aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon Ser <contact@emersion.fr>2019-12-03 17:31:53 +0100
committerSimon Ser <contact@emersion.fr>2019-12-03 17:31:53 +0100
commita4729060bedd45481726861c491d5061e90ffefa (patch)
treed9ee85915912c2186162e5ae737f89d3a5751549
parent48d6d5d227a4d55d80f9f2a74c1242cafafab7ab (diff)
downloadalps-a4729060bedd45481726861c491d5061e90ffefa.tar.gz
alps-a4729060bedd45481726861c491d5061e90ffefa.zip
Escape mailbox names in URLs
Closes: https://todo.sr.ht/~sircmpwn/koushin/14
-rw-r--r--public/mailbox.html4
-rw-r--r--public/message.html2
-rw-r--r--server.go12
-rw-r--r--template.go4
4 files changed, 17 insertions, 5 deletions
diff --git a/public/mailbox.html b/public/mailbox.html
index 303bdb4..d8c7209 100644
--- a/public/mailbox.html
+++ b/public/mailbox.html
@@ -11,14 +11,14 @@
<p>Mailboxes:</p>
<ul>
{{range .Mailboxes}}
- <li><a href="/mailbox/{{.Name}}">{{.Name}}</a></li>
+ <li><a href="/mailbox/{{.Name | pathescape}}">{{.Name}}</a></li>
{{end}}
</ul>
<p>Messages:</p>
<ul>
{{range .Messages}}
- <li><a href="/message/{{$.Mailbox.Name}}/{{.Uid}}?part={{.TextPartName}}">
+ <li><a href="/message/{{$.Mailbox.Name | pathescape}}/{{.Uid}}?part={{.TextPartName}}">
{{.Envelope.Subject}}
</a></li>
{{end}}
diff --git a/public/message.html b/public/message.html
index cb9518b..fc97bf4 100644
--- a/public/message.html
+++ b/public/message.html
@@ -3,7 +3,7 @@
<h1>koushin</h1>
<p>
- <a href="/mailbox/{{.Mailbox.Name}}">Back</a>
+ <a href="/mailbox/{{.Mailbox.Name | pathescape}}">Back</a>
</p>
<h2>{{.Message.Envelope.Subject}}</h2>
diff --git a/server.go b/server.go
index 6dd7246..3f521e7 100644
--- a/server.go
+++ b/server.go
@@ -142,7 +142,10 @@ func handleLogin(ectx echo.Context) error {
}
func handleGetPart(ctx *context, raw bool) error {
- mboxName := ctx.Param("mbox")
+ mboxName, err := url.PathUnescape(ctx.Param("mbox"))
+ if err != nil {
+ return echo.NewHTTPError(http.StatusBadRequest, err)
+ }
uid, err := parseUid(ctx.Param("uid"))
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, err)
@@ -312,6 +315,11 @@ func New(imapURL, smtpURL string) *echo.Echo {
e.GET("/mailbox/:mbox", func(ectx echo.Context) error {
ctx := ectx.(*context)
+ mboxName, err := url.PathUnescape(ctx.Param("mbox"))
+ if err != nil {
+ return echo.NewHTTPError(http.StatusBadRequest, err)
+ }
+
var mailboxes []*imap.MailboxInfo
var msgs []imapMessage
var mbox *imap.MailboxStatus
@@ -320,7 +328,7 @@ func New(imapURL, smtpURL string) *echo.Echo {
if mailboxes, err = listMailboxes(c); err != nil {
return err
}
- if msgs, err = listMessages(c, ctx.Param("mbox")); err != nil {
+ if msgs, err = listMessages(c, mboxName); err != nil {
return err
}
mbox = c.Mailbox()
diff --git a/template.go b/template.go
index 5d0d28b..2581da0 100644
--- a/template.go
+++ b/template.go
@@ -3,6 +3,7 @@ package koushin
import (
"html/template"
"io"
+ "net/url"
"github.com/labstack/echo/v4"
)
@@ -20,6 +21,9 @@ func loadTemplates() (*tmpl, error) {
"tuple": func(values ...interface{}) []interface{} {
return values
},
+ "pathescape": func(s string) string {
+ return url.PathEscape(s)
+ },
}).ParseGlob("public/*.html")
return &tmpl{t}, err
}