Summary | phishing warning |
Queue | Horde Groupware Webmail Edition |
Queue Version | 1.2.2 |
Type | Bug |
State | Resolved |
Priority | 1. Low |
Owners | jan (at) horde (dot) org |
Requester | dom.lalot (at) gmail (dot) com |
Created | 03/17/2009 (5959 days ago) |
Due | |
Updated | 03/18/2009 (5958 days ago) |
Assigned | |
Resolved | 03/18/2009 (5958 days ago) |
Github Issue Link | |
Github Pull Request | |
Milestone | |
Patch | No |
Assigned to Jan Schneider
State ⇒ Resolved
http://cvs.horde.org/diff.php/framework/MIME/MIME/Viewer/Attic/html.php?rt=horde&r1=1.14.4.32&r2=1.14.4.33&ty=u
even it that make sense. Firefox is interpreting as a
. S�minaires du mois de mars de l'UMR 891 INSERM - Centre de Recherche
en Canc�rologie : www.univmed.fr/communication/
?id=45418&file=SEMINAIRES_MARS_09.doc
<http://www.univmed.fr/communication/?id=45418&file=SEMINAIRES_MARS_09.doc>
What has been rendered to firefox is:
<td bgcolor="#ffffff" height="50">
<div align="justify"><span class="uni1">•</span> <span
class="uni2">Séminaires </span><span class="uni1">du mois de mars de
l'UMR 891 INSERM - Centre de Recherche en Cancérologie : <a
target="_blank"
class="mimeStatusWarning"
href="http://www.univmed.fr/communication/?id=45418&file=SEMINAIRES_MARS_09.doc">www.univmed.fr/communication/<br>
?id=45418&file=SEMINAIRES_MARS_09.doc</a></span><br>
</div>
</td>
</tr>
New Attachment: [Tous] Univmed.Infos - newsletter n°301 - 17 mars 2009 - semaine 12.eml
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ phishing warning
Queue ⇒ Horde Groupware Webmail Edition
Milestone ⇒
Patch ⇒ No
State ⇒ Unconfirmed
Our communication departement email are seen with phishing warning. So
I added some traces in ./lib/Horde/MIME/Viewer/html.php around line 117
preg_match('/\.?([^\.\/]+\.[^\.\/]+)[\/?]/',
$link, $host1);
preg_match('/\.?([^\.\/]+\.[^\.\/ ]+)([\/
].*)?$/', $target, $host2);
if (!(count($host1) && count($host2)) ||
strcasecmp($host1[1], $host2[1]) !== 0) {
Horde::logMessage("tracedom2 l:$link t:$target ".$host1[1]."
".$host2[1], __FILE__, __LINE__, PEAR_LOG_ERR);
$data =
preg_replace('/href\s*=\s*["\']?\s*(?:http|https|ftp):\/\/' .
preg_quote($m[1][$i], '/') .
'["\']?[^>]*>\s*(?:(?:http|https|ftp):\/\/)?' . preg_quote($m[2][$i],
'/') . '<\/a/is', 'class="mimeStatusWarning" $0', $data);
$phish_warn = true;
}
it produces that:
tracedom2
l:www.univmed.fr/communication/?id=45418&file=seminaires_mars_09.doc
t:www.univmed.fr/communication/^M
?id=45418&file=seminaires_mars_09.doc univmed.fr ^M
?id=45418&file=seminaires_mars_09.doc [pid 30835 on line 120 of
"/var/www/perso/horde-webmail-1.2.2/lib/Horde/MIME/Viewer/html.php"]
which means:
link and target are equal (may be should we test for equality first,
could be faster than regexp..) and after there is a confusion for the
value of host2. Debugging the regular expression is not easy. I have
no patch to put. Prefer leave Mickael have a look..
I'm quite sure that /?id= is confusing the regexp
Dom