From: Eric Wong Date: Mon, 17 Jun 2024 00:01:40 +0000 (+0000) Subject: www: strip and redirect on `<' and `>' in MSGID of URL X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3d72695fa6b20715514709a9032c1dc18edad14;p=thirdparty%2Fpublic-inbox.git www: strip and redirect on `<' and `>' in MSGID of URL Some users may needlessly include `<' and `>' braces in URLs, so account for this common mistake and redirect users to the non-braced URL. This common mistake could be learned behavior from other sites (e.g. sr.ht) which include `<' and `>' in URLs. Reported-by: Junio C Hamano Link: https://public-inbox.org/meta/xmqqtthvh4r6.fsf@gitster.g/ --- diff --git a/lib/PublicInbox/View.pm b/lib/PublicInbox/View.pm index dcceb3112..cc1ab79a9 100644 --- a/lib/PublicInbox/View.pm +++ b/lib/PublicInbox/View.pm @@ -74,9 +74,13 @@ sub msg_page { my ($id, $prev); my $next_arg = $ctx->{next_arg} = [ $ctx->{mid}, \$id, \$prev ]; - my $smsg = $ctx->{smsg} = $over->next_by_mid(@$next_arg) or - return; # undef == 404 - + my $smsg = $ctx->{smsg} = $over->next_by_mid(@$next_arg); + if (!$smsg && $ctx->{mid} =~ /\A\<(.+)\>\z/ and + ($next_arg->[0] = $1) and + ($over->next_by_mid(@$next_arg))) { + return PublicInbox::WWW::r301($ctx, undef, $next_arg->[0]); + } + $smsg or return; # undef=404 # allow user to easily browse the range around this message if # they have ->over $ctx->{-t_max} = $smsg->{ts}; diff --git a/t/psgi_search.t b/t/psgi_search.t index 8c981c6cc..759dab781 100644 --- a/t/psgi_search.t +++ b/t/psgi_search.t @@ -179,6 +179,17 @@ test_psgi(sub { $www->call(@_) }, sub { $res = $cb->(GET(q{/test/?q=%22s'more%22&x=A})); is $res->code, 200, 'single quote inside phrase'; + + $res = $cb->(GET("/test/<$mid>/")); + is $res->code, 301, "redirect for raw `<' and `>' in msgid"; + like $res->header('location'), qr!/test/\Q$mid\E/\z!, + "redirected to URL without raw `<' and `>'"; + + $res = $cb->(GET("/test/%3c$mid%3e/")); + is $res->code, 301, "redirect for escaped `<' and `>' in msgid"; + like $res->header('location'), qr!/test/\Q$mid\E/\z!, + "redirected to URL without escaped `<' and `>'"; + # TODO: more tests and odd cases });