From c91d4975ffa3bb4e6da907855b77296f34823aa4 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 12 Apr 2016 05:13:05 -0400
Subject: [PATCH] Make sure an email address is valid when replacing it with mailto: link

---
 program/include/rcmail_string_replacer.php      |   10 ++++++++++
 program/lib/Roundcube/rcube_string_replacer.php |   19 +++++++++----------
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/program/include/rcmail_string_replacer.php b/program/include/rcmail_string_replacer.php
index d3fdc3e..abd5ff8 100644
--- a/program/include/rcmail_string_replacer.php
+++ b/program/include/rcmail_string_replacer.php
@@ -41,6 +41,16 @@
     {
         $href   = $matches[1];
         $suffix = $this->parse_url_brackets($href);
+        $email  = $href;
+
+        if (strpos($email, '?')) {
+            list($email,) = explode('?', $email);
+        }
+
+        // skip invalid emails
+        if (!rcube_utils::check_email($email, false)) {
+            return $matches[1];
+        }
 
         $i = $this->add(html::a(array(
             'href'    => 'mailto:' . $href,
diff --git a/program/lib/Roundcube/rcube_string_replacer.php b/program/lib/Roundcube/rcube_string_replacer.php
index ce61e53..ae103d9 100644
--- a/program/lib/Roundcube/rcube_string_replacer.php
+++ b/program/lib/Roundcube/rcube_string_replacer.php
@@ -30,10 +30,10 @@
     public $linkref_index;
     public $linkref_pattern;
 
-    private $values = array();
-    private $options = array();
-    private $linkrefs = array();
-    private $urls = array();
+    protected $values   = array();
+    protected $options  = array();
+    protected $linkrefs = array();
+    protected $urls     = array();
 
 
     function __construct($options = array())
@@ -44,16 +44,15 @@
         $url1       = '.:;,';
         $url2       = 'a-zA-Z0-9%=#$@+?|!&\\/_~\\[\\]\\(\\){}\*\x80-\xFE-';
 
-        $this->link_pattern = "/([\w]+:\/\/|\W[Ww][Ww][Ww]\.|^[Ww][Ww][Ww]\.)($utf_domain([$url1]*[$url2]+)*)/";
-        $this->mailto_pattern = "/("
+        $this->options         = $options;
+        $this->linkref_index   = '/\[([^\]#]+)\](:?\s*##str_replacement_(\d+)##)/';
+        $this->linkref_pattern = '/\[([^\]#]+)\]/';
+        $this->link_pattern    = "/([\w]+:\/\/|\W[Ww][Ww][Ww]\.|^[Ww][Ww][Ww]\.)($utf_domain([$url1]*[$url2]+)*)/";
+        $this->mailto_pattern  = "/("
             ."[-\w!\#\$%&\'*+~\/^`|{}=]+(?:\.[-\w!\#\$%&\'*+~\/^`|{}=]+)*"  // local-part
             ."@$utf_domain"                                                 // domain-part
             ."(\?[$url1$url2]+)?"                                           // e.g. ?subject=test...
             .")/";
-        $this->linkref_index = '/\[([^\]#]+)\](:?\s*##str_replacement_(\d+)##)/';
-        $this->linkref_pattern = '/\[([^\]#]+)\]/';
-
-        $this->options = $options;
     }
 
     /**

--
Gitblit v1.9.1