projects / squirrelmail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 46cbf58)
- MagicHTML fix for comments in styles.
authorkink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 22 Dec 2005 23:01:54 +0000 (23:01 +0000)
committerkink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 22 Dec 2005 23:01:54 +0000 (23:01 +0000)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@10495 7612ce4b-ef26-0410-bec9-ea0150e637f0

ChangeLog patch | blob | blame | history
functions/mime.php patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index 54b5d33c7c6167fb4b967b380a4285171666a8f7..42839e05afb8657ddc00c40aaaef48a1fef07a08 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -511,6 +511,7 @@ Version 1.5.1 -- CVS
   - Fixed character wrapping/encoding issues in Japanese translation (#1377622). 
     Issue is specific to sqBodyWrap() and string function wrappers introduced in 
     1.5.1.
+  - MagicHTML fix for comments in styles.
 
 Version 1.5.0 - 2 February 2004
 -------------------------------
diff --git a/functions/mime.php b/functions/mime.php
index 9dd61e3f818b2a223875e0bfb621f5bc6c04ff64..25c6239a51cee84e2831af294c464c992c947e61 100644 (file)
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -1746,11 +1746,12 @@ function sq_fixstyle($body, $pos, $message, $id, $mailbox){
      * Fix stupid css declarations which lead to vulnerabilities
      * in IE.
      */
-    $match   = Array('/expression/i',
+    $match   = Array('/\/\*.*\*\//',
+                    '/expression/i',
                     '/behaviou*r/i',
                     '/binding/i',
                     '/include-source/i');
-    $replace = Array('idiocy', 'idiocy', 'idiocy', 'idiocy');
+    $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy');
     $contentNew = preg_replace($match, $replace, $contentTemp);
     if ($contentNew !== $contentTemp) {
         // insecure css declarations are used. From now on we don't care
@@ -2148,6 +2149,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
         "/^style/i" =>
             Array(
                 Array(
+                    "/\/\*.*\*\//",
                     "/expression/i",
                     "/binding/i",
                     "/behaviou*r/i",
@@ -2159,6 +2161,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
                     "/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si"
                     ),
                 Array(
+                    "",
                     "idiocy",
                     "idiocy",
                     "idiocy",
Unnamed repository; edit this file 'description' to name the repository.