This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail.git
commit 8dc1e1738ea39707e9c96249c7c9530a61056b8a
Author: Daniel Gruno <humbed...@apache.org>
AuthorDate: Thu Feb 28 15:01:13 2019 +0100
Tidy up list names on seeding pages, to avoid potential breakage
---
CHANGELOG.md | 1 +
site/js/dev/ponymail_helperfuncs.js | 6 ++++++
site/js/dev/ponymail_seeders.js | 2 ++
site/js/dev/ponymail_trends.js | 4 +++-
4 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a904931..dd1da16 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,5 @@
## Changes in 0.11-SNAPSHOT
+- Bug: Tidy up list names on seeding pages to avoid breakage
- Enh: Enforce UTF-8 in content headers (#479)
- Bug: elastic.lua#scroll forces sort to use _doc (#478)
- Bug: cannot download more than 10K mails to a mbox file (#475)
diff --git a/site/js/dev/ponymail_helperfuncs.js
b/site/js/dev/ponymail_helperfuncs.js
index c611061..2feea2e 100644
--- a/site/js/dev/ponymail_helperfuncs.js
+++ b/site/js/dev/ponymail_helperfuncs.js
@@ -175,5 +175,11 @@ function isArray(obj) {
return (obj && obj.constructor && obj.constructor == Array)
}
+
+// sanitize_domain: only accept valid mailing list IDs
+function sanitize_domain(val) {
+ var m = val.match(/[-@a-z.0-9]+/);
+ return m ? m[0] : "unknown";
+}
// Check for slow URLs every 0.1 seconds
window.setInterval(checkForSlows, 100)
diff --git a/site/js/dev/ponymail_seeders.js b/site/js/dev/ponymail_seeders.js
index d892923..fa02cc1 100644
--- a/site/js/dev/ponymail_seeders.js
+++ b/site/js/dev/ponymail_seeders.js
@@ -54,6 +54,8 @@ function seedPrefs(json, state) {
// preGetListInfo: Callback that fetches preferences and sets up list data
// invoked by onload in list.html and search.html
function preGetListInfo(list, xdomain, nopush) {
+ if (list) list = sanitize_domain(list);
+ if (xdomain) xdomain = sanitize_domain(xdomain);
GetAsync("/api/preferences.lua", {
l: list,
x: xdomain,
diff --git a/site/js/dev/ponymail_trends.js b/site/js/dev/ponymail_trends.js
index d1a27c9..f4b3d87 100644
--- a/site/js/dev/ponymail_trends.js
+++ b/site/js/dev/ponymail_trends.js
@@ -44,7 +44,7 @@ function showTrends(json, state) {
}
// Link back to list view if possible
- var lname = json.list.replace(/</, "<")
+ var lname = json.list;
if (lname.search(/\*/) == -1) {
lname = "<a href='list.html?" + lname + "'>" + lname + "</a>"
}
@@ -287,6 +287,8 @@ function gatherTrends() {
var dspan = a_arr[1]
var query = a_arr[2]
+ list = sanitize_domain(list);
+
// Try to detect header searches, if present
var nquery = ""
if (query && query.length > 0) {
