recommended to insert .br between lines
for now. This implementation will need improvement later.
|
| | |
|
| |
|
|
| |
as a normal space character, and not width 0. Bug reported by bentley@.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Printing query strings for URIs *always* needs URI-encoding, and when
embedding the URI into an HTML document, it needs replacement of
the "&" separators by "&" *in addition to that*, not instead.
Delete the function html_primtquery(), it was completely wrong.
You can see the badness by entering "mandoc &sec=2" into the query input
box before this patch and click "Submit". You come to the right page at
first (...man.cgi?query=mandoc+%26sec%3D2&apropos=0&sec=0&...), but now
the link to mandoc(1) is wrong: ...mandoc.1?query=mandoc &sec=2&...
Clicking on that, the "&sec=2" disappears from the query input box and
suddenly you have the first dropdown set to "2 - System Calls". Oops.
|
| |
|
|
|
| |
and leave out the manpath when it is the default.
For building the HTML formatter options, do not use a static buffer.
|
| |
|
|
| |
fixing an oversight introduced in rev. 1.77
|
| |
|
|
|
|
|
|
|
|
|
|
| |
by the search form, it's just the order of the fields in the form.
Actually, that's not too bad; the generated URI resembles the
generating form.
To minimize confusion for people looking at URIs, give the keys
in the same order when generating URIs for search listings and
search redirections, the latter being used instead of search
listings that would have only one single entry. Also, if the
manpath is the default, remove it form the generated URIs.
|
| |
|
|
| |
and avoid empty arch= keys.
|
| |
|
|
| |
of XHTML syntax. Also add some cosmetic newlines to the HTML code.
|
| |
|
|
|
|
| |
QUERY_STRING keys, so rename "expr" to "query".
Also add some missing function prototypes.
No functional change.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
1. Make sure the last occurrence of each key is used, even if
it is empty, in which case it resets the value to the default.
2. When there is an HTTP encoding error, skip the affected
key-value pair only, but not all subsequent key-value pairs.
3. Do not modify a string returned from getenv(3).
4. Do not assume the NULL pointer is all null bits.
|
| |
|
|
|
|
|
|
| |
By moving the sort from cgi.c to mansearch.c, we get two advantages:
Easier access to the data needed for sorting, in particular the section
number, and the apropos(1) command line utility profits as well.
Feature requested by deraadt@.
|
| |
|
|
|
|
|
| |
Still, amd64 remains the default in the following sense:
If a man(1) mode search returns more than one page of the same name,
prefer amd64 over other architectures for immediate display.
ok deraadt@ daniel@
|
| | |
|
| |
|
|
| |
Stuff i learnt during my audit for XSS vulnerabilities.
|
| |
|
|
|
|
|
|
|
|
| |
After decoding numeric (\N) and one-character (\<, \> etc.)
character escape sequences, do not forget to HTML-encode the
resulting ASCII character. Malicious manuals were able to smuggle
XSS content by roff-escaping the HTML-special characters they need.
That's a classic bug type in many web applications, actually... :-(
Found myself while auditing the HTML formatter for safe output handling.
|
| |
|
|
|
|
|
|
|
|
| |
The function print_encode() is used both for plain text
and for quoted attribute values.
Escape the '"' character such that malicious manuals cannot pull off
XSS attacks using malformed .Lk, .Mt, .%U, and .UR macros (and maybe
others) to trigger the latter case.
In the former case, escaping does no harm.
Issue found by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
|
| |
|
|
|
|
|
|
| |
Restrict the character set of strings passed into html_alloc(),
in particular architecture names that come from the QUERY_STRING,
but also SCRIPT_NAME and manpath.conf content for additional safety,
and bail out safely on violations.
Issue reported by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
|
| |
|
|
| |
preserve manpath and arch in .Xr links
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2616) requires the Location: response-header field to be an absolute
URI (14.30), and only the most recent proposed standard (RFC 7231),
which is barely a month old, allows a relative Location: (7.1.2).
While most modern browsers appear to support relative Location:
headers, some may not, and it's maybe a bit early to rely on relative
Location: headers.
I'm not going back to the HTTP_HOST or SERVER_NAME CGI variables,
though. While some CGI programs certainly require those, in which
case both the CGI programmer and the web server admin have to be
very careful to keep the system secure and reliable, man.cgi(8)
does not really need them. We always know at compile time which
domain we are running for, and for man.cgi(8), security and reliability
are definitely much more important than flexibility. So make HTTP_HOST
a compile-time definition for now.
|
| |
|
|
|
|
|
|
|
|
|
| |
Validate the manpath up front and report a Bad Request if it is not
listed in manpath.conf, such that clients can't probe which directories
exist on the server. In case of configuration errors, consistently
report Internal Server Error without disclosing any further information.
Partially based on a patch from Sebastien Marie <semarie-openbsd at
latrappe dot fr>, but avoiding a couple of issues with that patch
and approaching the issue in a somewhat more rigorous way.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Validate the name of the file to show before opening it.
Only allow relative filenames starting with "man" or "cat"
and containing neither "/.." nor "../".
While here, correct the condition discarding an initial "./".
Vulnerability found by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
Many thanks for sending a patch; however, i did not use it but made the
checks even stricter.
|
| |
|
|
|
|
|
|
| |
just make the HTTP redirect Location: relative.
Less user input is good, it reduces the attack surface.
Besides, this removes one global variable and 4 lines of code.
Patch from Sebastien Marie <semarie-openbsd at latrappe dot fr>.
|
| |
|
|
|
|
|
|
|
| |
log the problem, hand the pg_error_internal() error page to the client,
and exit(3) in a controlled way instead of stumbling on and segfaulting
later.
Patch from Sebastien Marie <semarie-openbsd at latrappe dot fr>,
messages tweaked by me.
|
| |
|
|
|
| |
unfortunate, more than 400 links needing this are scattered all around
the www.openbsd.org website, and CVSweb needs this as well.
|
| |
|
|
|
|
| |
functions that call resp_begin_html() names starting with "pg_"
and those called after resp_begin_html() names with "resp_".
No functional change, purely renaming functions.
|
| | |
|
