From f06aa8058b7e32ba32d4551074b6e0b8a300f751 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 21 Oct 2013 15:02:40 -0400
Subject: [PATCH] Bump version after security fix

---
 program/include/rcube_string_replacer.php |   84 ++++++++++++++++++++++++++++++++++-------
 1 files changed, 69 insertions(+), 15 deletions(-)

diff --git a/program/include/rcube_string_replacer.php b/program/include/rcube_string_replacer.php
index 03c04dd..b3d29eb 100644
--- a/program/include/rcube_string_replacer.php
+++ b/program/include/rcube_string_replacer.php
@@ -4,9 +4,12 @@
  +-----------------------------------------------------------------------+
  | program/include/rcube_string_replacer.php                             |
  |                                                                       |
- | This file is part of the RoundCube Webmail client                     |
- | Copyright (C) 2009, RoundCube Dev. - Switzerland                      |
- | Licensed under the GNU GPL                                            |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2009, The Roundcube Dev Team                            |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
  |                                                                       |
  | PURPOSE:                                                              |
  |   Handle string replacements based on preg_replace_callback           |
@@ -35,11 +38,18 @@
 
   function __construct()
   {
-    $url_chars = 'a-z0-9_\-\+\*\$\/&%=@#:;';
-    $url_chars_within = '\?\.~,!';
+    // Simplified domain expression for UTF8 characters handling
+    // Support unicode/punycode in top-level domain part
+    $utf_domain = '[^?&@"\'\\/()\s\r\t\n]+\\.([^\\x00-\\x2f\\x3b-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-z0-9]{2,})';
+    $url1 = '.:;,';
+    $url2 = 'a-z0-9%=#@+?!&\\/_~\\[\\]{}-';
 
-    $this->link_pattern = "/([\w]+:\/\/|\Wwww\.)([a-z0-9\-\.]+[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/i";
-    $this->mailto_pattern = "/([a-z0-9][a-z0-9\-\.\+\_]*@([a-z0-9]([-a-z0-9]*[a-z0-9])?\\.)+[a-z]{2,5})/i";
+    $this->link_pattern = "/([\w]+:\/\/|\Wwww\.)($utf_domain([$url1]?[$url2]+)*)/i";
+    $this->mailto_pattern = "/("
+        ."[-\w!\#\$%&\'*+~\/^`|{}=]+(?:\.[-\w!\#\$%&\'*+~\/^`|{}=]+)*"  // local-part
+        ."@$utf_domain"                                                 // domain-part
+        ."(\?[$url1$url2]+)?"                                           // e.g. ?subject=test...
+        .")/i";
   }
 
   /**
@@ -76,11 +86,19 @@
 
     if (preg_match('!^(http|ftp|file)s?://!', $scheme)) {
       $url = $matches[1] . $matches[2];
-      $i = $this->add(html::a(array('href' => $url, 'target' => '_blank'), Q($url)));
     }
     else if (preg_match('/^(\W)www\.$/', $matches[1], $m)) {
-      $url = 'www.' . $matches[2];
-      $i = $this->add($m[1] . html::a(array('href' => 'http://' . $url, 'target' => '_blank'), Q($url)));
+      $url        = 'www.' . $matches[2];
+      $url_prefix = 'http://';
+      $prefix     = $m[1];
+    }
+
+    if ($url) {
+      $suffix = $this->parse_url_brackets($url);
+      $i = $this->add($prefix . html::a(array(
+          'href' => $url_prefix . $url,
+          'target' => '_blank'
+        ), Q($url)) . $suffix);
     }
 
     // Return valid link for recognized schemes, otherwise, return the unmodified string for unrecognized schemes.
@@ -95,11 +113,13 @@
    */
   public function mailto_callback($matches)
   {
+    $href   = $matches[1];
+    $suffix = $this->parse_url_brackets($href);
+
     $i = $this->add(html::a(array(
-        'href' => 'mailto:' . $matches[1],
-        'onclick' => "return ".JS_OBJECT_NAME.".command('compose','".JQ($matches[1])."',this)",
-      ),
-      Q($matches[1])));
+        'href' => 'mailto:' . $href,
+        'onclick' => "return ".JS_OBJECT_NAME.".command('compose','".JQ($href)."',this)",
+      ), Q($href)) . $suffix);
 
     return $i >= 0 ? $this->get_replacement($i) : '';
   }
@@ -124,4 +144,38 @@
     return preg_replace_callback(self::$pattern, array($this, 'replace_callback'), $str);
   }
 
-}
\ No newline at end of file
+  /**
+   * Fixes bracket characters in URL handling
+   */
+  public static function parse_url_brackets(&$url)
+  {
+    // #1487672: special handling of square brackets,
+    // URL regexp allows [] characters in URL, for example:
+    // "http://example.com/?a[b]=c". However we need to handle
+    // properly situation when a bracket is placed at the end
+    // of the link e.g. "[http://example.com]"
+    if (preg_match('/(\\[|\\])/', $url)) {
+      $in = false;
+      for ($i=0, $len=strlen($url); $i<$len; $i++) {
+        if ($url[$i] == '[') {
+          if ($in)
+            break;
+          $in = true;
+        }
+        else if ($url[$i] == ']') {
+          if (!$in)
+            break;
+          $in = false;
+        }
+      }
+
+      if ($i<$len) {
+        $suffix = substr($url, $i);
+        $url    = substr($url, 0, $i);
+      }
+    }
+
+    return $suffix;
+  }
+
+}

--
Gitblit v1.9.1