Re: [PATCH WIP] emacs: Sanitize authors and subjects in search and show

diff --git a/e1/95e3069fa335a82490ba14fea54a1c7b815a0f b/e1/95e3069fa335a82490ba14fea54a1c7b815a0f
new file mode 100644 (file)
index 0000000..faa4d61
--- /dev/null
+++ b/e1/95e3069fa335a82490ba14fea54a1c7b815a0f
@@ -0,0 +1,166 @@
+Return-Path: <jani@nikula.org>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id C1AB6431FAF\r
+       for <notmuch@notmuchmail.org>; Fri, 11 Oct 2013 08:21:00 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -0.7\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5\r
+       tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id n7NoHgi3PpqB for <notmuch@notmuchmail.org>;\r
+       Fri, 11 Oct 2013 08:20:55 -0700 (PDT)\r
+Received: from mail-ee0-f46.google.com (mail-ee0-f46.google.com\r
+ [74.125.83.46])       (using TLSv1 with cipher RC4-SHA (128/128 bits))        (No client\r
+ certificate requested)        by olra.theworths.org (Postfix) with ESMTPS id\r
+ 20017431FB6   for <notmuch@notmuchmail.org>; Fri, 11 Oct 2013 08:20:55 -0700\r
+ (PDT)\r
+Received: by mail-ee0-f46.google.com with SMTP id c13so1953395eek.19\r
+       for <notmuch@notmuchmail.org>; Fri, 11 Oct 2013 08:20:53 -0700 (PDT)\r
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;\r
+       d=1e100.net; s=20130820;\r
+       h=x-gm-message-state:from:to:cc:subject:in-reply-to:references\r
+       :user-agent:date:message-id:mime-version:content-type;\r
+       bh=qUmfV6blunwVy76PQckxHxV83tFb4LrjVO52dIOiRlw=;\r
+       b=Gf+Cy1w2D3v0lCUZcXlHtmhIN3YRISKnnGnUacZCb7B3OMzO7ncEEafykeevWZBTt5\r
+       Iz9UP6G9mYpmpk39OBtsRmnRNBdskI+iqWZGNFy8oNPTDHX+Dmkoy0n/zhB7RQ7qUMoX\r
+       TfGVBwAIOYzCEQkAVxOdfXFNyE5sj0It/1qu2cCajmorAfa3ndkvtVAMDq9n0SECVeKC\r
+       Sopx7qkjlxTNM9NKea3CmmAKEiCCFF8PqpwQCGFzG7/kDv42ebRQP5fgUDjYjFX46mqa\r
+       qdBqXTQYOsg19rJWXnTpV9YXcIAiacOjS9l1n9yzqCscfxm8L3YMAXPzQGUwt8Srefo4\r
+       AyiQ==\r
+X-Gm-Message-State:\r
+ ALoCoQk+tPMHKMCy0SfyFqBWqm6l/2qxCtIS5yMpy8EAJalvnFQ7wtb4jHV9COX/27fkGFYFsuCy\r
+X-Received: by 10.14.87.135 with SMTP id y7mr3991954eee.57.1381504853738;\r
+       Fri, 11 Oct 2013 08:20:53 -0700 (PDT)\r
+Received: from localhost (dsl-hkibrasgw2-58c36f-91.dhcp.inet.fi.\r
+       [88.195.111.91]) by mx.google.com with ESMTPSA id\r
+       z12sm115839243eev.6.1969.12.31.16.00.00\r
+       (version=TLSv1.2 cipher=RC4-SHA bits=128/128);\r
+       Fri, 11 Oct 2013 08:20:52 -0700 (PDT)\r
+From: Jani Nikula <jani@nikula.org>\r
+To: Austin Clements <amdragon@MIT.EDU>, notmuch@notmuchmail.org\r
+Subject: Re: [PATCH WIP] emacs: Sanitize authors and subjects in search and\r
+       show\r
+In-Reply-To: <1381499619-14219-1-git-send-email-amdragon@mit.edu>\r
+References: <1381499619-14219-1-git-send-email-amdragon@mit.edu>\r
+User-Agent: Notmuch/0.16+96~g459c586 (http://notmuchmail.org) Emacs/24.3.1\r
+       (x86_64-pc-linux-gnu)\r
+Date: Fri, 11 Oct 2013 18:20:51 +0300\r
+Message-ID: <87d2nbzve4.fsf@nikula.org>\r
+MIME-Version: 1.0\r
+Content-Type: text/plain\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Fri, 11 Oct 2013 15:21:00 -0000\r
+\r
+On Fri, 11 Oct 2013, Austin Clements <amdragon@MIT.EDU> wrote:\r
+> Authors and subjects can contain embedded, encoded control characters\r
+> like "\n" and "\t" that mess up display.  Transform control characters\r
+> into spaces everywhere we display them in search and show.\r
+> ---\r
+>\r
+> This could obviously use some tests, but I thought I'd get it out\r
+> there to see what people thought or if the behavior should be tweaked.\r
+\r
+I like it. Seems to work as advertized with some crappy Subject: lines\r
+in my mail.\r
+\r
+BR,\r
+Jani.\r
+\r
+\r
+>\r
+> Of course, I can't guarantee that this is all of the places we display\r
+> untrusted header text.  I'm really not sure how to make that guarantee\r
+> (suggestions welcome).\r
+>\r
+>  emacs/notmuch-lib.el  | 6 ++++++\r
+>  emacs/notmuch-show.el | 7 ++++---\r
+>  emacs/notmuch.el      | 6 ++++--\r
+>  3 files changed, 14 insertions(+), 5 deletions(-)\r
+>\r
+> diff --git a/emacs/notmuch-lib.el b/emacs/notmuch-lib.el\r
+> index 58f3313..6541282 100644\r
+> --- a/emacs/notmuch-lib.el\r
+> +++ b/emacs/notmuch-lib.el\r
+> @@ -243,6 +243,12 @@ depending on the value of `notmuch-poll-script'."\r
+>      "[No Subject]"\r
+>        subject)))\r
+>  \r
+> +(defun notmuch-sanitize (str)\r
+> +  "Sanitize control character in STR.\r
+> +\r
+> +This includes newlines, tabs, and other funny characters."\r
+> +  (replace-regexp-in-string "[[:cntrl:]\x7f\u2028\u2029]+" " " str))\r
+> +\r
+>  (defun notmuch-escape-boolean-term (term)\r
+>    "Escape a boolean term for use in a query.\r
+>  \r
+> diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el\r
+> index 7325792..fa11d98 100644\r
+> --- a/emacs/notmuch-show.el\r
+> +++ b/emacs/notmuch-show.el\r
+> @@ -407,7 +407,8 @@ unchanged ADDRESS if parsing fails."\r
+>  message at DEPTH in the current thread."\r
+>    (let ((start (point)))\r
+>      (insert (notmuch-show-spaces-n (* notmuch-show-indent-messages-width depth))\r
+> -        (notmuch-show-clean-address (plist-get headers :From))\r
+> +        (notmuch-sanitize\r
+> +         (notmuch-show-clean-address (plist-get headers :From)))\r
+>          " ("\r
+>          date\r
+>          ") ("\r
+> @@ -417,7 +418,7 @@ message at DEPTH in the current thread."\r
+>  \r
+>  (defun notmuch-show-insert-header (header header-value)\r
+>    "Insert a single header."\r
+> -  (insert header ": " header-value "\n"))\r
+> +  (insert header ": " (notmuch-sanitize header-value) "\n"))\r
+>  \r
+>  (defun notmuch-show-insert-headers (headers)\r
+>    "Insert the headers of the current message."\r
+> @@ -1154,7 +1155,7 @@ function is used."\r
+>        (jit-lock-register #'notmuch-show-buttonise-links)\r
+>  \r
+>        ;; Set the header line to the subject of the first message.\r
+> -      (setq header-line-format (notmuch-show-strip-re (notmuch-show-get-subject)))\r
+> +      (setq header-line-format (notmuch-sanitize (notmuch-show-strip-re (notmuch-show-get-subject))))\r
+>  \r
+>        (run-hooks 'notmuch-show-hook))))\r
+>  \r
+> diff --git a/emacs/notmuch.el b/emacs/notmuch.el\r
+> index c47c6b5..44cd2fd 100644\r
+> --- a/emacs/notmuch.el\r
+> +++ b/emacs/notmuch.el\r
+> @@ -791,11 +791,13 @@ non-authors is found, assume that all of the authors match."\r
+>                                      (plist-get result :total)))\r
+>                      'face 'notmuch-search-count)))\r
+>     ((string-equal field "subject")\r
+> -    (insert (propertize (format format-string (plist-get result :subject))\r
+> +    (insert (propertize (format format-string\r
+> +                            (notmuch-sanitize (plist-get result :subject)))\r
+>                      'face 'notmuch-search-subject)))\r
+>  \r
+>     ((string-equal field "authors")\r
+> -    (notmuch-search-insert-authors format-string (plist-get result :authors)))\r
+> +    (notmuch-search-insert-authors\r
+> +     format-string (notmuch-sanitize (plist-get result :authors))))\r
+>  \r
+>     ((string-equal field "tags")\r
+>      (let ((tags (plist-get result :tags)))\r
+> -- \r
+> 1.8.4.rc3\r