From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: daniel watson via "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#65973: [PATCH] ; send filename, not full path, on EWW form submit
Date: Wed, 13 Sep 2023 23:10:11 -0700
Message-ID: <ZQKjw9QkW5lMSX5Z@challenge-bot.com>
Reply-To: daniel watson <ozzloy@challenge-bot.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="wNG0Lg4LmFGGOPcM"
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="15204"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: daniel watson <ozzloy@gmail.com>
To: 65973@debbugs.gnu.org
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Sep 14 09:49:04 2023
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1qgh5z-0003o3-JQ
	for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 14 Sep 2023 09:49:03 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1qgh4x-0006Jl-GN; Thu, 14 Sep 2023 03:47:59 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qgh4u-0006Fd-D4
 for bug-gnu-emacs@gnu.org; Thu, 14 Sep 2023 03:47:56 -0400
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qgh4u-0000ZD-4C
 for bug-gnu-emacs@gnu.org; Thu, 14 Sep 2023 03:47:56 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1qgh4z-0008AJ-PF
 for bug-gnu-emacs@gnu.org; Thu, 14 Sep 2023 03:48:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: daniel watson <ozzloy@challenge-bot.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Thu, 14 Sep 2023 07:48:01 +0000
Resent-Message-ID: <handler.65973.B.169467763431242@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 65973
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
X-Debbugs-Original-To: bug-gnu-emacs@gnu.org
Original-Received: via spool by submit@debbugs.gnu.org id=B.169467763431242
 (code B ref -1); Thu, 14 Sep 2023 07:48:01 +0000
Original-Received: (at submit) by debbugs.gnu.org; 14 Sep 2023 07:47:14 +0000
Original-Received: from localhost ([127.0.0.1]:37217 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1qgh4A-00087k-BG
 for submit@debbugs.gnu.org; Thu, 14 Sep 2023 03:47:13 -0400
Original-Received: from lists.gnu.org ([2001:470:142::17]:48486)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ozzloy@challenge-bot.com>) id 1qgfYf-000566-Pv
 for submit@debbugs.gnu.org; Thu, 14 Sep 2023 02:10:37 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ozzloy@challenge-bot.com>)
 id 1qgfYU-0006Yf-OH
 for bug-gnu-emacs@gnu.org; Thu, 14 Sep 2023 02:10:22 -0400
Original-Received: from challenge-bot.com ([2602:fffa:fff:108a:0:16:3e15:92b8])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ozzloy@challenge-bot.com>)
 id 1qgfYS-0006f3-1v
 for bug-gnu-emacs@gnu.org; Thu, 14 Sep 2023 02:10:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=challenge-bot.com; s=20180430; h=Content-Type:MIME-Version:Message-ID:
 Subject:Cc:To:From:Date:From; bh=gMVaPkXo8wS/vpujQjxyb45y4cWJsMwRAzmEjOEYiwo=
 ; b=naO3qzwMLXpkeBDgoYEgGasgZjg17zyhv+fsFN8HfiW87A1GpTk5PPlTVevBsR5kwb3ThUnlF
 baQBqH8wLD0CMRPQZU2X+skPUSZVC/gduyL7hMK5uIQPE4dagIsJnFEwGzxjkCSxZq18oQb5GBKFG
 G9RRSgIBV8YlUXzkAYubA=;
Original-Received: from ozzloy by challenge-bot.com with local (Exim 4.94.2)
 (envelope-from <ozzloy@challenge-bot.com>)
 id 1qgfYJ-00GgMZ-P2; Wed, 13 Sep 2023 23:10:11 -0700
Content-Disposition: inline
Received-SPF: pass client-ip=2602:fffa:fff:108a:0:16:3e15:92b8;
 envelope-from=ozzloy@challenge-bot.com; helo=challenge-bot.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, 
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Mailman-Approved-At: Thu, 14 Sep 2023 03:47:08 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:270402
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/270402>


--wNG0Lg4LmFGGOPcM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


0. in one terminal, run this http server
   https://git.sr.ht/~ozzloy/emacs-bug-63941/tree/master/item/server.py
1. in another terminal, run
   socat -v tcp-listen:8086,fork tcp:localhost:8085
2. browse to the page with EWW,
   M-x eww <ENTER> localhost:8086 <ENTER>
3. put the cursor on the word "Browse" <ENTER>
4. select any file to which you have read access for uploading
5. put cursor on "Submit" <ENTER>
6. observe the full path of the file is sent to the server.  this is
   visible in both the python output and the socat output.

i'm including the diff inline to make it easier to review without
downloading the attached file.

---
 lisp/net/eww.el | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lisp/net/eww.el b/lisp/net/eww.el
index 4ddda216afc..f28273dcc58 100644
--- a/lisp/net/eww.el
+++ b/lisp/net/eww.el
@@ -1849,7 +1849,7 @@ eww-submit
                                   (insert-file-contents file)
                                   (buffer-string)))
                           (cons "name" name)
-                          (cons "filename" file))
+                          (cons "filename" (file-name-nondirectory file)))
                     values)))
 	   ((equal (plist-get input :type) "submit")
 	    ;; We want the values from buttons if we hit a button if
-- 
2.39.2




In GNU Emacs 29.1 (build 2, x86_64-pc-linux-gnu, GTK+ Version 3.24.20,
 cairo version 1.16.0) of 2023-08-03 built on bos03-amd64-031
Repository revision: cf57ec68c2a5ac5b721f445928869ca14232a4d1
Repository branch: master
Windowing system distributor 'The X.Org Foundation', version 11.0.12101007
System Description: Ubuntu 23.04

Configured using:
 'configure --prefix=/snap/emacs/current/usr --with-x-toolkit=gtk3
 --without-xaw3d --with-modules --with-cairo
 --with-native-compilation=aot --with-xinput2 --with-tree-sitter
 --with-json
 'CFLAGS=-isystem/build/emacs/parts/emacs/install/usr/include
 -isystem/build/emacs/parts/emacs/install/usr/include/x86_64-linux-gnu
 -isystem/build/emacs/stage/usr/include -O2'
 'CPPFLAGS=-isystem/build/emacs/parts/emacs/install/usr/include
 -isystem/build/emacs/parts/emacs/install/usr/include/x86_64-linux-gnu
 -isystem/build/emacs/stage/usr/include'
 'LDFLAGS=-L/build/emacs/parts/emacs/install/lib
 -L/build/emacs/parts/emacs/install/usr/lib
 -L/build/emacs/parts/emacs/install/lib/x86_64-linux-gnu
 -L/build/emacs/parts/emacs/install/usr/lib/x86_64-linux-gnu
 -L/build/emacs/stage/usr/lib''



--wNG0Lg4LmFGGOPcM
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment;
	filename="0001-send-filename-not-full-path-on-EWW-form-submit.patch"

>From 7b360d91a6667034da7c682af01ee1008d052c40 Mon Sep 17 00:00:00 2001
From: Daniel Watson <ozzloy@each.do>
Date: Tue, 12 Sep 2023 00:06:14 -0700
Subject: [PATCH] ; send filename, not full path, on EWW form submit

; * lisp/net/eww.el (eww-submit): Instead of sending the entire file
; path, send just the filename and not the directory.  This is the
; behavior seen in other clients, such as firefox, chromium, and curl.
; It keeps information about the users directory structure private.
---
 lisp/net/eww.el | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lisp/net/eww.el b/lisp/net/eww.el
index 4ddda216afc..f28273dcc58 100644
--- a/lisp/net/eww.el
+++ b/lisp/net/eww.el
@@ -1849,7 +1849,7 @@ eww-submit
                                   (insert-file-contents file)
                                   (buffer-string)))
                           (cons "name" name)
-                          (cons "filename" file))
+                          (cons "filename" (file-name-nondirectory file)))
                     values)))
 	   ((equal (plist-get input :type) "submit")
 	    ;; We want the values from buttons if we hit a button if
-- 
2.39.2


--wNG0Lg4LmFGGOPcM--