diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-06-03 11:26:33 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-06-03 11:26:33 +0100 |
| commit | 7eb8a6f85cc1c65e4b5a83a8c0ef65cb4087e292 (patch) | |
| tree | 5bb9a727a2b9ac84aa8d4ffdade5f10386322729 /src/libserver | |
| parent | e5dac86457d4bb5794007543d060b2b584005d5d (diff) | |
| download | rspamd-7eb8a6f85cc1c65e4b5a83a8c0ef65cb4087e292.tar.gz rspamd-7eb8a6f85cc1c65e4b5a83a8c0ef65cb4087e292.zip | |
[Minor] Fix corner case in html escaping
Diffstat (limited to 'src/libserver')
| -rw-r--r-- | src/libserver/html.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/src/libserver/html.c b/src/libserver/html.c index b916019d9..16f108ecf 100644 --- a/src/libserver/html.c +++ b/src/libserver/html.c @@ -349,7 +349,12 @@ rspamd_html_decode_entitles_inplace (gchar *s, gsize len) gchar *t = s, *h = s, *e = s, *end_ptr, old_c; const gchar *end; const gchar *entity; - gboolean seen_hash = FALSE, seen_digit_only = FALSE, seen_hex = FALSE; + gboolean seen_hash = FALSE, seen_hex = FALSE; + enum { + do_undefined, + do_digits_only, + do_mixed, + } seen_digit_only; gint state = 0, base; UChar32 uc; khiter_t k; @@ -371,7 +376,7 @@ rspamd_html_decode_entitles_inplace (gchar *s, gsize len) state = 1; seen_hash = FALSE; seen_hex = FALSE; - seen_digit_only = FALSE; + seen_digit_only = do_undefined; e = h; h++; continue; @@ -520,17 +525,18 @@ decode_entity: h ++; } } - else if (g_ascii_isdigit (*h) || (seen_hex && g_ascii_isxdigit (*h))) { - seen_digit_only = TRUE; + else if (seen_digit_only != do_mixed && + (g_ascii_isdigit (*h) || (seen_hex && g_ascii_isxdigit (*h)))) { + seen_digit_only = do_digits_only; } else { - if (seen_digit_only && seen_hash && h > e) { + if (seen_digit_only == do_digits_only && seen_hash && h > e) { /* We have seen some digits, so we can try to decode, eh */ /* Fuck retarded email clients... */ goto decode_entity; } - seen_digit_only = FALSE; + seen_digit_only = do_mixed; } h++; |