summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Portability fix:Ingo Schwarze2014-08-051-3/+4
| | | | | | | | * POSIX syntax is 'include Makefile.depend', not '.include "Makefile.depend"' * gmake(1) runs the build rule for the included file (duh), so delete the rule * consequently, we have to mark the 'depend' maintainer target .PHONY * as it's now .PHONY anyway, drop some prerequisites that are now useless Issue noticed by kristaps@.
* Sync library documentation with reality.Ingo Schwarze2014-08-055-180/+882
| | | | | Split mandoc_escape(3), mandoc_malloc(3), and mchars_alloc(3) out of mandoc(3), adding lots of new information.
* Switch to autogenerated dependency rules; they are less error-prone.Ingo Schwarze2014-08-052-94/+146
| | | | Provide a maintainer target to regenerate them.
* Properly partition the build system and install some missing stuff:Ingo Schwarze2014-08-051-14/+55
| | | | | | | | | | | * Introduce targets base-build, db-build, cgi-build. * Introduce targets base-install, db-install, cgi-install. * Introduce a BUILD_TARGETS variable to contain db-build and cgi-build. * Introduce an INSTALL_TARGETS variable and fill it using BUILD_TARGETS. * Install the whatis(1) and makewhatis(8) binaries. * Install the apropos(1), whatis(1), and makewhatis(8) manuals. * Install mandoc_aux.h. * Do not build manpage(1) by default.
* Various minor corrections:Ingo Schwarze2014-08-051-5/+16
| | | | | | | | * Do not unconditionally use -I/usr/local/include and -L/usr/local/lib. * Do not install programs and libs root-writeable. * Add missing test-strcasestr.c and test-strsep.c to TESTSRCS. * Add missing cgi.h.example and mandoc_html.3 to SRCS. * Add missing mandoc_html.3.html to WWW_MANS.
* sort user settings; no functional changeIngo Schwarze2014-08-051-19/+34
|
* remove strnlen(3) compat, we no longer use itIngo Schwarze2014-08-045-58/+0
|
* Simplify by allowing only one post-handler.Ingo Schwarze2014-08-021-127/+149
| | | | | | Saves 36 static arrays and 10 lines of code at the expense of only five new trivial static functions. No functional change.
* Simplify by allowing only one pre-handler.Ingo Schwarze2014-08-011-46/+28
| | | | | Saves 12 static arrays and 19 lines of code. No functional change.
* Simplify man(7) validation:Ingo Schwarze2014-08-013-124/+73
| | | | | | | | | Drop pre-handlers, they were almost unused. Drop the needless complexity of allowing more than one post-handler. This saves one internal interface function, one static function, one private struct definition, sixteen static arrays, and 45 lines of code. No functional change.
* Fix floating point handling: When converting double to size_t,Ingo Schwarze2014-08-011-2/+2
| | | | | | | | | properly round to the nearest M (=0.001m), which is the smallest available unit. This avoids weirdness like (size_t)(0.6 * 10.0) == 5 by instead calculating (size_t)(0.6 * 10.0 + 0.0005) == 6, and so it fixes the indentation of the readline(3) manual.
* Clarity with respect to floating point handling:Ingo Schwarze2014-08-016-20/+20
| | | | | | Write double constants as double rather than integer literals. Remove useless explicit (double) cast done at one place and nowhere else. No functional change.
* demacrify: get rid of man_nmsg(), man_pmsg(), mdoc_nmsg(), mdoc_pmsg()Ingo Schwarze2014-08-014-12/+8
|
* mention requests and macros in more messagesIngo Schwarze2014-08-018-81/+98
|
* Dynamically allocate the stack of roff(7) .ie condition valuesIngo Schwarze2014-08-013-18/+17
| | | | and thus get rid of the last useless fatal error.
* Split MANDOCERR_IGNARGV into one message for .An and one for .BlIngo Schwarze2014-07-313-11/+25
| | | | and report the macro name and argument.
* In .Bl -column, if some of the column width declarations are givenIngo Schwarze2014-07-313-22/+12
| | | | | | | | | | | | | right after the -column argument and some at the very end of the argument list, after some other arguments like -compact, concatenate the column lists. This gets rid of one of the last useless FATAL errors and actually shortens the code by a few lines. This fixes an issue introduced more than five years ago, at first causing an assert() since mdoc_action.c rev. 1.14 (June 17, 2009), then later a FATAL error since mdoc_validate rev. 1.130 (Nov. 30, 2010), and marked as "TODO" ever since.
* Remove the useless FATAL error "argument count wrong, violates syntax".Ingo Schwarze2014-07-303-13/+5
| | | | | | The last remaining instance was .It in .Bl -column with more than one excessive .Ta. However, simply downgrading from FATAL to ERROR, it just works fine, almost the same way as in groff, without any other changes.
* Improve handling of next-line scope broken by end of file.Ingo Schwarze2014-07-302-28/+32
| | | | | | Detect the condition earlier, report in the error message which block is broken, and delete the broken block. Consequently, empty section headers can no longer happen.
* garbage collect three unused global flags; no functional changeIngo Schwarze2014-07-305-88/+13
|
* Simplify: replace one global flag by one local variable.Ingo Schwarze2014-07-302-12/+6
| | | | No functional change.
* Get rid of the useless FATAL error "child violates parent syntax".Ingo Schwarze2014-07-305-56/+27
| | | | | When finding items outside lists, simply skip them and throw an ERROR. Handle subsections before the first section instead of bailing out.
* Remove two useless FATAL errors.Ingo Schwarze2014-07-303-26/+36
| | | | | When a file contains neither text nor macros, treat it as an empty document. When the mdoc(7) document prologue is incomplete, use some default values.
* better name and wording for the last two non-generic errorsIngo Schwarze2014-07-304-8/+9
|
* Various improvements related to .Ex and .Rv:Ingo Schwarze2014-07-306-81/+174
| | | | | | | | | | * let .Nm fall back to the empty string, not to UNKNOWN * never let .Rv copy an argument from .Nm * avoid spurious \fR after empty .Nm in -Tman * correct handling of .Ex and .Rv in -Tman * correct the wording of the output for .Rv without arguments * use non-breaking spaces in .Ex and .Rv output where required * split MANDOCERR_NONAME into a warning for .Ex and an error for .Nm
* move some things here from my private TODO list,Ingo Schwarze2014-07-291-17/+78
| | | | and remove some items that have already been taken care of
* Partial implementation of .Bd -centered.Ingo Schwarze2014-07-293-4/+15
| | | | | | | | | In groff, .Bd -centered operates in fill mode, which is relatively hard to implement, while this implementation operates in non-fill mode so far. As long as you pay attention that your lines do not overflow, it works. To make sure that rendering is the same for mandoc and groff, it is recommended to insert .br between lines for now. This implementation will need improvement later.
* code readability; no functional changeIngo Schwarze2014-07-271-7/+5
|
* Even for UTF-8 output, a non-breaking space character has the same widthIngo Schwarze2014-07-271-1/+6
| | | | as a normal space character, and not width 0. Bug reported by bentley@.
* Choosing the right encoding is a tricky business...Ingo Schwarze2014-07-251-34/+8
| | | | | | | | | | | | | | Printing query strings for URIs *always* needs URI-encoding, and when embedding the URI into an HTML document, it needs replacement of the "&" separators by "&" *in addition to that*, not instead. Delete the function html_primtquery(), it was completely wrong. You can see the badness by entering "mandoc &sec=2" into the query input box before this patch and click "Submit". You come to the right page at first (...man.cgi?query=mandoc+%26sec%3D2&apropos=0&sec=0&...), but now the link to mandoc(1) is wrong: ...mandoc.1?query=mandoc &sec=2&... Clicking on that, the "&sec=2" disappears from the query input box and suddenly you have the first dropdown set to "2 - System Calls". Oops.
* Sort the URI keys for .Xr links in the same order used by the search form,Ingo Schwarze2014-07-251-7/+12
| | | | | and leave out the manpath when it is the default. For building the HTML formatter options, do not use a static buffer.
* oops, we must not try to validate a manpath we don't have;Ingo Schwarze2014-07-251-1/+2
| | | | fixing an oversight introduced in rev. 1.77
* We cannot easily control the order of the QUERY_STRING keys generatedIngo Schwarze2014-07-251-16/+18
| | | | | | | | | | | | by the search form, it's just the order of the fields in the form. Actually, that's not too bad; the generated URI resembles the generating form. To minimize confusion for people looking at URIs, give the keys in the same order when generating URIs for search listings and search redirections, the latter being used instead of search listings that would have only one single entry. Also, if the manpath is the default, remove it form the generated URIs.
* In generated .Xr links, avoid double encoding of ampersandsIngo Schwarze2014-07-251-1/+2
| | | | and avoid empty arch= keys.
* Even though this is not XHTML yet, remove some gratuitious violationsIngo Schwarze2014-07-251-11/+11
| | | | of XHTML syntax. Also add some cosmetic newlines to the HTML code.
* The names of all other struct query memebers match the correspondingIngo Schwarze2014-07-251-12/+16
| | | | | | QUERY_STRING keys, so rename "expr" to "query". Also add some missing function prototypes. No functional change.
* clean up pg_show() to not modify a string returned from getenv(3)Ingo Schwarze2014-07-251-14/+19
|
* Rewrite http_parse() completely:Ingo Schwarze2014-07-251-47/+102
| | | | | | | | | 1. Make sure the last occurrence of each key is used, even if it is empty, in which case it resets the value to the default. 2. When there is an HTTP encoding error, skip the affected key-value pair only, but not all subsequent key-value pairs. 3. Do not modify a string returned from getenv(3). 4. Do not assume the NULL pointer is all null bits.
* Sort result pages first by section number, then by name.Ingo Schwarze2014-07-243-11/+21
| | | | | | | | By moving the sort from cgi.c to mansearch.c, we get two advantages: Easier access to the data needed for sorting, in particular the section number, and the apropos(1) command line utility profits as well. Feature requested by deraadt@.
* Provide a dropdown entry "All Architectures" and make it the default.Ingo Schwarze2014-07-241-1/+25
| | | | | | | Still, amd64 remains the default in the following sense: If a man(1) mode search returns more than one page of the same name, prefer amd64 over other architectures for immediate display. ok deraadt@ daniel@
* improve FATAL handling in makewhatis(8)Ingo Schwarze2014-07-241-0/+11
|
* Partially document the core of the HTML formatter.Ingo Schwarze2014-07-231-0/+249
| | | | Stuff i learnt during my audit for XSS vulnerabilities.
* Security fix:Ingo Schwarze2014-07-232-27/+49
| | | | | | | | | | After decoding numeric (\N) and one-character (\<, \> etc.) character escape sequences, do not forget to HTML-encode the resulting ASCII character. Malicious manuals were able to smuggle XSS content by roff-escaping the HTML-special characters they need. That's a classic bug type in many web applications, actually... :-( Found myself while auditing the HTML formatter for safe output handling.
* Security fix:Ingo Schwarze2014-07-221-1/+4
| | | | | | | | | | The function print_encode() is used both for plain text and for quoted attribute values. Escape the '"' character such that malicious manuals cannot pull off XSS attacks using malformed .Lk, .Mt, .%U, and .UR macros (and maybe others) to trigger the latter case. In the former case, escaping does no harm. Issue found by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
* Security fix to prevent XSS attacks:Ingo Schwarze2014-07-222-1/+79
| | | | | | | | Restrict the character set of strings passed into html_alloc(), in particular architecture names that come from the QUERY_STRING, but also SCRIPT_NAME and manpath.conf content for additional safety, and bail out safely on violations. Issue reported by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
* fix a minibug reported by kristaps@:Ingo Schwarze2014-07-211-5/+9
| | | | preserve manpath and arch in .Xr links
* Kristaps points out that the current HTTP/1.1 draft standard (RFCIngo Schwarze2014-07-213-3/+9
| | | | | | | | | | | | | | | | | | 2616) requires the Location: response-header field to be an absolute URI (14.30), and only the most recent proposed standard (RFC 7231), which is barely a month old, allows a relative Location: (7.1.2). While most modern browsers appear to support relative Location: headers, some may not, and it's maybe a bit early to rely on relative Location: headers. I'm not going back to the HTTP_HOST or SERVER_NAME CGI variables, though. While some CGI programs certainly require those, in which case both the CGI programmer and the web server admin have to be very careful to keep the system secure and reliable, man.cgi(8) does not really need them. We always know at compile time which domain we are running for, and for man.cgi(8), security and reliability are definitely much more important than flexibility. So make HTTP_HOST a compile-time definition for now.
* Security fix:Ingo Schwarze2014-07-191-4/+33
| | | | | | | | | | | Validate the manpath up front and report a Bad Request if it is not listed in manpath.conf, such that clients can't probe which directories exist on the server. In case of configuration errors, consistently report Internal Server Error without disclosing any further information. Partially based on a patch from Sebastien Marie <semarie-openbsd at latrappe dot fr>, but avoiding a couple of issues with that patch and approaching the issue in a somewhat more rigorous way.
* Security fix:Ingo Schwarze2014-07-191-1/+28
| | | | | | | | | | | | Validate the name of the file to show before opening it. Only allow relative filenames starting with "man" or "cat" and containing neither "/.." nor "../". While here, correct the condition discarding an initial "./". Vulnerability found by Sebastien Marie <semarie-openbsd at latrappe dot fr>. Many thanks for sending a patch; however, i did not use it but made the checks even stricter.
* Do not use the HTTP_HOST CGI variable,Ingo Schwarze2014-07-182-11/+2
| | | | | | | | just make the HTTP redirect Location: relative. Less user input is good, it reduces the attack surface. Besides, this removes one global variable and 4 lines of code. Patch from Sebastien Marie <semarie-openbsd at latrappe dot fr>.