| | |
|---|
| | | |
|---|
| | | case 'style': |
|---|
| | | // decode all escaped entities and reduce to ascii strings |
|---|
| | | $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content)); |
|---|
| | | $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entity_decode($content)); |
|---|
| | | |
|---|
| | | // now check for evil strings like expression, behavior or url() |
|---|
| | | if (!preg_match('/expression|behavior|url\(|import/', $stripped)) { |
|---|
| | |
|---|
| | | |
|---|
| | | function rcmail_search_filter($attrib) |
|---|
| | | { |
|---|
| | | global $OUTPUT; |
|---|
| | | global $OUTPUT, $CONFIG; |
|---|
| | | |
|---|
| | | if (!strlen($attrib['id'])) |
|---|
| | | $attrib['id'] = 'rcmlistfilter'; |
|---|
| | |
|---|
| | | $select_filter->add(rcube_label('unread'), 'UNSEEN'); |
|---|
| | | $select_filter->add(rcube_label('flagged'), 'FLAGGED'); |
|---|
| | | $select_filter->add(rcube_label('unanswered'), 'UNANSWERED'); |
|---|
| | | if (!$CONFIG['skip_deleted']) |
|---|
| | | $select_filter->add(rcube_label('deleted'), 'DELETED'); |
|---|
| | | |
|---|
| | | $out = $select_filter->show($_SESSION['search_filter']); |
|---|
| | | |
|---|
