| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
Validate the name of the file to show before opening it.
Only allow relative filenames starting with "man" or "cat"
and containing neither "/.." nor "../".
While here, correct the condition discarding an initial "./".
Vulnerability found by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
Many thanks for sending a patch; however, i did not use it but made the
checks even stricter.
|
| |
|
|
|
|
|
|
| |
just make the HTTP redirect Location: relative.
Less user input is good, it reduces the attack surface.
Besides, this removes one global variable and 4 lines of code.
Patch from Sebastien Marie <semarie-openbsd at latrappe dot fr>.
|
| |
|
|
|
|
|
|
|
| |
log the problem, hand the pg_error_internal() error page to the client,
and exit(3) in a controlled way instead of stumbling on and segfaulting
later.
Patch from Sebastien Marie <semarie-openbsd at latrappe dot fr>,
messages tweaked by me.
|
| |
|
|
|
| |
unfortunate, more than 400 links needing this are scattered all around
the www.openbsd.org website, and CVSweb needs this as well.
|
| |
|
|
|
|
| |
functions that call resp_begin_html() names starting with "pg_"
and those called after resp_begin_html() names with "resp_".
No functional change, purely renaming functions.
|
| | |
|
| |
|
|
|
|
| |
Even when there are multiple pages with the same name in different
sections, show one of them, using the same priorities as in the
default man.conf(5) file.
|
| |
|
|
|
|
|
|
| |
as manpath.conf, such that we do not need to mix our own documentation
into the documentation we are serving, which may not even be possible
if the latter is updated automatically.
Based on an idea by beck@.
|
| |
|
|
| |
in particular introduce a section dropdown and an architecture dropdown.
|
| |
|
|
|
| |
configuration facilities, just two paths and two HTML strings.
Show the title on all pages, not just the index page.
|
| |
|
|
|
|
| |
global lookup table, two functions, two function arguments, one
struct member, one local variable, and the "search/" and "show/"
part of the URIs, all without losing functionality.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Distinguish between man(1) and apropos(1) mode by adding back the classical
QUERY_STRING variable "apropos=". Change the default back to "apropos=0".
Control it by adding a HTML <SELECT> element for it.
Rename the "expr=" QUERY_STRING variable back to its classical name "query=",
i don't see how the new name is better than the classical one.
While here, drop the concept of a "legacy mode". Simply continue to
support the features, and use what we consider best.
|
| | |
|
| |
|
|
|
| |
make http decode linear time.
also remove a redundant null check.
|
| |
|
|
| |
http headers must end lines with CRLF.
|
| |
|
|
| |
While here, s/satisfy/match/ when talking about queries.
|
| | |
|
| |
|
|
|
|
|
| |
* Consistent naming and use of resp_* functions.
* Split resp_noresult() out of resp_search() and reuse it.
* Log information about internal errors.
* And some minor fixes.
|
| |
|
|
|
|
|
|
|
|
| |
CGI variable: s/CACHE_DIR/MAN_DIR/ because it's static, not a cache
default MAN_DIR: /cache/man.cgi/ -> /man/ see above
global variable: s/cache/mandir/ see above
global variable: s/css/cssdir/ for consistency with mandir
global variable: s/host/httphost/ for consistency with HTTP_HOST
global variable: s/progname/scriptname/ for consistency with SCRIPT_NAME
struct query: member s/manroot/manpath/ for consistency with QUERY_STRING
|
| |
|
|
| |
and improve some whitespace and comments
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Let manpath.conf be a plain text list of the directories to use.
As a bonus, this makes the order configurable.
Get rid of <dirent.h>, opendir(3), readdir(3), stat(2).
|
| | |
|
| |
|
|
|
|
|
| |
* Simplify pathgen(), just use the subdirs of the cache dir.
* Simplify URI paths, just use show/<manpath>/<filename>.
* Drop struct paths, just use plain strings.
* Garbage collect unused headers.
|
| |
|
|
| |
First committed to wrong branch, sorry.
|
| | |
|
| |
|
|
|
|
| |
single .so request, do not read the file pointed to, but instead
let mparse_result() provide the file name pointed to as a return
value. To be used by makewhatis(8) in the future.
|
| | |
|
| | |
|
| |
|
|
| |
on SmartOS and sent these additional patches, thanks!
|
| |
|
|
|
|
| |
Consistently use the PATH_MAX since it is specified by POSIX,
while MAXPATHLEN is not.
In preparation for using this at a few more places.
|
| |
|
|
|
|
|
|
|
|
| |
default value for the mdoc(7) .Os macro.
Needed for man.cgi on the OpenBSD website.
Problem with man.cgi first noticed by deraadt@;
beck@ and deraadt@ agree with the way to solve the issue.
"Please check them in and I'll look into them later!" kristaps@
|
| | |
|
| | |
|
| |
|
|
| |
we can do this in the frontend.
|
| | |
|
| |
|
|
| |
to do so.
|
| | |
|
| |
|
|
| |
man.cgi.
|
| |
|
|
|
| |
and repeat them in the search bar. This is handy. While here, make the
QUERY_STRING parser a bit simpler.
|
| |
|
|
|
| |
bytes. This cuts down a little in index size and allows for cleaner
extraction of information.
|
| |
|
|
|
|
|
| |
prefix. This means that an index in, say, /usr/share/man will point to
man1/foo.1 instead of /usr/share/man/man1/foo.1. Not only does this
save a lot of space, it also allows manual trees to be moved around
without any side effects to the mandocdb(8) databases.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- include search bar above result page (I relent: it's annoying to
follow three links then press back three times to get a search page);
- make man.cgi.css into man-cgi.css so Apache isn't confused by two
handlers (css, cgi);
- finally consolidate example.style.css to be under the div.mandoc css
selector;
- put catman pages under div.catman;
- put search bar under div#mancgi;
- reflect this properly in the bundled CSS files.
|
| | |
|
| |
|
|
|
| |
including various tweaks to the whatis(8) manual;
ok kristaps@
|
| |
|
|
|
|
| |
Also allow for a CSS_DIR to specify alternate CSS locations.
Finally, some clutter as I assume that "css" and "progname" are already
HTML-safe.
|
| | |
|
| |
|
|
|
| |
specified, write them out using a SELECT box. Else write nothing (the
manroot will still be checked if it's specified).
|
