Unsafe regex pattern in mimemail_extract_files
rmjiv - October 6, 2009 - 18:49
| Project: | Mime Mail |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Description
The mimemail_extract_files function regex $pattern matches more items than it should. In our case, it matched the "src" suffix of a query parameter on a link.
Example: <a href="http://www.example.com?extsrc=foo"> was transformed into <a href="http://www.example.com?extsrc=Array">
because the "src=[\'"]?" clause of the regex matched.