From 17f11330f8effc12f6aeef1c46dec86bd1c2b492 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Wed, 07 Aug 2013 07:49:38 -0400
Subject: [PATCH] Fix wrong handling of links with '|' character (#1489276)

---
 CHANGELOG                                       |    1 +
 tests/Framework/StringReplacer.php              |    1 +
 program/lib/Roundcube/rcube_string_replacer.php |    2 +-
 3 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index d9adf9e..a169fab 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix wrong handling of links with '|' character (#1489276)
 - Fix colorspace issue on image conversion using ImageMagick (#1489270)
 - Fix XSS vulnerability when saving HTML signatures (#1489251)
 - Fix XSS vulnerability when editing a message "as new" or draft (#1489251)
diff --git a/program/lib/Roundcube/rcube_string_replacer.php b/program/lib/Roundcube/rcube_string_replacer.php
index acdc4e3..bd26f8e 100644
--- a/program/lib/Roundcube/rcube_string_replacer.php
+++ b/program/lib/Roundcube/rcube_string_replacer.php
@@ -36,7 +36,7 @@
         // Support unicode/punycode in top-level domain part
         $utf_domain = '[^?&@"\'\\/()<>\s\r\t\n]+\\.?([^\\x00-\\x2f\\x3b-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-zA-Z0-9]{2,})';
         $url1       = '.:;,';
-        $url2       = 'a-zA-Z0-9%=#$@+?!&\\/_~\\[\\]\\(\\){}\*-';
+        $url2       = 'a-zA-Z0-9%=#$@+?|!&\\/_~\\[\\]\\(\\){}\*-';
 
         $this->link_pattern = "/([\w]+:\/\/|\W[Ww][Ww][Ww]\.|^[Ww][Ww][Ww]\.)($utf_domain([$url1]*[$url2]+)*)/";
         $this->mailto_pattern = "/("
diff --git a/tests/Framework/StringReplacer.php b/tests/Framework/StringReplacer.php
index f2643f8..5008e3f 100644
--- a/tests/Framework/StringReplacer.php
+++ b/tests/Framework/StringReplacer.php
@@ -41,6 +41,7 @@
             array('http://', 'http://'),
             array('1@1.com www.domain.tld', '<a href="mailto:1@1.com">1@1.com</a> <a href="http://www.domain.tld" target="_blank">www.domain.tld</a>'),
             array(' www.domain.tld ', ' <a href="http://www.domain.tld" target="_blank">www.domain.tld</a> '),
+            array(' www.domain.tld/#!download|856p1|2 ', ' <a href="http://www.domain.tld/#!download|856p1|2" target="_blank">www.domain.tld/#!download|856p1|2</a> '),
         );
     }
 

--
Gitblit v1.9.1