-/**
- * \brief Look for URL's embedded in a buffer and make them linkable. We use a
- * target window in order to keep the BBS session in its own window.
- * \param buf the message buffer
+/*
+ * Look for URL's embedded in a buffer and make them linkable. We use a
+ * target window in order to keep the Citadel session in its own window.
*/
-void url(char *buf)
+void url(char *buf, size_t bufsize)
{
- int len;
+ int len, UrlLen, Offset, TrailerLen, outpos;
char *start, *end, *pos;
char urlbuf[SIZ];
- char outbuf[1024];
+ char outbuf[SIZ];
start = NULL;
len = strlen(buf);
+ if (len > bufsize) {
+ lprintf(1, "URL: content longer than buffer!");
+ return;
+ }
end = buf + len;
for (pos = buf; (pos < end) && (start == NULL); ++pos) {
if (!strncasecmp(pos, "http://", 7))
end = pos;
}
}
+
+ UrlLen = end - start;
+ if (UrlLen > sizeof(urlbuf)){
+ lprintf(1, "URL: content longer than buffer!");
+ return;
+ }
+ memcpy(urlbuf, start, UrlLen);
+ urlbuf[UrlLen] = '\0';
+
+ Offset = start - buf;
+ if ((Offset != 0) && (Offset < sizeof(outbuf)))
+ memcpy(outbuf, buf, Offset);
+ outpos = snprintf(&outbuf[Offset], sizeof(outbuf) - Offset,
+ "%ca href=%c%s%c TARGET=%c%s%c%c%s%c/A%c",
+ LB, QU, urlbuf, QU, QU, TARGET, QU, RB, urlbuf, LB, RB);
+ if (outpos >= sizeof(outbuf) - Offset) {
+ lprintf(1, "URL: content longer than buffer!");
+ return;
+ }
- strncpy(urlbuf, start, end - start);
- urlbuf[end - start] = '\0';
-
- if (start != buf)
- strncpy(outbuf, buf, start - buf );
- sprintf(&outbuf[start-buf], "%ca href=%c%s%c TARGET=%c%s%c%c%s%c/A%c",
- LB, QU, urlbuf, QU, QU, TARGET, QU, RB, urlbuf, LB, RB);
- strcat(outbuf, end);
- if ( strlen(outbuf) < 250 )
- strcpy(buf, outbuf);
+ TrailerLen = len - (end - start);
+ memcpy(outbuf + Offset + outpos, end, TrailerLen);
+ if ( Offset + TrailerLen + outpos > bufsize) {
+ lprintf(1, "URL: content longer than buffer!");
+ return;
+ }
+ memcpy (buf, outbuf, Offset + TrailerLen + outpos);
}
char reply_to[512] = "";
char reply_all[4096] = "";
char reply_references[1024] = "";
+ char reply_inreplyto[256] = "";
char now[64] = "";
int format_type = 0;
int nhdr = 0;
safestrncpy(m_subject, &buf[5], sizeof m_subject);
}
if (!strncasecmp(buf, "msgn=", 5)) {
- safestrncpy(reply_references, &buf[5], sizeof reply_references);
+ safestrncpy(reply_inreplyto, &buf[5], sizeof reply_inreplyto);
}
if (!strncasecmp(buf, "wefw=", 5)) {
- int rrlen = strlen(reply_references);
- if (rrlen > 0) {
- strcpy(&reply_references[rrlen++], "|");
- }
- safestrncpy(&reply_references[rrlen], &buf[5],
- (sizeof(reply_references) - rrlen) );
+ safestrncpy(reply_references, &buf[5], sizeof reply_references);
}
if (!strncasecmp(buf, "cccc=", 5)) {
int len;
}
- /** Generate a reply-to address */
+ /* Trim down excessively long lists of thread references. We eliminate the
+ * second one in the list so that the thread root remains intact.
+ */
+ int rrtok = num_tokens(reply_references, '|');
+ int rrlen = strlen(reply_references);
+ if ( ((rrtok >= 3) && (rrlen > 900)) || (rrtok > 10) ) {
+ remove_token(reply_references, 1, '|');
+ }
+
+ /* Generate a reply-to address */
if (!IsEmptyStr(rfca)) {
if (!IsEmptyStr(from)) {
snprintf(reply_to, sizeof(reply_to), "%s <%s>", from, rfca);
if (strncasecmp(m_subject, "Re:", 3)) wprintf("Re:%20");
urlescputs(m_subject);
}
+ wprintf("?references=");
if (!IsEmptyStr(reply_references)) {
- wprintf("?references=");
urlescputs(reply_references);
+ urlescputs("|");
}
+ urlescputs(reply_inreplyto);
wprintf("\"><span>[</span>%s<span>]</span></a> ", _("Reply"));
}
if (strncasecmp(m_subject, "Re:", 3)) wprintf("Re:%20");
urlescputs(m_subject);
}
+ wprintf("?references=");
if (!IsEmptyStr(reply_references)) {
- wprintf("?references=");
urlescputs(reply_references);
+ urlescputs("|");
}
+ urlescputs(reply_inreplyto);
wprintf("\"><span>[</span>%s<span>]</span></a> ", _("ReplyQuoted"));
}
}
if (strncasecmp(m_subject, "Re:", 3)) wprintf("Re:%20");
urlescputs(m_subject);
}
+ wprintf("?references=");
if (!IsEmptyStr(reply_references)) {
- wprintf("?references=");
urlescputs(reply_references);
+ urlescputs("|");
}
+ urlescputs(reply_inreplyto);
wprintf("\"><span>[</span>%s<span>]</span></a> ", _("ReplyAll"));
}
bq = 0;
}
wprintf("<tt>");
- url(buf);
+ url(buf, sizeof(buf));
escputs(buf);
wprintf("</tt><br />\n");
}
bq = 0;
}
wprintf("<tt>");
- url(buf);
+ url(buf, sizeof(buf));
msgescputs1(buf);
wprintf("</tt><br />");
}