From aa055c931a68547763f7bb89425a08e8ceecb749 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 22 Jan 2009 09:47:23 -0500
Subject: [PATCH] Get rid of vulnerable preg_replace eval and create_function (#1485686) + correctly handle base and link tags in html messages

---
 program/lib/html2text.php |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/program/lib/html2text.php b/program/lib/html2text.php
index d298ee2..b00c28a 100644
--- a/program/lib/html2text.php
+++ b/program/lib/html2text.php
@@ -176,7 +176,6 @@
         '/&(bull|#149|#8226);/i',                // Bullet
         '/&(pound|#163);/i',                     // Pound sign
         '/&(euro|#8364);/i',                     // Euro sign
-        '/&[^&;]+;/i',                           // Unknown/unhandled entities
         '/[ ]{2,}/'                              // Runs of spaces, post-handling
     );
 
@@ -220,7 +219,6 @@
         '*',
         '£',
         'EUR',                                  // Euro sign. � ?
-        '',                                     // Unknown/unhandled entities
         ' '                                     // Runs of spaces, post-handling
     );
 
@@ -468,13 +466,16 @@
 	// Convert <PRE>
         $this->_convert_pre($text);
 
-	// Replace known html entities
-	$text = html_entity_decode($text, ENT_COMPAT, 'UTF-8');
-
         // Run our defined search-and-replace
         $text = preg_replace($this->search, $this->replace, $text);
         $text = preg_replace_callback($this->callback_search, array('html2text', '_preg_callback'), $text);
 
+	// Replace known html entities
+	$text = html_entity_decode($text, ENT_COMPAT, 'UTF-8');
+
+        // Remove unknown/unhandled entities (this cannot be done in search-and-replace block)
+        $text = preg_replace('/&[^&;]+;/i', '', $text); 
+
         // Strip any other HTML tags
         $text = strip_tags($text, $this->allowed_tags);
 

--
Gitblit v1.9.1