From 92eb18b46ac9dee2349bcb76b8fc5fea5dc8954f Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Fri, 09 Nov 2012 05:53:29 -0500
Subject: [PATCH] Merge branch 'master' of github.com:roundcube/roundcubemail

---
 CHANGELOG                   |    1 +
 program/steps/mail/func.inc |    8 ++++++--
 program/lib/washtml.php     |    2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 7f256e1..27f653a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,7 @@
 
 - Upgraded to jQuery 1.8.2 and jQuery UI 1.9.1
 - Add config option to automatically generate LDAP attributes for new entries
+- Fix AREA links handling (#1488792)
 - Better client-side timezone detection using the jsTimezoneDetect library (#1488725)
 - Fix possible HTTP DoS on error in keep-alive requests (#1488782)
 - Add option to disable saving sent mail in Sent folder - no_save_sent_messages (#1488686)
diff --git a/program/lib/washtml.php b/program/lib/washtml.php
index 98ae5ed..d5cdb82 100644
--- a/program/lib/washtml.php
+++ b/program/lib/washtml.php
@@ -102,7 +102,7 @@
     'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight',
     'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border',
     'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace',
-    'cellborder', 'size', 'lang', 'dir', 'usemap',
+    'cellborder', 'size', 'lang', 'dir', 'usemap', 'shape',
     // attributes of form elements
     'type', 'rows', 'cols', 'disabled', 'readonly', 'checked', 'multiple', 'value'
   );
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 10829d5..f128a38 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1294,7 +1294,7 @@
 
   // modify HTML links to open a new window if clicked
   $GLOBALS['rcmail_html_container_id'] = $container_id;
-  $body = preg_replace_callback('/<(a|link)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body);
+  $body = preg_replace_callback('/<(a|link|area)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body);
   unset($GLOBALS['rcmail_html_container_id']);
 
   $body = preg_replace(array(
@@ -1407,7 +1407,11 @@
     $attrib['target'] = '_blank';
   }
 
-  return "<$tag" . html::attrib_string($attrib, array('href','name','target','onclick','id','class','style','title','rel','type','media')) . $end;
+  // allowed attributes for a|link|area tags
+  $allow = array('href','name','target','onclick','id','class','style','title',
+    'rel','type','media','alt','coords','nohref','hreflang','shape');
+
+  return "<$tag" . html::attrib_string($attrib, $allow) . $end;
 }
 
 

--
Gitblit v1.9.1