Cc: and Bcc: must be URI-decoded as well. This patch does the job better (and does a bit of refactoring while we're at it).
Fede
--- claws-mail-3.0.2-orig/src/common/utils.c 2007-11-01 03:27:01.000000000
-0300
+++ claws-mail-3.0.2/src/common/utils.c 2007-11-01 14:49:51.000000000 -0300
@@ -1662,6 +1662,13 @@
decode_uri_with_plus(decoded_uri, encoded_uri, TRUE);
}
+gchar *decode_uri_gdup(const gchar *encoded_uri)
+{
+ gchar *buffer = g_malloc(strlen(encoded_uri)+1);
+ decode_uri(buffer, encoded_uri);
+ return buffer;
+}
+
gint scan_mailto_url(const gchar *mailto, gchar **to, gchar **cc, gchar **bcc,
gchar **subject, gchar **body, gchar **attach)
{
@@ -1684,7 +1691,7 @@
}
if (to && !*to)
- *to = g_strdup(tmp_mailto);
+ *to = decode_uri_gdup(tmp_mailto);
while (p) {
gchar *field, *value;
@@ -1707,20 +1714,17 @@
if (*value == '\0') continue;
if (cc && !*cc && !g_ascii_strcasecmp(field, "cc")) {
- *cc = g_strdup(value);
+ *cc = decode_uri_gdup(value);
} else if (bcc && !*bcc && !g_ascii_strcasecmp(field, "bcc")) {
- *bcc = g_strdup(value);
+ *bcc = decode_uri_gdup(value);
} else if (subject && !*subject &&
!g_ascii_strcasecmp(field, "subject")) {
- *subject = g_malloc(strlen(value) + 1);
- decode_uri(*subject, value);
+ *subject = decode_uri_gdup(value);
} else if (body && !*body && !g_ascii_strcasecmp(field,
"body")) {
- *body = g_malloc(strlen(value) + 1);
- decode_uri(*body, value);
+ *body = decode_uri_gdup(value);
} else if (attach && !*attach && !g_ascii_strcasecmp(field,
"attach")) {
int i = 0;
- *attach = g_malloc(strlen(value) + 1);
- decode_uri(*attach, value);
+ *attach = decode_uri_gdup(value);
for (; forbidden_uris[i]; i++) {
if (strstr(*attach, forbidden_uris[i])) {
g_print("Refusing to attach '%s',
potential private data leak\n",
signature.asc
Description: PGP signature
