debian/patches/dont-use-preg-e-option.patch

   1 Fix a vulnerability due to the use of "e" option of preg_replace.
   2
   3 --- roundcube-0.2~alpha/program/lib/html2text.php       2008-04-12 15:54:45.000000000 +0200
   4 +++ roundcube-0.2~alpha/program/lib/html2text.php       2008-12-13 14:21:44.000000000 +0100
   5 @@ -99,6 +99,22 @@
   6       */
   7      var $width = 70;
   8
   9 +    /**
  10 +        *  List of preg* regular expression patterns to search for
  11 +        *  and replace using callback function.
  12 +        *
  13 +        *  @var array $callback_search
  14 +        *  @access public
  15 +        */
  16 +     var $callback_search = array(
  17 +        '/<(h)[123456][^>]*>(.*?)<\/h[123456]>/i', // H1 - H3
  18 +        '/<(b)[^>]*>(.*?)<\/b>/i',                 // <b>
  19 +        '/<(strong)[^>]*>(.*?)<\/strong>/i',       // <strong>
  20 +        '/<(a) [^>]*href=("|\')([^"\']+)\2[^>]*>(.*?)<\/a>/i',
  21 +                                                   // <a href="">
  22 +        '/<(th)[^>]*>(.*?)<\/th>/i',               // <th> and </th>
  23 +    );
  24 +
  25      /**
  26       *  List of preg* regular expression patterns to search for,
  27       *  used in conjunction with $replace.
  28 @@ -112,12 +128,8 @@
  29          "/[\n\t]+/",                             // Newlines and tabs
  30          '/<script[^>]*>.*?<\/script>/i',         // <script>s -- which strip_tags supposedly has problems with
  31          //'/<!-- .* -->/',                         // Comments -- which strip_tags might have problem a with
  32 -        '/<a [^>]*href=("|\')([^"\']+)\1[^>]*>(.+?)<\/a>/ie', // <a href="">
  33 -        '/<h[123][^>]*>(.+?)<\/h[123]>/ie',      // H1 - H3
  34 -        '/<h[456][^>]*>(.+?)<\/h[456]>/ie',      // H4 - H6
  35          '/<p[^>]*>/i',                           // <P>
  36          '/<br[^>]*>/i',                          // <br>
  37 -        '/<b[^>]*>(.+?)<\/b>/ie',                // <b>
  38          '/<i[^>]*>(.+?)<\/i>/i',                 // <i>
  39          '/(<ul[^>]*>|<\/ul>)/i',                 // <ul> and </ul>
  40          '/(<ol[^>]*>|<\/ol>)/i',                 // <ol> and </ol>
  41 @@ -126,7 +138,6 @@
  42          '/(<table[^>]*>|<\/table>)/i',           // <table> and </table>
  43          '/(<tr[^>]*>|<\/tr>)/i',                 // <tr> and </tr>
  44          '/<td[^>]*>(.+?)<\/td>/i',               // <td> and </td>
  45 -        '/<th[^>]*>(.+?)<\/th>/ie',              // <th> and </th>
  46          '/&nbsp;/i',
  47          '/&quot;/i',
  48          '/&gt;/i',
  49 @@ -161,12 +172,8 @@
  50          ' ',                                    // Newlines and tabs
  51          '',                                     // <script>s -- which strip_tags supposedly has problems with
  52          //'',                                  // Comments -- which strip_tags might have problem a with
  53 -        '$this->_build_link_list("\\2", "\\3")', // <a href="">
  54 -        "strtoupper(\"\n\n\\1\n\n\")",          // H1 - H3
  55 -        "ucwords(\"\n\n\\1\n\")",               // H4 - H6
  56          "\n\n",                                 // <P>
  57          "\n",                                   // <br>
  58 -        'strtoupper("\\1")',                    // <b>
  59          '_\\1_',                                // <i>
  60          "\n\n",                                 // <ul> and </ul>
  61          "\n\n",                                 // <ol> and </ol>
  62 @@ -175,7 +182,6 @@
  63          "\n\n",                                 // <table> and </table>
  64          "\n",                                   // <tr> and </tr>
  65          "\t\t\\1\n",                            // <td> and </td>
  66 -        "strtoupper(\"\t\t\\1\n\")",            // <th> and </th>
  67          ' ',
  68          '"',
  69          '>',
  70 @@ -379,6 +385,7 @@
  71
  72          // Run our defined search-and-replace
  73          $text = preg_replace($this->search, $this->replace, $text);
  74 +        $text = preg_replace_callback($this->callback_search, array('html2text', '_preg_callback'), $text);
  75
  76          // Strip any other HTML tags
  77          $text = strip_tags($text, $this->allowed_tags);
  78 @@ -446,6 +453,44 @@
  79
  80        return $display . ' [' . ($index+1) . ']';
  81        }
  82 +
  83 +    /**
  84 +     *  Callback function for preg_replace_callback use.
  85 +     *
  86 +     *  @param  array PREG matches
  87 +     *  @return string
  88 +     *  @access private
  89 +     */
  90 +    function _preg_callback($matches)
  91 +    {
  92 +               switch($matches[1])
  93 +               {
  94 +           case 'b':
  95 +           case 'strong':
  96 +                       return $this->_strtoupper($matches[2]);
  97 +           case 'hr':
  98 +               return $this->_strtoupper("\t\t". $matches[2] ."\n");
  99 +           case 'h':
 100 +                       return $this->_strtoupper("\n\n". $matches[2] ."\n\n");
 101 +           case 'a':
 102 +                       return $this->_build_link_list($matches[3], $matches[4]);
 103 +        }
 104 +    }
 105 +
 106 +    /**
 107 +     *  Strtoupper multibyte wrapper function
 108 +     *
 109 +     *  @param  string
 110 +     *  @return string
 111 +     *  @access private
 112 +     */
 113 +    function _strtoupper($str)
 114 +    {
 115 +               if (function_exists('mb_strtoupper'))
 116 +           return mb_strtoupper($str);
 117 +       else
 118 +                       return strtoupper($str);
 119 +    }
 120  }
 121
 122  ?>
 123 \ Pas de fin de ligne à la fin du fichier.