summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG1
-rw-r--r--program/lib/Roundcube/rcube_string_replacer.php2
-rw-r--r--tests/Framework/StringReplacer.php1
3 files changed, 3 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG
index fc659132c..f50c0a3f8 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix wrong handling of links with '|' character (#1489276)
- Fix XSS vulnerability when saving HTML signatures (#1489251)
- Move identity selection based on non-standard headers into (new) identity_select plugin (#1488553)
- Fix colorspace issue on image conversion using ImageMagick (#1489270)
diff --git a/program/lib/Roundcube/rcube_string_replacer.php b/program/lib/Roundcube/rcube_string_replacer.php
index d1f1f4dbc..354b4596d 100644
--- a/program/lib/Roundcube/rcube_string_replacer.php
+++ b/program/lib/Roundcube/rcube_string_replacer.php
@@ -37,7 +37,7 @@ class rcube_string_replacer
// Support unicode/punycode in top-level domain part
$utf_domain = '[^?&@"\'\\/()<>\s\r\t\n]+\\.?([^\\x00-\\x2f\\x3b-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-zA-Z0-9]{2,})';
$url1 = '.:;,';
- $url2 = 'a-zA-Z0-9%=#$@+?!&\\/_~\\[\\]\\(\\){}\*-';
+ $url2 = 'a-zA-Z0-9%=#$@+?|!&\\/_~\\[\\]\\(\\){}\*-';
$this->link_pattern = "/([\w]+:\/\/|\W[Ww][Ww][Ww]\.|^[Ww][Ww][Ww]\.)($utf_domain([$url1]*[$url2]+)*)/";
$this->mailto_pattern = "/("
diff --git a/tests/Framework/StringReplacer.php b/tests/Framework/StringReplacer.php
index 8f6eaf4b9..e23fb9b17 100644
--- a/tests/Framework/StringReplacer.php
+++ b/tests/Framework/StringReplacer.php
@@ -41,6 +41,7 @@ class Framework_StringReplacer extends PHPUnit_Framework_TestCase
array('http://', 'http://'),
array('1@1.com www.domain.tld', '<a href="mailto:1@1.com">1@1.com</a> <a href="http://www.domain.tld">www.domain.tld</a>'),
array(' www.domain.tld ', ' <a href="http://www.domain.tld">www.domain.tld</a> '),
+ array(' www.domain.tld/#!download|856p1|2 ', ' <a href="http://www.domain.tld/#!download|856p1|2">www.domain.tld/#!download|856p1|2</a> '),
);
}