githubFork/roundcubemail.git

Fix unintentional line-height style modification in HTML messages (#1489917)

Aleksander Machniak

2014-05-27 49e260ba584d3545e75a374178f47a103da50893

commit \| author \| age
7ac944	1	<?php
AM	2
	3	/**
	4	+-----------------------------------------------------------------------+
	5	\| This file is part of the Roundcube Webmail client \|
	6	\| Copyright (C) 2008-2012, The Roundcube Dev Team \|
	7	\| \|
	8	\| Licensed under the GNU General Public License version 3 or \|
	9	\| any later version with exceptions for skins & plugins. \|
	10	\| See the README file for a full license statement. \|
	11	\| \|
	12	\| PURPOSE: \|
	13	\| Utility class providing HTML sanityzer (based on Washtml class) \|
	14	+-----------------------------------------------------------------------+
	15	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
	16	\| Author: Aleksander Machniak <alec@alec.pl> \|
	17	\| Author: Frederic Motte <fmotte@ubixis.com> \|
	18	+-----------------------------------------------------------------------+
	19	*/
	20
	21	/**
	22	* Washtml, a HTML sanityzer.
	23	*
	24	* Copyright (c) 2007 Frederic Motte <fmotte@ubixis.com>
	25	* All rights reserved.
	26	*
	27	* Redistribution and use in source and binary forms, with or without
	28	* modification, are permitted provided that the following conditions
	29	* are met:
	30	* 1. Redistributions of source code must retain the above copyright
	31	* notice, this list of conditions and the following disclaimer.
	32	* 2. Redistributions in binary form must reproduce the above copyright
	33	* notice, this list of conditions and the following disclaimer in the
	34	* documentation and/or other materials provided with the distribution.
	35	*
	36	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	37	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	38	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	39	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	40	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	41	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	42	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	43	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	44	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	45	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	46	*
	47	* OVERVIEW:
	48	*
	49	* Wahstml take an untrusted HTML and return a safe html string.
	50	*
	51	* SYNOPSIS:
	52	*
	53	* $washer = new washtml($config);
	54	* $washer->wash($html);
	55	* It return a sanityzed string of the $html parameter without html and head tags.
	56	* $html is a string containing the html code to wash.
	57	* $config is an array containing options:
	58	* $config['allow_remote'] is a boolean to allow link to remote images.
	59	* $config['blocked_src'] string with image-src to be used for blocked remote images
	60	* $config['show_washed'] is a boolean to include washed out attributes as x-washed
	61	* $config['cid_map'] is an array where cid urls index urls to replace them.
	62	* $config['charset'] is a string containing the charset of the HTML document if it is not defined in it.
	63	* $washer->extlinks is a reference to a boolean that is set to true if remote images were removed. (FE: show remote images link)
	64	*
	65	* INTERNALS:
	66	*
	67	* Only tags and attributes in the static lists $html_elements and $html_attributes
	68	* are kept, inline styles are also filtered: all style identifiers matching
	69	* /[a-z\-]/i are allowed. Values matching colors, sizes, /[a-z\-]/i and safe
	70	* urls if allowed and cid urls if mapped are kept.
	71	*
	72	* Roundcube Changes:
	73	* - added $block_elements
	74	* - changed $ignore_elements behaviour
	75	* - added RFC2397 support
	76	* - base URL support
	77	* - invalid HTML comments removal before parsing
	78	* - "fixing" unitless CSS values for XHTML output
	79	* - base url resolving
	80	*/
	81
	82	/**
	83	* Utility class providing HTML sanityzer
	84	*
	85	* @package Framework
	86	* @subpackage Utils
	87	*/
	88	class rcube_washtml
	89	{
	90	/* Allowed HTML elements (default) */
	91	static $html_elements = array('a', 'abbr', 'acronym', 'address', 'area', 'b',
	92	'basefont', 'bdo', 'big', 'blockquote', 'br', 'caption', 'center',
	93	'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dir', 'div', 'dl',
	94	'dt', 'em', 'fieldset', 'font', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i',
	95	'ins', 'label', 'legend', 'li', 'map', 'menu', 'nobr', 'ol', 'p', 'pre', 'q',
	96	's', 'samp', 'small', 'span', 'strike', 'strong', 'sub', 'sup', 'table',
	97	'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'u', 'ul', 'var', 'wbr', 'img',
	98	// form elements
	99	'button', 'input', 'textarea', 'select', 'option', 'optgroup'
	100	);
	101
	102	/* Ignore these HTML tags and their content */
	103	static $ignore_elements = array('script', 'applet', 'embed', 'object', 'style');
	104
	105	/* Allowed HTML attributes */
	106	static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height',
	107	'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing',
	108	'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight',
	109	'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border',
	110	'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace',
	111	'cellborder', 'size', 'lang', 'dir', 'usemap', 'shape', 'media',
	112	// attributes of form elements
	113	'type', 'rows', 'cols', 'disabled', 'readonly', 'checked', 'multiple', 'value'
	114	);
	115
cb3e2f	116	/* Elements which could be empty and be returned in short form (<tag />) */
AM	117	static $void_elements = array('area', 'base', 'br', 'col', 'command', 'embed', 'hr',
	118	'img', 'input', 'keygen', 'link', 'meta', 'param', 'source', 'track', 'wbr'
7ac944	119	);
AM	120
	121	/* State for linked objects in HTML */
	122	public $extlinks = false;
	123
	124	/* Current settings */
	125	private $config = array();
	126
	127	/* Registered callback functions for tags */
	128	private $handlers = array();
	129
	130	/* Allowed HTML elements */
	131	private $_html_elements = array();
	132
	133	/* Ignore these HTML tags but process their content */
	134	private $_ignore_elements = array();
	135
cb3e2f	136	/* Elements which could be empty and be returned in short form (<tag />) */
AM	137	private $_void_elements = array();
7ac944	138
AM	139	/* Allowed HTML attributes */
	140	private $_html_attribs = array();
	141
a89940	142	/* Max nesting level */
AM	143	private $max_nesting_level;
	144
7ac944	145
AM	146	/**
	147	* Class constructor
	148	*/
	149	public function __construct($p = array())
	150	{
	151	$this->_html_elements = array_flip((array)$p['html_elements']) + array_flip(self::$html_elements) ;
	152	$this->_html_attribs = array_flip((array)$p['html_attribs']) + array_flip(self::$html_attribs);
	153	$this->_ignore_elements = array_flip((array)$p['ignore_elements']) + array_flip(self::$ignore_elements);
cb3e2f	154	$this->_void_elements = array_flip((array)$p['void_elements']) + array_flip(self::$void_elements);
7ac944	155
cb3e2f	156	unset($p['html_elements'], $p['html_attribs'], $p['ignore_elements'], $p['void_elements']);
7ac944	157
AM	158	$this->config = $p + array('show_washed' => true, 'allow_remote' => false, 'cid_map' => array());
	159	}
	160
	161	/**
	162	* Register a callback function for a certain tag
	163	*/
	164	public function add_callback($tagName, $callback)
	165	{
	166	$this->handlers[$tagName] = $callback;
	167	}
	168
	169	/**
	170	* Check CSS style
	171	*/
	172	private function wash_style($style)
	173	{
05d419	174	$result = array();
7ac944	175
AM	176	foreach (explode(';', $style) as $declaration) {
	177	if (preg_match('/^\s([a-z\-]+)\s:\s(.)\s*$/i', $declaration, $match)) {
	178	$cssid = $match[1];
	179	$str = $match[2];
	180	$value = '';
	181
05d419	182	foreach ($this->explode_style($str) as $val) {
AM	183	if (preg_match('/^url\(/i', $val)) {
	184	if (preg_match('/^url$\s[\'"]?([^\'"$])[\'"]?\s*\)/iu', $val, $match)) {
	185	$url = $match[1];
	186	if (($src = $this->config['cid_map'][$url])
	187	\|\| ($src = $this->config['cid_map'][$this->config['base_url'].$url])
	188	) {
	189	$value .= ' url('.htmlspecialchars($src, ENT_QUOTES) . ')';
7ac944	190	}
05d419	191	else if (preg_match('!^(https?:)?//[a-z0-9/._+-]+$!i', $url, $m)) {
AM	192	if ($this->config['allow_remote']) {
	193	$value .= ' url('.htmlspecialchars($m[0], ENT_QUOTES).')';
	194	}
	195	else {
	196	$this->extlinks = true;
	197	}
7ac944	198	}
05d419	199	else if (preg_match('/^data:.+/i', $url)) { // RFC2397
AM	200	$value .= ' url('.htmlspecialchars($url, ENT_QUOTES).')';
	201	}
7ac944	202	}
AM	203	}
05d419	204	else if (!preg_match('/^(behavior\|expression)/i', $val)) {
7ac944	205	// whitelist ?
05d419	206	$value .= ' ' . $val;
7ac944	207
AM	208	// #1488535: Fix size units, so width:800 would be changed to width:800px
49e260	209	if (preg_match('/^(left\|right\|top\|bottom\|width\|height)/i', $cssid)
05d419	210	&& preg_match('/^[0-9]+$/', $val)
7ac944	211	) {
AM	212	$value .= 'px';
	213	}
	214	}
	215	}
	216
	217	if (isset($value[0])) {
05d419	218	$result[] = $cssid . ':' . $value;
7ac944	219	}
AM	220	}
	221	}
	222
05d419	223	return implode('; ', $result);
7ac944	224	}
AM	225
	226	/**
	227	* Take a node and return allowed attributes and check values
	228	*/
	229	private function wash_attribs($node)
	230	{
	231	$t = '';
	232	$washed = '';
	233
	234	foreach ($node->attributes as $key => $plop) {
	235	$key = strtolower($key);
	236	$value = $node->getAttribute($key);
	237
	238	if (isset($this->_html_attribs[$key]) \|\|
1f910c	239	($key == 'href' && ($value = trim($value))
AM	240	&& !preg_match('!^(javascript\|vbscript\|data:text)!i', $value)
7ac944	241	&& preg_match('!^([a-z][a-z0-9.+-]+:\|//\|#).+!i', $value))
AM	242	) {
	243	$t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
	244	}
	245	else if ($key == 'style' && ($style = $this->wash_style($value))) {
	246	$quot = strpos($style, '"') !== false ? "'" : '"';
	247	$t .= ' style=' . $quot . $style . $quot;
	248	}
	249	else if ($key == 'background' \|\| ($key == 'src' && strtolower($node->tagName) == 'img')) { //check tagName anyway
	250	if (($src = $this->config['cid_map'][$value])
	251	\|\| ($src = $this->config['cid_map'][$this->config['base_url'].$value])
	252	) {
	253	$t .= ' ' . $key . '="' . htmlspecialchars($src, ENT_QUOTES) . '"';
	254	}
	255	else if (preg_match('/^(http\|https\|ftp):.+/i', $value)) {
	256	if ($this->config['allow_remote']) {
	257	$t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
	258	}
	259	else {
	260	$this->extlinks = true;
	261	if ($this->config['blocked_src']) {
	262	$t .= ' ' . $key . '="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';
	263	}
	264	}
	265	}
	266	else if (preg_match('/^data:.+/i', $value)) { // RFC2397
	267	$t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
	268	}
	269	}
	270	else {
	271	$washed .= ($washed ? ' ' : '') . $key;
	272	}
	273	}
	274
	275	return $t . ($washed && $this->config['show_washed'] ? ' x-washed="'.$washed.'"' : '');
	276	}
	277
	278	/**
	279	* The main loop that recurse on a node tree.
7883ec	280	* It output only allowed tags with allowed attributes and allowed inline styles
AM	281	*
	282	* @param DOMNode $node HTML element
	283	* @param int $level Recurrence level (safe initial value found empirically)
7ac944	284	*/
7883ec	285	private function dumpHtml($node, $level = 20)
7ac944	286	{
AM	287	if (!$node->hasChildNodes()) {
	288	return '';
a89940	289	}
AM	290
	291	$level++;
	292
	293	if ($this->max_nesting_level > 0 && $level == $this->max_nesting_level - 1) {
	294	// log error message once
	295	if (!$this->max_nesting_level_error) {
	296	$this->max_nesting_level_error = true;
	297	rcube::raise_error(array('code' => 500, 'type' => 'php',
	298	'line' => __LINE__, 'file' => __FILE__,
	299	'message' => "Maximum nesting level exceeded (xdebug.max_nesting_level={$this->max_nesting_level})"),
	300	true, false);
	301	}
	302	return '<!-- ignored -->';
7ac944	303	}
AM	304
	305	$node = $node->firstChild;
	306	$dump = '';
	307
	308	do {
	309	switch($node->nodeType) {
	310	case XML_ELEMENT_NODE: //Check element
	311	$tagName = strtolower($node->tagName);
	312	if ($callback = $this->handlers[$tagName]) {
	313	$dump .= call_user_func($callback, $tagName,
a89940	314	$this->wash_attribs($node), $this->dumpHtml($node, $level), $this);
7ac944	315	}
AM	316	else if (isset($this->_html_elements[$tagName])) {
a89940	317	$content = $this->dumpHtml($node, $level);
7ac944	318	$dump .= '<' . $tagName . $this->wash_attribs($node) .
cb3e2f	319	($content === '' && isset($this->_void_elements[$tagName]) ? ' />' : ">$content</$tagName>");
7ac944	320	}
AM	321	else if (isset($this->_ignore_elements[$tagName])) {
	322	$dump .= '<!-- ' . htmlspecialchars($tagName, ENT_QUOTES) . ' not allowed -->';
	323	}
	324	else {
	325	$dump .= '<!-- ' . htmlspecialchars($tagName, ENT_QUOTES) . ' ignored -->';
a89940	326	$dump .= $this->dumpHtml($node, $level); // ignore tags not its content
7ac944	327	}
AM	328	break;
	329
	330	case XML_CDATA_SECTION_NODE:
	331	$dump .= $node->nodeValue;
	332	break;
	333
	334	case XML_TEXT_NODE:
	335	$dump .= htmlspecialchars($node->nodeValue);
	336	break;
	337
	338	case XML_HTML_DOCUMENT_NODE:
a89940	339	$dump .= $this->dumpHtml($node, $level);
7ac944	340	break;
AM	341
	342	case XML_DOCUMENT_TYPE_NODE:
	343	break;
	344
	345	default:
a89940	346	$dump .= '<!-- node type ' . $node->nodeType . ' -->';
7ac944	347	}
AM	348	} while($node = $node->nextSibling);
	349
	350	return $dump;
	351	}
	352
	353	/**
	354	* Main function, give it untrusted HTML, tell it if you allow loading
	355	* remote images and give it a map to convert "cid:" urls.
	356	*/
	357	public function wash($html)
	358	{
	359	// Charset seems to be ignored (probably if defined in the HTML document)
	360	$node = new DOMDocument('1.0', $this->config['charset']);
	361	$this->extlinks = false;
	362
	363	$html = $this->cleanup($html);
	364
	365	// Find base URL for images
	366	if (preg_match('/<base\s+href=[\'"]*([^\'"]+)/is', $html, $matches)) {
	367	$this->config['base_url'] = $matches[1];
	368	}
	369	else {
	370	$this->config['base_url'] = '';
	371	}
a89940	372
AM	373	// Detect max nesting level (for dumpHTML) (#1489110)
	374	$this->max_nesting_level = (int) @ini_get('xdebug.max_nesting_level');
7ac944	375
bfd24f	376	// Use optimizations if supported
AM	377	if (version_compare(PHP_VERSION, '5.4.0', '>=')) {
	378	@$node->loadHTML($html, LIBXML_PARSEHUGE \| LIBXML_COMPACT);
	379	}
	380	else {
	381	@$node->loadHTML($html);
	382	}
	383
7ac944	384	return $this->dumpHtml($node);
AM	385	}
	386
	387	/**
	388	* Getter for config parameters
	389	*/
	390	public function get_config($prop)
	391	{
	392	return $this->config[$prop];
	393	}
	394
	395	/**
	396	* Clean HTML input
	397	*/
	398	private function cleanup($html)
	399	{
	400	// special replacements (not properly handled by washtml class)
	401	$html_search = array(
	402	'/(<\/nobr>)(\s+)(<nobr>)/i', // space(s) between <NOBR>
	403	'/<title[^>]>[^<]<\/title>/i', // PHP bug #32547 workaround: remove title tag
	404	'/^(\0\0\xFE\xFF\|\xFF\xFE\0\0\|\xFE\xFF\|\xFF\xFE\|\xEF\xBB\xBF)/', // byte-order mark (only outlook?)
	405	'/<html\s[^>]+>/i', // washtml/DOMDocument cannot handle xml namespaces
	406	);
	407
	408	$html_replace = array(
	409	'\\1'.'   '.'\\3',
	410	'',
	411	'',
	412	'<html>',
	413	);
	414	$html = preg_replace($html_search, $html_replace, trim($html));
	415
b6a640	416	//-> Replace all of those weird MS Word quotes and other high characters
c72507	417	$badwordchars = array(
b6a640	418	"\xe2\x80\x98", // left single quote
R	419	"\xe2\x80\x99", // right single quote
	420	"\xe2\x80\x9c", // left double quote
	421	"\xe2\x80\x9d", // right double quote
	422	"\xe2\x80\x94", // em dash
	423	"\xe2\x80\xa6" // elipses
	424	);
c72507	425	$fixedwordchars = array(
b6a640	426	"'",
R	427	"'",
	428	'"',
	429	'"',
	430	'—',
	431	'...'
	432	);
c72507	433	$html = str_replace($badwordchars, $fixedwordchars, $html);
b6a640	434
7ac944	435	// PCRE errors handling (#1486856), should we use something like for every preg_* use?
AM	436	if ($html === null && ($preg_error = preg_last_error()) != PREG_NO_ERROR) {
	437	$errstr = "Could not clean up HTML message! PCRE Error: $preg_error.";
	438
	439	if ($preg_error == PREG_BACKTRACK_LIMIT_ERROR) {
	440	$errstr .= " Consider raising pcre.backtrack_limit!";
	441	}
	442	if ($preg_error == PREG_RECURSION_LIMIT_ERROR) {
	443	$errstr .= " Consider raising pcre.recursion_limit!";
	444	}
	445
	446	rcube::raise_error(array('code' => 620, 'type' => 'php',
	447	'line' => __LINE__, 'file' => __FILE__,
	448	'message' => $errstr), true, false);
a89940	449
7ac944	450	return '';
AM	451	}
	452
	453	// fix (unknown/malformed) HTML tags before "wash"
ffec85	454	$html = preg_replace_callback('/(<(?!\!)[\/])([^\s>]+)([^>])/', array($this, 'html_tag_callback'), $html);
7ac944	455
AM	456	// Remove invalid HTML comments (#1487759)
	457	// Don't remove valid conditional comments
1bce14	458	// Don't remove MSOutlook (<!-->) conditional comments (#1489004)
2d233b	459	$html = preg_replace('/<!--[^-<>\[\n]+>/', '', $html);
c72507	460
AM	461	// fix broken nested lists
	462	self::fix_broken_lists($html);
7ac944	463
AM	464	// turn relative into absolute urls
	465	$html = self::resolve_base($html);
	466
	467	return $html;
	468	}
	469
	470	/**
	471	* Callback function for HTML tags fixing
	472	*/
	473	public static function html_tag_callback($matches)
	474	{
	475	$tagname = $matches[2];
	476	$tagname = preg_replace(array(
	477	'/:.*$/', // Microsoft's Smart Tags <st1:xxxx>
	478	'/[^a-z0-9_\[\]\!-]/i', // forbidden characters
	479	), '', $tagname);
	480
ffec85	481	// fix invalid closing tags - remove any attributes (#1489446)
AM	482	if ($matches[1] == '</') {
	483	$matches[3] = '';
	484	}
	485
	486	return $matches[1] . $tagname . $matches[3];
7ac944	487	}
AM	488
	489	/**
	490	* Convert all relative URLs according to a <base> in HTML
	491	*/
	492	public static function resolve_base($body)
	493	{
	494	// check for <base href=...>
	495	if (preg_match('!(<base.*href=["\']?)([hftps]{3,5}://[a-z0-9/.%-]+)!i', $body, $regs)) {
	496	$replacer = new rcube_base_replacer($regs[2]);
	497	$body = $replacer->replace($body);
	498	}
	499
	500	return $body;
	501	}
	502
c72507	503	/**
AM	504	* Fix broken nested lists, they are not handled properly by DOMDocument (#1488768)
	505	*/
	506	public static function fix_broken_lists(&$html)
	507	{
	508	// do two rounds, one for <ol>, one for <ul>
	509	foreach (array('ol', 'ul') as $tag) {
	510	$pos = 0;
	511	while (($pos = stripos($html, '<' . $tag, $pos)) !== false) {
	512	$pos++;
	513
	514	// make sure this is an ol/ul tag
	515	if (!in_array($html[$pos+2], array(' ', '>'))) {
	516	continue;
	517	}
	518
	519	$p = $pos;
	520	$in_li = false;
	521	$li_pos = 0;
	522
	523	while (($p = strpos($html, '<', $p)) !== false) {
	524	$tt = strtolower(substr($html, $p, 4));
	525
	526	// li open tag
	527	if ($tt == '<li>' \|\| $tt == '<li ') {
	528	$in_li = true;
	529	$p += 4;
	530	}
	531	// li close tag
	532	else if ($tt == '</li' && in_array($html[$p+4], array(' ', '>'))) {
	533	$li_pos = $p;
	534	$p += 4;
	535	$in_li = false;
	536	}
	537	// ul/ol closing tag
	538	else if ($tt == '</' . $tag && in_array($html[$p+4], array(' ', '>'))) {
	539	break;
	540	}
	541	// nested ol/ul element out of li
	542	else if (!$in_li && $li_pos && ($tt == '<ol>' \|\| $tt == '<ol ' \|\| $tt == '<ul>' \|\| $tt == '<ul ')) {
	543	// find closing tag of this ul/ol element
	544	$element = substr($tt, 1, 2);
	545	$cpos = $p;
	546	do {
	547	$tpos = stripos($html, '<' . $element, $cpos+1);
	548	$cpos = stripos($html, '</' . $element, $cpos+1);
	549	}
	550	while ($tpos !== false && $cpos !== false && $cpos > $tpos);
	551
	552	// not found, this is invalid HTML, skip it
	553	if ($cpos === false) {
	554	break;
	555	}
	556
	557	// get element content
	558	$end = strpos($html, '>', $cpos);
	559	$len = $end - $p + 1;
	560	$element = substr($html, $p, $len);
	561
	562	// move element to the end of the last li
	563	$html = substr_replace($html, '', $p, $len);
	564	$html = substr_replace($html, $element, $li_pos, 0);
	565
	566	$p = $end;
	567	}
	568	else {
	569	$p++;
	570	}
	571	}
	572	}
	573	}
	574	}
05d419	575
AM	576	/**
	577	* Explode css style value
	578	*/
	579	protected function explode_style($style)
	580	{
	581	$style = trim($style);
	582
	583	// first remove comments
	584	$pos = 0;
	585	while (($pos = strpos($style, '/*', $pos)) !== false) {
	586	$end = strpos($style, '*/', $pos+2);
	587
	588	if ($end === false) {
	589	$style = substr($style, 0, $pos);
	590	}
	591	else {
	592	$style = substr_replace($style, '', $pos, $end - $pos + 2);
	593	}
	594	}
	595
	596	$strlen = strlen($style);
	597	$result = array();
	598
	599	// explode value
	600	for ($p=$i=0; $i < $strlen; $i++) {
	601	if (($style[$i] == "\"" \|\| $style[$i] == "'") && $style[$i-1] != "\\") {
	602	if ($q == $style[$i]) {
	603	$q = false;
	604	}
	605	else if (!$q) {
	606	$q = $style[$i];
	607	}
	608	}
	609
	610	if (!$q && $style[$i] == ' ' && !preg_match('/[,\(]/', $style[$i-1])) {
	611	$result[] = substr($style, $p, $i - $p);
	612	$p = $i + 1;
	613	}
	614	}
	615
	616	$result[] = (string) substr($style, $p);
	617
	618	return $result;
	619	}
c72507	620	}