From 5de338e45ebca0d055e0bb2a8df4db20fa61c6de Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 17 Oct 2015 07:38:36 -0400
Subject: [PATCH] Update changelog
---
program/lib/Roundcube/rcube_washtml.php | 28 +++++++++++++++++++---------
1 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php
index b93d3b1..c3f73fa 100644
--- a/program/lib/Roundcube/rcube_washtml.php
+++ b/program/lib/Roundcube/rcube_washtml.php
@@ -1,6 +1,6 @@
<?php
-/**
+/*
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2008-2012, The Roundcube Dev Team |
@@ -18,7 +18,7 @@
+-----------------------------------------------------------------------+
*/
-/**
+/*
* Washtml, a HTML sanityzer.
*
* Copyright (c) 2007 Frederic Motte <fmotte@ubixis.com>
@@ -174,6 +174,9 @@
{
$result = array();
+ // Remove unwanted white-space characters so regular expressions below work better
+ $style = preg_replace('/[\n\r\s\t]+/', ' ', $style);
+
foreach (explode(';', $style) as $declaration) {
if (preg_match('/^\s*([a-z\-]+)\s*:\s*(.*)\s*$/i', $declaration, $match)) {
$cssid = $match[1];
@@ -244,8 +247,8 @@
$t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
}
else if ($key == 'style' && ($style = $this->wash_style($value))) {
- $quot = strpos($style, '"') !== false ? "'" : '"';
- $t .= ' style=' . $quot . $style . $quot;
+ // replace double quotes to prevent syntax error and XSS issues (#1490227)
+ $t .= ' style="' . str_replace('"', '"', $style) . '"';
}
else if ($key == 'background'
|| ($key == 'src' && preg_match('/^(img|source)$/i', $node->tagName))
@@ -378,7 +381,7 @@
$this->max_nesting_level = (int) @ini_get('xdebug.max_nesting_level');
// Use optimizations if supported
- if (version_compare(PHP_VERSION, '5.4.0', '>=')) {
+ if (PHP_VERSION_ID >= 50400) {
@$node->loadHTML($html, LIBXML_PARSEHUGE | LIBXML_COMPACT);
}
else {
@@ -403,16 +406,23 @@
{
// special replacements (not properly handled by washtml class)
$html_search = array(
- '/(<\/nobr>)(\s+)(<nobr>)/i', // space(s) between <NOBR>
- '/<title[^>]*>[^<]*<\/title>/i', // PHP bug #32547 workaround: remove title tag
- '/^(\0\0\xFE\xFF|\xFF\xFE\0\0|\xFE\xFF|\xFF\xFE|\xEF\xBB\xBF)/', // byte-order mark (only outlook?)
- '/<html\s[^>]+>/i', // washtml/DOMDocument cannot handle xml namespaces
+ // space(s) between <NOBR>
+ '/(<\/nobr>)(\s+)(<nobr>)/i',
+ // PHP bug #32547 workaround: remove title tag
+ '/<title[^>]*>[^<]*<\/title>/i',
+ // remove <!doctype> before BOM (#1490291)
+ '/<\!doctype[^>]+>[^<]*/im',
+ // byte-order mark (only outlook?)
+ '/^(\0\0\xFE\xFF|\xFF\xFE\0\0|\xFE\xFF|\xFF\xFE|\xEF\xBB\xBF)/',
+ // washtml/DOMDocument cannot handle xml namespaces
+ '/<html\s[^>]+>/i',
);
$html_replace = array(
'\\1'.' '.'\\3',
'',
'',
+ '',
'<html>',
);
$html = preg_replace($html_search, $html_replace, trim($html));
--
Gitblit v1.9.1