about summary refs log tree commit homepage
diff options
context:
space:
mode:
authorEric Wong <e@80x24.org>2017-05-23 21:53:57 +0000
committerEric Wong <e@80x24.org>2017-05-23 21:54:56 +0000
commit09f1e000734bc431ec7b63e18959bf6f34f9c179 (patch)
tree21ba1d453af630a38726d0984d58b996d07e7ad0
parent28157508169779746519f77e84d1f1f9aff5f022 (diff)
downloadpublic-inbox-09f1e000734bc431ec7b63e18959bf6f34f9c179.tar.gz
Reported-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
  https://public-inbox.org/meta/CACBZZX5Gnow08r=0A1J_kt3a=zpGyMfvsqu8nAN7kacNnDm+dg@mail.gmail.com/
-rw-r--r--MANIFEST1
-rw-r--r--lib/PublicInbox/MID.pm2
-rw-r--r--lib/PublicInbox/SearchView.pm9
-rw-r--r--lib/PublicInbox/WWW.pm1
-rw-r--r--t/psgi_search.t71
5 files changed, 80 insertions, 4 deletions
diff --git a/MANIFEST b/MANIFEST
index d1e09529..3bfd9a40 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -155,6 +155,7 @@ t/plack.t
 t/precheck.t
 t/psgi_attach.t
 t/psgi_mount.t
+t/psgi_search.t
 t/psgi_text.t
 t/qspawn.t
 t/search-thr-index.t
diff --git a/lib/PublicInbox/MID.pm b/lib/PublicInbox/MID.pm
index 1c2d75cc..2613c8eb 100644
--- a/lib/PublicInbox/MID.pm
+++ b/lib/PublicInbox/MID.pm
@@ -6,7 +6,7 @@ package PublicInbox::MID;
 use strict;
 use warnings;
 use base qw/Exporter/;
-our @EXPORT_OK = qw/mid_clean id_compress mid2path mid_mime mid_escape/;
+our @EXPORT_OK = qw/mid_clean id_compress mid2path mid_mime mid_escape MID_ESC/;
 use URI::Escape qw(uri_escape_utf8);
 use Digest::SHA qw/sha1_hex/;
 use constant MID_MAX => 40; # SHA-1 hex length
diff --git a/lib/PublicInbox/SearchView.pm b/lib/PublicInbox/SearchView.pm
index cec87c6a..42bc6482 100644
--- a/lib/PublicInbox/SearchView.pm
+++ b/lib/PublicInbox/SearchView.pm
@@ -222,7 +222,9 @@ sub mset_thread {
 
 sub ctx_prepare {
         my ($q, $ctx) = @_;
-        my $qh = ascii_html($q->{'q'});
+        my $qh = $q->{'q'};
+        utf8::decode($qh);
+        $qh = ascii_html($qh);
         $ctx->{-q_value_html} = $qh;
         $ctx->{-atom} = '?'.$q->qs_html(x => 'A', r => undef);
         $ctx->{-title_html} = "$qh - search results";
@@ -254,8 +256,9 @@ sub adump {
 package PublicInbox::SearchQuery;
 use strict;
 use warnings;
+use URI::Escape qw(uri_escape);
 use PublicInbox::Hval;
-use PublicInbox::MID qw(mid_escape);
+use PublicInbox::MID qw(MID_ESC);
 
 sub new {
         my ($class, $qp) = @_;
@@ -280,7 +283,7 @@ sub qs_html {
                 $self = $tmp;
         }
 
-        my $q = mid_escape($self->{'q'});
+        my $q = uri_escape($self->{'q'}, MID_ESC);
         $q =~ s/%20/+/g; # improve URL readability
         my $qs = "q=$q";
 
diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm
index 13b3921d..f3c702e9 100644
--- a/lib/PublicInbox/WWW.pm
+++ b/lib/PublicInbox/WWW.pm
@@ -42,6 +42,7 @@ sub call {
 
         # we don't care about multi-value
         my %qp = map {
+                utf8::decode($_);
                 my ($k, $v) = split('=', uri_unescape($_), 2);
                 $v = '' unless defined $v;
                 $v =~ tr/+/ /;
diff --git a/t/psgi_search.t b/t/psgi_search.t
new file mode 100644
index 00000000..cc9c9cf4
--- /dev/null
+++ b/t/psgi_search.t
@@ -0,0 +1,71 @@
+# Copyright (C) 2017 all contributors <meta@public-inbox.org>
+# License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
+use strict;
+use warnings;
+use Test::More;
+use File::Temp qw/tempdir/;
+use Email::MIME;
+use PublicInbox::Config;
+use PublicInbox::WWW;
+my @mods = qw(PublicInbox::SearchIdx HTTP::Request::Common Plack::Test
+                URI::Escape Plack::Builder);
+foreach my $mod (@mods) {
+        eval "require $mod";
+        plan skip_all => "$mod missing for psgi_search.t" if $@;
+}
+use_ok $_ foreach @mods;
+my $tmpdir = tempdir('pi-psgi-search.XXXXXX', TMPDIR => 1, CLEANUP => 1);
+my $git_dir = "$tmpdir/a.git";
+
+is(0, system(qw(git init -q --bare), $git_dir), "git init (main)");
+my $rw = PublicInbox::SearchIdx->new($git_dir, 1);
+ok($rw, "search indexer created");
+my $data = <<'EOF';
+Subject: test
+Message-Id: <utf8@example>
+From: Ævar Arnfjörð Bjarmason <avarab@example>
+To: git@vger.kernel.org
+
+EOF
+
+my $num = 0;
+# nb. using internal API, fragile!
+my $xdb = $rw->_xdb_acquire;
+$xdb->begin_transaction;
+
+foreach (reverse split(/\n\n/, $data)) {
+        $_ .= "\n";
+        my $mime = Email::MIME->new(\$_);
+        my $bytes = bytes::length($mime->as_string);
+        my $doc_id = $rw->add_message($mime, $bytes, ++$num, 'ignored');
+        my $mid = $mime->header('Message-Id');
+        ok($doc_id, 'message added: '. $mid);
+}
+
+$xdb->commit_transaction;
+$rw = undef;
+
+my $cfgpfx = "publicinbox.test";
+my $config = PublicInbox::Config->new({
+        "$cfgpfx.address" => 'git@vger.kernel.org',
+        "$cfgpfx.mainrepo" => $git_dir,
+});
+my $www = PublicInbox::WWW->new($config);
+test_psgi(sub { $www->call(@_) }, sub {
+        my ($cb) = @_;
+        my $res;
+        $res = $cb->(GET('/test/?q=%C3%86var'));
+        my $html = $res->content;
+        like($html, qr/<title>&#198;var - /, 'HTML escaped in title');
+        my @res = ($html =~ m/\?q=(.+var)\b/g);
+        ok(scalar(@res), 'saw query strings');
+        my %uniq = map { $_ => 1 } @res;
+        is(1, scalar keys %uniq, 'all query values identical in HTML');
+        is('%C3%86var', (keys %uniq)[0], 'matches original query');
+        ok(index($html, 'by &#198;var Arnfj&#246;r&#240; Bjarmason') >= 0,
+                "displayed Ævar's name properly in HTML");
+});
+
+done_testing();
+
+1;