1 Fix a vulnerability due to the use of "e" option of preg_replace.
3 --- roundcube-0.2~alpha/program/lib/html2text.php 2008-04-12 15:54:45.000000000 +0200
4 +++ roundcube-0.2~alpha/program/lib/html2text.php 2008-12-13 14:21:44.000000000 +0100
10 + * List of preg* regular expression patterns to search for
11 + * and replace using callback function.
13 + * @var array $callback_search
16 + var $callback_search = array(
17 + '/<(h)[123456][^>]*>(.*?)<\/h[123456]>/i', // H1 - H3
18 + '/<(b)[^>]*>(.*?)<\/b>/i', // <b>
19 + '/<(strong)[^>]*>(.*?)<\/strong>/i', // <strong>
20 + '/<(a) [^>]*href=("|\')([^"\']+)\2[^>]*>(.*?)<\/a>/i',
22 + '/<(th)[^>]*>(.*?)<\/th>/i', // <th> and </th>
26 * List of preg* regular expression patterns to search for,
27 * used in conjunction with $replace.
29 "/[\n\t]+/", // Newlines and tabs
30 '/<script[^>]*>.*?<\/script>/i', // <script>s -- which strip_tags supposedly has problems with
31 //'/<!-- .* -->/', // Comments -- which strip_tags might have problem a with
32 - '/<a [^>]*href=("|\')([^"\']+)\1[^>]*>(.+?)<\/a>/ie', // <a href="">
33 - '/<h[123][^>]*>(.+?)<\/h[123]>/ie', // H1 - H3
34 - '/<h[456][^>]*>(.+?)<\/h[456]>/ie', // H4 - H6
36 '/<br[^>]*>/i', // <br>
37 - '/<b[^>]*>(.+?)<\/b>/ie', // <b>
38 '/<i[^>]*>(.+?)<\/i>/i', // <i>
39 '/(<ul[^>]*>|<\/ul>)/i', // <ul> and </ul>
40 '/(<ol[^>]*>|<\/ol>)/i', // <ol> and </ol>
42 '/(<table[^>]*>|<\/table>)/i', // <table> and </table>
43 '/(<tr[^>]*>|<\/tr>)/i', // <tr> and </tr>
44 '/<td[^>]*>(.+?)<\/td>/i', // <td> and </td>
45 - '/<th[^>]*>(.+?)<\/th>/ie', // <th> and </th>
50 ' ', // Newlines and tabs
51 '', // <script>s -- which strip_tags supposedly has problems with
52 //'', // Comments -- which strip_tags might have problem a with
53 - '$this->_build_link_list("\\2", "\\3")', // <a href="">
54 - "strtoupper(\"\n\n\\1\n\n\")", // H1 - H3
55 - "ucwords(\"\n\n\\1\n\")", // H4 - H6
58 - 'strtoupper("\\1")', // <b>
60 "\n\n", // <ul> and </ul>
61 "\n\n", // <ol> and </ol>
63 "\n\n", // <table> and </table>
64 "\n", // <tr> and </tr>
65 "\t\t\\1\n", // <td> and </td>
66 - "strtoupper(\"\t\t\\1\n\")", // <th> and </th>
72 // Run our defined search-and-replace
73 $text = preg_replace($this->search, $this->replace, $text);
74 + $text = preg_replace_callback($this->callback_search, array('html2text', '_preg_callback'), $text);
76 // Strip any other HTML tags
77 $text = strip_tags($text, $this->allowed_tags);
80 return $display . ' [' . ($index+1) . ']';
84 + * Callback function for preg_replace_callback use.
86 + * @param array PREG matches
90 + function _preg_callback($matches)
96 + return $this->_strtoupper($matches[2]);
98 + return $this->_strtoupper("\t\t". $matches[2] ."\n");
100 + return $this->_strtoupper("\n\n". $matches[2] ."\n\n");
102 + return $this->_build_link_list($matches[3], $matches[4]);
107 + * Strtoupper multibyte wrapper function
113 + function _strtoupper($str)
115 + if (function_exists('mb_strtoupper'))
116 + return mb_strtoupper($str);
118 + return strtoupper($str);
123 \ Pas de fin de ligne à la fin du fichier.