Susimail: Search fixes

zzzi2p · zzzi2p · commit d123aeab0cbc · 2024-04-26T08:35:57.000-04:00
- Fix sorting and pagination within search results
- Bypass XSS filter and escape as necessary
diff --git a/apps/susimail/src/src/i2p/susi/util/Folder.java b/apps/susimail/src/src/i2p/susi/util/Folder.java
@@ -196,7 +196,7 @@ public synchronized void sort()
 	 * 
 	 * @param elements Array of Os.
 	 */
-	public synchronized void setElements( O[] elements )
+	private synchronized void setElements( O[] elements )
 	{
 		if (elements.length > 0) {
 			this.elements = elements;
@@ -392,7 +392,9 @@ public synchronized void addSorter( String id, Comparator<O> sorter )
 	 */
 	public synchronized void setSortBy(String id, SortOrder direction)
 	{
+		SortOrder oldDirection = sortingDirection;
 		sortingDirection = direction;
+		Comparator<O> oldSorter = currentSorter;
 		currentSorter = sorter.get( id );
 		if (currentSorter != null) {
 			if (sortingDirection == SortOrder.UP)
@@ -401,6 +403,11 @@ public synchronized void setSortBy(String id, SortOrder direction)
 		} else {
 			currentSortID = null;
 		}
+		// invalidate selection if sort order changed
+		if (oldDirection != sortingDirection || !DataHelper.eq(oldSorter, currentSorter)) {
+			currentSelector = null;
+			selected = null;
+		}
 	}
 	
 	/**
@@ -546,6 +553,7 @@ public synchronized O getPreviousElement( O element )
 	 * 
 	 * @param element
 	 * @return The next element
+	 * @since 0.9.63
 	 */
 	public synchronized O getNextSelectedElement(O element)
 	{
@@ -566,6 +574,7 @@ public synchronized O getNextSelectedElement(O element)
 	 * 
 	 * @param element
 	 * @return The previous element
+	 * @since 0.9.63
 	 */
 	public synchronized O getPreviousSelectedElement(O element)
 	{
diff --git a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
@@ -60,6 +60,7 @@
 import java.io.Writer;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.net.URLEncoder;
 import java.text.Collator;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -147,7 +148,7 @@ private enum HtmlMode { NONE, LINK, ALLOW, PREFER }
 	private static final String NEXT_PAGE_NUM = "nextpagenum";
 	private static final String CURRENT_SORT = "currentsort";
 	private static final String CURRENT_FOLDER = "folder";
-	private static final String CURRENT_SEARCH = "currentsearch";
+	private static final String CURRENT_SEARCH = "nf_currentsearch";
 	private static final String NEW_FOLDER  = "newfolder";
 	private static final String DRAFT_EXISTS = "draftexists";
 	private static final String DEBUG_STATE = "currentstate";
@@ -170,7 +171,7 @@ private enum HtmlMode { NONE, LINK, ALLOW, PREFER }
 	private static final String REALLYDELETE = "really_delete";
 	private static final String MOVE_TO = "moveto";
 	private static final String SWITCH_TO = "switchto";
-	private static final String SEARCH = "s";
+	private static final String SEARCH = "nf_s";
 	// also a GET param
 	private static final String SHOW = "show";
 	private static final String DOWNLOAD = "download";
@@ -444,11 +445,12 @@ private static String button2( String name, String label )
 	 *
 	 * @param name
 	 * @param label
+	 * @param search may be null
 	 * @return the string
 	 */
 	private static String sortHeader(String name, String label, String imgPath,
 	                                 String currentName, SortOrder currentOrder, int page,
-	                                 String folder)
+	                                 String folder, String search)
 	{
 		StringBuilder buf = new StringBuilder(128);
 		buf.append(label).append("&nbsp;&nbsp;");
@@ -457,15 +459,27 @@ private static String sortHeader(String name, String label, String imgPath,
 			buf.append("<img class=\"sort\" src=\"").append(imgPath).append("3up.png\" border=\"0\" alt=\"^\">\n");
 		} else {
 			buf.append("<a class=\"sort\" href=\"").append(myself).append("?page=").append(page).append("&amp;sort=-")
-			    .append(name).append("&amp;folder=").append(folder).append("\">");
+			    .append(name).append("&amp;folder=").append(folder);
+			if (search != null) {
+				try {
+				       buf.append("&amp;").append(SEARCH).append('=').append(URLEncoder.encode(search, "UTF-8"));
+				} catch (UnsupportedEncodingException uee) {}
+			}
+			buf.append("\">");
 			buf.append("<img class=\"sort\" src=\"").append(imgPath).append("3up.png\" border=\"0\" alt=\"^\">");
 			buf.append("</a>\n");
 		}
 		if (name.equals(currentName) && currentOrder == SortOrder.DOWN) {
 			buf.append("<img class=\"sort\" src=\"").append(imgPath).append("3down.png\" border=\"0\" alt=\"v\">");
 		} else {
 			buf.append("<a class=\"sort\" href=\"").append(myself).append("?page=").append(page).append("&amp;sort=")
-			    .append(name).append("&amp;folder=").append(folder).append("\">");
+			    .append(name).append("&amp;folder=").append(folder);
+			if (search != null) {
+				try {
+				       buf.append("&amp;").append(SEARCH).append('=').append(URLEncoder.encode(search, "UTF-8"));
+				} catch (UnsupportedEncodingException uee) {}
+			}
+			buf.append("\">");
 			buf.append("<img class=\"sort\" src=\"").append(imgPath).append("3down.png\" border=\"0\" alt=\"v\">");
 			buf.append("</a>");
 		}
@@ -2394,6 +2408,9 @@ private void processRequest( HttpServletRequest httpRequest, HttpServletResponse
 						// always go to inbox after SEND
 						if (str != null && !str.equals(DIR_FOLDER) && !buttonPressed(request, SEND))
 							q += '&' + CURRENT_FOLDER + '=' + str;
+						str = request.getParameter(SEARCH);
+						if (str != null && str.length() > 0)
+							q += '&' + SEARCH + '=' + URLEncoder.encode(str, "UTF-8");
 						sendRedirect(httpRequest, response, q);
 						return;
 					}
@@ -3598,6 +3615,8 @@ private static void showFolder( PrintWriter out, SessionObject sessionObject, Ma
 		// form 3
 		out.print(form);
 		out.print(hidden);
+		if (search != null)
+			out.println("<input type=\"hidden\" name=\"" + SEARCH + "\" value=\"" + DataHelper.escapeHTML(search) + "\">");
 		showPageButtons(out, sessionObject.user, folderName, page, folder.getPages(), true);
 		out.println("</form>");
 		out.println("</div>");
@@ -3607,11 +3626,11 @@ private static void showFolder( PrintWriter out, SessionObject sessionObject, Ma
 		out.print(hidden);
 		out.println("<table id=\"mailbox\" cellspacing=\"0\" cellpadding=\"5\">\n");
 		out.println("<tr><td colspan=\"9\"><hr></td></tr>\n<tr><th title=\"" + _t("Mark for deletion") + "\">&nbsp;</th>" +
-			thSpacer + "<th>" + sortHeader(SORT_SENDER, showToColumn ? _t("To") : _t("From"), sessionObject.imgPath, curSort, curOrder, page, folderName) + "</th>" +
-			thSpacer + "<th>" + sortHeader(SORT_SUBJECT, _t("Subject"), sessionObject.imgPath, curSort, curOrder, page, folderName) + "</th>" +
-			thSpacer + "<th>" + sortHeader(SORT_DATE, _t("Date"), sessionObject.imgPath, curSort, curOrder, page, folderName) +
+			thSpacer + "<th>" + sortHeader(SORT_SENDER, showToColumn ? _t("To") : _t("From"), sessionObject.imgPath, curSort, curOrder, page, folderName, search) + "</th>" +
+			thSpacer + "<th>" + sortHeader(SORT_SUBJECT, _t("Subject"), sessionObject.imgPath, curSort, curOrder, page, folderName, search) + "</th>" +
+			thSpacer + "<th>" + sortHeader(SORT_DATE, _t("Date"), sessionObject.imgPath, curSort, curOrder, page, folderName, search) +
 			"</th>" +
-			thSpacer + "<th>" + sortHeader(SORT_SIZE, _t("Size"), sessionObject.imgPath, curSort, curOrder, page, folderName) + "</th></tr>" );
+			thSpacer + "<th>" + sortHeader(SORT_SIZE, _t("Size"), sessionObject.imgPath, curSort, curOrder, page, folderName, search) + "</th></tr>" );
 		int bg = 0;
 		int i = 0;
 		for (Iterator<String> it = folder.currentPageSelectorIterator(); it != null && it.hasNext(); ) {
@@ -3734,6 +3753,8 @@ else if (isSpamFolder)
 			// form 5
 			out.print(form);
 			out.print(hidden);
+			if (search != null)
+				out.println("<input type=\"hidden\" name=\"" + SEARCH + "\" value=\"" + DataHelper.escapeHTML(search) + "\">");
 			showPageButtons(out, sessionObject.user, folderName, page, folder.getPages(), false);
 			out.println("</form>");
 			out.println("</div>");

Original file line number	Diff line number	Diff line change
`@@ -196,7 +196,7 @@ public synchronized void sort()`
`196`	`196`	`*`
`197`	`197`	`* @param elements Array of Os.`
`198`	`198`	`*/`
`199`		`- public synchronized void setElements( O[] elements )`
	`199`	`+ private synchronized void setElements( O[] elements )`
`200`	`200`	`{`
`201`	`201`	`if (elements.length > 0) {`
`202`	`202`	`this.elements = elements;`
`@@ -392,7 +392,9 @@ public synchronized void addSorter( String id, Comparator<O> sorter )`
`392`	`392`	`*/`
`393`	`393`	`public synchronized void setSortBy(String id, SortOrder direction)`
`394`	`394`	`{`
	`395`	`+ SortOrder oldDirection = sortingDirection;`
`395`	`396`	`sortingDirection = direction;`
	`397`	`+ Comparator<O> oldSorter = currentSorter;`
`396`	`398`	`currentSorter = sorter.get( id );`
`397`	`399`	`if (currentSorter != null) {`
`398`	`400`	`if (sortingDirection == SortOrder.UP)`
`@@ -401,6 +403,11 @@ public synchronized void setSortBy(String id, SortOrder direction)`
`401`	`403`	`} else {`
`402`	`404`	`currentSortID = null;`
`403`	`405`	`}`
	`406`	`+ // invalidate selection if sort order changed`
	`407`	`+ if (oldDirection != sortingDirection \|\| !DataHelper.eq(oldSorter, currentSorter)) {`
	`408`	`+ currentSelector = null;`
	`409`	`+ selected = null;`
	`410`	`+ }`
`404`	`411`	`}`
`405`	`412`
`406`	`413`	`/**`
`@@ -546,6 +553,7 @@ public synchronized O getPreviousElement( O element )`
`546`	`553`	`*`
`547`	`554`	`* @param element`
`548`	`555`	`* @return The next element`
	`556`	`+ * @since 0.9.63`
`549`	`557`	`*/`
`550`	`558`	`public synchronized O getNextSelectedElement(O element)`
`551`	`559`	`{`
`@@ -566,6 +574,7 @@ public synchronized O getNextSelectedElement(O element)`
`566`	`574`	`*`
`567`	`575`	`* @param element`
`568`	`576`	`* @return The previous element`
	`577`	`+ * @since 0.9.63`
`569`	`578`	`*/`
`570`	`579`	`public synchronized O getPreviousSelectedElement(O element)`
`571`	`580`	`{`