Bug#448814: Actually, it's not just the To: field
On 02/11/2007, Ricardo Mones wrote: You cannot pretend claws-mail (or any other program) to know how to decode arbitrary encoded data from all its potential callers. Ricardo, this is the code that gets called when claws is invoked with 'claws --compose mailto:something-or-other'. Since everything from the mailto: onwards is by definition an URI, it *must* be URI-encoded (it would be a bug if it weren't!). So it's not a matter of decoding arbitrary encoded data, it's about handlilng URIs the way they are supposed to be handled. The data should reach command line already decoded by the browser calling claws-mail. This is incorrect. Supose you have a link in a web page to send a message to J. Random Hacker Co. [EMAIL PROTECTED]. We could not send this address to claws-mail with claws-mail --compose mailto:J. Random Hacker Co. [EMAIL PROTECTED] For two reasons: 1) the shell will separate the URL after J. 2) even if we quoted it to make the whole address one word, it results in an invalid URI, because it contains naked spaces, punctuation and even an which would get the URI parser mightily confused If not that's a bug in the browser, not in claws-mail. Which browser are you using? I'm using a script I wrote (attached) to make it possible to use claws as a MUA for debian's reportbug (in fact, this very bug report was sent using it!). To use it with reportbug, you use reportbug --mua /path/to/claws-recompose package Be kind to it, it's still unpolished, I intend to contribute it to claws tools. But you can reproduce it just as easily with mozilla-* (and I guess with any browser) with the attached trivial html file. This is definitely a bug in claws, not anywhere else. Fede claws-recompose Description: Binary data Title: Showacase claws-mail URI misbehaviour Click here and watch claws-mail misbehave! signature.asc Description: PGP signature
Bug#448814: Actually, it's not just the To: field
Hi Federico, On Thu, Nov 01, 2007 at 02:55:28PM -0300, Federico Heinz wrote: Cc: and Bcc: must be URI-decoded as well. This patch does the job better (and does a bit of refactoring while we're at it). You cannot pretend claws-mail (or any other program) to know how to decode arbitrary encoded data from all its potential callers. The data should reach command line already decoded by the browser calling claws-mail. If not that's a bug in the browser, not in claws-mail. Which browser are you using? regards, -- Ricardo Mones ~ RTFM - Read The Manual (The 'F' is silent). Usually a very good idea. Bjarne Stroustrup signature.asc Description: Digital signature
Bug#448814: Actually, it's not just the To: field
Cc: and Bcc: must be URI-decoded as well. This patch does the job better (and does a bit of refactoring while we're at it). Fede --- claws-mail-3.0.2-orig/src/common/utils.c2007-11-01 03:27:01.0 -0300 +++ claws-mail-3.0.2/src/common/utils.c 2007-11-01 14:49:51.0 -0300 @@ -1662,6 +1662,13 @@ decode_uri_with_plus(decoded_uri, encoded_uri, TRUE); } +gchar *decode_uri_gdup(const gchar *encoded_uri) +{ +gchar *buffer = g_malloc(strlen(encoded_uri)+1); +decode_uri(buffer, encoded_uri); +return buffer; +} + gint scan_mailto_url(const gchar *mailto, gchar **to, gchar **cc, gchar **bcc, gchar **subject, gchar **body, gchar **attach) { @@ -1684,7 +1691,7 @@ } if (to !*to) - *to = g_strdup(tmp_mailto); + *to = decode_uri_gdup(tmp_mailto); while (p) { gchar *field, *value; @@ -1707,20 +1714,17 @@ if (*value == '\0') continue; if (cc !*cc !g_ascii_strcasecmp(field, cc)) { - *cc = g_strdup(value); + *cc = decode_uri_gdup(value); } else if (bcc !*bcc !g_ascii_strcasecmp(field, bcc)) { - *bcc = g_strdup(value); + *bcc = decode_uri_gdup(value); } else if (subject !*subject !g_ascii_strcasecmp(field, subject)) { - *subject = g_malloc(strlen(value) + 1); - decode_uri(*subject, value); + *subject = decode_uri_gdup(value); } else if (body !*body !g_ascii_strcasecmp(field, body)) { - *body = g_malloc(strlen(value) + 1); - decode_uri(*body, value); + *body = decode_uri_gdup(value); } else if (attach !*attach !g_ascii_strcasecmp(field, attach)) { int i = 0; - *attach = g_malloc(strlen(value) + 1); - decode_uri(*attach, value); + *attach = decode_uri_gdup(value); for (; forbidden_uris[i]; i++) { if (strstr(*attach, forbidden_uris[i])) { g_print(Refusing to attach '%s', potential private data leak\n, signature.asc Description: PGP signature