afuna: Cat under a blanket. Text: "Cats are just little people with Fur and Fangs" (Default)
afuna ([personal profile] afuna) wrote in [site community profile] changelog2009-05-26 06:24 pm
  • Add Memory
  • Share This Entry

[dw-free] Private messages strip (rather than escape) HTML

[commit: http://hg.dwscoalition.org/dw-free/rev/cc26fd1d0d27]

http://bugs.dwscoalition.org/show_bug.cgi?id=858

Already escaped in LJ::Message; remove extraneous stripping.

Patch by [personal profile] foxfirefey.

Files modified:
  • cgi-bin/LJ/Event/UserMessageRecvd.pm
  • cgi-bin/ljprotocol.pl
  • htdocs/inbox/compose.bml
--------------------------------------------------------------------------------
diff -r b84fd197f8fb -r cc26fd1d0d27 cgi-bin/LJ/Event/UserMessageRecvd.pm
--- a/cgi-bin/LJ/Event/UserMessageRecvd.pm	Tue May 26 17:47:57 2009 +0000
+++ b/cgi-bin/LJ/Event/UserMessageRecvd.pm	Tue May 26 18:24:27 2009 +0000
@@ -40,8 +40,8 @@ sub _as_email {
 
     my $vars = {
         user            => $is_html ? ($u->ljuser_display) : ($u->user),
-        subject         => $msg->subject,
-        body            => $is_html ? $msg->body : $msg->body_raw ,
+        subject         => $is_html ? $msg->subject : $msg->subject_raw,
+        body            => $is_html ? $msg->body : $msg->body_raw,
         sender          => $is_html ? ($other_u->ljuser_display) : ($other_u->user),
         postername      => $other_u->user,
         sitenameshort   => $LJ::SITENAMESHORT,
diff -r b84fd197f8fb -r cc26fd1d0d27 cgi-bin/ljprotocol.pl
--- a/cgi-bin/ljprotocol.pl	Tue May 26 17:47:57 2009 +0000
+++ b/cgi-bin/ljprotocol.pl	Tue May 26 18:24:27 2009 +0000
@@ -452,6 +452,7 @@ sub setmessageread {
 
 }
 
+# Sends a private message from one account to another
 sub sendmessage
 {
     my ($req, $err, $flags) = @_;
@@ -467,12 +468,13 @@ sub sendmessage
 
     my @errors;
 
-    my $subject_text = LJ::strip_html($req->{'subject'});
+    # test encoding and length
+    my $subject_text = $req->{'subject'};
     return fail($err, 208, 'subject')
         unless LJ::text_in($subject_text);
 
-    # strip HTML from body and test encoding and length
-    my $body_text = LJ::strip_html($req->{'body'});
+    # test encoding and length
+    my $body_text = $req->{'body'};
     return fail($err, 208, 'body')
         unless LJ::text_in($body_text);
 
diff -r b84fd197f8fb -r cc26fd1d0d27 htdocs/inbox/compose.bml
--- a/htdocs/inbox/compose.bml	Tue May 26 17:47:57 2009 +0000
+++ b/htdocs/inbox/compose.bml	Tue May 26 18:24:27 2009 +0000
@@ -45,13 +45,13 @@ body<=
             unless LJ::check_form_auth();
 
         if ($mode eq 'send') {
-            # strip HTML from subject and test encoding
-            my $msg_subject_text = LJ::strip_html($POST{'msg_subject'});
+            # test encoding
+            my $msg_subject_text = $POST{'msg_subject'};
             push @errors, "Invalid text encoding for message subject"
                 unless LJ::text_in($msg_subject_text);
 
-            # strip HTML from body and test encoding and length
-            my $msg_body_text = LJ::strip_html($POST{'msg_body'});
+            # test encoding and length
+            my $msg_body_text = $POST{'msg_body'};
             push @errors, "Invalid text encoding for message body"
                 unless LJ::text_in($msg_body_text);
             my ($msg_len_b, $msg_len_c) = LJ::text_length($msg_body_text);
--------------------------------------------------------------------------------
  • Add Memory
  • Share This Entry
(0 comments)

Post a comment in response:

This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.