From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/lib/Roundcube/rcube_string_replacer.php | 31 ++++++++++++++++---------------
1 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/program/lib/Roundcube/rcube_string_replacer.php b/program/lib/Roundcube/rcube_string_replacer.php
index 85ccc95..eb281ee 100644
--- a/program/lib/Roundcube/rcube_string_replacer.php
+++ b/program/lib/Roundcube/rcube_string_replacer.php
@@ -1,6 +1,6 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2009-2012, The Roundcube Dev Team |
@@ -24,16 +24,16 @@
*/
class rcube_string_replacer
{
- public static $pattern = '/##str_replacement\{([0-9]+)\}##/';
+ public static $pattern = '/##str_replacement_(\d+)##/';
public $mailto_pattern;
public $link_pattern;
public $linkref_index;
public $linkref_pattern;
- private $values = array();
- private $options = array();
- private $linkrefs = array();
- private $urls = array();
+ protected $values = array();
+ protected $options = array();
+ protected $linkrefs = array();
+ protected $urls = array();
function __construct($options = array())
@@ -42,24 +42,24 @@
// Support unicode/punycode in top-level domain part
$utf_domain = '[^?&@"\'\\/()<>\s\r\t\n]+\\.?([^\\x00-\\x2f\\x3b-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-zA-Z0-9]{2,})';
$url1 = '.:;,';
- $url2 = 'a-zA-Z0-9%=#$@+?|!&\\/_~\\[\\]\\(\\){}\*-';
+ $url2 = 'a-zA-Z0-9%=#$@+?|!&\\/_~\\[\\]\\(\\){}\*\x80-\xFE-';
- $this->link_pattern = "/([\w]+:\/\/|\W[Ww][Ww][Ww]\.|^[Ww][Ww][Ww]\.)($utf_domain([$url1]*[$url2]+)*)/";
- $this->mailto_pattern = "/("
+ $this->options = $options;
+ $this->linkref_index = '/\[([^\]#]+)\](:?\s*##str_replacement_(\d+)##)/';
+ $this->linkref_pattern = '/\[([^\]#]+)\]/';
+ $this->link_pattern = "/([\w]+:\/\/|\W[Ww][Ww][Ww]\.|^[Ww][Ww][Ww]\.)($utf_domain([$url1]*[$url2]+)*)/";
+ $this->mailto_pattern = "/("
."[-\w!\#\$%&\'*+~\/^`|{}=]+(?:\.[-\w!\#\$%&\'*+~\/^`|{}=]+)*" // local-part
."@$utf_domain" // domain-part
."(\?[$url1$url2]+)?" // e.g. ?subject=test...
.")/";
- $this->linkref_index = '/\[([^\]#]+)\](:?\s*##str_replacement\{(\d+)\}##)/';
- $this->linkref_pattern = '/\[([^\]#]+)\]/';
-
- $this->options = $options;
}
/**
* Add a string to the internal list
*
- * @param string String value
+ * @param string String value
+ *
* @return int Index of value for retrieval
*/
public function add($str)
@@ -74,7 +74,7 @@
*/
public function get_replacement($i)
{
- return '##str_replacement{'.$i.'}##';
+ return '##str_replacement_' . $i . '##';
}
/**
@@ -141,6 +141,7 @@
* Callback function used to build mailto: links around e-mail strings
*
* @param array Matches result from preg_replace_callback
+ *
* @return int Index of saved string value
*/
public function mailto_callback($matches)
--
Gitblit v1.9.1