From 699687f503c63541a6e28501fa5f523b89c1915b Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Thu, 4 May 2017 18:51:36 -0400
Subject: sanitize gpg output and chat messages

Just in case, only allow printable characters in this, not control
characters.
---
 Gpg/Wot.hs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'Gpg')

diff --git a/Gpg/Wot.hs b/Gpg/Wot.hs
index f9051e9..b29ccc7 100644
--- a/Gpg/Wot.hs
+++ b/Gpg/Wot.hs
@@ -95,10 +95,10 @@ isInStrongSet :: GpgKeyId -> IO StrongSetAnalysis
 isInStrongSet k = maybe (StrongSetAnalysis False) (const $ StrongSetAnalysis True)
 	<$> downloadWotPath k knownKeyInStrongSet
 
-describeWot :: Maybe WotStats -> StrongSetAnalysis -> String
+describeWot :: Maybe WotStats -> StrongSetAnalysis -> [String]
 describeWot (Just ws) (StrongSetAnalysis ss)
-	| ss == False = theirname ++ "'s identity cannot be verified!"
-	| otherwise = unlines $
+	| ss == False = [theirname ++ "'s identity cannot be verified!"]
+	| otherwise =
 		[ theirname ++ "'s identity has been verified by as many as "
 			++ show (length sigs) ++ " people, including:"
 		, intercalate ", " $ take 10 $ nub $
@@ -110,7 +110,7 @@ describeWot (Just ws) (StrongSetAnalysis ss)
 	theirname = stripEmail (uid (key ws))
 	sigs = cross_sigs ws ++ other_sigs ws
 	bestconnectedsigs = sortOn rank sigs
-describeWot Nothing _ = unlines
+describeWot Nothing _ =
 	[ ""
 	, "Their identity cannot be verified!"
 	]
-- 
cgit v1.2.3