From d0b981757ab416dfd182e6b91e7f9a66132116f9 Mon Sep 17 00:00:00 2001
From: vbenincasa <vbenincasa@gmail.com>
Date: Wed, 09 Jun 2010 15:08:15 -0400
Subject: [PATCH]  - Sanitize CSS universal selector from e-mails. Without this fix any message can play with the CSS from entire mail window or mail preview frame. Test case:  <style type="text/css">*{ background: #000; }</style>

---
 program/include/main.inc |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/program/include/main.inc b/program/include/main.inc
index f98e431..e5fe392 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -1,4 +1,4 @@
-<?php
+<?php
 
 /*
  +-----------------------------------------------------------------------+
@@ -843,7 +843,7 @@
   $styles = preg_replace(
     array(
       '/(^\s*<!--)|(-->\s*$)/',
-      '/(^\s*|,\s*|\}\s*)([a-z0-9\._#][a-z0-9\.\-_]*)/im',
+      '/(^\s*|,\s*|\}\s*)([a-z0-9\._#\*][a-z0-9\.\-_]*)/im',
       "/$container_id\s+body/i",
     ),
     array(

--
Gitblit v1.9.1