X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fmime.php;h=25c6239a51cee84e2831af294c464c992c947e61;hp=9dd61e3f818b2a223875e0bfb621f5bc6c04ff64;hb=5db902611e23f154906e1901a0df910f63874ffc;hpb=46cbf588dd95e378087a0c34c38d0a4d220397cf

diff --git a/functions/mime.php b/functions/mime.php
index 9dd61e3f..25c6239a 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -1746,11 +1746,12 @@ function sq_fixstyle($body, $pos, $message, $id, $mailbox){
      * Fix stupid css declarations which lead to vulnerabilities
      * in IE.
      */
-    $match   = Array('/expression/i',
+    $match   = Array('/\/\*.*\*\//',
+                    '/expression/i',
                     '/behaviou*r/i',
                     '/binding/i',
                     '/include-source/i');
-    $replace = Array('idiocy', 'idiocy', 'idiocy', 'idiocy');
+    $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy');
     $contentNew = preg_replace($match, $replace, $contentTemp);
     if ($contentNew !== $contentTemp) {
         // insecure css declarations are used. From now on we don't care
@@ -2148,6 +2149,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
         "/^style/i" =>
             Array(
                 Array(
+                    "/\/\*.*\*\//",
                     "/expression/i",
                     "/binding/i",
                     "/behaviou*r/i",
@@ -2159,6 +2161,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
                     "/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si"
                     ),
                 Array(
+                    "",
                     "idiocy",
                     "idiocy",
                     "idiocy",