From 4a408843b0ef816daf70a472a02b78cd6073a4d5 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Sun, 06 Mar 2016 08:31:07 -0500
Subject: [PATCH] Protect download urls against CSRF using unique request tokens (#1490642) Send X-Frame-Options headers with every HTTP response

---
 program/include/rcmail_string_replacer.php |   12 +++++++++++-
 1 files changed, 11 insertions(+), 1 deletions(-)

diff --git a/program/include/rcmail_string_replacer.php b/program/include/rcmail_string_replacer.php
index d3fdc3e..2037db6 100644
--- a/program/include/rcmail_string_replacer.php
+++ b/program/include/rcmail_string_replacer.php
@@ -1,6 +1,6 @@
 <?php
 
-/*
+/**
  +-----------------------------------------------------------------------+
  | program/include/rcmail_string_replacer.php                            |
  |                                                                       |
@@ -41,6 +41,16 @@
     {
         $href   = $matches[1];
         $suffix = $this->parse_url_brackets($href);
+        $email  = $href;
+
+        if (strpos($email, '?')) {
+            list($email,) = explode('?', $email);
+        }
+
+        // skip invalid emails
+        if (!rcube_utils::check_email($email, false)) {
+            return $matches[1];
+        }
 
         $i = $this->add(html::a(array(
             'href'    => 'mailto:' . $href,

--
Gitblit v1.9.1