afuna: Cat under a blanket. Text: "Cats are just little people with Fur and Fangs" (Default)
afuna ([personal profile] afuna) wrote in [site community profile] changelog2009-05-26 06:24 pm
  • Add Memory
  • Share This Entry

[dw-free] Private messages strip (rather than escape) HTML

[commit: http://hg.dwscoalition.org/dw-free/rev/cc26fd1d0d27]

http://bugs.dwscoalition.org/show_bug.cgi?id=858

Already escaped in LJ::Message; remove extraneous stripping.

Patch by [personal profile] foxfirefey.

Files modified:
  • cgi-bin/LJ/Event/UserMessageRecvd.pm
  • cgi-bin/ljprotocol.pl
  • htdocs/inbox/compose.bml
--------------------------------------------------------------------------------
diff -r b84fd197f8fb -r cc26fd1d0d27 cgi-bin/LJ/Event/UserMessageRecvd.pm
--- a/cgi-bin/LJ/Event/UserMessageRecvd.pm	Tue May 26 17:47:57 2009 +0000
+++ b/cgi-bin/LJ/Event/UserMessageRecvd.pm	Tue May 26 18:24:27 2009 +0000
@@ -40,8 +40,8 @@ sub _as_email {
 
     my $vars = {
         user            => $is_html ? ($u->ljuser_display) : ($u->user),
-        subject         => $msg->subject,
-        body            => $is_html ? $msg->body : $msg->body_raw ,
+        subject         => $is_html ? $msg->subject : $msg->subject_raw,
+        body            => $is_html ? $msg->body : $msg->body_raw,
         sender          => $is_html ? ($other_u->ljuser_display) : ($other_u->user),
         postername      => $other_u->user,
         sitenameshort   => $LJ::SITENAMESHORT,
diff -r b84fd197f8fb -r cc26fd1d0d27 cgi-bin/ljprotocol.pl
--- a/cgi-bin/ljprotocol.pl	Tue May 26 17:47:57 2009 +0000
+++ b/cgi-bin/ljprotocol.pl	Tue May 26 18:24:27 2009 +0000
@@ -452,6 +452,7 @@ sub setmessageread {
 
 }
 
+# Sends a private message from one account to another
 sub sendmessage
 {
     my ($req, $err, $flags) = @_;
@@ -467,12 +468,13 @@ sub sendmessage
 
     my @errors;
 
-    my $subject_text = LJ::strip_html($req->{'subject'});
+    # test encoding and length
+    my $subject_text = $req->{'subject'};
     return fail($err, 208, 'subject')
         unless LJ::text_in($subject_text);
 
-    # strip HTML from body and test encoding and length
-    my $body_text = LJ::strip_html($req->{'body'});
+    # test encoding and length
+    my $body_text = $req->{'body'};
     return fail($err, 208, 'body')
         unless LJ::text_in($body_text);
 
diff -r b84fd197f8fb -r cc26fd1d0d27 htdocs/inbox/compose.bml
--- a/htdocs/inbox/compose.bml	Tue May 26 17:47:57 2009 +0000
+++ b/htdocs/inbox/compose.bml	Tue May 26 18:24:27 2009 +0000
@@ -45,13 +45,13 @@ body<=
             unless LJ::check_form_auth();
 
         if ($mode eq 'send') {
-            # strip HTML from subject and test encoding
-            my $msg_subject_text = LJ::strip_html($POST{'msg_subject'});
+            # test encoding
+            my $msg_subject_text = $POST{'msg_subject'};
             push @errors, "Invalid text encoding for message subject"
                 unless LJ::text_in($msg_subject_text);
 
-            # strip HTML from body and test encoding and length
-            my $msg_body_text = LJ::strip_html($POST{'msg_body'});
+            # test encoding and length
+            my $msg_body_text = $POST{'msg_body'};
             push @errors, "Invalid text encoding for message body"
                 unless LJ::text_in($msg_body_text);
             my ($msg_len_b, $msg_len_c) = LJ::text_length($msg_body_text);
--------------------------------------------------------------------------------