For phishing, if link text is the end of the original URL path consid…

…er it to be safe
horde · Mar 5, 2015 · 0cff7f9 · 0cff7f9
1 parent 2a27881
commit 0cff7f9
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/framework/Mime_Viewer/lib/Horde/Mime/Viewer/Html.php b/framework/Mime_Viewer/lib/Horde/Mime/Viewer/Html.php
@@ -278,6 +278,14 @@ protected function _phishingCheck($href, $text)
                 return false;
             }
 
+            /* If the path matches the end of the URL path, consider safe
+             * (most likely the link text is something like a shortened
+             * filename). */
+            if (isset($href_url['path']) &&
+                preg_match("/" . preg_quote($text_url['path']) . "$/", $href_url['path'])) {
+                return false;
+            }
+
             /* Path info may include path, so remove that. */
             if (($pos = strpos($text_url['path'], '/')) !== false) {
                 $text_url['path'] = substr($text_url['path'], 0, $pos);