Tickets :: [#3437] Changing case

6.0.0-beta1

9/15/25

Summary	Changing case
Queue	IMP
Queue Version	HEAD
Type	Bug
State	Resolved
Priority	2. Medium
Owners	Horde Developers (at)
Requester	pacqa104 (at) yahoo (dot) com (dot) au
Created	02/09/2006 (7158 days ago)
Due
Updated	11/20/2006 (6874 days ago)
Assigned	02/09/2006 (7158 days ago)
Resolved	11/20/2006 (6874 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

11/20/2006 03:26:50 PM	Chuck Hagenbuch	Comment #9	Reply to this comment
IIRC the original goal was to keep our "own" generated a tags from being mangled in other steps inside text2html. If anything we probably will escape more than before, not less, and loose some of our generated links tags. Right, that's the point, but we were mangling things to do it. At some point we couldn't link urls after encoding, but I don't know _why_ anymore. At this point, we run htmlspecialchars(), then run the linkurls and emails filters, and all of the tests pass. If you can show me either something that we lose, or a vulnerability here, please just add it to the test cases, but I'm not seeing it.

11/20/2006 09:43:37 AM	Jan Schneider	Comment #8	Reply to this comment
IIRC the original goal was to keep our "own" generated a tags from being mangled in other steps inside text2html. If anything we probably will escape more than before, not less, and loose some of our generated links tags.

11/20/2006 03:02:23 AM	Chuck Hagenbuch	Comment #7 State ⇒ Resolved	Reply to this comment
http://lists.horde.org/archives/cvs/Week-of-Mon-20061113/063123.html Seems way too simple but also can't find anything wrong with it. I also can't see a way this opens any HTML injection holes, but I'm not merging it for now in case something turns up. Further testing and insight there is most welcome.

11/19/2006 11:39:26 PM	Chuck Hagenbuch	Deleted Original Message

02/09/2006 05:33:40 AM	Michael Slusarz	Assigned to Horde Developers

02/09/2006 05:33:23 AM	Michael Slusarz	Version ⇒ HEAD State ⇒ Assigned

02/09/2006 05:26:03 AM	Matt Selsky	Comment #6	Reply to this comment
"<A" to "<a" Whups does it as well.

02/09/2006 05:25:01 AM	Matt Selsky	Comment #5	Reply to this comment
Problem exists in HEAD as well. Text_Filter_text2html is changing "<A" to "<a", without checking to make sure the tag is actually an archor tag. See http://cvs.horde.org/co.php/framework/Text_Filter/Filter/text2html.php?r=1.10#l87

02/09/2006 05:09:47 AM	Michael Slusarz	Comment #4 State ⇒ Not A Bug	Reply to this comment
#1 - I don't see any problems in rendering in your screenshot. #2 - XML data needs to be sent as text/xml to preserve any kind of data structure. Sending XML data in text/plain (which appears to be your case) can lead to unpredictable results. #3 - We are no longer developing the IMP 3.x branch (you are using IMP 3.2.1 which was released several (3+) years ago).

02/09/2006 04:57:44 AM	Matt Selsky	Comment #3	Reply to this comment
http://webmail.spin.net.au/horde/test.php

02/09/2006 04:37:44 AM	pacqa104 (at) yahoo (dot) com (dot) au	Comment #2	Reply to this comment
Oh, I'm not actually sure what version of IMP my provider is using. How do I tell?

02/09/2006 04:36:47 AM	pacqa104 (at) yahoo (dot) com (dot) au	Comment #1 Priority ⇒ 2. Medium Type ⇒ Bug Summary ⇒ Changing case Queue ⇒ IMP New Attachment: imp error.GIF State ⇒ Unconfirmed	Reply to this comment
Strange error with case of rendered document. I have a program that sends me an email with a body containing an XML document. When viewed with IMP, and angle bracket < letter capital shows as < lower case a. The message source shows the 'real' document. Doesn't seem to change < any other letter, just capital A. Peter