Fix AREA links handling (#1488792)

CHANGELOG

@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix AREA links handling (#1488792)
 - Better client-side timezone detection using the jsTimezoneDetect library (#1488725)
 - Fix possible HTTP DoS on error in keep-alive requests (#1488782)
 - Add option to disable saving sent mail in Sent folder - no_save_sent_messages (#1488686)

program/lib/washtml.php

@@ -102,7 +102,7 @@ class washtml
     'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight',
     'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border',
     'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace',
-    'cellborder', 'size', 'lang', 'dir', 'usemap',
+    'cellborder', 'size', 'lang', 'dir', 'usemap', 'shape',
     // attributes of form elements
     'type', 'rows', 'cols', 'disabled', 'readonly', 'checked', 'multiple', 'value'
   );

program/steps/mail/func.inc

@@ -1294,7 +1294,7 @@ function rcmail_html4inline($body, $container_id, $body_id='', &$attributes=null
 
   // modify HTML links to open a new window if clicked
   $GLOBALS['rcmail_html_container_id'] = $container_id;
-  $body = preg_replace_callback('/<(a|link)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body);
+  $body = preg_replace_callback('/<(a|link|area)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body);
   unset($GLOBALS['rcmail_html_container_id']);
 
   $body = preg_replace(array(
@@ -1407,7 +1407,11 @@ function rcmail_alter_html_link($matches)
     $attrib['target'] = '_blank';
   }
 
-  return "<$tag" . html::attrib_string($attrib, array('href','name','target','onclick','id','class','style','title','rel','type','media')) . $end;
+  // allowed attributes for a|link|area tags
+  $allow = array('href','name','target','onclick','id','class','style','title',
+    'rel','type','media','alt','coords','nohref','hreflang','shape');
+
+  return "<$tag" . html::attrib_string($attrib, $allow) . $end;
 }