Merge branch 'master' of github.com:roundcube/roundcubemail

pull/43/head
Thomas Bruederli 12 years ago
commit 92eb18b46a

@ -3,6 +3,7 @@ CHANGELOG Roundcube Webmail
- Upgraded to jQuery 1.8.2 and jQuery UI 1.9.1 - Upgraded to jQuery 1.8.2 and jQuery UI 1.9.1
- Add config option to automatically generate LDAP attributes for new entries - Add config option to automatically generate LDAP attributes for new entries
- Fix AREA links handling (#1488792)
- Better client-side timezone detection using the jsTimezoneDetect library (#1488725) - Better client-side timezone detection using the jsTimezoneDetect library (#1488725)
- Fix possible HTTP DoS on error in keep-alive requests (#1488782) - Fix possible HTTP DoS on error in keep-alive requests (#1488782)
- Add option to disable saving sent mail in Sent folder - no_save_sent_messages (#1488686) - Add option to disable saving sent mail in Sent folder - no_save_sent_messages (#1488686)

@ -102,7 +102,7 @@ class washtml
'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight',
'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border',
'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace',
'cellborder', 'size', 'lang', 'dir', 'usemap', 'cellborder', 'size', 'lang', 'dir', 'usemap', 'shape',
// attributes of form elements // attributes of form elements
'type', 'rows', 'cols', 'disabled', 'readonly', 'checked', 'multiple', 'value' 'type', 'rows', 'cols', 'disabled', 'readonly', 'checked', 'multiple', 'value'
); );

@ -1294,7 +1294,7 @@ function rcmail_html4inline($body, $container_id, $body_id='', &$attributes=null
// modify HTML links to open a new window if clicked // modify HTML links to open a new window if clicked
$GLOBALS['rcmail_html_container_id'] = $container_id; $GLOBALS['rcmail_html_container_id'] = $container_id;
$body = preg_replace_callback('/<(a|link)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body); $body = preg_replace_callback('/<(a|link|area)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body);
unset($GLOBALS['rcmail_html_container_id']); unset($GLOBALS['rcmail_html_container_id']);
$body = preg_replace(array( $body = preg_replace(array(
@ -1407,7 +1407,11 @@ function rcmail_alter_html_link($matches)
$attrib['target'] = '_blank'; $attrib['target'] = '_blank';
} }
return "<$tag" . html::attrib_string($attrib, array('href','name','target','onclick','id','class','style','title','rel','type','media')) . $end; // allowed attributes for a|link|area tags
$allow = array('href','name','target','onclick','id','class','style','title',
'rel','type','media','alt','coords','nohref','hreflang','shape');
return "<$tag" . html::attrib_string($attrib, $allow) . $end;
} }

Loading…
Cancel
Save