diff options
| author | Aleksander Machniak <alec@alec.pl> | 2013-08-07 14:24:00 +0200 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2013-08-07 14:24:00 +0200 |
| commit | a79017e662273c519a2c50d10ef12c11885d2d87 (patch) | |
| tree | 94fc3d87073944defe88dc06725189d936f1522b | |
| parent | 0bac7b32de62006e925fb0b788c757b6c23b8a5e (diff) | |
Fix base URL resolving on attribute values with no quotes (#1489275)
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | program/lib/Roundcube/rcube_base_replacer.php | 4 | ||||
| -rw-r--r-- | tests/Framework/BaseReplacer.php | 14 |
3 files changed, 17 insertions, 2 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix base URL resolving on attribute values with no quotes (#1489275) - Fix wrong handling of links with '|' character (#1489276) - Fix XSS vulnerability when saving HTML signatures (#1489251) - Move identity selection based on non-standard headers into (new) identity_select plugin (#1488553) diff --git a/program/lib/Roundcube/rcube_base_replacer.php b/program/lib/Roundcube/rcube_base_replacer.php index e41ccb1d9..a59bba926 100644 --- a/program/lib/Roundcube/rcube_base_replacer.php +++ b/program/lib/Roundcube/rcube_base_replacer.php @@ -44,8 +44,8 @@ class rcube_base_replacer public function replace($body) { return preg_replace_callback(array( - '/(src|background|href)=(["\']?)([^"\'\s]+)(\2|\s|>)/Ui', - '/(url\s*\()(["\']?)([^"\'\)\s]+)(\2)\)/Ui', + '/(src|background|href)=(["\']?)([^"\'\s>]+)(\2|\s|>)/i', + '/(url\s*\()(["\']?)([^"\'\)\s]+)(\2)\)/i', ), array($this, 'callback'), $body); } diff --git a/tests/Framework/BaseReplacer.php b/tests/Framework/BaseReplacer.php index e00b9e5eb..44a9604ac 100644 --- a/tests/Framework/BaseReplacer.php +++ b/tests/Framework/BaseReplacer.php @@ -17,4 +17,18 @@ class Framework_BaseReplacer extends PHPUnit_Framework_TestCase $this->assertInstanceOf('rcube_base_replacer', $object, "Class constructor"); } + + /** + * Test replace() + */ + function test_replace() + { + $base = 'http://thisshouldntbetheurl.bob.com/'; + $html = '<A href=http://shouldbethislink.com>Test URL</A>'; + + $replacer = new rcube_base_replacer($base); + $response = $replacer->replace($html); + + $this->assertSame('<A href="http://shouldbethislink.com">Test URL</A>', $response); + } } |