summaryrefslogtreecommitdiffstats
path: root/cgi.c
Commit message (Collapse)AuthorAgeFilesLines
* Commit and commit message by deraadt@:Ingo Schwarze2021-11-051-1/+1
| | | | | | | | | | | | | | For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
* fix the section number in the <title> element for preformatted pages;Ingo Schwarze2021-08-191-8/+24
| | | | minibug reported by Ian <Ropers at gmail dot com> on misc@
* Add OpenBSD riscv64 architecture; patch from jsg@.Ingo Schwarze2021-05-131-2/+3
| | | | While here, retire sgi and socppc.
* Support the "powerpc64" architecture name.Ingo Schwarze2020-06-291-4/+5
| | | | The first file using it in .Dt was just committed by kettenis@.
* Remove some stray argument names from function prototypes,Ingo Schwarze2020-04-031-4/+6
| | | | | | for consistency with the dominant style used in mandoc. No functional change. Patch from Martin Vahlensieck <academicsolutions dot ch>.
* autocapitalize=none; also from Tim BaumgardIngo Schwarze2020-01-101-1/+2
|
* Switch off the useless and annoying "autocomplete" feature;Ingo Schwarze2020-01-101-1/+1
| | | | | issue reported by Tim Baumgard <at bmgrd dot com>. landry@ and florian@ agree with the general direction.
* Add a Content-Security-Policy HTTP header that allows only CSS.Ingo Schwarze2019-11-101-0/+2
| | | | | | This ensures that in a modern browser that understands the header, mandoc rendering bugs cannot possibly be interpreted as JavaScript. Patch from bentley@.
* For invalid queries and for valid queries returning no result,Ingo Schwarze2019-10-011-7/+10
| | | | | | return the appropriate 40x status code rather than 200. Improvement suggested and diff tested by John Gardner <gardnerjohng at gmail dot com>.
* in man.cgi(8), disable -O toc by default; requested by deraadt@Ingo Schwarze2019-07-101-1/+0
|
* drop redundant '0' flag from "%02.2X" format string;Ingo Schwarze2019-03-061-1/+1
| | | | found by a compiler warning from gcc 4.9.2 on Linux
* Relax overzealous PATH_INFO validation.Ingo Schwarze2019-01-311-1/+1
| | | | | | | URIs like https://man.openbsd.org/OpenBSD-2.2/cat1/cat.0 are still required to work because they result from apropos searches for old releases (up to 5.0) which used to install preformatted manual pages. Regression reported by jj@.
* Cleanup, no functional change:Ingo Schwarze2018-12-301-20/+8
| | | | | | | | | | | | | | The struct roff_man used to be a bad mixture of internal parser state and public parsing results. Move the public results to the parsing result struct roff_meta, which is already public. Move the rest of struct roff_man to the parser-internal header roff_int.h. Since the validators need access to the parser state, call them from the top level parser during mparse_result() rather than from the main programs, also reducing code duplication. This keeps parser internal state out of thee main programs (five in mandoc portable) and out of eight formatters.
* Major cleanup; may imply minor changes in edge cases of error reporting.Ingo Schwarze2018-12-141-1/+1
| | | | | | | | | | | Finally, drop support for the run-time configurable mandocmsg() callback. It was over-engineered from the start, never used for anything in a decade, and repeatedly caused maintenance headaches. Consolidate reporting infrastructure into two files, mandoc.h and mandoc_msg.c, mopping up the bits and pieces that were scattered around main.c, read.c, mandoc_parse.h, libmandoc.h, the prototypes of four parsing-related functions, and both parser structs.
* Cleanup, no functional change:Ingo Schwarze2018-12-131-0/+1
| | | | | | | | | | Split the top level parser interface out of the utility header mandoc.h, into a new header mandoc_parse.h, for use in the main program and in the main parser only. Move enum mandoc_os into roff.h because struct roff_man is the place where it is stored. This allows removal of mandoc.h from seven files in low-level parsers and in formatters.
* Rewrite parse_path_info() to be four lines shorter, simplify ownershipIngo Schwarze2018-10-191-46/+40
| | | | | | | | of allocated strings, do not write to the input string, and improve diagnostic output. The confusing error message "invalid arch" as a reaction to mistyping the release name was noticed by tb@, who likes the new code and message.
* enable the equivalent of -O toc in man.cgi(8)Ingo Schwarze2018-10-021-1/+2
|
* Add missing URI encoding when writing HTTP redirects,Ingo Schwarze2018-10-011-4/+32
| | | | | | fixing a bug reported by <jungleboogie0 at gmail dot com> on bugs@. While here, fully validate the arch name such that we do not have to URI encode that one.
* Remove redundant value= attributes from option elements,Ingo Schwarze2018-05-291-7/+5
| | | | | | and use type=search rather than type=text for the input element because it tends to better support autocompletion. Both suggested by John Gardner <gardnerjohng at gmail dot com>.
* In a nutshell, all mobile browsers are broken.Ingo Schwarze2018-05-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, no matter the physical screen size, they use a fixed viewport width of about 1000px, then scale down the rendered page to make that huge viewport fit on the physical screen. That results in poor rendering for bad websites which assume a large fixed-size viewport (typically requiring zooming in to be able to actually read any text), but in atrocious rendering for good websites that make no assumption about the screen size (unreadably small text in the top left corner, most of the screen empty). A standard way to disable that insane behaviour and just render normally on the actual physical screen size does not exist. The closest thing is the CSS3 Device Adaptation Module Level 1 https://drafts.csswg.org/css-device-adapt/ but https://caniuse.com/#feat=css-deviceadaptation tells me that basically no browser implements it, not even on mobile. The next closest thing is the HTML meta viewport element - even though the problem has nothing to do with HTML and is purely a CSS issue. Standardization is not even planned for that one: * HTML 5.2 mentions it in passing without specifying it: https://www.w3.org/TR/html/document-metadata.html#the-meta-element * The Web Hypertext Application Technology Working Group provides very incomplete information: https://wiki.whatwg.org/wiki/MetaExtensions * CSS3 Device Adaptation Module Level 1 already wants to deprecate it, explaining mostly how to migrate *away* from it to some castle in the sky that no browser implements: https://drafts.csswg.org/css-device-adapt/#viewport-meta While i strongly believe in sticking to well-established standards, in the absence of standards and with atrocious behaviour being universal, there appears to be no alternative to using whatever works. The meta viewport element appears to be the only way to make real-world mobile browsers decently render any HTML page that does not have a fixed-width layout of 1000px. So use it, grudgingly. Originally suggested by xcv at dr dot com. Direction supported by espie@.
* Split -Wstyle into -Wstyle and the even lower -Wbase, and addIngo Schwarze2017-06-241-1/+1
| | | | | | | | | | | | | | | -Wopenbsd and -Wnetbsd to check conventions for the base system of a specific operating system. Mark operating system specific messages with "(OpenBSD)" at the end. Please use just "-Tlint" to check base system manuals (defaulting to -Wall, which is now -Wbase), but prefer "-Tlint -Wstyle" for the manuals of portable software projects you maintain that are not part of OpenBSD base, to avoid bogus recommendations about base system conventions that do not apply. Issue originally reported by semarie@, solution using an idea from tedu@, discussed with jmc@ and jca@.
* KNF: remove parentheses from switch case labels; no binary changeIngo Schwarze2017-06-201-4/+4
|
* More thoroughly reject direct access to unintended files, such thatIngo Schwarze2017-04-191-1/+2
| | | | | | URIs like http://man.openbsd.org/OpenBSD-current/mandoc.db and http://man.openbsd.org/OpenBSD-current/man1/ do not cause display of garbage.
* Simplify: write HTTP 303 redirects with relative locations.Ingo Schwarze2017-03-181-10/+11
| | | | | | Suggested by bentley@. Delete the HTTP_HOST configuration variable that is now obsolete.
* Bugfix: use SCRIPT_NAME for .Xr hyperlinks.Ingo Schwarze2017-03-181-1/+2
| | | | Patch from <andreas at AndreasVoegele dot com>.
* In URIs in apropos(1) result tables,Ingo Schwarze2017-03-151-3/+6
| | | | only write the manpath if it does not match the default.
* Mention the manual page name and section in the HTML page <title>.Ingo Schwarze2017-03-151-33/+48
| | | | | Based on a patch from <Anton dot Lindqvist at gmail dot com>, but simplified and also covering apropos(1) search results.
* It's annoying that people keep writing URIs including redundant partsIngo Schwarze2017-03-151-2/+24
| | | | | like "/OpenBSD-current/manN/". To discourage that, let man.cgi(8) redirect search form results to nice, concise URIs.
* Pledge man.cgi(8).Ingo Schwarze2017-02-221-0/+16
| | | | | Based on a more complicated patch from semarie@. Sebastien and tb@ both agree with the simplification.
* protect <err.h> inclusionIngo Schwarze2017-02-081-0/+2
|
* add arm64 architecture; from deraadt@Ingo Schwarze2017-01-251-1/+1
|
* Improve HTML formatting of .Bl -tag.Ingo Schwarze2017-01-251-0/+2
| | | | | | | | | | | | | | | | | | | | | In particular, when using the style sheet, put the body on the same line as the head for short heads, or on the next line for long heads, in a way that preserves both correct indentation and correct vertical spacing with and without -compact, and with one or more heads per body (hi, Zaphod) - eight use cases so far - and with and without -tag, and with and without -offset, 32 use cases grand total. Using many ideas from zhuk@, from <David dot Dahlberg at fkie dot fraunhofer dot de>, and from Benny Lofgren <bl dash lists at lofgren dot biz>, and a few of my own. This is an excellent demonstration that CSS is an extremely hostile language, much more trapful and much harder to use than, say, C. When matthew@ reported this in July 2014 (!), it was already a known issue, and i no longer remember for how long. My first serious attempt at fixing it (in November 2015) failed miserably. I'd love to see simplifications of both the generated HTML code and of the style sheet, but without breaking any of the 32 use cases, please.
* clean up the remaining class attributesIngo Schwarze2017-01-211-13/+8
|
* Adjust indentation of the HTML output to the conventions establishedIngo Schwarze2017-01-191-26/+26
| | | | by html.c. No semantic change.
* Start cleanup: trim useless HTML comments, <div> elements,Ingo Schwarze2017-01-191-9/+4
| | | | and CSS rules on the <html> and <body> levels.
* use the proper HTML escape for double quote ("): &quot; not &quote;Ingo Schwarze2016-09-121-1/+1
| | | | patch from bentley@
* move zaurus down to the discontinued architecturesIngo Schwarze2016-09-031-3/+3
|
* move "sparc" down to discontinued architecturesIngo Schwarze2016-09-011-3/+3
|
* fix an fd leak; patch from jsg@Ingo Schwarze2016-08-181-0/+1
|
* move armish and hppa64 down in the dropdown box; reminded by jmc@Ingo Schwarze2016-08-101-4/+5
|
* Some base system pages, for example perl(1), contain non-ASCIIIngo Schwarze2016-07-311-1/+2
| | | | | | characters in their source code, so switch on charset autodetection in the same way as in man(1) itself. Issue reported by Pavan Maddamsetti at gmail dot com on bugs@.
* Make all components of the URI individually optional,Ingo Schwarze2016-07-111-16/+41
| | | | | | | independent of each other, as in: http://man.openbsd.org[/manpath][/mansec][/arch]/name[.sec] The restrictions in the past kept confusing people. Triggered by a question from RafaelNeves at gmail dot com.
* Simplify the code and the server setup by deleting the pseudo-manpathIngo Schwarze2016-07-101-11/+3
| | | | | | | | | | "mandoc" that was used for man.cgi(8) documentation and by assuming that the apropos(1) and man.cgi(8) manuals are simply installed in the default manpath. Even though man.cgi(8) is not installed by default when installing OpenBSD, it is easy to copy it into the default manpath used for man.cgi(8). Idea found when considering a question asked by wrant dot com.
* Do not treat PATH_INFO as a complete path if it doesn't containIngo Schwarze2016-07-091-1/+1
| | | | | | a manpath. For example, this makes http://man.openbsd.org/mandoc work as expected. Bug reported by tb@, reminded by Svyatoslav Mishyn.
* Simplify search form: minus two visible control elements, minusIngo Schwarze2016-05-281-27/+8
| | | | | one table, minus twenty lines of code, no loss of functionality. No idea why i didn't do this earlier...
* Only focus on the query input box when no manual page is displayed,Ingo Schwarze2016-04-291-8/+17
| | | | | | | | that is, for the index page, for the noresult page, and for the result of an apropos(1) query with more than one page. As noted by bentley@, when a manual page is displayed, it is more important that people can quickly use the space bar for paging and Ctrl-F for searching.
* Set the "autofocus" attribute on the query text box.Ingo Schwarze2016-04-281-1/+1
| | | | Patch from Fabian dot Raetz at gmail dot com.
* Rename five static functions to make the classification of functionsIngo Schwarze2016-04-151-15/+15
| | | | | as parsers, page generators, and result generators more obvious. No functional change.
* prefer warn[x](3) over fprintf(3) where appropriateIngo Schwarze2016-04-151-22/+18
|
* Fix parsing of PATH_INFO if both a section directory and anIngo Schwarze2016-04-151-17/+13
| | | | architecture subdirectory are specified. Issue reported by tb@.