===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/mandoc/cgi.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -c -r1.28 -r1.29
*** src/usr.bin/mandoc/cgi.c	2014/07/25 18:19:33	1.28
--- src/usr.bin/mandoc/cgi.c	2014/07/25 19:36:02	1.29
***************
*** 1,4 ****
! /*	$Id: cgi.c,v 1.28 2014/07/25 18:19:33 schwarze Exp $ */
  /*
   * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
   * Copyright (c) 2014 Ingo Schwarze <schwarze@usta.de>
--- 1,4 ----
! /*	$Id: cgi.c,v 1.29 2014/07/25 19:36:02 schwarze Exp $ */
  /*
   * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
   * Copyright (c) 2014 Ingo Schwarze <schwarze@usta.de>
***************
*** 1082,1088 ****
  	if (NULL != (querystring = getenv("QUERY_STRING")))
  		http_parse(&req, querystring);
  
! 	if ( ! validate_manpath(&req, req.q.manpath)) {
  		pg_error_badrequest(
  		    "You specified an invalid manpath.");
  		return(EXIT_FAILURE);
--- 1082,1089 ----
  	if (NULL != (querystring = getenv("QUERY_STRING")))
  		http_parse(&req, querystring);
  
! 	if ( ! (NULL == req.q.manpath ||
! 	    validate_manpath(&req, req.q.manpath))) {
  		pg_error_badrequest(
  		    "You specified an invalid manpath.");
  		return(EXIT_FAILURE);