Cc: and Bcc: must be URI-decoded as well. This patch does the job better (and does a bit of refactoring while we're at it).
Fede --- claws-mail-3.0.2-orig/src/common/utils.c 2007-11-01 03:27:01.000000000 -0300 +++ claws-mail-3.0.2/src/common/utils.c 2007-11-01 14:49:51.000000000 -0300 @@ -1662,6 +1662,13 @@ decode_uri_with_plus(decoded_uri, encoded_uri, TRUE); } +gchar *decode_uri_gdup(const gchar *encoded_uri) +{ + gchar *buffer = g_malloc(strlen(encoded_uri)+1); + decode_uri(buffer, encoded_uri); + return buffer; +} + gint scan_mailto_url(const gchar *mailto, gchar **to, gchar **cc, gchar **bcc, gchar **subject, gchar **body, gchar **attach) { @@ -1684,7 +1691,7 @@ } if (to && !*to) - *to = g_strdup(tmp_mailto); + *to = decode_uri_gdup(tmp_mailto); while (p) { gchar *field, *value; @@ -1707,20 +1714,17 @@ if (*value == '\0') continue; if (cc && !*cc && !g_ascii_strcasecmp(field, "cc")) { - *cc = g_strdup(value); + *cc = decode_uri_gdup(value); } else if (bcc && !*bcc && !g_ascii_strcasecmp(field, "bcc")) { - *bcc = g_strdup(value); + *bcc = decode_uri_gdup(value); } else if (subject && !*subject && !g_ascii_strcasecmp(field, "subject")) { - *subject = g_malloc(strlen(value) + 1); - decode_uri(*subject, value); + *subject = decode_uri_gdup(value); } else if (body && !*body && !g_ascii_strcasecmp(field, "body")) { - *body = g_malloc(strlen(value) + 1); - decode_uri(*body, value); + *body = decode_uri_gdup(value); } else if (attach && !*attach && !g_ascii_strcasecmp(field, "attach")) { int i = 0; - *attach = g_malloc(strlen(value) + 1); - decode_uri(*attach, value); + *attach = decode_uri_gdup(value); for (; forbidden_uris[i]; i++) { if (strstr(*attach, forbidden_uris[i])) { g_print("Refusing to attach '%s', potential private data leak\n",
signature.asc
Description: PGP signature