Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433)

6 years ago · c28242f63c
parent adbff69852
commit c28242f63c
5 changed files with 56 additions and 18 deletions
--- a/1
+++ b/1
@ -9,6 +9,7 @@ CHANGELOG Roundcube Webmail
 - Password: Fix bug where password_dovecotpw_with_method setting could be ignored (#6436)
 - Elastic: Improved UX of search dialogs (#6416)
 - Elastic: Fix unwanted thread expanding when selecting a collapsed thread in non-mobile mode (#6445)
+- Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433)
 - Fix so invalid smtp_helo_host is never used, fallback to localhost (#6408)
 - Fix custom logo size in Elastic (#6424)
 - Fix listing the same attachment multiple times on forwarded messages
--- a/1
+++ b/1
@ -33,6 +33,7 @@ REQUIREMENTS
   - session.auto_start disabled
   - suhosin.session.encrypt disabled
   - mbstring.func_overload disabled
+   - pcre.backtrack_limit >= 100000
 * A MySQL, PostgreSQL, MS SQL Server (2005 or newer), Oracle database
  or SQLite support in PHP - with permission to create tables
 * Composer installed either locally or globally (https://getcomposer.org)
--- a/program/lib/Roundcube/rcube_utils.php
+++ b/program/lib/Roundcube/rcube_utils.php
@ -1350,4 +1350,41 @@ class rcube_utils

        return $max_filesize;
    }
+
+    /**
+     * Detect and log last PREG operation error
+     *
+     * @param array $error     Error data (line, file, code, message)
+     * @param bool  $terminate Stop script execution
+     *
+     * @return bool True on error, False otherwise
+     */
+    public static function preg_error($error = array(), $terminate = false)
+    {
+        if (($preg_error = preg_last_error()) != PREG_NO_ERROR) {
+            $errstr = "PCRE Error: $preg_error.";
+
+            if ($preg_error == PREG_BACKTRACK_LIMIT_ERROR) {
+                $errstr .= " Consider raising pcre.backtrack_limit!";
+            }
+            if ($preg_error == PREG_RECURSION_LIMIT_ERROR) {
+                $errstr .= " Consider raising pcre.recursion_limit!";
+            }
+
+            $error = array_merge(array('code' => 620, 'line' => __LINE__, 'file' => __FILE__), $error);
+
+            if (!empty($error['message'])) {
+                $error['message'] .= ' ' . $errstr;
+            }
+            else {
+                $error['message'] = $errstr;
+            }
+
+            rcube::raise_error($error, true, $terminate);
+
+            return true;
+        }
+
+        return false;
+    }
 }
--- a/program/lib/Roundcube/rcube_washtml.php
+++ b/program/lib/Roundcube/rcube_washtml.php
@ -617,6 +617,11 @@ class rcube_washtml

        $html = preg_replace($html_search, $html_replace, trim($html));

+        $err = array('line' => __LINE__, 'file' => __FILE__, 'message' => "Could not clean up HTML!");
+        if ($html === null && rcube_utils::preg_error($err)) {
+            return '';
+        }
+
        // Replace all of those weird MS Word quotes and other high characters
        $badwordchars = array(
            "\xe2\x80\x98", // left single quote
@ -638,24 +643,6 @@ class rcube_washtml

        $html = str_replace($badwordchars, $fixedwordchars, $html);

-        // PCRE errors handling (#1486856), should we use something like for every preg_* use?
-        if ($html === null && ($preg_error = preg_last_error()) != PREG_NO_ERROR) {
-            $errstr = "Could not clean up HTML message! PCRE Error: $preg_error.";
-
-            if ($preg_error == PREG_BACKTRACK_LIMIT_ERROR) {
-                $errstr .= " Consider raising pcre.backtrack_limit!";
-            }
-            if ($preg_error == PREG_RECURSION_LIMIT_ERROR) {
-                $errstr .= " Consider raising pcre.recursion_limit!";
-            }
-
-            rcube::raise_error(array('code' => 620, 'type' => 'php',
-                'line' => __LINE__, 'file' => __FILE__,
-                'message' => $errstr), true, false);
-
-            return '';
-        }
-
        // fix (unknown/malformed) HTML tags before "wash"
        $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)([^>]*)/', array($this, 'html_tag_callback'), $html);

--- a/program/steps/mail/sendmail.inc
+++ b/program/steps/mail/sendmail.inc
@ -115,6 +115,12 @@ if (!$savedraft) {
                '<p><br /></p>',
            ),
            $message_body);
+
+        rcube_utils::preg_error(array(
+                'line'    => __LINE__,
+                'file'    => __FILE__,
+                'message' => "Could not format HTML!"
+            ), true);
    }

    // Check spelling before send
@ -199,6 +205,12 @@ if (is_array($COMPOSE['attachments'])) {

            $message_body = preg_replace($dispurl, '"cid:' . $cid . '"', $message_body);

+            rcube_utils::preg_error(array(
+                    'line'    => __LINE__,
+                    'file'    => __FILE__,
+                    'message' => "Could not replace an image reference!"
+                ), true);
+
            $MAIL_MIME->setHTMLBody($message_body);

            if ($attachment['data'])