also need to get u\rl outside of style blocks;

do not try to correct them since they are obviously malicious

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@10817 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/functions/mime.php b/functions/mime.php
index 14ad942cb7af303d0969619d4921a60c094f8a7d..f3319390585cf6bf414e48e4ca54d8411511af7f 100644 (file)
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -2164,6 +2164,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
                     "/behaviou*r/i",
                     "/include-source/i",
                     "/position\s*:\s*absolute/i",
+                    "/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i",
                     "/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
                     "/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
                     "/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
@@ -2176,6 +2177,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
                     "idiocy",
                     "idiocy",
                     "",
+                    "idiocy",
                     "url(\\1#\\1)",
                     "url(\\1#\\1)",
                     "url(\\1#\\1)",