summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-08-07 14:24:00 +0200
committerAleksander Machniak <alec@alec.pl>2013-08-07 14:24:00 +0200
commita79017e662273c519a2c50d10ef12c11885d2d87 (patch)
tree94fc3d87073944defe88dc06725189d936f1522b
parent0bac7b32de62006e925fb0b788c757b6c23b8a5e (diff)
Fix base URL resolving on attribute values with no quotes (#1489275)
-rw-r--r--CHANGELOG1
-rw-r--r--program/lib/Roundcube/rcube_base_replacer.php4
-rw-r--r--tests/Framework/BaseReplacer.php14
3 files changed, 17 insertions, 2 deletions
diff --git a/CHANGELOG b/CHANGELOG
index f50c0a3f8..702fa4942 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix base URL resolving on attribute values with no quotes (#1489275)
- Fix wrong handling of links with '|' character (#1489276)
- Fix XSS vulnerability when saving HTML signatures (#1489251)
- Move identity selection based on non-standard headers into (new) identity_select plugin (#1488553)
diff --git a/program/lib/Roundcube/rcube_base_replacer.php b/program/lib/Roundcube/rcube_base_replacer.php
index e41ccb1d9..a59bba926 100644
--- a/program/lib/Roundcube/rcube_base_replacer.php
+++ b/program/lib/Roundcube/rcube_base_replacer.php
@@ -44,8 +44,8 @@ class rcube_base_replacer
public function replace($body)
{
return preg_replace_callback(array(
- '/(src|background|href)=(["\']?)([^"\'\s]+)(\2|\s|>)/Ui',
- '/(url\s*\()(["\']?)([^"\'\)\s]+)(\2)\)/Ui',
+ '/(src|background|href)=(["\']?)([^"\'\s>]+)(\2|\s|>)/i',
+ '/(url\s*\()(["\']?)([^"\'\)\s]+)(\2)\)/i',
),
array($this, 'callback'), $body);
}
diff --git a/tests/Framework/BaseReplacer.php b/tests/Framework/BaseReplacer.php
index e00b9e5eb..44a9604ac 100644
--- a/tests/Framework/BaseReplacer.php
+++ b/tests/Framework/BaseReplacer.php
@@ -17,4 +17,18 @@ class Framework_BaseReplacer extends PHPUnit_Framework_TestCase
$this->assertInstanceOf('rcube_base_replacer', $object, "Class constructor");
}
+
+ /**
+ * Test replace()
+ */
+ function test_replace()
+ {
+ $base = 'http://thisshouldntbetheurl.bob.com/';
+ $html = '<A href=http://shouldbethislink.com>Test URL</A>';
+
+ $replacer = new rcube_base_replacer($base);
+ $response = $replacer->replace($html);
+
+ $this->assertSame('<A href="http://shouldbethislink.com">Test URL</A>', $response);
+ }
}