pkgs/servers/rainloop/fix-cve-2022-29360.patch

   1 Fetched from https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw/
   2
   3 --- a/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php
   4 +++ b/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php
   5 @@ -239,7 +239,8 @@ class HtmlUtils
   6                                 $oWrapHtml->setAttribute($sKey, $sValue);
   7                         }
   8
   9 -                       $oWrapDom = $oDom->createElement('div', '___xxx___');
  10 +                       $rand_str = base64_encode(random_bytes(32));
  11 +                       $oWrapDom = $oDom->createElement('div', $rand_str);
  12                         $oWrapDom->setAttribute('data-x-div-type', 'body');
  13                         foreach ($aBodylAttrs as $sKey => $sValue)
  14                         {
  15 @@ -250,7 +251,7 @@ class HtmlUtils
  16
  17                         $sWrp = $oDom->saveHTML($oWrapHtml);
  18
  19 -                       $sResult = \str_replace('___xxx___', $sResult, $sWrp);
  20 +                       $sResult = \str_replace($rand_str, $sResult, $sWrp);
  21                 }
  22
  23                 $sResult = \str_replace(\MailSo\Base\HtmlUtils::$KOS, ':', $sResult);