From c17dc6aa31aaa6e7f61bd25993be55354e428996 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Sat, 20 Sep 2008 13:21:15 -0400
Subject: [PATCH] #1485385: fix missing close form tag
---
program/include/main.inc | 22 ++++++++++++++++++++--
1 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/program/include/main.inc b/program/include/main.inc
index 87c7277..0eb8dc7 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -212,6 +212,7 @@
return $str;
$aliases = array(
+ 'US-ASCII' => 'ISO-8859-1',
'UNKNOWN-8BIT' => 'ISO-8859-15',
'X-UNKNOWN' => 'ISO-8859-15',
'X-USER-DEFINED' => 'ISO-8859-15',
@@ -347,7 +348,7 @@
$str = strip_tags($str);
// avoid douple quotation of &
- $out = preg_replace('/&([a-z]{2,5}|#[0-9]{2,4});/', '&\\1;', strtr($str, $encode_arr));
+ $out = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', strtr($str, $encode_arr));
return $newlines ? nl2br($out) : $out;
}
@@ -597,7 +598,8 @@
$last_pos = 0;
// ignore the whole block if evil styles are detected
- if (stristr($source, 'expression') || stristr($source, 'behavior'))
+ $stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entitiy_decode($source));
+ if (preg_match('/expression|behavior|url\(|import/', $stripped))
return '';
// cut out all contents between { and }
@@ -633,6 +635,22 @@
/**
+ * Decode escaped entities used by known XSS exploits.
+ * See http://downloads.securityfocus.com/vulnerabilities/exploits/26800.eml for examples
+ *
+ * @param string CSS content to decode
+ * @return string Decoded string
+ */
+function rcmail_xss_entitiy_decode($content)
+{
+ $out = html_entity_decode(html_entity_decode($content));
+ $out = preg_replace('/\\\([0-9a-f]{4})/ie', "chr(hexdec('\\1'))", $out);
+ $out = preg_replace('#/\*.*\*/#Um', '', $out);
+ return $out;
+}
+
+
+/**
* Compose a valid attribute string for HTML tags
*
* @param array Named tag attributes
--
Gitblit v1.9.1