[Tickets #8094] Re: phishing warning
bugs at horde.org
bugs at horde.org
Tue Mar 17 16:11:30 UTC 2009
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/8094
------------------------------------------------------------------------------
Ticket | 8094
Updated By | dom.lalot at gmail.com
Summary | phishing warning
Queue | Horde Groupware Webmail Edition
Version | 1.2.2
Type | Bug
State | Unconfirmed
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
dom.lalot at gmail.com (2009-03-17 12:11) wrote:
In fact, the url is over two lines: Don't know how to patch it, and
even it that make sense. Firefox is interpreting as a
. S�minaires du mois de mars de l'UMR 891 INSERM - Centre de Recherche
en Canc�rologie : www.univmed.fr/communication/
?id=45418&file=SEMINAIRES_MARS_09.doc
<http://www.univmed.fr/communication/?id=45418&file=SEMINAIRES_MARS_09.doc>
What has been rendered to firefox is:
<td bgcolor="#ffffff" height="50">
<div align="justify"><span class="uni1">•</span> <span
class="uni2">Séminaires </span><span class="uni1">du mois de mars de
l'UMR 891 INSERM - Centre de Recherche en Cancérologie : <a
target="_blank"
class="mimeStatusWarning"
href="http://www.univmed.fr/communication/?id=45418&file=SEMINAIRES_MARS_09.doc">www.univmed.fr/communication/<br>
?id=45418&file=SEMINAIRES_MARS_09.doc</a></span><br>
</div>
</td>
</tr>
>> Hello,
>>
>> Our communication departement email are seen with phishing warning.
>> So I added some traces in ./lib/Horde/MIME/Viewer/html.php around
>> line 117
>>
>> preg_match('/\.?([^\.\/]+\.[^\.\/]+)[\/?]/',
>> $link, $host1);
>> preg_match('/\.?([^\.\/]+\.[^\.\/ ]+)([\/
>> ].*)?$/', $target, $host2);
>> if (!(count($host1) && count($host2)) ||
>> strcasecmp($host1[1], $host2[1]) !== 0) {
>> Horde::logMessage("tracedom2 l:$link t:$target ".$host1[1]."
>> ".$host2[1], __FILE__, __LINE__, PEAR_LOG_ERR);
>> $data =
>> preg_replace('/href\s*=\s*["\']?\s*(?:http|https|ftp):\/\/' .
>> preg_quote($m[1][$i], '/') .
>> '["\']?[^>]*>\s*(?:(?:http|https|ftp):\/\/)?' . preg_quote($m[2][$i],
>> '/') . '<\/a/is', 'class="mimeStatusWarning" $0', $data);
>> $phish_warn = true;
>> }
>>
>> it produces that:
>> tracedom2
>> l:www.univmed.fr/communication/?id=45418&file=seminaires_mars_09.doc
>> t:www.univmed.fr/communication/^M
>> ?id=45418&file=seminaires_mars_09.doc univmed.fr ^M
>> ?id=45418&file=seminaires_mars_09.doc [pid 30835 on line 120 of
>> "/var/www/perso/horde-webmail-1.2.2/lib/Horde/MIME/Viewer/html.php"]
>>
>> which means:
>> link and target are equal (may be should we test for equality first,
>> could be faster than regexp..) and after there is a confusion for the
>> value of host2. Debugging the regular expression is not easy. I have
>> no patch to put. Prefer leave Mickael have a look..
>>
>> I'm quite sure that /?id= is confusing the regexp
>>
>> Dom
>>
>>
>>
>
> I've added the mail in attachment
>
More information about the bugs
mailing list