httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1325876 - in /httpd/mod_mbox/branches/convert-charsets/module-2.0: mod_mbox.h mod_mbox_out.c
Date Fri, 13 Apr 2012 17:56:17 GMT
Author: sf
Date: Fri Apr 13 17:56:16 2012
New Revision: 1325876

URL: http://svn.apache.org/viewvc?rev=1325876&view=rev
Log:
escape more headers to make it likelier that we send correct XML

TODO: We really need to check all data from mails if they contain
invalid characters that we may need to escape

Modified:
    httpd/mod_mbox/branches/convert-charsets/module-2.0/mod_mbox.h
    httpd/mod_mbox/branches/convert-charsets/module-2.0/mod_mbox_out.c

Modified: httpd/mod_mbox/branches/convert-charsets/module-2.0/mod_mbox.h
URL: http://svn.apache.org/viewvc/httpd/mod_mbox/branches/convert-charsets/module-2.0/mod_mbox.h?rev=1325876&r1=1325875&r2=1325876&view=diff
==============================================================================
--- httpd/mod_mbox/branches/convert-charsets/module-2.0/mod_mbox.h (original)
+++ httpd/mod_mbox/branches/convert-charsets/module-2.0/mod_mbox.h Fri Apr 13 17:56:16 2012
@@ -149,9 +149,14 @@ const char *get_base_path(request_rec *r
 const char *get_base_uri(request_rec *r);
 const char *get_base_name(request_rec *r);
 
+/* XXX This should enforce that the result is valid UTF-8 */
 #define ESCAPE_OR_BLANK(pool, s) \
 (s ? mbox_cntrl_escape(pool, ap_escape_html(pool, s)) : "")
 
+/* XXX This should enforce that the result is valid UTF-8 */
+#define ESCAPE_AND_CONV_HDR(pool, s) \
+(s ? mbox_cntrl_escape(pool, ap_escape_html(pool, mbox_cte_decode_header(pool, s))) : "")
+
 #define URI_ESCAPE_OR_BLANK(pool, s) \
 (s ? ap_escape_uri(pool, s) : "")
 

Modified: httpd/mod_mbox/branches/convert-charsets/module-2.0/mod_mbox_out.c
URL: http://svn.apache.org/viewvc/httpd/mod_mbox/branches/convert-charsets/module-2.0/mod_mbox_out.c?rev=1325876&r1=1325875&r2=1325876&view=diff
==============================================================================
--- httpd/mod_mbox/branches/convert-charsets/module-2.0/mod_mbox_out.c (original)
+++ httpd/mod_mbox/branches/convert-charsets/module-2.0/mod_mbox_out.c Fri Apr 13 17:56:16
2012
@@ -49,9 +49,9 @@ static void display_atom_entry(request_r
     char *c;
 
     ap_rputs("<entry>\n", r);
-    ap_rprintf(r, "<title>%s</title>\n", ESCAPE_OR_BLANK(pool, m->subject));
+    ap_rprintf(r, "<title>%s</title>\n", ESCAPE_AND_CONV_HDR(pool, m->subject));
     ap_rprintf(r, "<author><name>%s</name></author>\n",
-               ESCAPE_OR_BLANK(pool, m->from));
+               ESCAPE_AND_CONV_HDR(pool, m->from));
 
     ap_rprintf(r, "<link rel=\"alternate\" href=\"%s%s/%s\"/>\n",
                ap_construct_url(r->pool, r->uri, r),
@@ -382,7 +382,11 @@ apr_status_t mbox_static_index_boxlist(r
     return APR_SUCCESS;
 }
 
-/* Antispam protection */
+/* Antispam protection,
+ * proper order is:
+ * apply mbox_cte_decode_header(), then email_antispam(), then
+ * ESCAPE_OR_BLANK()
+ */
 static char *email_antispam(char *email)
 {
     char *tmp;
@@ -427,11 +431,11 @@ static void display_static_msglist_entry
     /* Message author */
     ap_rputs("   <tr>\n", r);
 
-    tmp = ESCAPE_OR_BLANK(r->pool, m->str_from);
-    tmp = mbox_cte_decode_header(r->pool, tmp);
+    tmp = mbox_cte_decode_header(r->pool, m->str_from);
     if (conf->antispam) {
         tmp = email_antispam(tmp);
     }
+    tmp = ESCAPE_OR_BLANK(r->pool, tmp);
 
     if (linked) {
         ap_rprintf(r, "    <td class=\"author\">%s</td>\n", tmp);
@@ -451,8 +455,7 @@ static void display_static_msglist_entry
                    URI_ESCAPE_OR_BLANK(r->pool, m->msgID));
     }
 
-    tmp = mbox_cte_decode_header(r->pool, m->subject);
-    ap_rprintf(r, "%s", ESCAPE_OR_BLANK(r->pool, tmp));
+    ap_rprintf(r, "%s", ESCAPE_AND_CONV_HDR(r->pool, m->subject));
     if (linked) {
         ap_rputs("</a>", r);
     }
@@ -476,7 +479,7 @@ static void display_xml_msglist_entry(re
 {
     mbox_dir_cfg_t *conf;
 
-    char *from, *subj;
+    char *from;
 
     conf = ap_get_module_config(r->per_dir_config, &mbox_module);
 
@@ -484,18 +487,17 @@ static void display_xml_msglist_entry(re
     if (conf->antispam) {
         from = email_antispam(from);
     }
-    subj = mbox_cte_decode_header(r->pool, m->subject);
+    from = ESCAPE_OR_BLANK(r->pool, from);
 
     ap_rprintf(r, " <message linked=\"%d\" depth=\"%d\" id=\"%s\">\n",
                linked, depth, ESCAPE_OR_BLANK(r->pool, m->msgID));
 
-    ap_rprintf(r, "  <from><![CDATA[%s]]></from>\n",
-               ESCAPE_OR_BLANK(r->pool, from));
+    ap_rprintf(r, "  <from><![CDATA[%s]]></from>\n", from);
     ap_rprintf(r, "  <date><![CDATA[%s]]></date>\n",
                ESCAPE_OR_BLANK(r->pool, m->str_date));
 
     ap_rprintf(r, "  <subject><![CDATA[%s]]></subject>\n",
-               ESCAPE_OR_BLANK(r->pool, subj));
+               ESCAPE_AND_CONV_HDR(r->pool, m->subject));
     ap_rprintf(r, " </message>\n");
 }
 
@@ -1141,9 +1143,8 @@ int mbox_static_message(request_rec *r, 
                                              m->charset,
                                              m->cte, m->boundary);
 
-    subject = mbox_cte_decode_header(r->pool, m->subject);
-    send_page_header(r,
-                     ESCAPE_OR_BLANK(r->pool, subject),
+    subject = ESCAPE_AND_CONV_HDR(r->pool, m->subject);
+    send_page_header(r, subject,
                      apr_psprintf(r->pool, "%s mailing list archives",
                                   get_base_name(r)),
                      0);
@@ -1159,11 +1160,11 @@ int mbox_static_message(request_rec *r, 
                "List index</a></h5>", get_base_path(r));
 
     /* Display context message list */
-    from = ESCAPE_OR_BLANK(r->pool, m->from);
-    from = mbox_cte_decode_header(r->pool, from);
+    from = mbox_cte_decode_header(r->pool, m->from);
     if (conf->antispam) {
         from = email_antispam(from);
     }
+    from = ESCAPE_OR_BLANK(r->pool, from);
 
     ap_rputs("  <table class=\"static\" id=\"msgview\">\n", r);
 
@@ -1192,7 +1193,7 @@ int mbox_static_message(request_rec *r, 
     ap_rprintf(r, "   <tr class=\"subject\">\n"
                "    <td class=\"left\">Subject</td>\n"
                "    <td class=\"right\">%s</td>\n"
-               "   </tr>\n", ESCAPE_OR_BLANK(r->pool, subject));
+               "   </tr>\n", subject);
 
     ap_rprintf(r, "   <tr class=\"date\">\n"
                "    <td class=\"left\">Date</td>\n"
@@ -1260,7 +1261,7 @@ apr_status_t mbox_xml_message(request_re
         from = email_antispam(from);
     }
     from = ESCAPE_OR_BLANK(r->pool, from);
-    subj = mbox_cte_decode_header(r->pool, m->subject);
+    subj = ESCAPE_AND_CONV_HDR(r->pool, m->subject);
 
     ap_rprintf(r, "<mail id=\"%s\">\n"
                " <from><![CDATA[%s]]></from>\n"
@@ -1268,8 +1269,7 @@ apr_status_t mbox_xml_message(request_re
                " <date><![CDATA[%s]]></date>\n"
                " <contents><![CDATA[",
                URI_ESCAPE_OR_BLANK(r->pool, m->msgID),
-               from,
-               ESCAPE_OR_BLANK(r->pool, subj),
+               from, subj,
                ESCAPE_OR_BLANK(r->pool, m->rfc822_date));
 
     ap_rprintf(r, "%s",



Mime
View raw message