From 38b5edc6b6154dd123e8a58293964533875438cc Mon Sep 17 00:00:00 2001 From: =?utf8?q?Wilfried=20G=C3=B6esgens?= Date: Mon, 21 Apr 2008 19:23:27 +0000 Subject: [PATCH] * more carefully render urls --- webcit/messages.c | 50 ++++++++++++++++++++++++++++++++-------------- webcit/rss.c | 4 ++-- webcit/serv_func.c | 2 +- webcit/webcit.h | 2 +- 4 files changed, 39 insertions(+), 19 deletions(-) diff --git a/webcit/messages.c b/webcit/messages.c index 5505602af..38298f799 100644 --- a/webcit/messages.c +++ b/webcit/messages.c @@ -336,15 +336,19 @@ int webcit_rfc2047encode(char *target, int maxlen, char *source, long SourceLen) * Look for URL's embedded in a buffer and make them linkable. We use a * target window in order to keep the Citadel session in its own window. */ -void url(char *buf) +void url(char *buf, size_t bufsize) { - int len; + int len, UrlLen, Offset, TrailerLen, outpos; char *start, *end, *pos; char urlbuf[SIZ]; - char outbuf[1024]; + char outbuf[SIZ]; start = NULL; len = strlen(buf); + if (len > bufsize) { + lprintf(1, "URL: content longer than buffer!"); + return; + } end = buf + len; for (pos = buf; (pos < end) && (start == NULL); ++pos) { if (!strncasecmp(pos, "http://", 7)) @@ -375,17 +379,33 @@ void url(char *buf) end = pos; } } + + UrlLen = end - start; + if (UrlLen > sizeof(urlbuf)){ + lprintf(1, "URL: content longer than buffer!"); + return; + } + memcpy(urlbuf, start, UrlLen); + urlbuf[UrlLen] = '\0'; + + Offset = start - buf; + if ((Offset != 0) && (Offset < sizeof(outbuf))) + memcpy(outbuf, buf, Offset); + outpos = snprintf(&outbuf[Offset], sizeof(outbuf) - Offset, + "%ca href=%c%s%c TARGET=%c%s%c%c%s%c/A%c", + LB, QU, urlbuf, QU, QU, TARGET, QU, RB, urlbuf, LB, RB); + if (outpos >= sizeof(outbuf) - Offset) { + lprintf(1, "URL: content longer than buffer!"); + return; + } - strncpy(urlbuf, start, end - start); - urlbuf[end - start] = '\0'; - - if (start != buf) - strncpy(outbuf, buf, start - buf ); - sprintf(&outbuf[start-buf], "%ca href=%c%s%c TARGET=%c%s%c%c%s%c/A%c", - LB, QU, urlbuf, QU, QU, TARGET, QU, RB, urlbuf, LB, RB); - strcat(outbuf, end); - if ( strlen(outbuf) < 250 ) - strcpy(buf, outbuf); + TrailerLen = len - (end - start); + memcpy(outbuf + Offset + outpos, end, TrailerLen); + if ( Offset + TrailerLen + outpos > bufsize) { + lprintf(1, "URL: content longer than buffer!"); + return; + } + memcpy (buf, outbuf, Offset + TrailerLen + outpos); } @@ -1256,7 +1276,7 @@ void read_message(long msgnum, int printable_view, char *section) { bq = 0; } wprintf(""); - url(buf); + url(buf, sizeof(buf)); escputs(buf); wprintf("
\n"); } @@ -1675,7 +1695,7 @@ void pullquote_message(long msgnum, int forward_attachments, int include_headers bq = 0; } wprintf(""); - url(buf); + url(buf, sizeof(buf)); msgescputs1(buf); wprintf("
"); } diff --git a/webcit/rss.c b/webcit/rss.c index f86fb97b7..7a99ecc05 100644 --- a/webcit/rss.c +++ b/webcit/rss.c @@ -278,7 +278,7 @@ void display_rss(char *roomname, char *request_method) wprintf(""); bq = 0; } - url(buf); + url(buf, sizeof(buf)); escputs(buf); wprintf("\n"); } @@ -320,7 +320,7 @@ void display_rss(char *roomname, char *request_method) bq = 0; } wprintf(""); - url(buf); + url(buf, sizeof(buf)); escputs(buf); wprintf("
\n"); } diff --git a/webcit/serv_func.c b/webcit/serv_func.c index ac8a2e770..edff5ebd4 100644 --- a/webcit/serv_func.c +++ b/webcit/serv_func.c @@ -136,7 +136,7 @@ void fmout(char *align) strcpy(buf, &buf[2]); } /** Activate embedded URL's */ - url(buf); + url(buf, sizeof(buf)); escputs(buf); wprintf("\n"); diff --git a/webcit/webcit.h b/webcit/webcit.h index 515d9b698..b4a2c9ddf 100644 --- a/webcit/webcit.h +++ b/webcit/webcit.h @@ -544,7 +544,7 @@ void display_mime_icon(void); void print_menu_box(char* Title, char *Class, int nLines, ...); long stresc(char *target, long tSize, char *strbuf, int nbsp, int nolinebreaks); void escputs(char *strbuf); -void url(char *buf); +void url(char *buf, size_t bufsize); void escputs1(char *strbuf, int nbsp, int nolinebreaks); void msgesc(char *target, size_t tlen, char *strbuf); void msgescputs(char *strbuf); -- 2.30.2