X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=lib%2FPublicInbox%2FLinkify.pm;h=77b94f56af4fc104789ed76ce58483afbd98fd38;hb=f09b01e0e89dbdf0f0bd6bfae2f8545fa17657d2;hp=d4778e7de371ecc5c3059363bb0d0ec1cc334686;hpb=e55bef366b87ecbcb66c93669f41876afc1d2446;p=public-inbox.git
diff --git a/lib/PublicInbox/Linkify.pm b/lib/PublicInbox/Linkify.pm
index d4778e7d..77b94f56 100644
--- a/lib/PublicInbox/Linkify.pm
+++ b/lib/PublicInbox/Linkify.pm
@@ -1,4 +1,4 @@
-# Copyright (C) 2014-2018 all contributors
+# Copyright (C) 2014-2019 all contributors
# License: AGPL-3.0+
# two-step linkification.
@@ -13,6 +13,7 @@ package PublicInbox::Linkify;
use strict;
use warnings;
use Digest::SHA qw/sha1_hex/;
+use PublicInbox::Hval qw(ascii_html);
my $SALT = rand;
my $LINK_RE = qr{([\('!])?\b((?:ftps?|https?|nntps?|gopher)://
@@ -61,15 +62,15 @@ sub linkify_1 {
$end = ')';
}
+ $url = ascii_html($url); # for IDN
+
# salt this, as this could be exploited to show
# links in the HTML which don't show up in the raw mail.
my $key = sha1_hex($url . $SALT);
- # only escape ampersands, others do not match LINK_RE
- $url =~ s/&/&/g;
$_[0]->{$key} = $url;
$beg . 'PI-LINK-'. $key . $end;
- ^ge;
+ ^geo;
$_[1];
}
@@ -88,4 +89,35 @@ sub linkify_2 {
$_[1];
}
+# single pass linkification of within $str
+# with $pfx being the URL prefix
+sub linkify_mids {
+ my ($self, $pfx, $str, $raw) = @_;
+ $$str =~ s!<([^>]+)>!
+ my $msgid = PublicInbox::Hval->new_msgid($1);
+ my $html = $msgid->as_html;
+ my $href = $msgid->{href};
+ $href = ascii_html($href); # for IDN
+
+ # salt this, as this could be exploited to show
+ # links in the HTML which don't show up in the raw mail.
+ my $key = sha1_hex($html . $SALT);
+ my $repl = qq(<$html>);
+ $repl .= qq{ (raw)} if $raw;
+ $self->{$key} = $repl;
+ 'PI-LINK-'. $key;
+ !ge;
+ $$str = ascii_html($$str);
+ $$str =~ s!\bPI-LINK-([a-f0-9]{40})\b!
+ my $key = $1;
+ my $repl = $_[0]->{$key};
+ if (defined $repl) {
+ $repl;
+ } else {
+ # false positive or somebody tried to mess with us
+ $key;
+ }
+ !ge;
+}
+
1;