-Fix a vulnerability due to the use of "e" option of preg_replace.
-
---- roundcube-0.2~alpha/program/lib/html2text.php 2008-04-12 15:54:45.000000000 +0200
-+++ roundcube-0.2~alpha/program/lib/html2text.php 2008-12-13 14:21:44.000000000 +0100
-@@ -99,6 +99,22 @@
- */
- var $width = 70;
-
-+ /**
-+ * List of preg* regular expression patterns to search for
-+ * and replace using callback function.
-+ *
-+ * @var array $callback_search
-+ * @access public
-+ */
-+ var $callback_search = array(
-+ '/<(h)[123456][^>]*>(.*?)<\/h[123456]>/i', // H1 - H3
-+ '/<(b)[^>]*>(.*?)<\/b>/i', // <b>
-+ '/<(strong)[^>]*>(.*?)<\/strong>/i', // <strong>
-+ '/<(a) [^>]*href=("|\')([^"\']+)\2[^>]*>(.*?)<\/a>/i',
-+ // <a href="">
-+ '/<(th)[^>]*>(.*?)<\/th>/i', // <th> and </th>
-+ );
-+
- /**
- * List of preg* regular expression patterns to search for,
- * used in conjunction with $replace.
-@@ -112,12 +128,8 @@
- "/[\n\t]+/", // Newlines and tabs
- '/<script[^>]*>.*?<\/script>/i', // <script>s -- which strip_tags supposedly has problems with
- //'/<!-- .* -->/', // Comments -- which strip_tags might have problem a with
-- '/<a [^>]*href=("|\')([^"\']+)\1[^>]*>(.+?)<\/a>/ie', // <a href="">
-- '/<h[123][^>]*>(.+?)<\/h[123]>/ie', // H1 - H3
-- '/<h[456][^>]*>(.+?)<\/h[456]>/ie', // H4 - H6
- '/<p[^>]*>/i', // <P>
- '/<br[^>]*>/i', // <br>
-- '/<b[^>]*>(.+?)<\/b>/ie', // <b>
- '/<i[^>]*>(.+?)<\/i>/i', // <i>
- '/(<ul[^>]*>|<\/ul>)/i', // <ul> and </ul>
- '/(<ol[^>]*>|<\/ol>)/i', // <ol> and </ol>
-@@ -126,7 +138,6 @@
- '/(<table[^>]*>|<\/table>)/i', // <table> and </table>
- '/(<tr[^>]*>|<\/tr>)/i', // <tr> and </tr>
- '/<td[^>]*>(.+?)<\/td>/i', // <td> and </td>
-- '/<th[^>]*>(.+?)<\/th>/ie', // <th> and </th>
- '/ /i',
- '/"/i',
- '/>/i',
-@@ -161,12 +172,8 @@
- ' ', // Newlines and tabs
- '', // <script>s -- which strip_tags supposedly has problems with
- //'', // Comments -- which strip_tags might have problem a with
-- '$this->_build_link_list("\\2", "\\3")', // <a href="">
-- "strtoupper(\"\n\n\\1\n\n\")", // H1 - H3
-- "ucwords(\"\n\n\\1\n\")", // H4 - H6
- "\n\n", // <P>
- "\n", // <br>
-- 'strtoupper("\\1")', // <b>
- '_\\1_', // <i>
- "\n\n", // <ul> and </ul>
- "\n\n", // <ol> and </ol>
-@@ -175,7 +182,6 @@
- "\n\n", // <table> and </table>
- "\n", // <tr> and </tr>
- "\t\t\\1\n", // <td> and </td>
-- "strtoupper(\"\t\t\\1\n\")", // <th> and </th>
- ' ',
- '"',
- '>',
-@@ -379,6 +385,7 @@
-
- // Run our defined search-and-replace
- $text = preg_replace($this->search, $this->replace, $text);
-+ $text = preg_replace_callback($this->callback_search, array('html2text', '_preg_callback'), $text);
-
- // Strip any other HTML tags
- $text = strip_tags($text, $this->allowed_tags);
-@@ -446,6 +453,44 @@
-
- return $display . ' [' . ($index+1) . ']';
- }
-+
-+ /**
-+ * Callback function for preg_replace_callback use.
-+ *
-+ * @param array PREG matches
-+ * @return string
-+ * @access private
-+ */
-+ function _preg_callback($matches)
-+ {
-+ switch($matches[1])
-+ {
-+ case 'b':
-+ case 'strong':
-+ return $this->_strtoupper($matches[2]);
-+ case 'hr':
-+ return $this->_strtoupper("\t\t". $matches[2] ."\n");
-+ case 'h':
-+ return $this->_strtoupper("\n\n". $matches[2] ."\n\n");
-+ case 'a':
-+ return $this->_build_link_list($matches[3], $matches[4]);
-+ }
-+ }
-+
-+ /**
-+ * Strtoupper multibyte wrapper function
-+ *
-+ * @param string
-+ * @return string
-+ * @access private
-+ */
-+ function _strtoupper($str)
-+ {
-+ if (function_exists('mb_strtoupper'))
-+ return mb_strtoupper($str);
-+ else
-+ return strtoupper($str);
-+ }
- }
-
- ?>
-\ Pas de fin de ligne à la fin du fichier.