From cf90c69ad7c9b27f10b1125c211fae389ee90fee Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sat, 14 Dec 2019 17:42:55 +0100 Subject: [PATCH] Fix bug where 'text' attribute on body tag was ignored when displaying HTML message (#7109) --- CHANGELOG | 1 + program/lib/Roundcube/rcube_washtml.php | 12 +++++++++++- program/steps/mail/func.inc | 6 ++++++ tests/Framework/Washtml.php | 20 ++++++++++++++++++++ tests/MailFunc.php | 7 ++++--- 5 files changed, 42 insertions(+), 4 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index e3ac7dcf2..296103c0f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -27,6 +27,7 @@ CHANGELOG Roundcube Webmail - Fix bug where 'skins_allowed' option didn't enforce user skin preference (#7080) - Fix so contact's organization field accepts up to 128 characters (it was 50) - Fix bug where listing tables in PostgreSQL database with db_prefix didn't work (#7093) +- Fix bug where 'text' attribute on body tag was ignored when displaying HTML message (#7109) RELEASE 1.4.1 ------------- diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php index 516a12471..48b594e89 100644 --- a/program/lib/Roundcube/rcube_washtml.php +++ b/program/lib/Roundcube/rcube_washtml.php @@ -155,6 +155,11 @@ class rcube_washtml 'maligngroup', 'none', 'mprescripts', ); + /** + * @var array Additional allowed attributes of body element + */ + static $body_attribs = array('alink', 'background', 'bgcolor', 'link', 'text', 'vlink'); + /** @var bool State indicating existence of linked objects in HTML */ public $extlinks = false; @@ -295,6 +300,11 @@ class rcube_washtml { $result = ''; $washed = array(); + $additional_attribs = array(); + + if ($node->nodeName == 'body') { + $additional_attribs = self::$body_attribs; + } foreach ($node->attributes as $name => $attr) { $key = strtolower($name); @@ -304,7 +314,7 @@ class rcube_washtml // replace double quotes to prevent syntax error and XSS issues (#1490227) $result .= ' style="' . str_replace('"', '"', $style) . '"'; } - else if (isset($this->_html_attribs[$key])) { + else if (isset($this->_html_attribs[$key]) || in_array($key, $additional_attribs)) { $value = trim($value); $out = null; diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 88b698a69..ae396cff1 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1127,6 +1127,12 @@ function rcmail_html4inline($body, &$args) $attrs = preg_replace('/\s?bgcolor=["\']*[a-z0-9#]+["\']*/i', '', $attrs); } + // Get text color, we'll set it as font color of the message container + if ($m[1] && preg_match('/text=["\']*([a-z0-9#]+)["\']*/i', $attrs, $mb)) { + $style['color'] = $mb[1]; + $attrs = preg_replace('/\s?text=["\']*[a-z0-9#]+["\']*/i', '', $attrs); + } + // Get background, we'll set it as background-image of the message container if ($m[1] && preg_match('/background=["\']*([^"\'>\s]+)["\']*/', $attrs, $mb)) { $style['background-image'] = 'url('.$mb[1].')'; diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php index 0f38495ed..45042b968 100644 --- a/tests/Framework/Washtml.php +++ b/tests/Framework/Washtml.php @@ -212,6 +212,26 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase $this->assertRegExp('|style="font-family: 新細明體; color: red"|', $washed, "Unicode chars in style attribute (#1489697)"); } + /** + * Test deprecated body attributes (#7109) + */ + function test_style_body_attrs() + { + $html = " + + "; + + $washer = new rcube_washtml(array('html_elements' => array('body'))); + $washed = $washer->wash($html); + + $this->assertRegExp('|bgcolor="#fff"|', $washed, "Body bgcolor attribute"); + $this->assertRegExp('|text="#000"|', $washed, "Body text attribute"); + $this->assertRegExp('|background="#test"|', $washed, "Body background attribute"); + $this->assertRegExp('|link="#111"|', $washed, "Body link attribute"); + $this->assertRegExp('|alink="#222"|', $washed, "Body alink attribute"); + $this->assertRegExp('|vlink="#333"|', $washed, "Body vlink attribute"); + } + /** * Test style item fixes */ diff --git a/tests/MailFunc.php b/tests/MailFunc.php index 1b1cbad58..ac073f085 100644 --- a/tests/MailFunc.php +++ b/tests/MailFunc.php @@ -50,7 +50,6 @@ class MailFunc extends PHPUnit_Framework_TestCase $this->assertRegExp('#background="program/resources/blocked.gif"#', $html, "Replace external background image"); $this->assertNotRegExp('/ex3.jpg/', $html, "No references to external images"); $this->assertNotRegExp('/]+>/', $html, "No meta tags allowed"); - //$this->assertNoPattern('/