X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=lib%2FPublicInbox%2FLinkify.pm;h=77b94f56af4fc104789ed76ce58483afbd98fd38;hb=f09b01e0e89dbdf0f0bd6bfae2f8545fa17657d2;hp=d4778e7de371ecc5c3059363bb0d0ec1cc334686;hpb=e55bef366b87ecbcb66c93669f41876afc1d2446;p=public-inbox.git diff --git a/lib/PublicInbox/Linkify.pm b/lib/PublicInbox/Linkify.pm index d4778e7d..77b94f56 100644 --- a/lib/PublicInbox/Linkify.pm +++ b/lib/PublicInbox/Linkify.pm @@ -1,4 +1,4 @@ -# Copyright (C) 2014-2018 all contributors +# Copyright (C) 2014-2019 all contributors # License: AGPL-3.0+ # two-step linkification. @@ -13,6 +13,7 @@ package PublicInbox::Linkify; use strict; use warnings; use Digest::SHA qw/sha1_hex/; +use PublicInbox::Hval qw(ascii_html); my $SALT = rand; my $LINK_RE = qr{([\('!])?\b((?:ftps?|https?|nntps?|gopher):// @@ -61,15 +62,15 @@ sub linkify_1 { $end = ')'; } + $url = ascii_html($url); # for IDN + # salt this, as this could be exploited to show # links in the HTML which don't show up in the raw mail. my $key = sha1_hex($url . $SALT); - # only escape ampersands, others do not match LINK_RE - $url =~ s/&/&/g; $_[0]->{$key} = $url; $beg . 'PI-LINK-'. $key . $end; - ^ge; + ^geo; $_[1]; } @@ -88,4 +89,35 @@ sub linkify_2 { $_[1]; } +# single pass linkification of within $str +# with $pfx being the URL prefix +sub linkify_mids { + my ($self, $pfx, $str, $raw) = @_; + $$str =~ s!<([^>]+)>! + my $msgid = PublicInbox::Hval->new_msgid($1); + my $html = $msgid->as_html; + my $href = $msgid->{href}; + $href = ascii_html($href); # for IDN + + # salt this, as this could be exploited to show + # links in the HTML which don't show up in the raw mail. + my $key = sha1_hex($html . $SALT); + my $repl = qq(<$html>); + $repl .= qq{ (raw)} if $raw; + $self->{$key} = $repl; + 'PI-LINK-'. $key; + !ge; + $$str = ascii_html($$str); + $$str =~ s!\bPI-LINK-([a-f0-9]{40})\b! + my $key = $1; + my $repl = $_[0]->{$key}; + if (defined $repl) { + $repl; + } else { + # false positive or somebody tried to mess with us + $key; + } + !ge; +} + 1;