about summary refs log tree commit homepage
path: root/lib/PublicInbox/Hval.pm
diff options
context:
space:
mode:
authorEric Wong <e@80x24.org>2019-06-04 02:04:28 +0000
committerEric Wong <e@80x24.org>2019-06-04 10:06:18 +0000
commitc5621af43e9c7cb1ff0565aa61a1d8fced55a23b (patch)
tree33bfcd44d136a3bd15869ce16229581574a8e6d9 /lib/PublicInbox/Hval.pm
parentf8c8ca04d47620d390092000ca09aab071442fac (diff)
downloadpublic-inbox-c5621af43e9c7cb1ff0565aa61a1d8fced55a23b.tar.gz
We don't want to emit funky URLs which can be lost in
translation or cause problems with non-Unicode-aware
clients.

Then, don't accept non-ASCII filenames in URLs, since
a manually-generated URL/filename in attachment downloads
could be used for Unicode homographs to confuse folks who
down the attachment.
Diffstat (limited to 'lib/PublicInbox/Hval.pm')
-rw-r--r--lib/PublicInbox/Hval.pm3
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/PublicInbox/Hval.pm b/lib/PublicInbox/Hval.pm
index 95a0f709..2b443970 100644
--- a/lib/PublicInbox/Hval.pm
+++ b/lib/PublicInbox/Hval.pm
@@ -13,6 +13,9 @@ our @EXPORT_OK = qw/ascii_html obfuscate_addrs to_filename src_escape
                 to_attr from_attr/;
 my $enc_ascii = find_encoding('us-ascii');
 
+# safe-ish acceptable filename pattern for portability
+our $FN = '[a-zA-Z0-9][a-zA-Z0-9_\-\.]+[a-zA-Z0-9]'; # needs \z anchor
+
 sub new {
         my ($class, $raw, $href) = @_;