279 lines
9.9 KiB
Plaintext
279 lines
9.9 KiB
Plaintext
diff --git a/pan/tasks/decoder.cc b/pan/tasks/decoder.cc
|
|
index b4c21ae..04ea40a 100644
|
|
--- pan/tasks/decoder.cc
|
|
+++ pan/tasks/decoder.cc
|
|
@@ -61,7 +61,8 @@ Decoder :: enqueue (TaskArticle * task,
|
|
const strings_t & input_files,
|
|
const TaskArticle::SaveMode & save_mode,
|
|
const TaskArticle::SaveOptions & options,
|
|
- const StringView & filename)
|
|
+ const StringView & filename,
|
|
+ const Article & article)
|
|
{
|
|
disable_progress_update ();
|
|
|
|
@@ -71,6 +72,7 @@ Decoder :: enqueue (TaskArticle * task,
|
|
this->save_mode = save_mode;
|
|
this->options = options;
|
|
this->attachment_filename = filename;
|
|
+ this->article_subject = article.subject;
|
|
|
|
mark_read = false;
|
|
|
|
@@ -149,7 +151,12 @@ Decoder :: do_work()
|
|
{
|
|
|
|
if (was_cancelled()) break;
|
|
- if ((res = UULoadFileWithPartNo (const_cast<char*>(it->c_str()), 0, 0, ++i)) != UURET_OK) {
|
|
+ const char *global_subject = NULL;
|
|
+ // In SAVE_ALL mode, article_subject is the subject from the NZB file, if known
|
|
+ if (options == TaskArticle::SAVE_ALL && !article_subject.empty()) {
|
|
+ global_subject = article_subject.c_str();
|
|
+ }
|
|
+ if ((res = UULoadFileWithPartNo (const_cast<char*>(it->c_str()), 0, 0, ++i, global_subject)) != UURET_OK) {
|
|
g_snprintf(buf, bufsz,
|
|
_("Error reading from %s: %s"),
|
|
it->c_str(),
|
|
@@ -171,8 +178,8 @@ Decoder :: do_work()
|
|
{
|
|
// skip all other attachments in SAVE_AS mode (single attachment download)
|
|
/// DBG why is this failing if article isn't cached????
|
|
- if (!attachment_filename.empty())
|
|
- if(strcmp(item->filename, attachment_filename.str) != 0 && options == TaskArticle::SAVE_AS) continue;
|
|
+ if (options == TaskArticle::SAVE_AS && !attachment_filename.empty())
|
|
+ if(strcmp(item->filename, attachment_filename.str) != 0) continue;
|
|
|
|
file_errors.clear ();
|
|
|
|
diff --git a/pan/tasks/decoder.h b/pan/tasks/decoder.h
|
|
index 74403c1..c0cff51 100644
|
|
--- pan/tasks/decoder.h
|
|
+++ pan/tasks/decoder.h
|
|
@@ -61,7 +61,8 @@ namespace pan
|
|
const strings_t & input_files,
|
|
const TaskArticle::SaveMode & save_mode,
|
|
const TaskArticle::SaveOptions & options,
|
|
- const StringView & filename);
|
|
+ const StringView & filename,
|
|
+ const Article & article);
|
|
|
|
public:
|
|
|
|
@@ -82,6 +83,7 @@ namespace pan
|
|
TaskArticle::SaveMode save_mode;
|
|
TaskArticle::SaveOptions options;
|
|
StringView attachment_filename;
|
|
+ Quark article_subject;
|
|
|
|
// These are set in the worker thread and polled in the main thread.
|
|
Mutex mut;
|
|
diff --git a/pan/tasks/task-article.cc b/pan/tasks/task-article.cc
|
|
index 9c96b7d..beaed60 100644
|
|
--- pan/tasks/task-article.cc
|
|
+++ pan/tasks/task-article.cc
|
|
@@ -350,7 +350,7 @@ TaskArticle :: use_decoder (Decoder* decoder)
|
|
_state.set_working();
|
|
const Article::mid_sequence_t mids (_article.get_part_mids());
|
|
ArticleCache :: strings_t filenames (_cache.get_filenames (mids));
|
|
- _decoder->enqueue (this, _save_path, filenames, _save_mode, _options, _attachment);
|
|
+ _decoder->enqueue (this, _save_path, filenames, _save_mode, _options, _attachment, _article);
|
|
set_status_va (_("Decoding %s"), _article.subject.c_str());
|
|
debug ("decoder thread was free, enqueued work");
|
|
}
|
|
diff --git a/uulib/uucheck.c b/uulib/uucheck.c
|
|
index 98cb8e0..0f128d0 100644
|
|
--- uulib/uucheck.c
|
|
+++ uulib/uucheck.c
|
|
@@ -86,6 +86,12 @@ static char *nofname = "UNKNOWN";
|
|
|
|
static char *fnchars = "._-~!";
|
|
|
|
+/*
|
|
+ * special characters we forbid a quoted filename to have
|
|
+ */
|
|
+
|
|
+static char *fnqchars = "/:\\\"";
|
|
+
|
|
/*
|
|
* Policy for extracting a part number from the subject line.
|
|
* usually, look for part numbers in () brackets first, then in []
|
|
@@ -148,23 +154,27 @@ UUGetFileName (char *subject, char *ptonum, char *ptonend)
|
|
}
|
|
|
|
/*
|
|
- * If the file was encoded by uuenview, then the filename is enclosed
|
|
- * in [brackets]. But check what's inside these bracket's, try not to
|
|
- * fall for something other than a filename
|
|
+ * Try try to find a file name between quotes.
|
|
+ * With yEnc this format is compulsory.
|
|
*/
|
|
|
|
ptr = subject;
|
|
- while ((iter = strchr (ptr, '[')) != NULL) {
|
|
- if (strchr (iter, ']') == NULL) {
|
|
+ while ((iter = strchr (ptr, '"')) != NULL) {
|
|
+ /* Don't overlap the sequence number */
|
|
+ if (ptonum && ptonend && iter >= ptonum && iter <= ptonend) {
|
|
ptr = iter + 1;
|
|
continue;
|
|
}
|
|
iter++;
|
|
+ if (strchr (iter, '"') == NULL) {
|
|
+ ptr = iter + 1;
|
|
+ continue;
|
|
+ }
|
|
while (isspace (*iter))
|
|
iter++;
|
|
count = length = alflag = 0;
|
|
while (iter[count] &&
|
|
- (isalnum (iter[count]) || strchr (fnchars, iter[count])!=NULL)) {
|
|
+ (strchr (fnqchars, iter[count])==NULL)) {
|
|
if (isalpha (iter[count]))
|
|
alflag++;
|
|
count++;
|
|
@@ -173,10 +183,15 @@ UUGetFileName (char *subject, char *ptonum, char *ptonend)
|
|
ptr = iter + 1;
|
|
continue;
|
|
}
|
|
+ /* Don't overlap the sequence number */
|
|
+ if (ptonum && ptonend && iter+count >= ptonum && iter+count <= ptonend) {
|
|
+ ptr = iter + 1;
|
|
+ continue;
|
|
+ }
|
|
length = count;
|
|
while (isspace (iter[count]))
|
|
count++;
|
|
- if (iter[count] == ']') {
|
|
+ if (iter[count] == '"') {
|
|
ptr = iter;
|
|
break;
|
|
}
|
|
@@ -184,6 +199,46 @@ UUGetFileName (char *subject, char *ptonum, char *ptonend)
|
|
ptr = iter + 1;
|
|
}
|
|
|
|
+
|
|
+ /*
|
|
+ * If the file was encoded by uuenview, then the filename is enclosed
|
|
+ * in [brackets]. But check what's inside these bracket's, try not to
|
|
+ * fall for something other than a filename
|
|
+ */
|
|
+
|
|
+ if (length == 0) {
|
|
+ ptr = subject;
|
|
+ while ((iter = strchr (ptr, '[')) != NULL) {
|
|
+ if (strchr (iter, ']') == NULL) {
|
|
+ ptr = iter + 1;
|
|
+ continue;
|
|
+ }
|
|
+ iter++;
|
|
+ while (isspace (*iter))
|
|
+ iter++;
|
|
+ count = length = alflag = 0;
|
|
+ while (iter[count] &&
|
|
+ (isalnum (iter[count]) || iter[count] == ' ' || strchr (fnchars, iter[count])!=NULL)) {
|
|
+ if (isalpha (iter[count]))
|
|
+ alflag++;
|
|
+ count++;
|
|
+ }
|
|
+ if (count<4 || alflag==0) {
|
|
+ ptr = iter + 1;
|
|
+ continue;
|
|
+ }
|
|
+ length = count;
|
|
+ while (isspace (iter[count]))
|
|
+ count++;
|
|
+ if (iter[count] == ']') {
|
|
+ ptr = iter;
|
|
+ break;
|
|
+ }
|
|
+ length = 0;
|
|
+ ptr = iter + 1;
|
|
+ }
|
|
+ }
|
|
+
|
|
/*
|
|
* new filename detection routine, fists mostly for files by ftp-by-email
|
|
* servers that create subject lines with ftp.host.address:/full/path/file
|
|
diff --git a/uulib/uudeview.h b/uulib/uudeview.h
|
|
index 753279d..16ad363 100644
|
|
--- uulib/uudeview.h
|
|
+++ uulib/uudeview.h
|
|
@@ -206,7 +206,7 @@ int UUEXPORT UUSetFNameFilter _ANSI_ARGS_((void *,
|
|
char *)));
|
|
char * UUEXPORT UUFNameFilter _ANSI_ARGS_((char *));
|
|
int UUEXPORT UULoadFile _ANSI_ARGS_((char *, char *, int));
|
|
-int UUEXPORT UULoadFileWithPartNo _ANSI_ARGS_((char *, char *, int, int));
|
|
+int UUEXPORT UULoadFileWithPartNo _ANSI_ARGS_((char *, char *, int, int, const char *));
|
|
uulist *UUEXPORT UUGetFileListItem _ANSI_ARGS_((int));
|
|
int UUEXPORT UURenameFile _ANSI_ARGS_((uulist *, char *));
|
|
int UUEXPORT UUDecodeToTemp _ANSI_ARGS_((uulist *));
|
|
diff --git a/uulib/uulib.c b/uulib/uulib.c
|
|
index 2d6816d..1286f43 100644
|
|
--- uulib/uulib.c
|
|
+++ uulib/uulib.c
|
|
@@ -655,11 +655,11 @@ UUFNameFilter (char *fname)
|
|
int UUEXPORT
|
|
UULoadFile (char *filename, char *fileid, int delflag)
|
|
{
|
|
- return UULoadFileWithPartNo(filename, fileid, delflag, -1);
|
|
+ return UULoadFileWithPartNo(filename, fileid, delflag, -1, NULL);
|
|
}
|
|
|
|
int UUEXPORT
|
|
-UULoadFileWithPartNo (char *filename, char *fileid, int delflag, int partno)
|
|
+UULoadFileWithPartNo (char *filename, char *fileid, int delflag, int partno, const char *global_subject)
|
|
{
|
|
int res, sr, count=0;
|
|
struct stat finfo;
|
|
@@ -667,6 +667,7 @@ UULoadFileWithPartNo (char *filename, char *fileid, int delflag, int partno)
|
|
uufile *fload;
|
|
itbd *killem;
|
|
FILE *datei;
|
|
+ int overridden_subject;
|
|
|
|
if ((datei = fopen (filename, "rb")) == NULL) {
|
|
UUMessage (uulib_id, __LINE__, UUMSG_ERROR,
|
|
@@ -779,6 +780,23 @@ UULoadFileWithPartNo (char *filename, char *fileid, int delflag, int partno)
|
|
continue;
|
|
}
|
|
|
|
+ if (partno != -1 && global_subject &&
|
|
+ loaded->uudet == YENC_ENCODED && /* only yEnc has a filename in each part */
|
|
+ (loaded->subject && loaded->filename &&
|
|
+ strstr(loaded->subject, loaded->filename) == NULL)) {
|
|
+ /*
|
|
+ * Sometimes articles derived from an NZB file have corrupt Subject: lines.
|
|
+ * That also makes that UUInsertPartToList() fails to combine files properly.
|
|
+ * We detect this situation by checking if the filename from the
|
|
+ * part can be found in the Subject: header.
|
|
+ */
|
|
+ _FP_free(loaded->subject);
|
|
+ loaded->subject = _FP_strdup((char *)global_subject);
|
|
+ overridden_subject = 1;
|
|
+ } else {
|
|
+ overridden_subject = 0;
|
|
+ }
|
|
+
|
|
if ((fload = UUPreProcessPart (loaded, &res)) == NULL) {
|
|
/*
|
|
* no useful data found
|
|
@@ -793,6 +811,17 @@ UULoadFileWithPartNo (char *filename, char *fileid, int delflag, int partno)
|
|
continue;
|
|
}
|
|
|
|
+ if (overridden_subject) {
|
|
+ /*
|
|
+ * If the yEnc file gives a different file name than the subject,
|
|
+ * this is a security risk.
|
|
+ *
|
|
+ * Override the part file name with the one derived from the global subject.
|
|
+ */
|
|
+ _FP_free(fload->filename);
|
|
+ fload->filename = _FP_strdup(fload->subfname);
|
|
+ }
|
|
+
|
|
if ((loaded->subject && *(loaded->subject)) ||
|
|
(loaded->mimeid && *(loaded->mimeid)) ||
|
|
(loaded->filename&& *(loaded->filename))||
|