Roundcube Community Forum

Release Support => Pending Issues => Topic started by: mafro on March 19, 2008, 10:52:27 AM

Title: [BUG] Tiny Idiocy
Post by: mafro on March 19, 2008, 10:52:27 AM

When browsing my email, I get all "tinyurl.com" hrefs dynamically replaced with "tinyidiocy.com".

I believe the offending code to be the third line here - in file "program/steps/mail/func.inc":

Code: [Select]

/* Rename dangerous CSS */
$newvalue = preg_replace('/expression/i', 'idiocy', $newvalue);
$newvalue = preg_replace('/url/i', 'idiocy', $newvalue);
This is the only occurance of the string "idiocy" in all the source.

Roundcube is great- ive been a user since one of the first betas appeared. First time finding a real bug.. Keep up the good work.
mafro

edit: Forgot to mention the filename.. Doh.

Title: Re: [BUG] Tiny Idiocy
Post by: libral73 on March 15, 2015, 06:30:45 AM

dear
after many years ( the post by Manfro was dated 2008), I see that this bug is still there.
Today, trying to connect to connect to tinyurl from my roundcube I was instead sent to tinyidiocy.
It is just because I was sure the sender was respectable, that I discovered the bug, because at first it seems a simple spam.
I strongly suggest RoundCube to correct this annoying simple bug

best
Simone

Title: Re: [BUG] Tiny Idiocy
Post by: alec on March 15, 2015, 09:34:17 AM

There's no such code in Rundcube vanila package. So, don't blame Roundcube.