www/127898: [patch] query-pr.cgi: properly treat quoted-printable
line continuations
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Mon Oct 6 09:00:17 UTC 2008
>Number: 127898
>Category: www
>Synopsis: [patch] query-pr.cgi: properly treat quoted-printable line continuations
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-www
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Oct 06 09:00:16 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Eygene Ryabinkin
>Release: FreeBSD 7.1-PRERELEASE i386
>Organization:
Code Labs
>Environment:
Not applicable.
>Description:
Gnats Web interface (query-pr.cgi) fails to properly treat line
continuations in the quoted-printable parts: is deletes the trailing
'=', but does not joins the line with the next one. It has even comment
in the code about this ;))
>How-To-Repeat:
Look, for example, at http://www.freebsd.org/cgi/query-pr.cgi?pr=126853
>Fix:
The following patch properly assembles continued lines before feeding
them into the loop:
--- 0001-Implement-proper-quoted-printable-line-continuation.patch begins here ---
>From af39b0e8173c9fc76496f371a71666667719ade5 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea-fbsd at codelabs.ru>
Date: Mon, 6 Oct 2008 12:32:28 +0400
Web interface for FreeBSD Gnats database treats quoted-printable in an
imcomplete way: it strips the trailing '=' signs, but does not join the
lines.
This can be demonstrated by looking at the PR 126853, for example,
http://www.freebsd.org/cgi/query-pr.cgi?pr=126853
I had fixed this by detecting line continuations early and joining these
lines before they will be processed any further. So, now the code is
first assembling the whole continued line and only then is trying to
interpret/format it.
Signed-off-by: Eygene Ryabinkin <rea-fbsd at codelabs.ru>
---
query-pr.cgi | 18 ++++++++++++++++--
1 files changed, 16 insertions(+), 2 deletions(-)
mode change 100644 => 100755 query-pr.cgi
diff --git a/query-pr.cgi b/query-pr.cgi
old mode 100644
new mode 100755
index 9dd376d..e6f0165
--- a/query-pr.cgi
+++ b/query-pr.cgi
@@ -472,6 +472,7 @@ foreach my $field (@fields_multiple)
my $url = "${self_url_base}${PR}";
my $outp = "";
+ my $qpcont = "";
my %mime_headers;
my $mime_boundary;
my $mime_endheader;
@@ -594,6 +595,21 @@ foreach my $field (@fields_multiple)
if ($inresponse) {
my $txt = $1;
+ # Detect Q-P line continuations,
+ # join them with the next line
+ # and process when the full line
+ # will be assembled.
+ if ($encoding == ENCODING_QP) {
+ if ($txt =~ /=$/) {
+ $txt =~ s/=$//;
+ $qpcont .= $txt;
+ next;
+ } else {
+ $txt = $qpcont . $txt;
+ $qpcont = "";
+ }
+ }
+
if ($txt !~ /^-+$/ && $txt !~ /(?:cut|snip)/i && $txt =~ /^--(\S+)$/) {
$mime_boundary = $1 if (!defined $mime_boundary && !$inpatch);
@@ -658,8 +674,6 @@ foreach my $field (@fields_multiple)
$outp .= $txt;
next;
} elsif ($encoding == ENCODING_QP) {
- # XXX: lines ending in = should be joined
- $txt =~ s/=$//;
$txt = decode_qp($txt);
}
--
1.6.0.2
--- 0001-Implement-proper-quoted-printable-line-continuation.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-www
mailing list