From adcac3b9de2728c34c4d2b107e54823b6a7f6a5b Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Fri, 24 Aug 2018 12:29:18 +0200 Subject: [PATCH] Fix CSS issue in handling invalid style tag content (#6410) --- CHANGELOG | 1 + program/steps/mail/func.inc | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index d25749153..13ac68899 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -97,6 +97,7 @@ RELEASE 1.4-beta - Enigma: Fix deleting keys with authentication subkeys (#6381) - Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398) - Fix so Classic skin splitter does not escape out of window (#6397) +- Fix CSS issue in handling invalid style tag content (#6410) RELEASE 1.3.7 ------------- diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 57a95d12b..2dc802f16 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1003,7 +1003,8 @@ function rcmail_washtml_callback($tagname, $attrib, $content, $washtml) } // decode all escaped entities and reduce to ascii strings - $stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcube_utils::xss_entity_decode($content)); + $decoded = rcube_utils::xss_entity_decode($content); + $stripped = preg_replace('/[^a-zA-Z\(:;]/', '', $decoded); // now check for evil strings like expression, behavior or url() if (!preg_match('/expression|behavior|javascript:|import[^a]/i', $stripped)) { @@ -1011,7 +1012,7 @@ function rcmail_washtml_callback($tagname, $attrib, $content, $washtml) $washtml->extlinks = true; } else { - $out = html::tag('style', array('type' => 'text/css'), $content); + $out = html::tag('style', array('type' => 'text/css'), $decoded); } break; }