From: Eric Wong <e@80x24.org>
Date: Tue, 10 Sep 2024 00:40:48 +0000 (+0000)
Subject: view: fix x-post links for relative urls
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48f371df726a9310096b199113507496f9c966a5;p=thirdparty%2Fpublic-inbox.git

view: fix x-post links for relative urls

We need to make correct relative URL paths for users configuring
publicinbox.$NAME.url as relative URL paths (e.g. matching the
inbox `$NAME').

Users of protocol-relative (e.g. `//$HOST/$NAME') and absolute URIs
(e.g `https://example.com/$NAME') were unaffected by this bug.
Users relying on publicinbox.nameIsUrl and omitting
publicinbox.*.url entries were also immune to this bug.

Automated tests are in progress and will come in a separate commit.

Reported-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Link: https://public-inbox.org/meta/20240909-muskox-of-illegal-engineering-dadeda@lemur/
---

diff --git a/lib/PublicInbox/View.pm b/lib/PublicInbox/View.pm
index 154e75379..37c910f85 100644
--- a/lib/PublicInbox/View.pm
+++ b/lib/PublicInbox/View.pm
@@ -213,6 +213,7 @@ sub addr2urlmap ($) {
 	@$ent;
 }
 
+# called by /$INBOX/$MSGID/[tT]/
 sub to_cc_html ($$$$) {
 	my ($ctx, $eml, $field, $t) = @_;
 	my @vals = $eml->header($field) or return ('', 0);
@@ -239,7 +240,14 @@ sub to_cc_html ($$$$) {
 		}
 		$line_len += length($n);
 		$url = $addr2url->{lc($pair->[1] // '')};
-		$html .= $url ? qq(<a\nhref="$url$t">$n</a>) : $n;
+		# cross-inbox links are relative to /$CUR_INBOX/$MSGID/[tT]/
+		if ($url) {
+			$url =~ m!\A(?:https?:)?//!i or
+				substr $url, 0, 0, '../../../';
+			$html .= qq(<a\nhref="$url$t">$n</a>);
+		} else {
+			$html .= $n;
+		}
 	}
 	($html, $len + $line_len);
 }
@@ -716,7 +724,12 @@ href="d/">diff</a>)</pre><pre>];
 	$hbuf = ascii_html($hbuf);
 	my $t = $ts ? '?t='.ts2str($ts) : '';
 	my ($re, $addr2url) = addr2urlmap($ctx);
-	$hbuf =~ s!$re!qq(<a\nhref=").$addr2url->{lc $1}.qq($t">$1</a>)!sge;
+	# $url is relative to /$INBOX/$MSGID/
+	$hbuf =~ s#$re#
+		my ($addr, $url) = ($1, $addr2url->{lc $1});
+		substr $url, 0, 0, '../../' if $url !~ m!\A(?:https?:)?//!i;
+		qq(<a\nhref="$url$t">$addr</a>)
+		#sge;
 	$ctx->{-title_html} = ascii_html(join(' - ', @title));
 	if (my $obfs_ibx = $ctx->{-obfs_ibx}) {
 		obfuscate_addrs($obfs_ibx, $hbuf);