On Mon, Dec 22, 2014 at 11:27 AM, Cor Bosman cor@xs4all.nl wrote:
- Security: Fix possible CSRF attacks to some address book operations
as well as to the ACL and Managesieve plugins.
- Fix attachments encoded in TNEF containers (from Outlook)
- Fix compatibility with PHP 5.2
Hi Thomas, was this supposed to fix the uudecode problem as well?
No it wasn't. We didn't have a ticket nor time to investigate your post which just came in the day before the release.
1.0.4 still breaks any message containing the simple string 'foobar begin 2015 foobar'.
In dutch this is a very common set of words, as it translates to 'early 2015'. The problem is that the match for uuparts is too simple.
I created a PR off of 1.0-release to fix this problem. https://github.com/roundcube/roundcubemail/pull/252
Thanks for this! We'll review it as soon as possible.
In master this is handled differently, and it doesnt seem to fail, even though the matching for a uu encoded part could be improved there as well,
Maybe Alec can explain why commit https://github.com/roundcube/roundcubemail/commit/48ba4414 also refactors the uuencode part in git master without being mentioned in the commit message.
~Thomas