xref: /openbsd/usr.bin/mandoc/cgi.c (revision f211c215)

/*	$OpenBSD: cgi.c,v 1.61 2016/04/14 23:48:06 schwarze Exp $ */
/*
 * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
 * Copyright (c) 2014, 2015, 2016 Ingo Schwarze <schwarze@usta.de>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
#include <sys/types.h>
#include <sys/time.h>

#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include "mandoc_aux.h"
#include "mandoc.h"
#include "roff.h"
#include "mdoc.h"
#include "man.h"
#include "main.h"
#include "manconf.h"
#include "mansearch.h"
#include "cgi.h"

/*
 * A query as passed to the search function.
 */
struct	query {
	char		*manpath; /* desired manual directory */
	char		*arch; /* architecture */
	char		*sec; /* manual section */
	char		*query; /* unparsed query expression */
	int		 equal; /* match whole names, not substrings */
};

struct	req {
	struct query	  q;
	char		**p; /* array of available manpaths */
	size_t		  psz; /* number of available manpaths */
	int		  isquery; /* QUERY_STRING used, not PATH_INFO */
};

static	void		 catman(const struct req *, const char *);
static	void		 format(const struct req *, const char *);
static	void		 html_print(const char *);
static	void		 html_putchar(char);
static	int		 http_decode(char *);
static	void		 http_parse(struct req *, const char *);
static	void		 pathgen(struct req *);
static	void		 path_parse(struct req *req, const char *path);
static	void		 pg_error_badrequest(const char *);
static	void		 pg_error_internal(void);
static	void		 pg_index(const struct req *);
static	void		 pg_noresult(const struct req *, const char *);
static	void		 pg_search(const struct req *);
static	void		 pg_searchres(const struct req *,
				struct manpage *, size_t);
static	void		 pg_show(struct req *, const char *);
static	void		 resp_begin_html(int, const char *);
static	void		 resp_begin_http(int, const char *);
static	void		 resp_copy(const char *);
static	void		 resp_end_html(void);
static	void		 resp_searchform(const struct req *);
static	void		 resp_show(const struct req *, const char *);
static	void		 set_query_attr(char **, char **);
static	int		 validate_filename(const char *);
static	int		 validate_manpath(const struct req *, const char *);
static	int		 validate_urifrag(const char *);

static	const char	 *scriptname = SCRIPT_NAME;

static	const int sec_prios[] = {1, 4, 5, 8, 6, 3, 7, 2, 9};
static	const char *const sec_numbers[] = {
    "0", "1", "2", "3", "3p", "4", "5", "6", "7", "8", "9"
};
static	const char *const sec_names[] = {
    "All Sections",
    "1 - General Commands",
    "2 - System Calls",
    "3 - Library Functions",
    "3p - Perl Library",
    "4 - Device Drivers",
    "5 - File Formats",
    "6 - Games",
    "7 - Miscellaneous Information",
    "8 - System Manager\'s Manual",
    "9 - Kernel Developer\'s Manual"
};
static	const int sec_MAX = sizeof(sec_names) / sizeof(char *);

static	const char *const arch_names[] = {
    "amd64",       "alpha",       "armish",      "armv7",
    "aviion",      "hppa",        "hppa64",      "i386",
    "ia64",        "landisk",     "loongson",    "luna88k",
    "macppc",      "mips64",      "octeon",      "sgi",
    "socppc",      "solbourne",   "sparc",       "sparc64",
    "vax",         "zaurus",
    "amiga",       "arc",         "arm32",       "atari",
    "beagle",      "cats",        "hp300",       "mac68k",
    "mvme68k",     "mvme88k",     "mvmeppc",     "palm",
    "pc532",       "pegasos",     "pmax",        "powerpc",
    "sun3",        "wgrisc",      "x68k"
};
static	const int arch_MAX = sizeof(arch_names) / sizeof(char *);

/*
 * Print a character, escaping HTML along the way.
 * This will pass non-ASCII straight to output: be warned!
 */
static void
html_putchar(char c)
{

	switch (c) {
	case ('"'):
		printf("&quote;");
		break;
	case ('&'):
		printf("&amp;");
		break;
	case ('>'):
		printf("&gt;");
		break;
	case ('<'):
		printf("&lt;");
		break;
	default:
		putchar((unsigned char)c);
		break;
	}
}

/*
 * Call through to html_putchar().
 * Accepts NULL strings.
 */
static void
html_print(const char *p)
{

	if (NULL == p)
		return;
	while ('\0' != *p)
		html_putchar(*p++);
}

/*
 * Transfer the responsibility for the allocated string *val
 * to the query structure.
 */
static void
set_query_attr(char **attr, char **val)
{

	free(*attr);
	if (**val == '\0') {
		*attr = NULL;
		free(*val);
	} else
		*attr = *val;
	*val = NULL;
}

/*
 * Parse the QUERY_STRING for key-value pairs
 * and store the values into the query structure.
 */
static void
http_parse(struct req *req, const char *qs)
{
	char		*key, *val;
	size_t		 keysz, valsz;

	req->isquery	= 1;
	req->q.manpath	= NULL;
	req->q.arch	= NULL;
	req->q.sec	= NULL;
	req->q.query	= NULL;
	req->q.equal	= 1;

	key = val = NULL;
	while (*qs != '\0') {

		/* Parse one key. */

		keysz = strcspn(qs, "=;&");
		key = mandoc_strndup(qs, keysz);
		qs += keysz;
		if (*qs != '=')
			goto next;

		/* Parse one value. */

		valsz = strcspn(++qs, ";&");
		val = mandoc_strndup(qs, valsz);
		qs += valsz;

		/* Decode and catch encoding errors. */

		if ( ! (http_decode(key) && http_decode(val)))
			goto next;

		/* Handle key-value pairs. */

		if ( ! strcmp(key, "query"))
			set_query_attr(&req->q.query, &val);

		else if ( ! strcmp(key, "apropos"))
			req->q.equal = !strcmp(val, "0");

		else if ( ! strcmp(key, "manpath")) {
#ifdef COMPAT_OLDURI
			if ( ! strncmp(val, "OpenBSD ", 8)) {
				val[7] = '-';
				if ('C' == val[8])
					val[8] = 'c';
			}
#endif
			set_query_attr(&req->q.manpath, &val);
		}

		else if ( ! (strcmp(key, "sec")
#ifdef COMPAT_OLDURI
		    && strcmp(key, "sektion")
#endif
		    )) {
			if ( ! strcmp(val, "0"))
				*val = '\0';
			set_query_attr(&req->q.sec, &val);
		}

		else if ( ! strcmp(key, "arch")) {
			if ( ! strcmp(val, "default"))
				*val = '\0';
			set_query_attr(&req->q.arch, &val);
		}

		/*
		 * The key must be freed in any case.
		 * The val may have been handed over to the query
		 * structure, in which case it is now NULL.
		 */
next:
		free(key);
		key = NULL;
		free(val);
		val = NULL;

		if (*qs != '\0')
			qs++;
	}
}

/*
 * HTTP-decode a string.  The standard explanation is that this turns
 * "%4e+foo" into "n foo" in the regular way.  This is done in-place
 * over the allocated string.
 */
static int
http_decode(char *p)
{
	char             hex[3];
	char		*q;
	int              c;

	hex[2] = '\0';

	q = p;
	for ( ; '\0' != *p; p++, q++) {
		if ('%' == *p) {
			if ('\0' == (hex[0] = *(p + 1)))
				return 0;
			if ('\0' == (hex[1] = *(p + 2)))
				return 0;
			if (1 != sscanf(hex, "%x", &c))
				return 0;
			if ('\0' == c)
				return 0;

			*q = (char)c;
			p += 2;
		} else
			*q = '+' == *p ? ' ' : *p;
	}

	*q = '\0';
	return 1;
}

static void
resp_begin_http(int code, const char *msg)
{

	if (200 != code)
		printf("Status: %d %s\r\n", code, msg);

	printf("Content-Type: text/html; charset=utf-8\r\n"
	     "Cache-Control: no-cache\r\n"
	     "Pragma: no-cache\r\n"
	     "\r\n");

	fflush(stdout);
}

static void
resp_copy(const char *filename)
{
	char	 buf[4096];
	ssize_t	 sz;
	int	 fd;

	if ((fd = open(filename, O_RDONLY)) != -1) {
		fflush(stdout);
		while ((sz = read(fd, buf, sizeof(buf))) > 0)
			write(STDOUT_FILENO, buf, sz);
	}
}

static void
resp_begin_html(int code, const char *msg)
{

	resp_begin_http(code, msg);

	printf("<!DOCTYPE html>\n"
	       "<HTML>\n"
	       "<HEAD>\n"
	       "<META CHARSET=\"UTF-8\" />\n"
	       "<LINK REL=\"stylesheet\" HREF=\"%s/mandoc.css\""
	       " TYPE=\"text/css\" media=\"all\">\n"
	       "<TITLE>%s</TITLE>\n"
	       "</HEAD>\n"
	       "<BODY>\n"
	       "<!-- Begin page content. //-->\n",
	       CSS_DIR, CUSTOMIZE_TITLE);

	resp_copy(MAN_DIR "/header.html");
}

static void
resp_end_html(void)
{

	resp_copy(MAN_DIR "/footer.html");

	puts("</BODY>\n"
	     "</HTML>");
}

static void
resp_searchform(const struct req *req)
{
	int		 i;

	puts("<!-- Begin search form. //-->");
	printf("<DIV ID=\"mancgi\">\n"
	       "<FORM ACTION=\"/%s\" METHOD=\"get\">\n"
	       "<FIELDSET>\n"
	       "<LEGEND>Manual Page Search Parameters</LEGEND>\n",
	       scriptname);

	/* Write query input box. */

	printf(	"<TABLE><TR><TD>\n"
		"<INPUT TYPE=\"text\" NAME=\"query\" VALUE=\"");
	if (NULL != req->q.query)
		html_print(req->q.query);
	puts("\" SIZE=\"40\">");

	/* Write submission and reset buttons. */

	printf(	"<INPUT TYPE=\"submit\" VALUE=\"Submit\">\n"
		"<INPUT TYPE=\"reset\" VALUE=\"Reset\">\n");

	/* Write show radio button */

	printf(	"</TD><TD>\n"
		"<INPUT TYPE=\"radio\" ");
	if (req->q.equal)
		printf("CHECKED=\"checked\" ");
	printf(	"NAME=\"apropos\" ID=\"show\" VALUE=\"0\">\n"
		"<LABEL FOR=\"show\">Show named manual page</LABEL>\n");

	/* Write section selector. */

	puts(	"</TD></TR><TR><TD>\n"
		"<SELECT NAME=\"sec\">");
	for (i = 0; i < sec_MAX; i++) {
		printf("<OPTION VALUE=\"%s\"", sec_numbers[i]);
		if (NULL != req->q.sec &&
		    0 == strcmp(sec_numbers[i], req->q.sec))
			printf(" SELECTED=\"selected\"");
		printf(">%s</OPTION>\n", sec_names[i]);
	}
	puts("</SELECT>");

	/* Write architecture selector. */

	printf(	"<SELECT NAME=\"arch\">\n"
		"<OPTION VALUE=\"default\"");
	if (NULL == req->q.arch)
		printf(" SELECTED=\"selected\"");
	puts(">All Architectures</OPTION>");
	for (i = 0; i < arch_MAX; i++) {
		printf("<OPTION VALUE=\"%s\"", arch_names[i]);
		if (NULL != req->q.arch &&
		    0 == strcmp(arch_names[i], req->q.arch))
			printf(" SELECTED=\"selected\"");
		printf(">%s</OPTION>\n", arch_names[i]);
	}
	puts("</SELECT>");

	/* Write manpath selector. */

	if (req->psz > 1) {
		puts("<SELECT NAME=\"manpath\">");
		for (i = 0; i < (int)req->psz; i++) {
			printf("<OPTION ");
			if (strcmp(req->q.manpath, req->p[i]) == 0)
				printf("SELECTED=\"selected\" ");
			printf("VALUE=\"");
			html_print(req->p[i]);
			printf("\">");
			html_print(req->p[i]);
			puts("</OPTION>");
		}
		puts("</SELECT>");
	}

	/* Write search radio button */

	printf(	"</TD><TD>\n"
		"<INPUT TYPE=\"radio\" ");
	if (0 == req->q.equal)
		printf("CHECKED=\"checked\" ");
	printf(	"NAME=\"apropos\" ID=\"search\" VALUE=\"1\">\n"
		"<LABEL FOR=\"search\">Search with apropos query</LABEL>\n");

	puts("</TD></TR></TABLE>\n"
	     "</FIELDSET>\n"
	     "</FORM>\n"
	     "</DIV>");
	puts("<!-- End search form. //-->");
}

static int
validate_urifrag(const char *frag)
{

	while ('\0' != *frag) {
		if ( ! (isalnum((unsigned char)*frag) ||
		    '-' == *frag || '.' == *frag ||
		    '/' == *frag || '_' == *frag))
			return 0;
		frag++;
	}
	return 1;
}

static int
validate_manpath(const struct req *req, const char* manpath)
{
	size_t	 i;

	if ( ! strcmp(manpath, "mandoc"))
		return 1;

	for (i = 0; i < req->psz; i++)
		if ( ! strcmp(manpath, req->p[i]))
			return 1;

	return 0;
}

static int
validate_filename(const char *file)
{

	if ('.' == file[0] && '/' == file[1])
		file += 2;

	return ! (strstr(file, "../") || strstr(file, "/..") ||
	    (strncmp(file, "man", 3) && strncmp(file, "cat", 3)));
}

static void
pg_index(const struct req *req)
{

	resp_begin_html(200, NULL);
	resp_searchform(req);
	printf("<P>\n"
	       "This web interface is documented in the\n"
	       "<A HREF=\"/%s%smandoc/man8/man.cgi.8\">man.cgi</A>\n"
	       "manual, and the\n"
	       "<A HREF=\"/%s%smandoc/man1/apropos.1\">apropos</A>\n"
	       "manual explains the query syntax.\n"
	       "</P>\n",
	       scriptname, *scriptname == '\0' ? "" : "/",
	       scriptname, *scriptname == '\0' ? "" : "/");
	resp_end_html();
}

static void
pg_noresult(const struct req *req, const char *msg)
{
	resp_begin_html(200, NULL);
	resp_searchform(req);
	puts("<P>");
	puts(msg);
	puts("</P>");
	resp_end_html();
}

static void
pg_error_badrequest(const char *msg)
{

	resp_begin_html(400, "Bad Request");
	puts("<H1>Bad Request</H1>\n"
	     "<P>\n");
	puts(msg);
	printf("Try again from the\n"
	       "<A HREF=\"/%s\">main page</A>.\n"
	       "</P>", scriptname);
	resp_end_html();
}

static void
pg_error_internal(void)
{
	resp_begin_html(500, "Internal Server Error");
	puts("<P>Internal Server Error</P>");
	resp_end_html();
}

static void
pg_searchres(const struct req *req, struct manpage *r, size_t sz)
{
	char		*arch, *archend;
	const char	*sec;
	size_t		 i, iuse;
	int		 archprio, archpriouse;
	int		 prio, priouse;

	for (i = 0; i < sz; i++) {
		if (validate_filename(r[i].file))
			continue;
		fprintf(stderr, "invalid filename %s in %s database\n",
		    r[i].file, req->q.manpath);
		pg_error_internal();
		return;
	}

	if (req->isquery && sz == 1) {
		/*
		 * If we have just one result, then jump there now
		 * without any delay.
		 */
		printf("Status: 303 See Other\r\n");
		printf("Location: http://%s/%s%s%s/%s",
		    HTTP_HOST, scriptname,
		    *scriptname == '\0' ? "" : "/",
		    req->q.manpath, r[0].file);
		printf("\r\n"
		     "Content-Type: text/html; charset=utf-8\r\n"
		     "\r\n");
		return;
	}

	resp_begin_html(200, NULL);
	resp_searchform(req);
	puts("<DIV CLASS=\"results\">");
	puts("<TABLE>");

	for (i = 0; i < sz; i++) {
		printf("<TR>\n"
		       "<TD CLASS=\"title\">\n"
		       "<A HREF=\"/%s%s%s/%s",
		    scriptname, *scriptname == '\0' ? "" : "/",
		    req->q.manpath, r[i].file);
		printf("\">");
		html_print(r[i].names);
		printf("</A>\n"
		       "</TD>\n"
		       "<TD CLASS=\"desc\">");
		html_print(r[i].output);
		puts("</TD>\n"
		     "</TR>");
	}

	puts("</TABLE>\n"
	     "</DIV>");

	/*
	 * In man(1) mode, show one of the pages
	 * even if more than one is found.
	 */

	if (req->q.equal) {
		puts("<HR>");
		iuse = 0;
		priouse = 20;
		archpriouse = 3;
		for (i = 0; i < sz; i++) {
			sec = r[i].file;
			sec += strcspn(sec, "123456789");
			if (sec[0] == '\0')
				continue;
			prio = sec_prios[sec[0] - '1'];
			if (sec[1] != '/')
				prio += 10;
			if (req->q.arch == NULL) {
				archprio =
				    ((arch = strchr(sec + 1, '/'))
					== NULL) ? 3 :
				    ((archend = strchr(arch + 1, '/'))
					== NULL) ? 0 :
				    strncmp(arch, "amd64/",
					archend - arch) ? 2 : 1;
				if (archprio < archpriouse) {
					archpriouse = archprio;
					priouse = prio;
					iuse = i;
					continue;
				}
				if (archprio > archpriouse)
					continue;
			}
			if (prio >= priouse)
				continue;
			priouse = prio;
			iuse = i;
		}
		resp_show(req, r[iuse].file);
	}

	resp_end_html();
}

static void
catman(const struct req *req, const char *file)
{
	FILE		*f;
	char		*p;
	size_t		 sz;
	ssize_t		 len;
	int		 i;
	int		 italic, bold;

	if ((f = fopen(file, "r")) == NULL) {
		puts("<P>You specified an invalid manual file.</P>");
		return;
	}

	puts("<DIV CLASS=\"catman\">\n"
	     "<PRE>");

	p = NULL;
	sz = 0;

	while ((len = getline(&p, &sz, f)) != -1) {
		bold = italic = 0;
		for (i = 0; i < len - 1; i++) {
			/*
			 * This means that the catpage is out of state.
			 * Ignore it and keep going (although the
			 * catpage is bogus).
			 */

			if ('\b' == p[i] || '\n' == p[i])
				continue;

			/*
			 * Print a regular character.
			 * Close out any bold/italic scopes.
			 * If we're in back-space mode, make sure we'll
			 * have something to enter when we backspace.
			 */

			if ('\b' != p[i + 1]) {
				if (italic)
					printf("</I>");
				if (bold)
					printf("</B>");
				italic = bold = 0;
				html_putchar(p[i]);
				continue;
			} else if (i + 2 >= len)
				continue;

			/* Italic mode. */

			if ('_' == p[i]) {
				if (bold)
					printf("</B>");
				if ( ! italic)
					printf("<I>");
				bold = 0;
				italic = 1;
				i += 2;
				html_putchar(p[i]);
				continue;
			}

			/*
			 * Handle funny behaviour troff-isms.
			 * These grok'd from the original man2html.c.
			 */

			if (('+' == p[i] && 'o' == p[i + 2]) ||
					('o' == p[i] && '+' == p[i + 2]) ||
					('|' == p[i] && '=' == p[i + 2]) ||
					('=' == p[i] && '|' == p[i + 2]) ||
					('*' == p[i] && '=' == p[i + 2]) ||
					('=' == p[i] && '*' == p[i + 2]) ||
					('*' == p[i] && '|' == p[i + 2]) ||
					('|' == p[i] && '*' == p[i + 2]))  {
				if (italic)
					printf("</I>");
				if (bold)
					printf("</B>");
				italic = bold = 0;
				putchar('*');
				i += 2;
				continue;
			} else if (('|' == p[i] && '-' == p[i + 2]) ||
					('-' == p[i] && '|' == p[i + 1]) ||
					('+' == p[i] && '-' == p[i + 1]) ||
					('-' == p[i] && '+' == p[i + 1]) ||
					('+' == p[i] && '|' == p[i + 1]) ||
					('|' == p[i] && '+' == p[i + 1]))  {
				if (italic)
					printf("</I>");
				if (bold)
					printf("</B>");
				italic = bold = 0;
				putchar('+');
				i += 2;
				continue;
			}

			/* Bold mode. */

			if (italic)
				printf("</I>");
			if ( ! bold)
				printf("<B>");
			bold = 1;
			italic = 0;
			i += 2;
			html_putchar(p[i]);
		}

		/*
		 * Clean up the last character.
		 * We can get to a newline; don't print that.
		 */

		if (italic)
			printf("</I>");
		if (bold)
			printf("</B>");

		if (i == len - 1 && p[i] != '\n')
			html_putchar(p[i]);

		putchar('\n');
	}
	free(p);

	puts("</PRE>\n"
	     "</DIV>");

	fclose(f);
}

static void
format(const struct req *req, const char *file)
{
	struct manoutput conf;
	struct mparse	*mp;
	struct roff_man	*man;
	void		*vp;
	int		 fd;
	int		 usepath;

	if (-1 == (fd = open(file, O_RDONLY, 0))) {
		puts("<P>You specified an invalid manual file.</P>");
		return;
	}

	mchars_alloc();
	mp = mparse_alloc(MPARSE_SO, MANDOCLEVEL_BADARG, NULL, req->q.manpath);
	mparse_readfd(mp, fd, file);
	close(fd);

	memset(&conf, 0, sizeof(conf));
	conf.fragment = 1;
	usepath = strcmp(req->q.manpath, req->p[0]);
	mandoc_asprintf(&conf.man, "/%s%s%%N.%%S",
	    usepath ? req->q.manpath : "", usepath ? "/" : "");

	mparse_result(mp, &man, NULL);
	if (man == NULL) {
		fprintf(stderr, "fatal mandoc error: %s/%s\n",
		    req->q.manpath, file);
		pg_error_internal();
		mparse_free(mp);
		mchars_free();
		return;
	}

	vp = html_alloc(&conf);

	if (man->macroset == MACROSET_MDOC) {
		mdoc_validate(man);
		html_mdoc(vp, man);
	} else {
		man_validate(man);
		html_man(vp, man);
	}

	html_free(vp);
	mparse_free(mp);
	mchars_free();
	free(conf.man);
}

static void
resp_show(const struct req *req, const char *file)
{

	if ('.' == file[0] && '/' == file[1])
		file += 2;

	if ('c' == *file)
		catman(req, file);
	else
		format(req, file);
}

static void
pg_show(struct req *req, const char *fullpath)
{
	char		*manpath;
	const char	*file;

	if ((file = strchr(fullpath, '/')) == NULL) {
		pg_error_badrequest(
		    "You did not specify a page to show.");
		return;
	}
	manpath = mandoc_strndup(fullpath, file - fullpath);
	file++;

	if ( ! validate_manpath(req, manpath)) {
		pg_error_badrequest(
		    "You specified an invalid manpath.");
		free(manpath);
		return;
	}

	/*
	 * Begin by chdir()ing into the manpath.
	 * This way we can pick up the database files, which are
	 * relative to the manpath root.
	 */

	if (chdir(manpath) == -1) {
		fprintf(stderr, "chdir %s: %s\n",
		    manpath, strerror(errno));
		pg_error_internal();
		free(manpath);
		return;
	}

	if (strcmp(manpath, "mandoc")) {
		free(req->q.manpath);
		req->q.manpath = manpath;
	} else
		free(manpath);

	if ( ! validate_filename(file)) {
		pg_error_badrequest(
		    "You specified an invalid manual file.");
		return;
	}

	resp_begin_html(200, NULL);
	resp_searchform(req);
	resp_show(req, file);
	resp_end_html();
}

static void
pg_search(const struct req *req)
{
	struct mansearch	  search;
	struct manpaths		  paths;
	struct manpage		 *res;
	char			**argv;
	char			 *query, *rp, *wp;
	size_t			  ressz;
	int			  argc;

	/*
	 * Begin by chdir()ing into the root of the manpath.
	 * This way we can pick up the database files, which are
	 * relative to the manpath root.
	 */

	if (-1 == (chdir(req->q.manpath))) {
		fprintf(stderr, "chdir %s: %s\n",
		    req->q.manpath, strerror(errno));
		pg_error_internal();
		return;
	}

	search.arch = req->q.arch;
	search.sec = req->q.sec;
	search.outkey = "Nd";
	search.argmode = req->q.equal ? ARG_NAME : ARG_EXPR;
	search.firstmatch = 1;

	paths.sz = 1;
	paths.paths = mandoc_malloc(sizeof(char *));
	paths.paths[0] = mandoc_strdup(".");

	/*
	 * Break apart at spaces with backslash-escaping.
	 */

	argc = 0;
	argv = NULL;
	rp = query = mandoc_strdup(req->q.query);
	for (;;) {
		while (isspace((unsigned char)*rp))
			rp++;
		if (*rp == '\0')
			break;
		argv = mandoc_reallocarray(argv, argc + 1, sizeof(char *));
		argv[argc++] = wp = rp;
		for (;;) {
			if (isspace((unsigned char)*rp)) {
				*wp = '\0';
				rp++;
				break;
			}
			if (rp[0] == '\\' && rp[1] != '\0')
				rp++;
			if (wp != rp)
				*wp = *rp;
			if (*rp == '\0')
				break;
			wp++;
			rp++;
		}
	}

	if (0 == mansearch(&search, &paths, argc, argv, &res, &ressz))
		pg_noresult(req, "You entered an invalid query.");
	else if (0 == ressz)
		pg_noresult(req, "No results found.");
	else
		pg_searchres(req, res, ressz);

	free(query);
	mansearch_free(res, ressz);
	free(paths.paths[0]);
	free(paths.paths);
}

int
main(void)
{
	struct req	 req;
	struct itimerval itimer;
	const char	*path;
	const char	*querystring;
	int		 i;

	/* Poor man's ReDoS mitigation. */

	itimer.it_value.tv_sec = 2;
	itimer.it_value.tv_usec = 0;
	itimer.it_interval.tv_sec = 2;
	itimer.it_interval.tv_usec = 0;
	if (setitimer(ITIMER_VIRTUAL, &itimer, NULL) == -1) {
		fprintf(stderr, "setitimer: %s\n", strerror(errno));
		pg_error_internal();
		return EXIT_FAILURE;
	}

	/*
	 * First we change directory into the MAN_DIR so that
	 * subsequent scanning for manpath directories is rooted
	 * relative to the same position.
	 */

	if (-1 == chdir(MAN_DIR)) {
		fprintf(stderr, "MAN_DIR: %s: %s\n",
		    MAN_DIR, strerror(errno));
		pg_error_internal();
		return EXIT_FAILURE;
	}

	memset(&req, 0, sizeof(struct req));
	req.q.equal = 1;
	pathgen(&req);

	/* Parse the path info and the query string. */

	if ((path = getenv("PATH_INFO")) == NULL)
		path = "";
	else if (*path == '/')
		path++;

	if (*path != '\0' && access(path, F_OK) == -1) {
		path_parse(&req, path);
		path = "";
	} else if ((querystring = getenv("QUERY_STRING")) != NULL)
		http_parse(&req, querystring);

	/* Validate parsed data and add defaults. */

	if (req.q.manpath == NULL)
		req.q.manpath = mandoc_strdup(req.p[0]);
	else if ( ! validate_manpath(&req, req.q.manpath)) {
		pg_error_badrequest(
		    "You specified an invalid manpath.");
		return EXIT_FAILURE;
	}

	if ( ! (NULL == req.q.arch || validate_urifrag(req.q.arch))) {
		pg_error_badrequest(
		    "You specified an invalid architecture.");
		return EXIT_FAILURE;
	}

	/* Dispatch to the three different pages. */

	if ('\0' != *path)
		pg_show(&req, path);
	else if (NULL != req.q.query)
		pg_search(&req);
	else
		pg_index(&req);

	free(req.q.manpath);
	free(req.q.arch);
	free(req.q.sec);
	free(req.q.query);
	for (i = 0; i < (int)req.psz; i++)
		free(req.p[i]);
	free(req.p);
	return EXIT_SUCCESS;
}

/*
 * If PATH_INFO is not a file name, translate it to a query.
 */
static void
path_parse(struct req *req, const char *path)
{
	int	 dir_done;

	req->isquery = 0;
	req->q.equal = 1;
	req->q.manpath = mandoc_strdup(path);

	/* Mandatory manual page name. */
	if ((req->q.query = strrchr(req->q.manpath, '/')) == NULL) {
		req->q.query = req->q.manpath;
		req->q.manpath = NULL;
	} else
		*req->q.query++ = '\0';

	/* Optional trailing section. */
	if ((req->q.sec = strrchr(req->q.query, '.')) != NULL) {
		if(isdigit((unsigned char)req->q.sec[1])) {
			*req->q.sec++ = '\0';
			req->q.sec = mandoc_strdup(req->q.sec);
		} else
			req->q.sec = NULL;
	}

	/* Handle the case of name[.section] only. */
	if (req->q.manpath == NULL) {
		req->q.arch = NULL;
		return;
	}
	req->q.query = mandoc_strdup(req->q.query);

	/* Optional architecture. */
	dir_done = 0;
	for (;;) {
		if ((req->q.arch = strrchr(req->q.manpath, '/')) == NULL)
			break;
		*req->q.arch++ = '\0';
		if (dir_done || strncmp(req->q.arch, "man", 3)) {
			req->q.arch = mandoc_strdup(req->q.arch);
			break;
		}

		/* Optional directory name. */
		req->q.arch += 3;
		if (*req->q.arch != '\0') {
			free(req->q.sec);
			req->q.sec = mandoc_strdup(req->q.arch);
		}
		dir_done = 1;
	}
}

/*
 * Scan for indexable paths.
 */
static void
pathgen(struct req *req)
{
	FILE	*fp;
	char	*dp;
	size_t	 dpsz;
	ssize_t	 len;

	if (NULL == (fp = fopen("manpath.conf", "r"))) {
		fprintf(stderr, "%s/manpath.conf: %s\n",
			MAN_DIR, strerror(errno));
		pg_error_internal();
		exit(EXIT_FAILURE);
	}

	dp = NULL;
	dpsz = 0;

	while ((len = getline(&dp, &dpsz, fp)) != -1) {
		if (dp[len - 1] == '\n')
			dp[--len] = '\0';
		req->p = mandoc_realloc(req->p,
		    (req->psz + 1) * sizeof(char *));
		if ( ! validate_urifrag(dp)) {
			fprintf(stderr, "%s/manpath.conf contains "
			    "unsafe path \"%s\"\n", MAN_DIR, dp);
			pg_error_internal();
			exit(EXIT_FAILURE);
		}
		if (NULL != strchr(dp, '/')) {
			fprintf(stderr, "%s/manpath.conf contains "
			    "path with slash \"%s\"\n", MAN_DIR, dp);
			pg_error_internal();
			exit(EXIT_FAILURE);
		}
		req->p[req->psz++] = dp;
		dp = NULL;
		dpsz = 0;
	}
	free(dp);

	if ( req->p == NULL ) {
		fprintf(stderr, "%s/manpath.conf is empty\n", MAN_DIR);
		pg_error_internal();
		exit(EXIT_FAILURE);
	}
}