Fix base URL resolving on attribute values with no quotes (#1489275)
| | |
| | | CHANGELOG Roundcube Webmail |
| | | =========================== |
| | | |
| | | - Fix base URL resolving on attribute values with no quotes (#1489275) |
| | | - Fix wrong handling of links with '|' character (#1489276) |
| | | - Fix colorspace issue on image conversion using ImageMagick (#1489270) |
| | | - Fix XSS vulnerability when saving HTML signatures (#1489251) |
| | |
| | | public function replace($body) |
| | | { |
| | | return preg_replace_callback(array( |
| | | '/(src|background|href)=(["\']?)([^"\'\s]+)(\2|\s|>)/Ui', |
| | | '/(url\s*\()(["\']?)([^"\'\)\s]+)(\2)\)/Ui', |
| | | '/(src|background|href)=(["\']?)([^"\'\s>]+)(\2|\s|>)/i', |
| | | '/(url\s*\()(["\']?)([^"\'\)\s]+)(\2)\)/i', |
| | | ), |
| | | array($this, 'callback'), $body); |
| | | } |
| | |
| | | |
| | | $this->assertInstanceOf('rcube_base_replacer', $object, "Class constructor"); |
| | | } |
| | | |
| | | /** |
| | | * Test replace() |
| | | */ |
| | | function test_replace() |
| | | { |
| | | $base = 'http://thisshouldntbetheurl.bob.com/'; |
| | | $html = '<A href=http://shouldbethislink.com>Test URL</A>'; |
| | | |
| | | $replacer = new rcube_base_replacer($base); |
| | | $response = $replacer->replace($html); |
| | | |
| | | $this->assertSame('<A href="http://shouldbethislink.com">Test URL</A>', $response); |
| | | } |
| | | } |