From 92f27ed0be327ab6acb61aeedf7a77702cc6c25f Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Tue, 14 Mar 2017 21:23:39 +0000 Subject: view: escape HTML description name Otherwise funky filenames can cause HTML injection vulnerabilities (hope you have JavaScript disabled!) --- lib/PublicInbox/View.pm | 1 + t/view.t | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/PublicInbox/View.pm b/lib/PublicInbox/View.pm index 0b1ec75b..9ef4712f 100644 --- a/lib/PublicInbox/View.pm +++ b/lib/PublicInbox/View.pm @@ -438,6 +438,7 @@ sub attach_link ($$$$;$) { } $ret .= "[-- Attachment #$idx: "; my $ts = "Type: $ct, Size: $size bytes"; + $desc = ascii_html($desc); $ret .= ($desc eq '') ? "$ts --]" : "$desc --]\n[-- $ts --]"; $ret .= "\n"; } diff --git a/t/view.t b/t/view.t index 46fbe410..2181b5ef 100644 --- a/t/view.t +++ b/t/view.t @@ -124,7 +124,7 @@ EOF Email::MIME->create( attributes => { content_type => 'text/plain', - filename => "foo.patch", + filename => "foo&.patch", }, body => "--- a/file\n+++ b/file\n" . "@@ -49, 7 +49,34 @@\n", @@ -140,7 +140,7 @@ EOF ); my $html = msg_html($mime); - like($html, qr!.*Attachment #2: foo\.patch --!, + like($html, qr!.*Attachment #2: foo&(?:amp|#38);\.patch --!, "parts split with filename"); } -- cgit v1.2.3-24-ge0c7 From b7ad68f80356124f08e93ead6a575375f726291f Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Wed, 22 Mar 2017 02:14:19 +0000 Subject: extmsg: use updated mail-archive.com URL Apparently mid.mail-archive.com does not support HTTPS, and the HTTP version redirects to the search query, anyways. --- lib/PublicInbox/ExtMsg.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/PublicInbox/ExtMsg.pm b/lib/PublicInbox/ExtMsg.pm index 67ce0407..6cfc6c32 100644 --- a/lib/PublicInbox/ExtMsg.pm +++ b/lib/PublicInbox/ExtMsg.pm @@ -16,7 +16,7 @@ use PublicInbox::WwwStream; our @EXT_URL = ( # leading "//" denotes protocol-relative (http:// or https://) '//marc.info/?i=%s', - '//mid.mail-archive.com/%s', + '//www.mail-archive.com/search?l=mid&q=%s', 'http://mid.gmane.org/%s', 'https://lists.debian.org/msgid-search/%s', '//docs.FreeBSD.org/cgi/mid.cgi?db=mid&id=%s', -- cgit v1.2.3-24-ge0c7 From b24abb7762a600a3cba45ccd9bcb5ec8d97dd37d Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Fri, 24 Mar 2017 00:15:08 +0000 Subject: searchview: add "t" id to link to thread overview At least for the thread view (&x=t); this will make it easy to link to the overview. --- lib/PublicInbox/SearchView.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/PublicInbox/SearchView.pm b/lib/PublicInbox/SearchView.pm index f1c4b6a0..b867d002 100644 --- a/lib/PublicInbox/SearchView.pm +++ b/lib/PublicInbox/SearchView.pm @@ -145,7 +145,7 @@ sub search_nav_bot { my $o = $q->{o}; my $end = $o + $nr; my $beg = $o + 1; - my $rv = '
';
+	my $rv = '
';
 	if ($beg <= $end) {
 		$rv .= "Results $beg-$end of $total";
 		$rv .= ' (estimated)' if $end != $total;
-- 
cgit v1.2.3-24-ge0c7


From 4ba430497bfb4763691b0ad8af573eb6ff420b96 Mon Sep 17 00:00:00 2001
From: Eric Wong 
Date: Fri, 24 Mar 2017 01:41:11 +0000
Subject: searchview: show full (&x=t) messages in ascending chronlogical order

When displaying search results with full messages, it makes
more sense to show them in ascending chronological order when
going by date.  Reverse chronological order makes more sense
for search results which only show the subject.
---
 lib/PublicInbox/SearchView.pm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/PublicInbox/SearchView.pm b/lib/PublicInbox/SearchView.pm
index b867d002..cec87c6a 100644
--- a/lib/PublicInbox/SearchView.pm
+++ b/lib/PublicInbox/SearchView.pm
@@ -185,9 +185,9 @@ sub mset_thread {
 		$pct{$smsg->mid} = $i->get_percent;
 		$smsg;
 	} ($mset->items) ]});
-
+	my $r = $q->{r};
 	my $rootset = PublicInbox::SearchThread::thread($msgs,
-		$q->{r} ? sort_relevance(\%pct) : *PublicInbox::View::sort_ts);
+		$r ? sort_relevance(\%pct) : *PublicInbox::View::sort_ts);
 	my $skel = search_nav_bot($mset, $q). "
";
 	my $inbox = $ctx->{-inbox};
 	$ctx->{-upfx} = '';
@@ -203,11 +203,11 @@ sub mset_thread {
 
 	PublicInbox::View::walk_thread($rootset, $ctx,
 		*PublicInbox::View::pre_thread);
-
+	@$msgs = reverse @$msgs if $r;
 	my $mime;
 	sub {
 		return unless $msgs;
-		while ($mime = shift @$msgs) {
+		while ($mime = pop @$msgs) {
 			$mime = $inbox->msg_by_smsg($mime) and last;
 		}
 		if ($mime) {
-- 
cgit v1.2.3-24-ge0c7


From 5d39caaf83799ba3a94b73463a3597c181816425 Mon Sep 17 00:00:00 2001
From: Eric Wong 
Date: Tue, 4 Apr 2017 18:25:47 +0000
Subject: watchmaildir: do not reject lowercase flags on Maildir files

Dovecot uses 'a'..'z' (lowercase) to designate keywords
in Maildir flags.  This was preventing certain messages
from being marked as spam.

https://wiki2.dovecot.org/MailboxFormat/Maildir
---
 lib/PublicInbox/WatchMaildir.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/PublicInbox/WatchMaildir.pm b/lib/PublicInbox/WatchMaildir.pm
index 1823c248..985f9192 100644
--- a/lib/PublicInbox/WatchMaildir.pm
+++ b/lib/PublicInbox/WatchMaildir.pm
@@ -97,7 +97,8 @@ sub _try_fsn_paths {
 
 sub _remove_spam {
 	my ($self, $path) = @_;
-	$path =~ /:2,[A-R]*S[T-Z]*\z/i or return;
+	# path must be marked as (S)een
+	$path =~ /:2,[A-R]*S[T-Za-z]*\z/ or return;
 	my $mime = _path_to_mime($path) or return;
 	_force_mid($mime);
 	$self->{config}->each_inbox(sub {
-- 
cgit v1.2.3-24-ge0c7


From 64cc1122d94f87badb4994518eda070d6362991e Mon Sep 17 00:00:00 2001
From: Eric Wong 
Date: Wed, 5 Apr 2017 01:41:28 +0000
Subject: learn: scan all inboxes when learning spam

This matches the behavior of the -watch daemon since
6d534038285ddd760709ba76ea007f9108200097
("watch: watchspam affects all configured inboxes")
---
 script/public-inbox-learn | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/script/public-inbox-learn b/script/public-inbox-learn
index 38c83243..71aa50f9 100755
--- a/script/public-inbox-learn
+++ b/script/public-inbox-learn
@@ -51,6 +51,18 @@ foreach my $h (qw(Cc To)) {
 	}
 }
 
+if ($train eq 'spam') {
+	$pi_config->each_inbox(sub {
+		my ($ibx) = @_;
+		my $git = $ibx->git;
+		my $name = $ibx->{name};
+		my $addr = $ibx->{-primary_address};
+		my $im = PublicInbox::Import->new($git, $name, $addr, $ibx);
+		$im->remove($mime);
+		$im->done;
+	});
+}
+
 require PublicInbox::MDA if $train eq "ham";
 
 # n.b. message may be cross-posted to multiple public-inboxes
-- 
cgit v1.2.3-24-ge0c7


From de243560e2caa1d19bcbf518edfaf8b016161245 Mon Sep 17 00:00:00 2001
From: Eric Wong 
Date: Tue, 11 Apr 2017 23:39:54 +0000
Subject: search: fix help message for searching within quotes

I'm not sure if people use either and it's not in mairix
(where we base our abbreviations off of).  Lets go
with the shorter prefix since it's easier-to-type.
---
 lib/PublicInbox/Search.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/PublicInbox/Search.pm b/lib/PublicInbox/Search.pm
index 8c72fa17..bc2b6985 100644
--- a/lib/PublicInbox/Search.pm
+++ b/lib/PublicInbox/Search.pm
@@ -91,7 +91,7 @@ are also supported
 EOF
 	'b:' => 'match within message body, including text attachments',
 	'nq:' => 'match non-quoted text within message body',
-	'quot:' => 'match quoted text within message body',
+	'q:' => 'match quoted text within message body',
 	'n:' => 'match filename of attachment(s)',
 	't:' => 'match within the To header',
 	'c:' => 'match within the Cc header',
-- 
cgit v1.2.3-24-ge0c7