From c91d4975ffa3bb4e6da907855b77296f34823aa4 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Tue, 12 Apr 2016 05:13:05 -0400 Subject: [PATCH] Make sure an email address is valid when replacing it with mailto: link --- program/include/rcmail_string_replacer.php | 10 ++++++++++ 1 files changed, 10 insertions(+), 0 deletions(-) diff --git a/program/include/rcmail_string_replacer.php b/program/include/rcmail_string_replacer.php index d3fdc3e..abd5ff8 100644 --- a/program/include/rcmail_string_replacer.php +++ b/program/include/rcmail_string_replacer.php @@ -41,6 +41,16 @@ { $href = $matches[1]; $suffix = $this->parse_url_brackets($href); + $email = $href; + + if (strpos($email, '?')) { + list($email,) = explode('?', $email); + } + + // skip invalid emails + if (!rcube_utils::check_email($email, false)) { + return $matches[1]; + } $i = $this->add(html::a(array( 'href' => 'mailto:' . $href, -- Gitblit v1.9.1