From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/lib/Roundcube/rcube_base_replacer.php | 53 ++++++++++++++++++++++++++++++++++-------------------
1 files changed, 34 insertions(+), 19 deletions(-)
diff --git a/program/lib/Roundcube/rcube_base_replacer.php b/program/lib/Roundcube/rcube_base_replacer.php
index b2a0fc1..a5d3f8a 100644
--- a/program/lib/Roundcube/rcube_base_replacer.php
+++ b/program/lib/Roundcube/rcube_base_replacer.php
@@ -1,9 +1,7 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
- | program/include/rcube_base_replacer.php |
- | |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2012, The Roundcube Dev Team |
| |
@@ -13,7 +11,6 @@
| |
| PURPOSE: |
| Provide basic functions for base URL replacement |
- | |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
@@ -24,7 +21,7 @@
* using a predefined base
*
* @package Framework
- * @subpackage Core
+ * @subpackage Utils
* @author Thomas Bruederli <roundcube@gmail.com>
*/
class rcube_base_replacer
@@ -32,27 +29,44 @@
private $base_url;
+ /**
+ * Class constructor
+ *
+ * @param string $base Base URL
+ */
public function __construct($base)
{
$this->base_url = $base;
}
-
+ /**
+ * Replace callback
+ *
+ * @param array $matches Matching entries
+ *
+ * @return string Replaced text with absolute URL
+ */
public function callback($matches)
{
return $matches[1] . '="' . self::absolute_url($matches[3], $this->base_url) . '"';
}
-
+ /**
+ * Convert base URLs to absolute ones
+ *
+ * @param string $body Text body
+ *
+ * @return string Replaced text
+ */
public function replace($body)
{
- return preg_replace_callback(array(
- '/(src|background|href)=(["\']?)([^"\'\s]+)(\2|\s|>)/Ui',
- '/(url\s*\()(["\']?)([^"\'\)\s]+)(\2)\)/Ui',
- ),
- array($this, 'callback'), $body);
- }
+ $regexp = array(
+ '/(src|background|href)=(["\']?)([^"\'\s>]+)(\2|\s|>)/i',
+ '/(url\s*\()(["\']?)([^"\'\)\s]+)(\2)\)/i',
+ );
+ return preg_replace_callback($regexp, array($this, 'callback'), $body);
+ }
/**
* Convert paths like ../xxx to an absolute path using a base url
@@ -64,9 +78,6 @@
*/
public static function absolute_url($path, $base_url)
{
- $host_url = $base_url;
- $abs_path = $path;
-
// check if path is an absolute URL
if (preg_match('/^[fhtps]+:\/\//', $path)) {
return $path;
@@ -76,6 +87,9 @@
if (strpos($path, 'cid:') === 0) {
return $path;
}
+
+ $host_url = $base_url;
+ $abs_path = $path;
// cut base_url to the last directory
if (strrpos($base_url, '/') > 7) {
@@ -92,9 +106,10 @@
$path = preg_replace('/^\.\//', '', $path);
if (preg_match_all('/\.\.\//', $path, $matches, PREG_SET_ORDER)) {
- foreach ($matches as $a_match) {
- if (strrpos($base_url, '/')) {
- $base_url = substr($base_url, 0, strrpos($base_url, '/'));
+ $cnt = count($matches);
+ while ($cnt--) {
+ if ($pos = strrpos($base_url, '/')) {
+ $base_url = substr($base_url, 0, $pos);
}
$path = substr($path, 3);
}
--
Gitblit v1.9.1