Zulip's search typeahead had a security bug, where when autocompleting
a specially crafted stream name, and then hitting space, code within
the stream name would be executed.
Zulip was doing HTML escaping correctly in the main code path using
Filter.describe to describe a narrow, but the escaping function was
not called in a few parallel code paths. We fix this in a way that
should protect all of these code paths, by making Filter.describe
return properly escaped HTML, rather than depending on its callers to
do so.
Thanks to w2w for reporting this issue.
We made this change because users often unnecessarily click "Home"
first in their use of Zulip, because it seems appealing. While "All
messages" isn't quite precise (it doesn't include muted streams), it
does describe relatively simply the interleaved view that this
represents.
This commit leaves everything as "home" in the code, and only changes
user-visible strings and docs. Changing the code will be a big project;
there are hundreds of relevant occurrences in variable names, etc.
Further, we'll probably want to convert those various variable names
in different ways.
Tweaked by tabbott to extend the commit message and update a few comments.
Previously, if the operand was an invalid email, the site would
throw a scary-looking browser error. Now, it has the same behavior
as other search exeptions, and simply returns no messages found.
This allows user to view all group private conversation messages
with a specific user. That is, it views all the the group private
messages from groups which include the given user.
Add search suggestion for group-pm-with. Add operator name
and description in "Search operators" tab.
Add change in tab name to "Group Messages" when using this operator.
Add frontend_tests for group-pm-with search operator.
Fixes: #3882.
Update variable name in static/js/filter.js from 'message_ids'
to 'user_ids' for better understanding. As it is an array of user
recipients of a particular message.
Fixes#3496. This was just a simple regex addition to filter
to accept the format `operand:"foo bar"` as a token. Also,
it will now accept an additional space after the separating colon.
This involves updating filter.js, mostly. The
tests were updated appropriately for this change,
which also involved changing a caspar test for
narrowing.
Special filter was updated to work even when it is not the first
token in a search query. Furthermore, the default query was
moved around to work with the changes to come for the new
suggestion system.
A test also had to be modified to work with the new system.
This commit changes stream_data.in_home_view() to
take a stream_id parameter, which will make it more
robust to stream name changes.
This fixes a bug. Now when an admin renames a stream
you are looking at, it will correctly show itself to
be un-muted. (Even with this fix, though, the stream
appears to be inactive.)
Some callers still do lookups by name, and they will
call name_in_home_view() for now, which we can
hopefully deprecate over time.
We now use stream ids to filter messages in narrowing
situations, instead of doing stream name comparisons.
This partially fixes certain stream-renaming scenarios, since
we will be able to match the stream id for an out-of-date
stream operand, but it doesn't fix some other stuff, such
as the query that the server gets.
We now convert our pm-with search operand to a list of user ids
for matching against messages, rather than using emails. On the
message side we look at user ids from display_recipient.
We now sort lists of users ids deterministically, and we also
sort list of emails deterministically and without regard to case.
This probably fixes the bug #2343, although I never got a great
repro on that.
Previously, URLs were being incorrectly treated as unknown search
operators (since they had exactly one ":" in them, just like foo:bar
for an invalid choice of foo).
Fixes#1743.
Before this change, we were incorrectly trying to do local
filtering on negated has searches.
(imported from commit d1a6f1feef6b3cc1c984eb91a73cd16c4e66874e)
Previously, if you searched for "in:home search:foo", we
weren't making "in:home" a public operator, so the back end
wouldn't know to exclude muted messages, but the front end
also wouldn't exclude muted messages, because it assumed
that queries with "search:" in them were fully narrowed by
the back end.
Prior commits made it so that the back end is now capable
of doing "in:home" narrowing, so to get the properly narrowed
results, we simply needed to make in:home be a public operator
in this commit. We also made in:all be public for convenience,
although it's essentially a no-op.
(imported from commit e4a8b10813b50163c431b1721bd316b676be1b83)
This commit finishes up support for has:* searches by adding
the front-end pieces, specifically the part that "has" operators
will not be applied locally. It also implements basic
descriptions for search suggestions and canonicalization
of operands from plural to singular.
(imported from commit a3285bc33d06d76b5a2b403ebcdd911b4cc03980)
This changes Filter.describe and Filter.operator_to_prefix
to handle negated terms correctly.
(imported from commit 673c0d3a5a77784e95772c14e12534ad2daecda2)
Extract 'verb' in Filter.operator_to_prefix() and
Filter.describe(). This doesn't change any functionality;
it is designed to make a subsequent change have a less
noisy diff.
(imported from commit e9c4b6edc498d88ec1783ccdba079d980def9438)
The methods describe() and operator_to_prefix() are
now in filter.js. They seem like they eventually
may be useful outside the scope of search suggestions,
and they seem to go hand in hand with other Filter
responsibilities.
(imported from commit 55f14c3ee848febb2e7c8c6a27afd690569b4e08)
