githubFork/roundcubemail.git

githubFork / roundcubemail

Roundcubemail devel

summary
reflog
commits
tree
docs
forks
compare

parent: 254bfdc2 | patch | commit | ignore whitespace

- Sanitize CSS universal selector from e-mails. Without this fix any messa...

vbenincasa

2010-06-09 d0b981757ab416dfd182e6b91e7f9a66132116f9

 - Sanitize CSS universal selector from e-mails. Without this fix any message can play with the CSS from entire mail window or mail preview frame. Test case: 
<style type="text/css">*{ background: #000; }</style>

1 files modified

program/include/main.inc

4 ●●●●● patch | view | raw | blame | history

 program/include/main.inc

@@ -1,4 +1,4 @@
<?php
<?php

/*
 +-----------------------------------------------------------------------+
@@ -843,7 +843,7 @@
  $styles = preg_replace(
    array(
      '/(^\s*<!--)|(-->\s*$)/',
      '/(^\s*|,\s*|\}\s*)([a-z0-9\._#][a-z0-9\.\-_]*)/im',
      '/(^\s*|,\s*|\}\s*)([a-z0-9\._#\*][a-z0-9\.\-_]*)/im',
      "/$container_id\s+body/i",
    ),
    array(

			@@ -1,4 +1,4 @@
			<?php
			<?php

			/*
			+-----------------------------------------------------------------------+
			@@ -843,7 +843,7 @@
			$styles = preg_replace(
			array(
			'/(^\s<!--)\|(-->\s$)/',
			'/(^\s\|,\s\|\}\s)([a-z0-9\._#][a-z0-9\.\-_])/im',
			'/(^\s\|,\s\|\}\s)([a-z0-9\._#\][a-z0-9\.\-_]*)/im',
			"/$container_id\s+body/i",
			),
			array(