diff options
| -rw-r--r-- | public/mailbox.html | 4 | ||||
| -rw-r--r-- | public/message.html | 2 | ||||
| -rw-r--r-- | server.go | 12 | ||||
| -rw-r--r-- | template.go | 4 |
4 files changed, 17 insertions, 5 deletions
diff --git a/public/mailbox.html b/public/mailbox.html index 303bdb4..d8c7209 100644 --- a/public/mailbox.html +++ b/public/mailbox.html @@ -11,14 +11,14 @@ <p>Mailboxes:</p> <ul> {{range .Mailboxes}} - <li><a href="/mailbox/{{.Name}}">{{.Name}}</a></li> + <li><a href="/mailbox/{{.Name | pathescape}}">{{.Name}}</a></li> {{end}} </ul> <p>Messages:</p> <ul> {{range .Messages}} - <li><a href="/message/{{$.Mailbox.Name}}/{{.Uid}}?part={{.TextPartName}}"> + <li><a href="/message/{{$.Mailbox.Name | pathescape}}/{{.Uid}}?part={{.TextPartName}}"> {{.Envelope.Subject}} </a></li> {{end}} diff --git a/public/message.html b/public/message.html index cb9518b..fc97bf4 100644 --- a/public/message.html +++ b/public/message.html @@ -3,7 +3,7 @@ <h1>koushin</h1> <p> - <a href="/mailbox/{{.Mailbox.Name}}">Back</a> + <a href="/mailbox/{{.Mailbox.Name | pathescape}}">Back</a> </p> <h2>{{.Message.Envelope.Subject}}</h2> @@ -142,7 +142,10 @@ func handleLogin(ectx echo.Context) error { } func handleGetPart(ctx *context, raw bool) error { - mboxName := ctx.Param("mbox") + mboxName, err := url.PathUnescape(ctx.Param("mbox")) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, err) + } uid, err := parseUid(ctx.Param("uid")) if err != nil { return echo.NewHTTPError(http.StatusBadRequest, err) @@ -312,6 +315,11 @@ func New(imapURL, smtpURL string) *echo.Echo { e.GET("/mailbox/:mbox", func(ectx echo.Context) error { ctx := ectx.(*context) + mboxName, err := url.PathUnescape(ctx.Param("mbox")) + if err != nil { + return echo.NewHTTPError(http.StatusBadRequest, err) + } + var mailboxes []*imap.MailboxInfo var msgs []imapMessage var mbox *imap.MailboxStatus @@ -320,7 +328,7 @@ func New(imapURL, smtpURL string) *echo.Echo { if mailboxes, err = listMailboxes(c); err != nil { return err } - if msgs, err = listMessages(c, ctx.Param("mbox")); err != nil { + if msgs, err = listMessages(c, mboxName); err != nil { return err } mbox = c.Mailbox() diff --git a/template.go b/template.go index 5d0d28b..2581da0 100644 --- a/template.go +++ b/template.go @@ -3,6 +3,7 @@ package koushin import ( "html/template" "io" + "net/url" "github.com/labstack/echo/v4" ) @@ -20,6 +21,9 @@ func loadTemplates() (*tmpl, error) { "tuple": func(values ...interface{}) []interface{} { return values }, + "pathescape": func(s string) string { + return url.PathEscape(s) + }, }).ParseGlob("public/*.html") return &tmpl{t}, err } |