From 7adcd62f62a1315838b716fb3612815f4c0eae89 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sun, 28 Jul 2013 09:03:07 +0200 Subject: - Fix detecting Turkish language in ISO-8859-9 encoding (#1489252) --- program/lib/Roundcube/rcube_charset.php | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'program/lib') diff --git a/program/lib/Roundcube/rcube_charset.php b/program/lib/Roundcube/rcube_charset.php index a7f26a3f4..19dbf6cbc 100644 --- a/program/lib/Roundcube/rcube_charset.php +++ b/program/lib/Roundcube/rcube_charset.php @@ -674,23 +674,27 @@ class rcube_charset // Prioritize charsets according to current language (#1485669) switch ($language) { - case 'ja_JP': // for Japanese + case 'ja_JP': $prio = array('ISO-2022-JP', 'JIS', 'UTF-8', 'EUC-JP', 'eucJP-win', 'SJIS', 'SJIS-win'); break; - case 'zh_CN': // for Chinese (Simplified) - case 'zh_TW': // for Chinese (Traditional) + case 'zh_CN': + case 'zh_TW': $prio = array('UTF-8', 'BIG-5', 'GB2312', 'EUC-TW'); break; - case 'ko_KR': // for Korean + case 'ko_KR': $prio = array('UTF-8', 'EUC-KR', 'ISO-2022-KR'); break; - case 'ru_RU': // for Russian + case 'ru_RU': $prio = array('UTF-8', 'WINDOWS-1251', 'KOI8-R'); break; + case 'tr_TR': + $prio = array('UTF-8', 'ISO-8859-9', 'WINDOWS-1254'); + break; + default: $prio = array('UTF-8', 'SJIS', 'GB2312', 'ISO-8859-1', 'ISO-8859-2', 'ISO-8859-3', 'ISO-8859-4', -- cgit v1.2.3 From 5591a63d70775f2995611ae3d29dd55e8f4a1695 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sat, 3 Aug 2013 09:29:16 +0200 Subject: Fix colorspace issue on image conversion using ImageMagick (#1489270) - s/RGB/sRGB/ --- CHANGELOG | 1 + program/lib/Roundcube/rcube_image.php | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'program/lib') diff --git a/CHANGELOG b/CHANGELOG index 1729d36f9..38610a0f8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix colorspace issue on image conversion using ImageMagick (#1489270) - Fix XSS vulnerability when editing a message "as new" or draft (#1489251) - Fix rewrite rule in .htaccess (#1489240) - Fix detecting Turkish language in ISO-8859-9 encoding (#1489252) diff --git a/program/lib/Roundcube/rcube_image.php b/program/lib/Roundcube/rcube_image.php index 735a0df01..ffcfd4b1d 100644 --- a/program/lib/Roundcube/rcube_image.php +++ b/program/lib/Roundcube/rcube_image.php @@ -120,7 +120,7 @@ class rcube_image $p['-opts'] = array('-resize' => $p['size'].'>'); if (in_array($type, explode(',', $p['types']))) { // Valid type? - $result = rcube::exec($convert . ' 2>&1 -flatten -auto-orient -colorspace RGB -quality {quality} {-opts} {intype}:{in} {type}:{out}', $p); + $result = rcube::exec($convert . ' 2>&1 -flatten -auto-orient -colorspace sRGB -quality {quality} {-opts} {intype}:{in} {type}:{out}', $p); } if ($result === '') { @@ -222,7 +222,7 @@ class rcube_image $p['out'] = $filename; $p['type'] = self::$extensions[$type]; - $result = rcube::exec($convert . ' 2>&1 -colorspace RGB -quality 75 {in} {type}:{out}', $p); + $result = rcube::exec($convert . ' 2>&1 -colorspace sRGB -quality 75 {in} {type}:{out}', $p); if ($result === '') { @chmod($filename, 0600); -- cgit v1.2.3 From 17f11330f8effc12f6aeef1c46dec86bd1c2b492 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Wed, 7 Aug 2013 13:48:07 +0200 Subject: Fix wrong handling of links with '|' character (#1489276) Conflicts: CHANGELOG tests/Framework/StringReplacer.php --- CHANGELOG | 1 + program/lib/Roundcube/rcube_string_replacer.php | 2 +- tests/Framework/StringReplacer.php | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) (limited to 'program/lib') diff --git a/CHANGELOG b/CHANGELOG index d9adf9e7d..a169faba7 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix wrong handling of links with '|' character (#1489276) - Fix colorspace issue on image conversion using ImageMagick (#1489270) - Fix XSS vulnerability when saving HTML signatures (#1489251) - Fix XSS vulnerability when editing a message "as new" or draft (#1489251) diff --git a/program/lib/Roundcube/rcube_string_replacer.php b/program/lib/Roundcube/rcube_string_replacer.php index acdc4e317..bd26f8e7d 100644 --- a/program/lib/Roundcube/rcube_string_replacer.php +++ b/program/lib/Roundcube/rcube_string_replacer.php @@ -36,7 +36,7 @@ class rcube_string_replacer // Support unicode/punycode in top-level domain part $utf_domain = '[^?&@"\'\\/()<>\s\r\t\n]+\\.?([^\\x00-\\x2f\\x3b-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-zA-Z0-9]{2,})'; $url1 = '.:;,'; - $url2 = 'a-zA-Z0-9%=#$@+?!&\\/_~\\[\\]\\(\\){}\*-'; + $url2 = 'a-zA-Z0-9%=#$@+?|!&\\/_~\\[\\]\\(\\){}\*-'; $this->link_pattern = "/([\w]+:\/\/|\W[Ww][Ww][Ww]\.|^[Ww][Ww][Ww]\.)($utf_domain([$url1]*[$url2]+)*)/"; $this->mailto_pattern = "/(" diff --git a/tests/Framework/StringReplacer.php b/tests/Framework/StringReplacer.php index f2643f838..5008e3f84 100644 --- a/tests/Framework/StringReplacer.php +++ b/tests/Framework/StringReplacer.php @@ -41,6 +41,7 @@ class Framework_StringReplacer extends PHPUnit_Framework_TestCase array('http://', 'http://'), array('1@1.com www.domain.tld', '1@1.com www.domain.tld'), array(' www.domain.tld ', ' www.domain.tld '), + array(' www.domain.tld/#!download|856p1|2 ', ' www.domain.tld/#!download|856p1|2 '), ); } -- cgit v1.2.3 From 216fdb891a6840269ed0a68fb6194f787af9c2bb Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Wed, 7 Aug 2013 14:24:00 +0200 Subject: Fix base URL resolving on attribute values with no quotes (#1489275) --- CHANGELOG | 1 + program/lib/Roundcube/rcube_base_replacer.php | 4 ++-- tests/Framework/BaseReplacer.php | 14 ++++++++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) (limited to 'program/lib') diff --git a/CHANGELOG b/CHANGELOG index a169faba7..91f550c84 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix base URL resolving on attribute values with no quotes (#1489275) - Fix wrong handling of links with '|' character (#1489276) - Fix colorspace issue on image conversion using ImageMagick (#1489270) - Fix XSS vulnerability when saving HTML signatures (#1489251) diff --git a/program/lib/Roundcube/rcube_base_replacer.php b/program/lib/Roundcube/rcube_base_replacer.php index fcd85c2c8..aaaa2028c 100644 --- a/program/lib/Roundcube/rcube_base_replacer.php +++ b/program/lib/Roundcube/rcube_base_replacer.php @@ -44,8 +44,8 @@ class rcube_base_replacer public function replace($body) { return preg_replace_callback(array( - '/(src|background|href)=(["\']?)([^"\'\s]+)(\2|\s|>)/Ui', - '/(url\s*\()(["\']?)([^"\'\)\s]+)(\2)\)/Ui', + '/(src|background|href)=(["\']?)([^"\'\s>]+)(\2|\s|>)/i', + '/(url\s*\()(["\']?)([^"\'\)\s]+)(\2)\)/i', ), array($this, 'callback'), $body); } diff --git a/tests/Framework/BaseReplacer.php b/tests/Framework/BaseReplacer.php index e00b9e5eb..44a9604ac 100644 --- a/tests/Framework/BaseReplacer.php +++ b/tests/Framework/BaseReplacer.php @@ -17,4 +17,18 @@ class Framework_BaseReplacer extends PHPUnit_Framework_TestCase $this->assertInstanceOf('rcube_base_replacer', $object, "Class constructor"); } + + /** + * Test replace() + */ + function test_replace() + { + $base = 'http://thisshouldntbetheurl.bob.com/'; + $html = 'Test URL'; + + $replacer = new rcube_base_replacer($base); + $response = $replacer->replace($html); + + $this->assertSame('Test URL', $response); + } } -- cgit v1.2.3