From 102fbf1169116fef32a940b9fb1738bc45276059 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Fri, 24 Aug 2018 12:29:18 +0200 Subject: [PATCH] Fix CSS issue in handling invalid style tag content (#6410) --- CHANGELOG | 1 + program/steps/mail/func.inc | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 55d900aed..b3ee148fe 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -6,6 +6,7 @@ CHANGELOG Roundcube Webmail - Enigma: Fix deleting keys with authentication subkeys (#6381) - Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398) - Fix so Classic skin splitter does not escape out of window (#6397) +- Fix CSS issue in handling invalid style tag content (#6410) RELEASE 1.3.7 ------------- diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 81901c75b..2e229b831 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1014,7 +1014,8 @@ function rcmail_washtml_callback($tagname, $attrib, $content, $washtml) } // decode all escaped entities and reduce to ascii strings - $stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcube_utils::xss_entity_decode($content)); + $decoded = rcube_utils::xss_entity_decode($content); + $stripped = preg_replace('/[^a-zA-Z\(:;]/', '', $decoded); // now check for evil strings like expression, behavior or url() if (!preg_match('/expression|behavior|javascript:|import[^a]/i', $stripped)) { @@ -1022,7 +1023,7 @@ function rcmail_washtml_callback($tagname, $attrib, $content, $washtml) $washtml->extlinks = true; } else { - $out = html::tag('style', array('type' => 'text/css'), $content); + $out = html::tag('style', array('type' => 'text/css'), $decoded); } break; }