Fix wrong handling of links with '|' character (#1489276)

Conflicts:

	CHANGELOG
	tests/Framework/StringReplacer.php
pull/117/head
Aleksander Machniak 11 years ago
parent 6d26369021
commit 17f11330f8

@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail CHANGELOG Roundcube Webmail
=========================== ===========================
- Fix wrong handling of links with '|' character (#1489276)
- Fix colorspace issue on image conversion using ImageMagick (#1489270) - Fix colorspace issue on image conversion using ImageMagick (#1489270)
- Fix XSS vulnerability when saving HTML signatures (#1489251) - Fix XSS vulnerability when saving HTML signatures (#1489251)
- Fix XSS vulnerability when editing a message "as new" or draft (#1489251) - Fix XSS vulnerability when editing a message "as new" or draft (#1489251)

@ -36,7 +36,7 @@ class rcube_string_replacer
// Support unicode/punycode in top-level domain part // Support unicode/punycode in top-level domain part
$utf_domain = '[^?&@"\'\\/()<>\s\r\t\n]+\\.?([^\\x00-\\x2f\\x3b-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-zA-Z0-9]{2,})'; $utf_domain = '[^?&@"\'\\/()<>\s\r\t\n]+\\.?([^\\x00-\\x2f\\x3b-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-zA-Z0-9]{2,})';
$url1 = '.:;,'; $url1 = '.:;,';
$url2 = 'a-zA-Z0-9%=#$@+?!&\\/_~\\[\\]\\(\\){}\*-'; $url2 = 'a-zA-Z0-9%=#$@+?|!&\\/_~\\[\\]\\(\\){}\*-';
$this->link_pattern = "/([\w]+:\/\/|\W[Ww][Ww][Ww]\.|^[Ww][Ww][Ww]\.)($utf_domain([$url1]*[$url2]+)*)/"; $this->link_pattern = "/([\w]+:\/\/|\W[Ww][Ww][Ww]\.|^[Ww][Ww][Ww]\.)($utf_domain([$url1]*[$url2]+)*)/";
$this->mailto_pattern = "/(" $this->mailto_pattern = "/("

@ -41,6 +41,7 @@ class Framework_StringReplacer extends PHPUnit_Framework_TestCase
array('http://', 'http://'), array('http://', 'http://'),
array('1@1.com www.domain.tld', '<a href="mailto:1@1.com">1@1.com</a> <a href="http://www.domain.tld" target="_blank">www.domain.tld</a>'), array('1@1.com www.domain.tld', '<a href="mailto:1@1.com">1@1.com</a> <a href="http://www.domain.tld" target="_blank">www.domain.tld</a>'),
array(' www.domain.tld ', ' <a href="http://www.domain.tld" target="_blank">www.domain.tld</a> '), array(' www.domain.tld ', ' <a href="http://www.domain.tld" target="_blank">www.domain.tld</a> '),
array(' www.domain.tld/#!download|856p1|2 ', ' <a href="http://www.domain.tld/#!download|856p1|2" target="_blank">www.domain.tld/#!download|856p1|2</a> '),
); );
} }

Loading…
Cancel
Save