From 36c236eee7529eae962d7e7c5ec925d2d417c7b8 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 16 Sep 2008 09:02:53 -0400
Subject: [PATCH] Fix typos + only add callback for style tags when safe-flag is set

---
 program/steps/mail/func.inc |   17 ++++++++---------
 1 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 6d23b6f..02bc4dc 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -611,14 +611,13 @@
       $wash_opts['html_elements'] = array('html','head','title','body');
     }
     
-    // allow CSS styles, will be sanitized by rcmail_washtml_callback()
-    if ($p['safe']) {
-      $wash_opts['html_elements'][] = 'style';
-    }
-    
     $washer = new washtml($wash_opts);
     $washer->add_callback('form', 'rcmail_washtml_callback');
-    $washer->add_callback('style', 'rcmail_washtml_callback');
+    
+    if ($p['safe']) {  // allow CSS styles, will be sanitized by rcmail_washtml_callback()
+      $washer->add_callback('style', 'rcmail_washtml_callback');
+    }
+    
     $body = $washer->wash($html);
     $REMOTE_OBJECTS = $washer->extlinks;
 
@@ -708,10 +707,10 @@
       
     case 'style':
       // decode all escaped entities and reduce to ascii strings
-      $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($source));
+      $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content));
       
-      // now check for evli strings like expression, behavior or url()
-      if (!preg_match('/expression|behavior|url\(|import/', $css)) {
+      // now check for evil strings like expression, behavior or url()
+      if (!preg_match('/expression|behavior|url\(|import/', $stripped)) {
         $out = html::tag('style', array('type' => 'text/css'), $content);
         break;
       }

--
Gitblit v1.9.1