From 2d233bf49c7d1eee76c2d0b9591a4576a99b5e66 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 20 May 2014 13:26:27 -0400
Subject: [PATCH] Fix incorrect handling of HTML comments in messages sanitization code (#1489904)

---
 program/lib/Roundcube/rcube_washtml.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php
index e23e5b2..5f40eec 100644
--- a/program/lib/Roundcube/rcube_washtml.php
+++ b/program/lib/Roundcube/rcube_washtml.php
@@ -456,7 +456,7 @@
         // Remove invalid HTML comments (#1487759)
         // Don't remove valid conditional comments
         // Don't remove MSOutlook (<!-->) conditional comments (#1489004)
-        $html = preg_replace('/<!--[^->\[\n]+>/', '', $html);
+        $html = preg_replace('/<!--[^-<>\[\n]+>/', '', $html);
 
         // fix broken nested lists
         self::fix_broken_lists($html);

--
Gitblit v1.9.1