cgi: ensure we unescape MIDs correctly in URLs

MIDs may have strange characters in them, so we need to handle
escaping/unescaping properly to avoid broken links or worse.

diff --git a/public-inbox.cgi b/public-inbox.cgi
index 313a4f22e66eae0923191ef9e654e296c79075e5..1765cf4549bc51b334ee5061e2176df0a3038040 100755 (executable)
--- a/public-inbox.cgi
+++ b/public-inbox.cgi
@@ -15,6 +15,7 @@ use warnings;
 use CGI qw(:cgi :escapeHTML -nosticky); # PSGI/FastCGI/mod_perl compat
 use Encode qw(decode_utf8);
 use PublicInbox::Config;
+use URI::Escape qw(uri_unescape);
 use Digest::SHA qw(sha1_hex);
 our $LISTNAME_RE = qr!\A(?:/.*?)?/([\w\.\-]+)!;
 our $pi_config;
@@ -102,7 +103,7 @@ sub invalid_list {
 sub invalid_list_mid {
        my ($ctx, $listname, $mid) = @_;
        my $ret = invalid_list($ctx, $listname, $mid) and return $ret;
-       $ctx->{mid} = $mid;
+       $ctx->{mid} = uri_unescape($mid);
        undef;
 }
 

diff --git a/t/cgi.t b/t/cgi.t
index 39242bce12ea95d110c6cfcdb8132462e0603b19..3ae879812fa0ca99de383f5cc099fe2d8a78716f 100644 (file)
--- a/t/cgi.t
+++ b/t/cgi.t
@@ -39,9 +39,9 @@ my $cfgpfx = "publicinbox.test";
        }
 }
 
+my $failbox = "$home/fail.mbox";
+local $ENV{PI_FAILBOX} = $failbox;
 {
-       my $failbox = "$home/fail.mbox";
-       local $ENV{PI_FAILBOX} = $failbox;
        local $ENV{HOME} = $home;
        local $ENV{RECIPIENT} = $addr;
 
@@ -126,9 +126,35 @@ EOF
        # more checks in t/feed.t
 }
 
+# message-id pages
 {
        local $ENV{HOME} = $home;
-       my $res = cgi_run("/test/m/blahblah\@example.com.txt");
+       my $slashy_mid = 'slashy/asdf@example.com';
+       my $reply = Email::Simple->new(<<EOF);
+From: You <you\@example.com>
+To: Me <me\@example.com>
+Cc: $addr
+In-Reply-To: <blah\@example.com>
+Message-Id: <$slashy_mid>
+Subject: Re: hihi
+Date: Thu, 01 Jan 1970 00:00:01 +0000
+
+slashy
+EOF
+       my $in = $reply->as_string;
+
+       {
+               local $ENV{HOME} = $home;
+               local $ENV{RECIPIENT} = $addr;
+               run_with_env({PATH => $main_path}, [$mda], \$in);
+       }
+       local $ENV{GIT_DIR} = $maindir;
+
+       my $res = cgi_run("/test/m/slashy%2fasdf%40example.com.txt");
+       like($res->{body}, qr/Message-Id: <\Q$slashy_mid\E>/,
+               "slashy mid.txt hit");
+
+       $res = cgi_run("/test/m/blahblah\@example.com.txt");
        like($res->{body}, qr/Message-Id: <blahblah\@example\.com>/,
                "mid.txt hit");
 
@@ -151,6 +177,13 @@ EOF
        like($res->{head}, qr/Status: 404 Not Found/, "mid.html miss");
 }
 
+{
+       local $ENV{HOME} = $home;
+       my $res = cgi_run("/test/");
+       like($res->{body}, qr/slashy%2Fasdf%40example\.com/,
+               "slashy URL generated correctly");
+}
+
 done_testing();
 
 sub run_with_env {