From 85a9130647fff8ffafbd35117705f3ec7ec98ce0 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 12 Sep 2008 12:00:25 -0400
Subject: [PATCH] Fix xss entitiy decoding

---
 program/include/main.inc |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/program/include/main.inc b/program/include/main.inc
index 0453b14..77074a0 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -643,8 +643,8 @@
 function rcmail_xss_entitiy_decode($content)
 {
   $out = html_entity_decode(html_entity_decode($content));
-  $out = preg_replace('/\\\00([a-z0-9]{2})/ie', "chr(hexdec('\\1'))", $out);
-  $out = preg_replace('#/\*.+\*/#Um', '', $out);
+  $out = preg_replace('/\\\([a-z0-9]{4})/ie', "chr(hexdec('\\1'))", $out);
+  $out = preg_replace('#/\*.*\*/#Um', '', $out);
   return $out;
 }
 

--
Gitblit v1.9.1