From aafbe8efdca6dfef736e623dd5da83d64ae10aef Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Tue, 08 Apr 2014 09:48:27 -0400
Subject: [PATCH] Fix forwarding all ('*') messages of a search set

---
 program/lib/Roundcube/html.php |   15 ++++++++++++---
 1 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/program/lib/Roundcube/html.php b/program/lib/Roundcube/html.php
index 33517fb..64324dd 100644
--- a/program/lib/Roundcube/html.php
+++ b/program/lib/Roundcube/html.php
@@ -269,19 +269,28 @@
             return '';
         }
 
-        $allowed_f = array_flip((array)$allowed);
+        $allowed_f  = array_flip((array)$allowed);
         $attrib_arr = array();
+
         foreach ($attrib as $key => $value) {
             // skip size if not numeric
             if ($key == 'size' && !is_numeric($value)) {
                 continue;
             }
 
-            // ignore "internal" or not allowed attributes
-            if ($key == 'nl' || ($allowed && !isset($allowed_f[$key])) || $value === null) {
+            // ignore "internal" or empty attributes
+            if ($key == 'nl' || $value === null) {
                 continue;
             }
 
+            // ignore not allowed attributes
+            if (!empty($allowed)) {
+                $is_data_attr = substr_compare($key, 'data-', 0, 5) === 0;
+                if (!isset($allowed_f[$key]) && (!$is_data_attr || !isset($allowed_f['data-*']))) {
+                    continue;
+                }
+            }
+
             // skip empty eventhandlers
             if (preg_match('/^on[a-z]+/', $key) && !$value) {
                 continue;

--
Gitblit v1.9.1