From: Eric Wong <e@80x24.org>
Date: Fri, 6 Sep 2024 23:29:03 +0000 (+0000)
Subject: view: fix addr2url mapping corruption
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b51fcc196e357f61323bc9e17700b8e33fa08bc;p=thirdparty%2Fpublic-inbox.git

view: fix addr2url mapping corruption

We must avoid generating a qr/\b()\b/ regexp which matches
every word boundary.  This is caused by a particular set of
circumstances for WWW instances:

1. extindex must be in use
2. cindex must NOT be in use OR WWW->preload wasn't used
   (custom .psgi or non-p-i-{httpd,netd} users)
3. first HTTP request hits /$EXTINDEX/$MSGID/
   (where $EXTINDEX is typically `all')

On extindex-using instances without a cindex configured, the
first HTTP request hitting the extindex encounters an empty
{-by_addr} hash table.  This empty {-by_addr} hash table causes
View->addr2urlmap() to return an all-matching regexp which
corrupts HTML when attempting address substitutions.

cindex-using instances avoid the problem by triggering
_fill_all() during PublicInbox::WWW->preload and ensuring
{-by_addr} of the PublicInbox::Config object is populated.

Thanks to Konstantin for the initial report and Filip for the
immensely helpful explanation of the problem.

Helped-by: Filip Hejsek <filip.hejsek@gmail.com>
Reported-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Link: https://public-inbox.org/meta/20240903-brainy-lionfish-of-saturation-71ae1a@lemur/
Fixes: 48cbe0c3c8dc4d26 (www: linkify inbox addresses in To/Cc headers, 2024-01-09)
---

diff --git a/lib/PublicInbox/View.pm b/lib/PublicInbox/View.pm
index bc093a201..154e75379 100644
--- a/lib/PublicInbox/View.pm
+++ b/lib/PublicInbox/View.pm
@@ -203,8 +203,12 @@ sub addr2urlmap ($) {
 		my $tmp = $ctx->{www}->{pi_cfg}->{-addr2urlmap};
 		my @k = keys %$tmp; # random order
 		delete @$tmp{@k[0..3]} if scalar(@k) > 7;
-		my $re = join('|', map { quotemeta } keys %addr2url);
-		$tmp->{$key} = [ qr/\b($re)\b/i, \%addr2url ];
+		if (scalar keys %addr2url) {
+			my $re = join('|', map { quotemeta } keys %addr2url);
+			$tmp->{$key} = [ qr/\b($re)\b/i, \%addr2url ];
+		} else { # nothing? NUL should never match:
+			[ qr/(\0)/, { "\0" => './' } ];
+		}
 	};
 	@$ent;
 }