From d123aeab0cbc64a07627e86d8867ee1200a17a3e Mon Sep 17 00:00:00 2001 From: zzz Date: Fri, 26 Apr 2024 08:35:57 -0400 Subject: [PATCH] Susimail: Search fixes - Fix sorting and pagination within search results - Bypass XSS filter and escape as necessary --- .../src/src/i2p/susi/util/Folder.java | 11 +++++- .../src/src/i2p/susi/webmail/WebMail.java | 39 ++++++++++++++----- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/apps/susimail/src/src/i2p/susi/util/Folder.java b/apps/susimail/src/src/i2p/susi/util/Folder.java index 5c86a353e9..e160ee0583 100644 --- a/apps/susimail/src/src/i2p/susi/util/Folder.java +++ b/apps/susimail/src/src/i2p/susi/util/Folder.java @@ -196,7 +196,7 @@ public synchronized void sort() * * @param elements Array of Os. */ - public synchronized void setElements( O[] elements ) + private synchronized void setElements( O[] elements ) { if (elements.length > 0) { this.elements = elements; @@ -392,7 +392,9 @@ public synchronized void addSorter( String id, Comparator sorter ) */ public synchronized void setSortBy(String id, SortOrder direction) { + SortOrder oldDirection = sortingDirection; sortingDirection = direction; + Comparator oldSorter = currentSorter; currentSorter = sorter.get( id ); if (currentSorter != null) { if (sortingDirection == SortOrder.UP) @@ -401,6 +403,11 @@ public synchronized void setSortBy(String id, SortOrder direction) } else { currentSortID = null; } + // invalidate selection if sort order changed + if (oldDirection != sortingDirection || !DataHelper.eq(oldSorter, currentSorter)) { + currentSelector = null; + selected = null; + } } /** @@ -546,6 +553,7 @@ public synchronized O getPreviousElement( O element ) * * @param element * @return The next element + * @since 0.9.63 */ public synchronized O getNextSelectedElement(O element) { @@ -566,6 +574,7 @@ public synchronized O getNextSelectedElement(O element) * * @param element * @return The previous element + * @since 0.9.63 */ public synchronized O getPreviousSelectedElement(O element) { diff --git a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java index 6527d8f9d0..8bc3e91620 100644 --- a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java +++ b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java @@ -60,6 +60,7 @@ import java.io.Writer; import java.net.URI; import java.net.URISyntaxException; +import java.net.URLEncoder; import java.text.Collator; import java.util.ArrayList; import java.util.Arrays; @@ -147,7 +148,7 @@ private enum HtmlMode { NONE, LINK, ALLOW, PREFER } private static final String NEXT_PAGE_NUM = "nextpagenum"; private static final String CURRENT_SORT = "currentsort"; private static final String CURRENT_FOLDER = "folder"; - private static final String CURRENT_SEARCH = "currentsearch"; + private static final String CURRENT_SEARCH = "nf_currentsearch"; private static final String NEW_FOLDER = "newfolder"; private static final String DRAFT_EXISTS = "draftexists"; private static final String DEBUG_STATE = "currentstate"; @@ -170,7 +171,7 @@ private enum HtmlMode { NONE, LINK, ALLOW, PREFER } private static final String REALLYDELETE = "really_delete"; private static final String MOVE_TO = "moveto"; private static final String SWITCH_TO = "switchto"; - private static final String SEARCH = "s"; + private static final String SEARCH = "nf_s"; // also a GET param private static final String SHOW = "show"; private static final String DOWNLOAD = "download"; @@ -444,11 +445,12 @@ private static String button2( String name, String label ) * * @param name * @param label + * @param search may be null * @return the string */ private static String sortHeader(String name, String label, String imgPath, String currentName, SortOrder currentOrder, int page, - String folder) + String folder, String search) { StringBuilder buf = new StringBuilder(128); buf.append(label).append("  "); @@ -457,7 +459,13 @@ private static String sortHeader(String name, String label, String imgPath, buf.append("\"^\"\n"); } else { buf.append(""); + .append(name).append("&folder=").append(folder); + if (search != null) { + try { + buf.append("&").append(SEARCH).append('=').append(URLEncoder.encode(search, "UTF-8")); + } catch (UnsupportedEncodingException uee) {} + } + buf.append("\">"); buf.append("\"^\""); buf.append("\n"); } @@ -465,7 +473,13 @@ private static String sortHeader(String name, String label, String imgPath, buf.append("\"v\""); } else { buf.append(""); + .append(name).append("&folder=").append(folder); + if (search != null) { + try { + buf.append("&").append(SEARCH).append('=').append(URLEncoder.encode(search, "UTF-8")); + } catch (UnsupportedEncodingException uee) {} + } + buf.append("\">"); buf.append("\"v\""); buf.append(""); } @@ -2394,6 +2408,9 @@ private void processRequest( HttpServletRequest httpRequest, HttpServletResponse // always go to inbox after SEND if (str != null && !str.equals(DIR_FOLDER) && !buttonPressed(request, SEND)) q += '&' + CURRENT_FOLDER + '=' + str; + str = request.getParameter(SEARCH); + if (str != null && str.length() > 0) + q += '&' + SEARCH + '=' + URLEncoder.encode(str, "UTF-8"); sendRedirect(httpRequest, response, q); return; } @@ -3598,6 +3615,8 @@ private static void showFolder( PrintWriter out, SessionObject sessionObject, Ma // form 3 out.print(form); out.print(hidden); + if (search != null) + out.println(""); showPageButtons(out, sessionObject.user, folderName, page, folder.getPages(), true); out.println(""); out.println(""); @@ -3607,11 +3626,11 @@ private static void showFolder( PrintWriter out, SessionObject sessionObject, Ma out.print(hidden); out.println("\n"); out.println("\n" + - thSpacer + "" + - thSpacer + "" + - thSpacer + "" + + thSpacer + "" + + thSpacer + "" + - thSpacer + "" ); + thSpacer + "" ); int bg = 0; int i = 0; for (Iterator it = folder.currentPageSelectorIterator(); it != null && it.hasNext(); ) { @@ -3734,6 +3753,8 @@ else if (isSpamFolder) // form 5 out.print(form); out.print(hidden); + if (search != null) + out.println(""); showPageButtons(out, sessionObject.user, folderName, page, folder.getPages(), false); out.println(""); out.println("");

 " + sortHeader(SORT_SENDER, showToColumn ? _t("To") : _t("From"), sessionObject.imgPath, curSort, curOrder, page, folderName) + "" + sortHeader(SORT_SUBJECT, _t("Subject"), sessionObject.imgPath, curSort, curOrder, page, folderName) + "" + sortHeader(SORT_DATE, _t("Date"), sessionObject.imgPath, curSort, curOrder, page, folderName) + + thSpacer + "" + sortHeader(SORT_SENDER, showToColumn ? _t("To") : _t("From"), sessionObject.imgPath, curSort, curOrder, page, folderName, search) + "" + sortHeader(SORT_SUBJECT, _t("Subject"), sessionObject.imgPath, curSort, curOrder, page, folderName, search) + "" + sortHeader(SORT_DATE, _t("Date"), sessionObject.imgPath, curSort, curOrder, page, folderName, search) + "" + sortHeader(SORT_SIZE, _t("Size"), sessionObject.imgPath, curSort, curOrder, page, folderName) + "
" + sortHeader(SORT_SIZE, _t("Size"), sessionObject.imgPath, curSort, curOrder, page, folderName, search) + "