Refactored the code that joins the addresses in a single string
[modest] / src / modest-text-utils.c
index 7032d07..db00b31 100644 (file)
@@ -163,6 +163,8 @@ static gchar*   modest_text_utils_quote_html       (const gchar *text,
                                                    GList *attachments,
                                                    int limit);
 static gchar*   get_email_from_address (const gchar *address);
+static void     remove_extra_spaces (gchar *string);
+
 
 
 /* ******************************************************************* */
@@ -342,6 +344,39 @@ modest_text_utils_derived_subject (const gchar *subject, const gchar *prefix)
        return retval;
 }
 
+
+/* Performs a case-insensitive strstr for ASCII strings */
+static const gchar *
+ascii_stristr(const gchar *haystack, const gchar *needle)
+{
+       int needle_len;
+       int haystack_len;
+       const gchar *pos;
+       const gchar *max_pos;
+
+       if (haystack == NULL || needle == NULL) {
+               return haystack;  /* as in strstr */
+       }
+
+       needle_len = strlen(needle);
+
+       if (needle_len == 0) {
+               return haystack;  /* as in strstr */
+       }
+
+       haystack_len = strlen(haystack);
+       max_pos = haystack + haystack_len - needle_len;
+
+       for (pos = haystack; pos <= max_pos; pos++) {
+               if (g_ascii_strncasecmp (pos, needle, needle_len) == 0) {
+                       return pos;
+               }
+       }
+
+       return NULL;
+}
+
+
 gchar*
 modest_text_utils_remove_address (const gchar *address_list, const gchar *address)
 {
@@ -350,26 +385,26 @@ modest_text_utils_remove_address (const gchar *address_list, const gchar *addres
        gchar *email_address;
 
        g_return_val_if_fail (address_list, NULL);
-       
+
        if (!address)
                return g_strdup (address_list);
 
        email_address = get_email_from_address (address);
-       
+
        /* search for substring */
-       if (!strstr ((const char *) address_list, (const char *) email_address)) {
+       if (!ascii_stristr ((const char *) address_list, (const char *) email_address)) {
                g_free (email_address);
                return g_strdup (address_list);
        }
 
        dup = g_strdup (address_list);
        filtered_emails = g_string_new (NULL);
-       
+
        token = strtok_r (dup, ",", &ptr);
 
        while (token != NULL) {
                /* Add to list if not found */
-               if (!strstr ((const char *) token, (const char *) email_address)) {
+               if (!ascii_stristr ((const char *) token, (const char *) email_address)) {
                        if (filtered_emails->len == 0)
                                g_string_append_printf (filtered_emails, "%s", g_strstrip (token));
                        else
@@ -454,7 +489,7 @@ modest_text_utils_convert_buffer_to_html_start (GString *html, const gchar *data
                guchar kar = data[i];
                
                if (space_seen && kar != ' ') {
-                       g_string_append (html, "&nbsp;");
+                       g_string_append (html, " ");
                        space_seen = FALSE;
                }
                
@@ -491,7 +526,6 @@ modest_text_utils_convert_buffer_to_html_start (GString *html, const gchar *data
                        break_dist = 0;
                        if (space_seen) { /* second space in a row */
                                g_string_append (html, "&nbsp; ");
-                               space_seen = FALSE;
                        } else
                                space_seen = TRUE;
                        break;
@@ -572,59 +606,52 @@ modest_text_utils_convert_to_html_body (const gchar *data, gssize n, gboolean hy
 void
 modest_text_utils_get_addresses_indexes (const gchar *addresses, GSList **start_indexes, GSList **end_indexes)
 {
-       gchar *current, *start, *last_blank;
-       gint start_offset = 0, current_offset = 0;
+       GString *str;
+       gchar *start, *cur;
 
-       g_return_if_fail (start_indexes != NULL);
-       g_return_if_fail (end_indexes != NULL);
+       if (!addresses)
+               return;
+
+       if (strlen (addresses) == 0)
+               return;
 
-       start = (gchar *) addresses;
-       current = start;
-       last_blank = start;
+       str = g_string_new ("");
+       start = (gchar*) addresses;
+       cur = (gchar*) addresses;
 
-       while (*current != '\0') {
-               if ((start == current)&&((*current == ' ')||(*current == ',')||(*current == ';'))) {
-                       start = g_utf8_next_char (start);
-                       start_offset++;
-                       last_blank = current;
-               } else if ((*current == ',')||(*current == ';')) {
+       for (cur = start; *cur != '\0'; cur = g_utf8_next_char (cur)) {
+               if (*cur == ',' || *cur == ';') {
                        gint *start_index, *end_index;
-                       start_index = g_new0(gint, 1);
-                       end_index = g_new0(gint, 1);
-                       *start_index = start_offset;
-                       *end_index = current_offset;
+                       gchar *next_char = g_utf8_next_char (cur);
+
+                       if (!g_utf8_strchr (start, (cur - start + 1), g_utf8_get_char ("@")) &&
+                           next_char && *next_char != '\n')
+                               continue;
+
+                       start_index = g_new0 (gint, 1);
+                       end_index = g_new0 (gint, 1);
+                       *start_index = g_utf8_pointer_to_offset (addresses, start);
+                       *end_index = g_utf8_pointer_to_offset (addresses, cur);;
                        *start_indexes = g_slist_prepend (*start_indexes, start_index);
                        *end_indexes = g_slist_prepend (*end_indexes, end_index);
-                       start = g_utf8_next_char (current);
-                       start_offset = current_offset + 1;
-                       last_blank = start;
-               } else if (*current == '"') {
-                       current = g_utf8_next_char (current);
-                       current_offset ++;
-                       while ((*current != '"')&&(*current != '\0')) {
-                               current = g_utf8_next_char (current);
-                               current_offset ++;
-                       }
+                       start = g_utf8_next_char (cur);
                }
-                               
-               current = g_utf8_next_char (current);
-               current_offset ++;
        }
 
-       if (start != current) {
-                       gint *start_index, *end_index;
-                       start_index = g_new0(gint, 1);
-                       end_index = g_new0(gint, 1);
-                       *start_index = start_offset;
-                       *end_index = current_offset;
-                       *start_indexes = g_slist_prepend (*start_indexes, start_index);
-                       *end_indexes = g_slist_prepend (*end_indexes, end_index);
+       if (start != cur) {
+               gint *start_index, *end_index;
+               start_index = g_new0 (gint, 1);
+               end_index = g_new0 (gint, 1);
+               *start_index = g_utf8_pointer_to_offset (addresses, start);
+               *end_index = g_utf8_pointer_to_offset (addresses, cur);;
+               *start_indexes = g_slist_prepend (*start_indexes, start_index);
+               *end_indexes = g_slist_prepend (*end_indexes, end_index);
        }
-       
-       *start_indexes = g_slist_reverse (*start_indexes);
-       *end_indexes = g_slist_reverse (*end_indexes);
 
-       return;
+       if (*start_indexes)
+               *start_indexes = g_slist_reverse (*start_indexes);
+       if (*end_indexes)
+               *end_indexes = g_slist_reverse (*end_indexes);
 }
 
 
@@ -669,12 +696,56 @@ modest_text_utils_split_addresses_list (const gchar *addresses)
        addr = g_strndup (my_addrs, end - my_addrs);
        g_strchomp (addr);
 
+       remove_extra_spaces (addr);
+
        head = g_slist_append (NULL, addr);
        head->next = modest_text_utils_split_addresses_list (end); /* recurse */
 
        return head;
 }
 
+gchar *
+modest_text_utils_join_addresses (const gchar *from,
+                                 const gchar *to,
+                                 const gchar *cc,
+                                 const gchar *bcc)
+{
+       GString *buffer;
+       gboolean add_separator = FALSE;
+
+       buffer = g_string_new ("");
+
+       if (from && strlen (from)) {
+               buffer = g_string_append (buffer, from);
+               add_separator = TRUE;
+       }
+       if (to && strlen (to)) {
+               if (add_separator)
+                       buffer = g_string_append (buffer, "; ");
+               else
+                       add_separator = TRUE;
+
+               buffer = g_string_append (buffer, to);
+       }
+       if (cc && strlen (cc)) {
+               if (add_separator)
+                       buffer = g_string_append (buffer, "; ");
+               else
+                       add_separator = TRUE;
+
+               buffer = g_string_append (buffer, cc);
+       }
+       if (bcc && strlen (bcc)) {
+               if (add_separator)
+                       buffer = g_string_append (buffer, "; ");
+               else
+                       add_separator = TRUE;
+
+               buffer = g_string_append (buffer, bcc);
+       }
+
+       return g_string_free (buffer, FALSE);
+}
 
 void
 modest_text_utils_address_range_at_position (const gchar *recipients_list,
@@ -941,6 +1012,7 @@ modest_text_utils_quote_body (GString *output, const gchar *text,
                                g_string_prepend (l, remaining->str);
                        } else {
                                do {
+                                       gunichar remaining_first;
                                        breakpoint =
                                                get_breakpoint (remaining->str,
                                                                rem_indent,
@@ -949,9 +1021,11 @@ modest_text_utils_quote_body (GString *output, const gchar *text,
                                                       remaining, breakpoint);
                                        g_string_erase (remaining, 0,
                                                        breakpoint);
-                                       if (remaining->str[0] == ' ') {
-                                               g_string_erase (remaining, 0,
-                                                               1);
+                                       remaining_first = g_utf8_get_char_validated (remaining->str, remaining->len);
+                                       if (remaining_first != ((gunichar) -1)) {
+                                               if (g_unichar_isspace (remaining_first)) {
+                                                       g_string_erase (remaining, 0, g_utf8_next_char (remaining->str) - remaining->str);
+                                               }
                                        }
                                } while (remaining->len);
                        }
@@ -1664,6 +1738,7 @@ modest_text_utils_validate_recipient (const gchar *recipient, const gchar **inva
 
        /* quoted string */
        if (*current == '\"') {
+               gchar *last_quote = NULL;
                current = g_utf8_next_char (current);
                has_error = TRUE;
                for (; *current != '\0'; current = g_utf8_next_char (current)) {
@@ -1679,9 +1754,11 @@ modest_text_utils_validate_recipient (const gchar *recipient, const gchar **inva
                        } else if (*current == '\"') {
                                has_error = FALSE;
                                current = g_utf8_next_char (current);
-                               break;
+                               last_quote = current;
                        }
                }
+               if (last_quote)
+                       current = g_utf8_next_char (last_quote);
        } else {
                has_error = TRUE;
                for (current = stripped ; *current != '\0'; current = g_utf8_next_char (current)) {
@@ -1701,6 +1778,9 @@ modest_text_utils_validate_recipient (const gchar *recipient, const gchar **inva
        g_free (stripped);
        right_part = g_strstrip (right_part);
 
+       if (g_str_has_suffix (right_part, ",") || g_str_has_suffix (right_part, ";"))
+               right_part [(strlen (right_part) - 1)] = '\0';
+
        if (g_str_has_prefix (right_part, "<") &&
            g_str_has_suffix (right_part, ">")) {
                gchar *address;
@@ -1902,6 +1982,20 @@ remove_quotes (gchar **quotes)
        }
 }
 
+static void
+remove_extra_spaces (gchar *string)
+{
+       gchar *start;
+
+       start = string;
+       while (start && start[0] != '\0') {
+               if ((start[0] == ' ') && (start[1] == ' ')) {
+                       g_strchug (start+1);
+               }
+               start++;
+       }
+}
+
 gchar *
 modest_text_utils_escape_mnemonics (const gchar *text)
 {
@@ -2010,17 +2104,119 @@ modest_text_utils_remove_duplicate_addresses_list (GSList *address_list)
 }
 
 gchar *
-modest_text_utils_get_secure_header (gchar *value,
+modest_text_utils_get_secure_header (const gchar *value,
                                     const gchar *header)
 {
-       gchar *new_value = value;
+       const gint max_len = 16384;
+       gchar *new_value = NULL;
        gchar *needle = g_strrstr (value, header);
 
-       if (needle) {
-               gchar *tmp = value;
+       if (needle && value != needle)
                new_value = g_strdup (needle + strlen (header));
-               g_free (tmp);
+
+       if (!new_value)
+               new_value = g_strdup (value);
+
+       /* Do a max length check to prevent DoS attacks caused by huge
+          malformed headers */
+       if (g_utf8_validate (new_value, -1, NULL)) {
+               if (g_utf8_strlen (new_value, -1) > max_len) {
+                       gchar *tmp = g_malloc0 (max_len * 4);
+                       g_utf8_strncpy (tmp, (const gchar *) new_value, max_len);
+                       g_free (new_value);
+                       new_value = tmp;
+               }
+       } else {
+               if (strlen (new_value) > max_len) {
+                       gchar *tmp = g_malloc0 (max_len);
+                       strncpy (new_value, tmp, max_len);
+                       g_free (new_value);
+                       new_value = tmp;
+               }
        }
 
        return new_value;
 }
+
+static gboolean
+is_quoted (const char *start, const gchar *end)
+{
+       gchar *c;
+
+       c = (gchar *) start;
+       while (*c == ' ')
+               c = g_utf8_next_char (c);
+
+       if (*c == '\0' || *c != '\"')
+               return FALSE;
+
+       c = (gchar *) end;
+       while (*c == ' ' && c != start)
+               c = g_utf8_prev_char (c);
+
+       if (c == start || *c != '\"')
+               return FALSE;
+
+       return TRUE;
+}
+
+
+static void
+quote_name_part (GString **str, gchar **cur, gchar **start)
+{
+       gchar *blank;
+       gint str_len = g_utf8_pointer_to_offset (*start, *cur) -
+               g_utf8_pointer_to_offset (*start, *start);
+
+       while (**start == ' ') {
+               *start = g_utf8_next_char (*start);
+               str_len--;
+       }
+
+       blank = g_utf8_strrchr (*start, str_len, g_utf8_get_char (" "));
+       if (blank && (blank != *start)) {
+               if (is_quoted (*start, blank - 1)) {
+                       *str = g_string_append_len (*str, *start, str_len);
+                       *str = g_string_append (*str, ";");
+                       *start = g_utf8_next_char (*cur);
+               } else {
+                       *str = g_string_append_c (*str, '"');
+                       *str = g_string_append_len (*str, *start,
+                                                   (g_utf8_pointer_to_offset (*start, blank) -
+                                                    g_utf8_pointer_to_offset (*start, *start)));
+                       *str = g_string_append_c (*str, '"');
+                       *str = g_string_append_len (*str, blank,
+                                                   (g_utf8_pointer_to_offset (*start, *cur) -
+                                                    g_utf8_pointer_to_offset (*start, blank)));
+                       *str = g_string_append (*str, ";");
+                       *start = g_utf8_next_char (*cur);
+               }
+       } else {
+               *str = g_string_append_len (*str, *start, str_len);
+               *str = g_string_append (*str, ";");
+               *start = g_utf8_next_char (*cur);
+       }
+}
+
+gchar *
+modest_text_utils_quote_names (const gchar *recipients)
+{
+       GString *str;
+       gchar *start, *cur;
+
+       str = g_string_new ("");
+       start = (gchar*) recipients;
+       cur = (gchar*) recipients;
+
+       for (cur = start; *cur != '\0'; cur = g_utf8_next_char (cur)) {
+               if (*cur == ',' || *cur == ';') {
+                       if (!g_utf8_strchr (start, (cur - start + 1), g_utf8_get_char ("@")))
+                               continue;
+                       quote_name_part (&str, &cur, &start);
+               }
+       }
+
+       quote_name_part (&str, &cur, &start);
+
+       return g_string_free (str, FALSE);
+}