From 82ed256f6eeba8dce305f3953aa70681351c9bad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 20 May 2014 13:25:45 -0400
Subject: [PATCH] Fix incorrect handling of HTML comments in messages sanitization code (#1489904)

---
 CHANGELOG                               |    1 +
 program/lib/Roundcube/rcube_washtml.php |    2 +-
 tests/Framework/Washtml.php             |   10 ++++++++++
 3 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 27286e8..1b093a5 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -26,6 +26,7 @@
 - Fix unintentional draft autosave request if autosave is disabled (#1489882)
 - Fix malformed References: header in send/saved mail (#1489891)
 - Fix handling unicode characters in links (#1489898)
+- Fix incorrect handling of HTML comments in messages sanitization code (#1489904)
 
 RELEASE 1.0.1
 -------------
diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php
index e23e5b2..5f40eec 100644
--- a/program/lib/Roundcube/rcube_washtml.php
+++ b/program/lib/Roundcube/rcube_washtml.php
@@ -456,7 +456,7 @@
         // Remove invalid HTML comments (#1487759)
         // Don't remove valid conditional comments
         // Don't remove MSOutlook (<!-->) conditional comments (#1489004)
-        $html = preg_replace('/<!--[^->\[\n]+>/', '', $html);
+        $html = preg_replace('/<!--[^-<>\[\n]+>/', '', $html);
 
         // fix broken nested lists
         self::fix_broken_lists($html);
diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php
index ab1ada0..5c15c69 100644
--- a/tests/Framework/Washtml.php
+++ b/tests/Framework/Washtml.php
@@ -53,6 +53,16 @@
         $washed = $washer->wash($html);
 
         $this->assertEquals('<!-- html ignored --><!-- body ignored --><p>test</p>', $washed, "HTML invalid comments (#1487759)");
+
+        $html   = "<p>para1</p><!-- comment --><p>para2</p>";
+        $washed = $washer->wash($html);
+
+        $this->assertEquals('<!-- html ignored --><!-- body ignored --><p>para1</p><!-- node type 8 --><p>para2</p>', $washed, "HTML comments - simple comment");
+
+        $html   = "<p>para1</p><!-- <hr> comment --><p>para2</p>";
+        $washed = $washer->wash($html);
+
+        $this->assertEquals('<!-- html ignored --><!-- body ignored --><p>para1</p><!-- node type 8 --><p>para2</p>', $washed, "HTML comments - tags inside (#1489904)");
     }
 
     /**

--
Gitblit v1.9.1