|
|
@ -171,7 +171,7 @@ class rcube_washtml
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
private function wash_style($style)
|
|
|
|
private function wash_style($style)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$s = '';
|
|
|
|
$result = array();
|
|
|
|
|
|
|
|
|
|
|
|
foreach (explode(';', $style) as $declaration) {
|
|
|
|
foreach (explode(';', $style) as $declaration) {
|
|
|
|
if (preg_match('/^\s*([a-z\-]+)\s*:\s*(.*)\s*$/i', $declaration, $match)) {
|
|
|
|
if (preg_match('/^\s*([a-z\-]+)\s*:\s*(.*)\s*$/i', $declaration, $match)) {
|
|
|
@ -179,54 +179,48 @@ class rcube_washtml
|
|
|
|
$str = $match[2];
|
|
|
|
$str = $match[2];
|
|
|
|
$value = '';
|
|
|
|
$value = '';
|
|
|
|
|
|
|
|
|
|
|
|
while (sizeof($str) > 0 &&
|
|
|
|
foreach ($this->explode_style($str) as $val) {
|
|
|
|
preg_match('/^(url\(\s*[\'"]?([^\'"\)]*)[\'"]?\s*\)'./*1,2*/
|
|
|
|
if (preg_match('/^url\(/i', $val)) {
|
|
|
|
'|rgb\(\s*[0-9]+\s*,\s*[0-9]+\s*,\s*[0-9]+\s*\)'.
|
|
|
|
if (preg_match('/^url\(\s*[\'"]?([^\'"\)]*)[\'"]?\s*\)/iu', $val, $match)) {
|
|
|
|
'|-?[0-9.]+\s*(em|ex|px|cm|mm|in|pt|pc|deg|rad|grad|ms|s|hz|khz|%)?'.
|
|
|
|
$url = $match[1];
|
|
|
|
'|#[0-9a-f]{3,6}'.
|
|
|
|
if (($src = $this->config['cid_map'][$url])
|
|
|
|
'|[a-z0-9"\', -]+'.
|
|
|
|
|| ($src = $this->config['cid_map'][$this->config['base_url'].$url])
|
|
|
|
')\s*/i', $str, $match)
|
|
|
|
|
|
|
|
) {
|
|
|
|
|
|
|
|
if ($match[2]) {
|
|
|
|
|
|
|
|
if (($src = $this->config['cid_map'][$match[2]])
|
|
|
|
|
|
|
|
|| ($src = $this->config['cid_map'][$this->config['base_url'].$match[2]])
|
|
|
|
|
|
|
|
) {
|
|
|
|
) {
|
|
|
|
$value .= ' url('.htmlspecialchars($src, ENT_QUOTES) . ')';
|
|
|
|
$value .= ' url('.htmlspecialchars($src, ENT_QUOTES) . ')';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (preg_match('!^(https?:)?//[a-z0-9/._+-]+$!i', $match[2], $url)) {
|
|
|
|
else if (preg_match('!^(https?:)?//[a-z0-9/._+-]+$!i', $url, $m)) {
|
|
|
|
if ($this->config['allow_remote']) {
|
|
|
|
if ($this->config['allow_remote']) {
|
|
|
|
$value .= ' url('.htmlspecialchars($url[0], ENT_QUOTES).')';
|
|
|
|
$value .= ' url('.htmlspecialchars($m[0], ENT_QUOTES).')';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
else {
|
|
|
|
$this->extlinks = true;
|
|
|
|
$this->extlinks = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (preg_match('/^data:.+/i', $match[2])) { // RFC2397
|
|
|
|
else if (preg_match('/^data:.+/i', $url)) { // RFC2397
|
|
|
|
$value .= ' url('.htmlspecialchars($match[2], ENT_QUOTES).')';
|
|
|
|
$value .= ' url('.htmlspecialchars($url, ENT_QUOTES).')';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
}
|
|
|
|
|
|
|
|
else if (!preg_match('/^(behavior|expression)/i', $val)) {
|
|
|
|
// whitelist ?
|
|
|
|
// whitelist ?
|
|
|
|
$value .= ' ' . $match[0];
|
|
|
|
$value .= ' ' . $val;
|
|
|
|
|
|
|
|
|
|
|
|
// #1488535: Fix size units, so width:800 would be changed to width:800px
|
|
|
|
// #1488535: Fix size units, so width:800 would be changed to width:800px
|
|
|
|
if (preg_match('/(left|right|top|bottom|width|height)/i', $cssid)
|
|
|
|
if (preg_match('/(left|right|top|bottom|width|height)/i', $cssid)
|
|
|
|
&& preg_match('/^[0-9]+$/', $match[0])
|
|
|
|
&& preg_match('/^[0-9]+$/', $val)
|
|
|
|
) {
|
|
|
|
) {
|
|
|
|
$value .= 'px';
|
|
|
|
$value .= 'px';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$str = substr($str, strlen($match[0]));
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (isset($value[0])) {
|
|
|
|
if (isset($value[0])) {
|
|
|
|
$s .= ($s?' ':'') . $cssid . ':' . $value . ';';
|
|
|
|
$result[] = $cssid . ':' . $value;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return $s;
|
|
|
|
return implode('; ', $result);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
/**
|
|
|
@ -578,4 +572,49 @@ class rcube_washtml
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
|
|
* Explode css style value
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
protected function explode_style($style)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
$style = trim($style);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// first remove comments
|
|
|
|
|
|
|
|
$pos = 0;
|
|
|
|
|
|
|
|
while (($pos = strpos($style, '/*', $pos)) !== false) {
|
|
|
|
|
|
|
|
$end = strpos($style, '*/', $pos+2);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ($end === false) {
|
|
|
|
|
|
|
|
$style = substr($style, 0, $pos);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else {
|
|
|
|
|
|
|
|
$style = substr_replace($style, '', $pos, $end - $pos + 2);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$strlen = strlen($style);
|
|
|
|
|
|
|
|
$result = array();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// explode value
|
|
|
|
|
|
|
|
for ($p=$i=0; $i < $strlen; $i++) {
|
|
|
|
|
|
|
|
if (($style[$i] == "\"" || $style[$i] == "'") && $style[$i-1] != "\\") {
|
|
|
|
|
|
|
|
if ($q == $style[$i]) {
|
|
|
|
|
|
|
|
$q = false;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else if (!$q) {
|
|
|
|
|
|
|
|
$q = $style[$i];
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (!$q && $style[$i] == ' ' && !preg_match('/[,\(]/', $style[$i-1])) {
|
|
|
|
|
|
|
|
$result[] = substr($style, $p, $i - $p);
|
|
|
|
|
|
|
|
$p = $i + 1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$result[] = (string) substr($style, $p);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return $result;
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|