2007-11-03 [paul] 3.0.2cvs113

	* src/common/utils.c
		fix debian bug #448814, 'mailto: URI decoding
		desn't decode the destination address field'
		Patch by Federico Heinz <fheinz@vialibre.org.ar>

diff --git a/ChangeLog b/ChangeLog
index e5ba985e9c43f8162424d76a10fe400f15086ccd..ba307344b2b9246918457d470cc65ea79d0efb98 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2007-11-03 [paul]      3.0.2cvs113
+
+       * src/common/utils.c
+               fix debian bug #448814, 'mailto: URI decoding
+               desn't decode the destination address field'
+               Patch by Federico Heinz <fheinz@vialibre.org.ar>
+
 2007-11-03 [paul]      3.0.2cvs112
 
        * AUTHORS

diff --git a/PATCHSETS b/PATCHSETS
index 10dbe43b3ee8b2012fe4300fe4be296ec9ecbb5c..8dfea97e57ace03ccd1bb6bbeac1fbcda2d18776 100644 (file)
--- a/PATCHSETS
+++ b/PATCHSETS
@@ -3025,3 +3025,4 @@
 ( cvs diff -u -r 1.1.2.16 -r 1.1.2.17 src/ldapupdate.c;  ) > 3.0.2cvs110.patchset
 ( cvs diff -u -r 1.60.2.103 -r 1.60.2.104 src/addressbook.c;  ) > 3.0.2cvs111.patchset
 ( cvs diff -u -r 1.100.2.56 -r 1.100.2.57 AUTHORS;  cvs diff -u -r 1.382.2.418 -r 1.382.2.419 src/compose.c;  cvs diff -u -r 1.1.2.42 -r 1.1.2.43 src/gtk/authors.h;  ) > 3.0.2cvs112.patchset
+( cvs diff -u -r 1.36.2.121 -r 1.36.2.122 src/common/utils.c;  ) > 3.0.2cvs113.patchset

diff --git a/configure.ac b/configure.ac
index 185864474fdf40d5841ab568ae384772b1b84fe9..48d3a7674ba4e5d8c6bd52f9a9bbccb6d9c2ed58 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -11,7 +11,7 @@ MINOR_VERSION=0
 MICRO_VERSION=2
 INTERFACE_AGE=0
 BINARY_AGE=0
-EXTRA_VERSION=112
+EXTRA_VERSION=113
 EXTRA_RELEASE=
 EXTRA_GTK2_VERSION=
 

diff --git a/src/common/utils.c b/src/common/utils.c
index bde9ff378ab115d7f493b55bdb8e818f6a4f677a..46d88d132508507d4949426a59d38e995b789ab0 100644 (file)
--- a/src/common/utils.c
+++ b/src/common/utils.c
@@ -1500,6 +1500,13 @@ void decode_uri(gchar *decoded_uri, const gchar *encoded_uri)
        decode_uri_with_plus(decoded_uri, encoded_uri, TRUE);
 }
 
+static gchar *decode_uri_gdup(const gchar *encoded_uri)
+{
+    gchar *buffer = g_malloc(strlen(encoded_uri)+1);
+    decode_uri(buffer, encoded_uri);
+    return buffer;
+}
+
 gint scan_mailto_url(const gchar *mailto, gchar **to, gchar **cc, gchar **bcc,
                     gchar **subject, gchar **body, gchar **attach)
 {
@@ -1522,7 +1529,7 @@ gint scan_mailto_url(const gchar *mailto, gchar **to, gchar **cc, gchar **bcc,
        }
 
        if (to && !*to)
-               *to = g_strdup(tmp_mailto);
+               *to = decode_uri_gdup(tmp_mailto);
 
        while (p) {
                gchar *field, *value;
@@ -1545,20 +1552,17 @@ gint scan_mailto_url(const gchar *mailto, gchar **to, gchar **cc, gchar **bcc,
                if (*value == '\0') continue;
 
                if (cc && !*cc && !g_ascii_strcasecmp(field, "cc")) {
-                       *cc = g_strdup(value);
+                       *cc = decode_uri_gdup(value);
                } else if (bcc && !*bcc && !g_ascii_strcasecmp(field, "bcc")) {
-                       *bcc = g_strdup(value);
+                       *bcc = decode_uri_gdup(value);
                } else if (subject && !*subject &&
                           !g_ascii_strcasecmp(field, "subject")) {
-                       *subject = g_malloc(strlen(value) + 1);
-                       decode_uri(*subject, value);
+                       *subject = decode_uri_gdup(value);
                } else if (body && !*body && !g_ascii_strcasecmp(field, "body")) {
-                       *body = g_malloc(strlen(value) + 1);
-                       decode_uri(*body, value);
+                       *body = decode_uri_gdup(value);
                } else if (attach && !*attach && !g_ascii_strcasecmp(field, "attach")) {
                        int i = 0;
-                       *attach = g_malloc(strlen(value) + 1);
-                       decode_uri(*attach, value);
+                       *attach = decode_uri_gdup(value);
                        for (; forbidden_uris[i]; i++) {
                                if (strstr(*attach, forbidden_uris[i])) {
                                        g_print("Refusing to attach '%s', potential private data leak\n",