ponymail-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From humbed...@apache.org
Subject [incubator-ponymail] 01/02: Tidy up list names on seeding pages, to avoid potential breakage
Date Thu, 28 Feb 2019 14:02:14 GMT
This is an automated email from the ASF dual-hosted git repository.

humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail.git

commit 8dc1e1738ea39707e9c96249c7c9530a61056b8a
Author: Daniel Gruno <humbedooh@apache.org>
AuthorDate: Thu Feb 28 15:01:13 2019 +0100

    Tidy up list names on seeding pages, to avoid potential breakage
---
 CHANGELOG.md                        | 1 +
 site/js/dev/ponymail_helperfuncs.js | 6 ++++++
 site/js/dev/ponymail_seeders.js     | 2 ++
 site/js/dev/ponymail_trends.js      | 4 +++-
 4 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a904931..dd1da16 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,5 @@
 ## Changes in 0.11-SNAPSHOT
+- Bug: Tidy up list names on seeding pages to avoid breakage
 - Enh: Enforce UTF-8 in content headers (#479)
 - Bug: elastic.lua#scroll forces sort to use _doc (#478)
 - Bug: cannot download more than 10K mails to a mbox file (#475)
diff --git a/site/js/dev/ponymail_helperfuncs.js b/site/js/dev/ponymail_helperfuncs.js
index c611061..2feea2e 100644
--- a/site/js/dev/ponymail_helperfuncs.js
+++ b/site/js/dev/ponymail_helperfuncs.js
@@ -175,5 +175,11 @@ function isArray(obj) {
     return (obj && obj.constructor && obj.constructor == Array)
 }
 
+
+// sanitize_domain: only accept valid mailing list IDs
+function sanitize_domain(val) {
+    var m = val.match(/[-@a-z.0-9]+/);
+    return m ? m[0] : "unknown";
+}
 // Check for slow URLs every 0.1 seconds
 window.setInterval(checkForSlows, 100)
diff --git a/site/js/dev/ponymail_seeders.js b/site/js/dev/ponymail_seeders.js
index d892923..fa02cc1 100644
--- a/site/js/dev/ponymail_seeders.js
+++ b/site/js/dev/ponymail_seeders.js
@@ -54,6 +54,8 @@ function seedPrefs(json, state) {
 // preGetListInfo: Callback that fetches preferences and sets up list data
 // invoked by onload in list.html and search.html
 function preGetListInfo(list, xdomain, nopush) {
+    if (list) list = sanitize_domain(list);
+    if (xdomain) xdomain = sanitize_domain(xdomain);
     GetAsync("/api/preferences.lua", {
         l: list,
         x: xdomain,
diff --git a/site/js/dev/ponymail_trends.js b/site/js/dev/ponymail_trends.js
index d1a27c9..f4b3d87 100644
--- a/site/js/dev/ponymail_trends.js
+++ b/site/js/dev/ponymail_trends.js
@@ -44,7 +44,7 @@ function showTrends(json, state) {
     }
     
     // Link back to list view if possible
-    var lname = json.list.replace(/</, "&lt;")
+    var lname = json.list;
     if (lname.search(/\*/) == -1) {
         lname = "<a href='list.html?" + lname + "'>" + lname + "</a>"
     }
@@ -287,6 +287,8 @@ function gatherTrends() {
     var dspan = a_arr[1]
     var query = a_arr[2]
     
+    list = sanitize_domain(list);
+    
     // Try to detect header searches, if present
     var nquery = ""
     if (query && query.length > 0) {


Mime
View raw message