Roundcubemail devel
parent: c5acbc6c | patch | commit | ignore whitespace
Aleksander Machniak
2015-10-15 280395a544fa1822ee620ce38f361f7cf8185091 
Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)

Technically speaking we remove the whole CSS content when it has more than 5k lines.
2 files modified
8 ■■■■■ changed files
CHANGELOG 1 ●●●● patch | view | raw | blame | history
program/steps/mail/func.inc 7 ●●●●● patch | view | raw | blame | history 
 CHANGELOG


@@ -6,6 +6,7 @@


- Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)


- Fix responses list update issue after response name change (#1490555)


- Fix bug where message preview was unintentionally reset on check-recent action (#1490563)


- Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)




RELEASE 1.1.3


-------------




 program/steps/mail/func.inc


@@ -948,6 +948,13 @@


        break;




    case 'style':


        // Crazy big styles may freeze the browser (#1490539)


        // remove content with more than 5k lines


        if (substr_count($content, "\n") > 5000) {


            $out = '';


            break;


        }




        // decode all escaped entities and reduce to ascii strings


        $stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcube_utils::xss_entity_decode($content));