Fix mangled non-ASCII characters in links in HTML messages (#6028)

CHANGELOG

@@ -4,6 +4,7 @@ CHANGELOG Roundcube Webmail
 - Fix decoding of mailto: links with + character in HTML messages (#6020)
 - Fix false reporting of failed upgrade in installto.sh (#6019)
 - Fix file disclosure vulnerability caused by insuficient input validation in relation to attachment plugins (#6026)
+- Fix mangled non-ASCII characters in links in HTML messages (#6028)
 
 RELEASE 1.3.2
 -------------

program/lib/Roundcube/html.php

@@ -349,7 +349,10 @@ class html
     public static function parse_attrib_string($str)
     {
         $attrib = array();
-        $html   = '<html><body><div ' . rtrim($str, '/ ') . ' /></body></html>';
+        $html   = '<html>'
+            . '<head><meta http-equiv="Content-Type" content="text/html; charset=' . RCUBE_CHARSET . '" /></head>'
+            . '<body><div ' . rtrim($str, '/ ') . ' /></body>'
+            . '</html>';
 
         $document = new DOMDocument('1.0', RCUBE_CHARSET);
         @$document->loadHTML($html);

tests/Framework/Html.php

@@ -117,6 +117,10 @@ class Framework_Html extends PHPUnit_Framework_TestCase
                 'expression="test == true ? \' test\' : \'\'" ',
                 array('expression' => 'test == true ? \' test\' : \'\''),
             ),
+            array(
+                'href="http://domain.tld/страница"',
+                array('href' => 'http://domain.tld/страница'),
+            ),
         );
     }