From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)
---
program/steps/utils/html2text.inc | 21 ++++++++++++---------
1 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/program/steps/utils/html2text.inc b/program/steps/utils/html2text.inc
index ef74ec4..c01443b 100644
--- a/program/steps/utils/html2text.inc
+++ b/program/steps/utils/html2text.inc
@@ -1,12 +1,15 @@
<?php
-/*
+/*
+-----------------------------------------------------------------------+
| program/steps/utils/html2text.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2010, Roundcube Dev. - Switzerland |
- | Licensed under the GNU GPL |
+ | Copyright (C) 2005-2012, The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Convert HTML message to plain text |
@@ -14,15 +17,15 @@
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
-
- $Id$
-
*/
-$converter = new html2text($HTTP_RAW_POST_DATA);
+$html = $HTTP_RAW_POST_DATA;
+
+// Replace emoticon images with its text representation
+$html = $RCMAIL->replace_emoticons($html);
+
+$converter = new rcube_html2text($html, false, true, 0);
header('Content-Type: text/plain; charset=UTF-8');
print rtrim($converter->get_text());
exit;
-
-
--
Gitblit v1.9.1