6.0.0-beta1
7/10/25

[#8094] phishing warning
Summary phishing warning
Queue Horde Groupware Webmail Edition
Queue Version 1.2.2
Type Bug
State Resolved
Priority 1. Low
Owners jan (at) horde (dot) org
Requester dom.lalot (at) gmail (dot) com
Created 03/17/2009 (5959 days ago)
Due
Updated 03/18/2009 (5958 days ago)
Assigned
Resolved 03/18/2009 (5958 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
03/18/2009 10:49:28 PM Jan Schneider Comment #5
Assigned to Jan Schneider
State ⇒ Resolved
Reply to this comment
Fixed.
03/17/2009 04:11:29 PM dom (dot) lalot (at) gmail (dot) com Comment #3 Reply to this comment
In fact, the url is over two lines:  Don't know how to patch it, and 
even it that make sense. Firefox is interpreting as a



. S�minaires du mois de mars de l'UMR 891 INSERM - Centre de Recherche

en Canc�rologie : www.univmed.fr/communication/

?id=45418&file=SEMINAIRES_MARS_09.doc

<http://www.univmed.fr/communication/?id=45418&file=SEMINAIRES_MARS_09.doc>



What has been rendered to firefox is:



       <td bgcolor="#ffffff" height="50">

       <div align="justify"><span class="uni1">&#8226;</span> <span

  class="uni2">S&eacute;minaires </span><span class="uni1">du mois de mars de

l'UMR 891 INSERM - Centre de Recherche en Canc&eacute;rologie : <a 
target="_blank"

  class="mimeStatusWarning" 
href="http://www.univmed.fr/communication/?id=45418&amp;file=SEMINAIRES_MARS_09.doc">www.univmed.fr/communication/<br>



?id=45418&amp;file=SEMINAIRES_MARS_09.doc</a></span><br>

       </div>

       </td>

     </tr>

[Show Quoted Text - 45 lines]
03/17/2009 03:44:18 PM dom (dot) lalot (at) gmail (dot) com Comment #2
New Attachment: [Tous] Univmed.Infos - newsletter n°301 - 17 mars 2009 - semaine 12.eml
Reply to this comment

[Show Quoted Text - 42 lines]
I've added the mail in attachment


03/17/2009 03:22:01 PM dom (dot) lalot (at) gmail (dot) com Comment #1
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ phishing warning
Queue ⇒ Horde Groupware Webmail Edition
Milestone ⇒
Patch ⇒ No
State ⇒ Unconfirmed
Reply to this comment
Hello,



Our communication departement email are seen with phishing warning. So 
I added some traces in ./lib/Horde/MIME/Viewer/html.php around line 117



                         preg_match('/\.?([^\.\/]+\.[^\.\/]+)[\/?]/', 
$link, $host1);

                         preg_match('/\.?([^\.\/]+\.[^\.\/ ]+)([\/ 
].*)?$/', $target, $host2);

                         if (!(count($host1) && count($host2)) ||

                             strcasecmp($host1[1], $host2[1]) !== 0) {

Horde::logMessage("tracedom2 l:$link t:$target ".$host1[1]." 
".$host2[1], __FILE__, __LINE__, PEAR_LOG_ERR);

                             $data = 
preg_replace('/href\s*=\s*["\']?\s*(?:http|https|ftp):\/\/' . 
preg_quote($m[1][$i], '/') . 
'["\']?[^>]*>\s*(?:(?:http|https|ftp):\/\/)?' . preg_quote($m[2][$i], 
'/') . '<\/a/is', 'class="mimeStatusWarning" $0', $data);

                             $phish_warn = true;

                         }



it produces that:

  tracedom2 
l:www.univmed.fr/communication/?id=45418&amp;file=seminaires_mars_09.doc 
t:www.univmed.fr/communication/^M 
?id=45418&amp;file=seminaires_mars_09.doc univmed.fr ^M 
?id=45418&amp;file=seminaires_mars_09.doc [pid 30835 on line 120 of 
"/var/www/perso/horde-webmail-1.2.2/lib/Horde/MIME/Viewer/html.php"]



which means:

link and target are equal (may be should we test for equality first, 
could be faster than regexp..) and after there is a confusion for the 
value of host2. Debugging the regular expression is not easy. I have 
no patch to put. Prefer leave Mickael have a look..



I'm quite sure that /?id= is confusing the regexp



Dom






Saved Queries