From 47e9357da6f22fc4ef3d67e16f9d0f28017c68e4 Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Wed, 10 Jul 2013 08:07:21 -0700
Subject: [PATCH] Handle UTF-8 properly in project list

A project list is displayed by deluser.cgi and projlist.cgi.
Factor out the project list generating code (into Util.pm)
and make it handle UTF-8 correctly.
---
 Girocco/Project.pm |  4 ++--
 Girocco/Util.pm    | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 cgi/deluser.cgi    | 22 +++-------------------
 cgi/projlist.cgi   | 20 +++-----------------
 4 files changed, 59 insertions(+), 39 deletions(-)

diff --git a/Girocco/Project.pm b/Girocco/Project.pm
index f6ccc16..8d10acc 100644
--- a/Girocco/Project.pm
+++ b/Girocco/Project.pm
@@ -701,7 +701,7 @@ sub remove_user {
 ### static methods
 
 sub get_forkee_name {
-	$_ = $_[0];
+	local $_ = $_[0];
 	(m#^(.*)/.*?$#)[0]; #
 }
 sub get_forkee_path {
@@ -710,7 +710,7 @@ sub get_forkee_path {
 }
 
 sub valid_name {
-	$_ = $_[0];
+	local $_ = $_[0];
 	(not m#/# or -d get_forkee_path($_)) # will also catch ^/
 		and (not m#\./#)
 		and (not m#/$#)
diff --git a/Girocco/Util.pm b/Girocco/Util.pm
index cdf8886..8066561 100644
--- a/Girocco/Util.pm
+++ b/Girocco/Util.pm
@@ -11,7 +11,8 @@ BEGIN {
 			 lock_file unlock_file
 			 filedb_atomic_append filedb_atomic_edit filedb_atomic_grep
 			 valid_email valid_email_multi
-			 valid_repo_url valid_web_url url_path);
+			 valid_repo_url valid_web_url url_path
+			 projects_html_list);
 }
 
 
@@ -151,4 +152,53 @@ sub url_path {
 	return $url;
 }
 
+sub _escapeHTML {
+	my $str = shift;
+	$str =~ s/\&/\&amp;/gs;
+	$str =~ s/\</\&lt;/gs;
+	$str =~ s/\>/\&gt;/gs;
+	$str =~ s/\"/\&quot;/gs; #"
+	return $str;
+}
+
+# Take a list of project names and produce a nicely formated table that
+# includes owner links and descriptions.  If the list is empty returns ''.
+# The first argument may be a hash ref that contains options.  Currently
+# the target option is recognized and it sets the target of the owner link
+# and setting emptyok to true returns an empty table rather than ''.
+sub projects_html_list {
+	my $options = {};
+	if (defined($_[0]) && ref($_[0]) eq 'HASH') {
+		$options = shift;
+	}
+	return '' unless @_;
+	require Girocco::Project;
+	my $count = 0;
+	my $target = '';
+	$target = " target=\""._escapeHTML($options->{target})."\""
+		if defined($options->{target});
+	my $html = <<EOT;
+<table class='projectlist'><tr><th>Project</th><th>Description</th></tr>
+EOT
+	my $trclass = ' class="odd"';
+	foreach (sort({lc($a) cmp lc($b)} @_)) {
+		if (Girocco::Project::does_exist($_)) {
+			my $proj = Girocco::Project->load($_);
+			my $projname = $proj->{name}.".git";
+			my $projdesc = $proj->{desc}||'';
+			utf8::decode($projdesc) if utf8::valid($projdesc);
+			$html .= <<EOT;
+<tr$trclass><td><a href="@{[url_path($Girocco::Config::gitweburl)]}/$projname"$target
+>@{[_escapeHTML($projname)]}</td><td>@{[_escapeHTML($projdesc)]}</td></tr>
+EOT
+			$trclass = $trclass ? '' : ' class="odd"';
+			++$count;
+		}
+	}
+	$html .= <<EOT;
+</table>
+EOT
+	return ($count || (defined($options->{emptyok}) && $options->{emptyok})) ? $html : '';
+}
+
 1;
diff --git a/cgi/deluser.cgi b/cgi/deluser.cgi
index 702b5cf..7318878 100755
--- a/cgi/deluser.cgi
+++ b/cgi/deluser.cgi
@@ -16,6 +16,7 @@ use Girocco::CGI;
 use Girocco::Config;
 use Girocco::User;
 use Girocco::Util;
+binmode STDOUT, ':utf8';
 
 my $gcgi = Girocco::CGI->new('User Removal');
 my $cgi = $gcgi->cgi;
@@ -115,25 +116,8 @@ EOT
 			my $projectsinfo = '';
 			my @projects = $user->get_projects;
 			if (@projects) {
-				$blurb1 = ' and from the following projects:';
-				$projectsinfo = <<EOT;
-<p><table class='projectlist'><tr><th>Project</th><th>Description</th></tr>
-EOT
-				my $trclass = ' class="odd"';
-				foreach (sort({lc($a) cmp lc($b)} @projects)) {
-					if (Girocco::Project::does_exist($_)) {
-						my $proj = Girocco::Project->load($_);
-						my $projname = $proj->{name}.".git";
-						$projectsinfo .= <<EOT;
-<tr$trclass><td><a href="@{[url_path($Girocco::Config::gitweburl)]}/$projname" target="_blank"
->@{[CGI::escapeHTML($projname)]}</td><td>@{[CGI::escapeHTML($proj->{desc})]}</td></tr>
-EOT
-						$trclass = $trclass ? '' : ' class="odd"';
-					}
-				}
-				$projectsinfo .= <<EOT
-</table></p>
-EOT
+				$projectsinfo = projects_html_list({target=>"_blank"}, @projects);
+				$blurb1 = ' and from the following projects:' if $projectsinfo;
 			}
 			print <<EOT;
 <p>Please confirm that you are going to remove user account '$user->{name}'
diff --git a/cgi/projlist.cgi b/cgi/projlist.cgi
index 823d19d..3bb8070 100755
--- a/cgi/projlist.cgi
+++ b/cgi/projlist.cgi
@@ -17,6 +17,7 @@ use Girocco::Config;
 use Girocco::Project;
 use Girocco::Util;
 use Digest::MD5 qw(md5_hex);
+binmode STDOUT, ':utf8';
 
 my $style = <<EOT;
 <style type="text/css">
@@ -67,23 +68,8 @@ close F;
 @projects or die "not found owner's projects, that's really weird!";
 
 $displayname =~ s,@,<span class="obfu"></span>,;
-
+my $projectlist = projects_html_list({emptyok=>1}, @projects);
 print <<EOT;
 <p>The owner '$displayname' has the following projects registered at this site:</p>
-<p><table class='projectlist'><tr><th>Project</th><th>Description</th></tr>
-EOT
-my $trclass = ' class="odd"';
-foreach (sort({lc($a) cmp lc($b)} @projects)) {
-	if (Girocco::Project::does_exist($_)) {
-		my $proj = Girocco::Project->load($_);
-		my $projname = $proj->{name}.".git";
-		print <<EOT;
-<tr$trclass><td><a href="@{[url_path($Girocco::Config::gitweburl)]}/$projname"
->@{[CGI::escapeHTML($projname)]}</td><td>@{[CGI::escapeHTML($proj->{desc})]}</td></tr>
-EOT
-		$trclass = $trclass ? '' : ' class="odd"';
-	}
-}
-print <<EOT
-</table></p>
+$projectlist
 EOT
-- 
2.11.4.GIT