summaryrefslogtreecommitdiffstats
path: root/man.cgi.8
Commit message (Collapse)AuthorAgeFilesLines
* Make all components of the URI individually optional,Ingo Schwarze2016-07-111-1/+3
| | | | | | | independent of each other, as in: http://man.openbsd.org[/manpath][/mansec][/arch]/name[.sec] The restrictions in the past kept confusing people. Triggered by a question from RafaelNeves at gmail dot com.
* Simplify the code and the server setup by deleting the pseudo-manpathIngo Schwarze2016-07-101-11/+10
| | | | | | | | | | "mandoc" that was used for man.cgi(8) documentation and by assuming that the apropos(1) and man.cgi(8) manuals are simply installed in the default manpath. Even though man.cgi(8) is not installed by default when installing OpenBSD, it is easy to copy it into the default manpath used for man.cgi(8). Idea found when considering a question asked by wrant dot com.
* sync with OpenBSD: do not talk about nginx(8)Ingo Schwarze2016-07-071-4/+2
|
* Simplify search form: minus two visible control elements, minusIngo Schwarze2016-05-281-14/+9
| | | | | one table, minus twenty lines of code, no loss of functionality. No idea why i didn't do this earlier...
* double word; from jmc@Ingo Schwarze2016-03-191-1/+1
|
* Make the SCRIPT_NAME logic simpler, safer, and make it actually work;Ingo Schwarze2016-03-181-40/+49
| | | | | in part based on ideas by bentley@. While here, improve the documentation.
* document short URIsIngo Schwarze2016-03-181-1/+10
|
* Use include files "header.html" and "footer.html" rather than aIngo Schwarze2015-11-051-7/+7
| | | | | | | | | | | | | compiled-in string. This is not a security risk, we read the file manpath.conf from the same directory, anyway. No error handling is needed; even if the files are absent, that's not an error. This is more flexible without causing complication of the code or the user interface. It helps the upcoming revamp of the online manual pages on man.NetBSD.org. Based on an idea by Jean-Yves Migeon <jeanyves dot migeon at free dot fr>, but implemented in a much simpler way.
* Unify the three stylesheets into a single CSS file.Ingo Schwarze2015-11-051-7/+5
| | | | Many thanks to bentley@ for doing this work.
* Support backslash-escaping of white space in the query expression,Ingo Schwarze2014-09-141-0/+6
| | | | | | to be more similar to apropos(1) called from the shell. Missing feature reported by Marcus MERIGHI <mcmer dash openbsd at tor dot at> on misc@.
* typo; noticed by jmc@ some time agoIngo Schwarze2014-08-221-1/+1
|
* Security fix to prevent XSS attacks:Ingo Schwarze2014-07-221-0/+38
| | | | | | | | Restrict the character set of strings passed into html_alloc(), in particular architecture names that come from the QUERY_STRING, but also SCRIPT_NAME and manpath.conf content for additional safety, and bail out safely on violations. Issue reported by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
* Kristaps points out that the current HTTP/1.1 draft standard (RFCIngo Schwarze2014-07-211-0/+5
| | | | | | | | | | | | | | | | | | 2616) requires the Location: response-header field to be an absolute URI (14.30), and only the most recent proposed standard (RFC 7231), which is barely a month old, allows a relative Location: (7.1.2). While most modern browsers appear to support relative Location: headers, some may not, and it's maybe a bit early to rely on relative Location: headers. I'm not going back to the HTTP_HOST or SERVER_NAME CGI variables, though. While some CGI programs certainly require those, in which case both the CGI programmer and the web server admin have to be very careful to keep the system secure and reliable, man.cgi(8) does not really need them. We always know at compile time which domain we are running for, and for man.cgi(8), security and reliability are definitely much more important than flexibility. So make HTTP_HOST a compile-time definition for now.
* Do not use the HTTP_HOST CGI variable,Ingo Schwarze2014-07-181-5/+0
| | | | | | | | just make the HTTP redirect Location: relative. Less user input is good, it reduces the attack surface. Besides, this removes one global variable and 4 lines of code. Patch from Sebastien Marie <semarie-openbsd at latrappe dot fr>.
* Compatibility hack for the old "manpath=OpenBSD<blank>" query parameter format;Ingo Schwarze2014-07-131-21/+56
| | | | | unfortunate, more than 400 links needing this are scattered all around the www.openbsd.org website, and CVSweb needs this as well.
* Install the manuals of the web interface below the same directoryIngo Schwarze2014-07-131-0/+4
| | | | | | | | as manpath.conf, such that we do not need to mix our own documentation into the documentation we are serving, which may not even be possible if the latter is updated automatically. Based on an idea by beck@.
* update after recent code changesIngo Schwarze2014-07-131-56/+56
|
* Polish the search form using feedback from beck@ and others,Ingo Schwarze2014-07-121-1/+1
| | | | in particular introduce a section dropdown and an architecture dropdown.
* add HISTORY sectionIngo Schwarze2014-07-111-0/+8
|
* Full rewrite of the man.cgi(8) manual.Ingo Schwarze2014-07-101-0/+324
Almost everything in the old man.cgi(7) was outdated in one way or another - catman, catman.conf, CACHE_DIR, /cache, manroots, replacing '/' with spaces, /tmp... Instead, document the HTML and URI interfaces, the output and the setup, and complete the listings of ENVIRONMENT variables and FILES. Using section 8 instead of section 7 because that's the usual place for CGI programs, see for example bgplg(8) and slowcgi(8).