From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/lib/Roundcube/rcube_base_replacer.php | 31 ++++++++++++++++++++++++-------
1 files changed, 24 insertions(+), 7 deletions(-)
diff --git a/program/lib/Roundcube/rcube_base_replacer.php b/program/lib/Roundcube/rcube_base_replacer.php
index a306086..a5d3f8a 100644
--- a/program/lib/Roundcube/rcube_base_replacer.php
+++ b/program/lib/Roundcube/rcube_base_replacer.php
@@ -1,6 +1,6 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2012, The Roundcube Dev Team |
@@ -29,27 +29,44 @@
private $base_url;
+ /**
+ * Class constructor
+ *
+ * @param string $base Base URL
+ */
public function __construct($base)
{
$this->base_url = $base;
}
-
+ /**
+ * Replace callback
+ *
+ * @param array $matches Matching entries
+ *
+ * @return string Replaced text with absolute URL
+ */
public function callback($matches)
{
return $matches[1] . '="' . self::absolute_url($matches[3], $this->base_url) . '"';
}
-
+ /**
+ * Convert base URLs to absolute ones
+ *
+ * @param string $body Text body
+ *
+ * @return string Replaced text
+ */
public function replace($body)
{
- return preg_replace_callback(array(
+ $regexp = array(
'/(src|background|href)=(["\']?)([^"\'\s>]+)(\2|\s|>)/i',
'/(url\s*\()(["\']?)([^"\'\)\s]+)(\2)\)/i',
- ),
- array($this, 'callback'), $body);
- }
+ );
+ return preg_replace_callback($regexp, array($this, 'callback'), $body);
+ }
/**
* Convert paths like ../xxx to an absolute path using a base url
--
Gitblit v1.9.1