You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2011/05/08 09:00:36 UTC

[Bug 6583] [review] log_message and get_content_preview should print safe

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6583

Henrik Krohns <he...@hege.li> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|get_content_preview should  |[review] log_message and
                   |be safe                     |get_content_preview should
                   |                            |print safe

--- Comment #4 from Henrik Krohns <he...@hege.li> 2011-05-08 07:00:36 UTC ---
(In reply to comment #3)
> I'm not sure if [:print:] is going to have the same locale problems as lc(), or
> if it'll be fine due to using whatever character set the body was encoded in. 
> Looks like there's a simpler fix:
> 
> $str =~ s/\P{IsPrint}/?/gs;

Again I'd like to be cautious with introducing untested features.. since
especially old versions of Perl had even crashes with utf8 related things. And
I don't really think we need to care utf8 with my proposal here, we just escape
characters for the sake of readability.

Here's what I propose, atleast for trunk.. if someone really wants to directly
see some high characters like latin special characters or euro symbols let me
know.


Index: PerMsgStatus.pm
===================================================================
--- PerMsgStatus.pm     (revision 1100366)
+++ PerMsgStatus.pm     (working copy)
@@ -626,6 +626,9 @@
   $str = Mail::SpamAssassin::Util::wrap($str, "  ", "Content preview:  ", 75,
1);
   $str =~ s/^Content preview:\s+//gs;

+  # Bug 6583: replace unsafe characters with decimal octets "\000" - "\255"
+  $str =~ s/([\x00-\x09\x0b-\x1f\x7f-\xff])/sprintf("\\%03d",ord($1))/egs;
+
   return $str;
 }

Index: Logger.pm
===================================================================
--- Logger.pm   (revision 1098151)
+++ Logger.pm   (working copy)
@@ -174,9 +174,10 @@
   # the subclasses having to understand multi-line logs
   my $first = 1;
   foreach my $line (split(/\n/, $message)) {
-    # replace control characters with "_", tabs and spaces get
-    # replaced with a single space.
-    $line =~ tr/\x09\x20\x00-\x1f/  _/s;
+    # tabs and spaces get replaced with a single space.
+    $line =~ tr/\x09\x20/  /s;
+    # Bug 6583: replace unsafe characters with decimal octets "\000" - "\255"
+    $line =~ s/([\x00-\x09\x0b-\x1f\x7f-\xff])/sprintf("\\%03d",ord($1))/egs;
     if ($first) {
       $first = 0;
     } else {

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.