From 09f1e000734bc431ec7b63e18959bf6f34f9c179 Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Tue, 23 May 2017 21:53:57 +0000
Subject: www: do not mangle characters from search queries
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
  https://public-inbox.org/meta/CACBZZX5Gnow08r=0A1J_kt3a=zpGyMfvsqu8nAN7kacNnDm+dg@mail.gmail.com/
---
 lib/PublicInbox/MID.pm        | 2 +-
 lib/PublicInbox/SearchView.pm | 9 ++++++---
 lib/PublicInbox/WWW.pm        | 1 +
 3 files changed, 8 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/PublicInbox/MID.pm b/lib/PublicInbox/MID.pm
index 1c2d75cc..2613c8eb 100644
--- a/lib/PublicInbox/MID.pm
+++ b/lib/PublicInbox/MID.pm
@@ -6,7 +6,7 @@ package PublicInbox::MID;
 use strict;
 use warnings;
 use base qw/Exporter/;
-our @EXPORT_OK = qw/mid_clean id_compress mid2path mid_mime mid_escape/;
+our @EXPORT_OK = qw/mid_clean id_compress mid2path mid_mime mid_escape MID_ESC/;
 use URI::Escape qw(uri_escape_utf8);
 use Digest::SHA qw/sha1_hex/;
 use constant MID_MAX => 40; # SHA-1 hex length
diff --git a/lib/PublicInbox/SearchView.pm b/lib/PublicInbox/SearchView.pm
index cec87c6a..42bc6482 100644
--- a/lib/PublicInbox/SearchView.pm
+++ b/lib/PublicInbox/SearchView.pm
@@ -222,7 +222,9 @@ sub mset_thread {
 
 sub ctx_prepare {
 	my ($q, $ctx) = @_;
-	my $qh = ascii_html($q->{'q'});
+	my $qh = $q->{'q'};
+	utf8::decode($qh);
+	$qh = ascii_html($qh);
 	$ctx->{-q_value_html} = $qh;
 	$ctx->{-atom} = '?'.$q->qs_html(x => 'A', r => undef);
 	$ctx->{-title_html} = "$qh - search results";
@@ -254,8 +256,9 @@ sub adump {
 package PublicInbox::SearchQuery;
 use strict;
 use warnings;
+use URI::Escape qw(uri_escape);
 use PublicInbox::Hval;
-use PublicInbox::MID qw(mid_escape);
+use PublicInbox::MID qw(MID_ESC);
 
 sub new {
 	my ($class, $qp) = @_;
@@ -280,7 +283,7 @@ sub qs_html {
 		$self = $tmp;
 	}
 
-	my $q = mid_escape($self->{'q'});
+	my $q = uri_escape($self->{'q'}, MID_ESC);
 	$q =~ s/%20/+/g; # improve URL readability
 	my $qs = "q=$q";
 
diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm
index 13b3921d..f3c702e9 100644
--- a/lib/PublicInbox/WWW.pm
+++ b/lib/PublicInbox/WWW.pm
@@ -42,6 +42,7 @@ sub call {
 
 	# we don't care about multi-value
 	my %qp = map {
+		utf8::decode($_);
 		my ($k, $v) = split('=', uri_unescape($_), 2);
 		$v = '' unless defined $v;
 		$v =~ tr/+/ /;
-- 
cgit v1.2.3-24-ge0c7