Bug#448814: Actually, it's not just the To: field

2007-11-02 Thread Federico Heinz 
On 02/11/2007, Ricardo Mones wrote:
   You cannot pretend claws-mail (or any other program) to know how to 
   decode arbitrary encoded data from all its potential callers.

Ricardo, this is the code that gets called when claws is invoked with
'claws --compose mailto:something-or-other'. Since everything from the mailto:
onwards is by definition an URI, it *must* be URI-encoded (it would be a bug if
it weren't!). So it's not a matter of decoding arbitrary encoded data, it's
about handlilng URIs the way they are supposed to be handled.

   The data should reach command line already decoded by the browser
   calling claws-mail.

This is incorrect. Supose you have a link in a web page to send a message to
J. Random Hacker  Co. [EMAIL PROTECTED]. We could not send this address to
claws-mail with

  claws-mail --compose mailto:J. Random Hacker  Co. [EMAIL PROTECTED]

For two reasons:
  1) the shell will separate the URL after J.
  2) even if we quoted it to make the whole address one word, it results in an
 invalid URI, because it contains naked spaces, punctuation and even an 
 which would get the URI parser mightily confused

 If not that's a bug in the browser, not in claws-mail. Which browser are you
 using? 

I'm using a script I wrote (attached) to make it possible to use claws as a MUA
for debian's reportbug (in fact, this very bug report was sent using it!). To
use it with reportbug, you use

   reportbug --mua /path/to/claws-recompose package

Be kind to it, it's still unpolished, I intend to contribute it to claws tools.

But you can reproduce it just as easily with mozilla-* (and I guess with any
browser) with the attached trivial html file.

This is definitely a bug in claws, not anywhere else.

Fede


claws-recompose
Description: Binary data
Title: Showacase claws-mail URI misbehaviour


  Click here and watch claws-mail misbehave!



signature.asc
Description: PGP signature

Bug#448814: Actually, it's not just the To: field

2007-11-02 Thread Ricardo Mones 
  Hi Federico,

On Thu, Nov 01, 2007 at 02:55:28PM -0300, Federico Heinz wrote:
 Cc: and Bcc: must be URI-decoded as well.
 
 This patch does the job better (and does a bit of refactoring while we're at
 it).

  You cannot pretend claws-mail (or any other program) to know how to 
  decode arbitrary encoded data from all its potential callers.

  The data should reach command line already decoded by the browser
  calling claws-mail. If not that's a bug in the browser, not in
  claws-mail. Which browser are you using?

  regards,
-- 
  Ricardo Mones 
  ~
  RTFM - Read The Manual (The 'F' is silent). Usually a very good 
  idea. Bjarne Stroustrup



signature.asc
Description: Digital signature

Bug#448814: Actually, it's not just the To: field

2007-11-01 Thread Federico Heinz 
Cc: and Bcc: must be URI-decoded as well.

This patch does the job better (and does a bit of refactoring while we're at
it).

Fede

--- claws-mail-3.0.2-orig/src/common/utils.c2007-11-01 03:27:01.0 
-0300
+++ claws-mail-3.0.2/src/common/utils.c 2007-11-01 14:49:51.0 -0300
@@ -1662,6 +1662,13 @@
decode_uri_with_plus(decoded_uri, encoded_uri, TRUE);
 }
 
+gchar *decode_uri_gdup(const gchar *encoded_uri)
+{
+gchar *buffer = g_malloc(strlen(encoded_uri)+1);
+decode_uri(buffer, encoded_uri);
+return buffer;
+}
+
 gint scan_mailto_url(const gchar *mailto, gchar **to, gchar **cc, gchar **bcc,
 gchar **subject, gchar **body, gchar **attach)
 {
@@ -1684,7 +1691,7 @@
}
 
if (to  !*to)
-   *to = g_strdup(tmp_mailto);
+   *to = decode_uri_gdup(tmp_mailto);
 
while (p) {
gchar *field, *value;
@@ -1707,20 +1714,17 @@
if (*value == '\0') continue;
 
if (cc  !*cc  !g_ascii_strcasecmp(field, cc)) {
-   *cc = g_strdup(value);
+   *cc = decode_uri_gdup(value);
} else if (bcc  !*bcc  !g_ascii_strcasecmp(field, bcc)) {
-   *bcc = g_strdup(value);
+   *bcc = decode_uri_gdup(value);
} else if (subject  !*subject 
   !g_ascii_strcasecmp(field, subject)) {
-   *subject = g_malloc(strlen(value) + 1);
-   decode_uri(*subject, value);
+   *subject = decode_uri_gdup(value);
} else if (body  !*body  !g_ascii_strcasecmp(field, 
body)) {
-   *body = g_malloc(strlen(value) + 1);
-   decode_uri(*body, value);
+   *body = decode_uri_gdup(value);
} else if (attach  !*attach  !g_ascii_strcasecmp(field, 
attach)) {
int i = 0;
-   *attach = g_malloc(strlen(value) + 1);
-   decode_uri(*attach, value);
+   *attach = decode_uri_gdup(value);
for (; forbidden_uris[i]; i++) {
if (strstr(*attach, forbidden_uris[i])) {
g_print(Refusing to attach '%s', 
potential private data leak\n,


signature.asc
Description: PGP signature