[Tickets #8094] Re: phishing warning

bugs at horde.org bugs at horde.org
Tue Mar 17 15:44:18 UTC 2009 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/8094
------------------------------------------------------------------------------
  Ticket             | 8094
  Updated By         | dom.lalot at gmail.com
  Summary            | phishing warning
  Queue              | Horde Groupware Webmail Edition
  Version            | 1.2.2
  Type               | Bug
  State              | Unconfirmed
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             |
+New Attachment     | [Tous] Univmed.Infos - newsletter n°301 - 17  
mars 2009 - semaine 12.eml
------------------------------------------------------------------------------


dom.lalot at gmail.com (2009-03-17 11:44) wrote:

> Hello,
>
> Our communication departement email are seen with phishing warning.
> So I added some traces in ./lib/Horde/MIME/Viewer/html.php around
> line 117
>
>                         preg_match('/\.?([^\.\/]+\.[^\.\/]+)[\/?]/',
> $link, $host1);
>                         preg_match('/\.?([^\.\/]+\.[^\.\/ ]+)([\/
> ].*)?$/', $target, $host2);
>                         if (!(count($host1) && count($host2)) ||
>                             strcasecmp($host1[1], $host2[1]) !== 0) {
> Horde::logMessage("tracedom2 l:$link t:$target ".$host1[1]."
> ".$host2[1], __FILE__, __LINE__, PEAR_LOG_ERR);
>                             $data =
> preg_replace('/href\s*=\s*["\']?\s*(?:http|https|ftp):\/\/' .
> preg_quote($m[1][$i], '/') .
> '["\']?[^>]*>\s*(?:(?:http|https|ftp):\/\/)?' . preg_quote($m[2][$i],
> '/') . '<\/a/is', 'class="mimeStatusWarning" $0', $data);
>                             $phish_warn = true;
>                         }
>
> it produces that:
>  tracedom2
> l:www.univmed.fr/communication/?id=45418&amp;file=seminaires_mars_09.doc
> t:www.univmed.fr/communication/^M
> ?id=45418&amp;file=seminaires_mars_09.doc univmed.fr ^M
> ?id=45418&amp;file=seminaires_mars_09.doc [pid 30835 on line 120 of
> "/var/www/perso/horde-webmail-1.2.2/lib/Horde/MIME/Viewer/html.php"]
>
> which means:
> link and target are equal (may be should we test for equality first,
> could be faster than regexp..) and after there is a confusion for the
> value of host2. Debugging the regular expression is not easy. I have
> no patch to put. Prefer leave Mickael have a look..
>
> I'm quite sure that /?id= is confusing the regexp
>
> Dom
>
>
>

I've added the mail in attachment

More information about the bugs mailing list