banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)

Browse Source
pull/6500/head
Aleksander Machniak 6 years ago
parent d310ee5bf4
commit c22c177e53
3 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File

1
CHANGELOG
Unescape Escape View File

@ -11,6 +11,7 @@ CHANGELOG Roundcube Webmail
- Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422) - Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
- New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419) - New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
- Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449) - Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449)
- Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
RELEASE 1.3.7 RELEASE 1.3.7
------------- -------------

11
program/lib/Roundcube/rcube_washtml.php
Unescape Escape View File

@ -632,6 +632,9 @@ class rcube_washtml
return ''; return '';
} }
// FIXME: HTML comments handling could be better. The code below can break comments (#6464),
// we should probably do not modify content inside comments at all.
// fix (unknown/malformed) HTML tags before "wash" // fix (unknown/malformed) HTML tags before "wash"
$html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)([^>]*)/', array($this, 'html_tag_callback'), $html); $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)([^>]*)/', array($this, 'html_tag_callback'), $html);
@ -654,9 +657,15 @@ class rcube_washtml
*/ */
public static function html_tag_callback($matches) public static function html_tag_callback($matches)
{ {
// It might be an ending of a comment, ignore (#6464)
if (substr($matches[3], -2) == '--') {
$matches[0] = '';
return implode('', $matches);
}
$tagname = $matches[2]; $tagname = $matches[2];
$tagname = preg_replace(array( $tagname = preg_replace(array(
'/:.*$/', // Microsoft's Smart Tags <st1:xxxx> '/:.*$/', // Microsoft's Smart Tags <st1:xxxx>
'/[^a-z0-9_\[\]\!?-]/i', // forbidden characters '/[^a-z0-9_\[\]\!?-]/i', // forbidden characters
), '', $tagname); ), '', $tagname);

5
tests/Framework/Washtml.php
Unescape Escape View File

@ -90,6 +90,11 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
$washed = $washer->wash($html); $washed = $washer->wash($html);
$this->assertEquals('<!-- html ignored --><!-- body ignored --><p>para1</p><p>para2</p>', $washed, "HTML comments - bracket inside"); $this->assertEquals('<!-- html ignored --><!-- body ignored --><p>para1</p><p>para2</p>', $washed, "HTML comments - bracket inside");
$html = "<p><!-- span>1</span -->\n<span>2</span>\n<!-- >3</span --><span>4</span></p>";
$washed = $washer->wash($html);
$this->assertEquals("<!-- html ignored --><!-- body ignored --><p>\n<span>2</span>\n<span>4</span></p>", $washed, "HTML comments (#6464)");
} }
/** /**

Write Preview
Loading…
Cancel
Save