Fix handling of invalid closing tags in HTML messages (#1489446)

11 years ago · ffec857b69
parent 993eb88d5a
commit ffec857b69
3 changed files with 21 additions and 2 deletions
--- a/1
+++ b/1
@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================

+- Fix handling of invalid closing tags in HTML messages (#1489446)
 - Set real content-type for file downloads (#1489439)
 - Update TinyMCE to version 3.5.10 (#1489442)
 - Fix keyboard navigation in list widgets (#1489392)
--- a/program/lib/Roundcube/rcube_washtml.php
+++ b/program/lib/Roundcube/rcube_washtml.php
@ -455,7 +455,7 @@ class rcube_washtml
        }

        // fix (unknown/malformed) HTML tags before "wash"
-        $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)/', array($this, 'html_tag_callback'), $html);
+        $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)([^>]*)/', array($this, 'html_tag_callback'), $html);

        // Remove invalid HTML comments (#1487759)
        // Don't remove valid conditional comments
@ -479,7 +479,12 @@ class rcube_washtml
            '/[^a-z0-9_\[\]\!-]/i', // forbidden characters
        ), '', $tagname);

-        return $matches[1] . $tagname;
+        // fix invalid closing tags - remove any attributes (#1489446)
+        if ($matches[1] == '</') {
+            $matches[3] = '';
+        }
+
+        return $matches[1] . $tagname . $matches[3];
    }

    /**
--- a/tests/Framework/Washtml.php
+++ b/tests/Framework/Washtml.php
@ -68,4 +68,17 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
        $this->assertRegExp('|<textarea>test</textarea>|', $washed, "Self-closing textarea (#1489137)");
    }

+    /**
+     * Test fixing of invalid closing tags (#1489446)
+     */
+    function test_closing_tag_attrs()
+    {
+        $html = "<a href=\"http://test.com\">test</a href>";
+
+        $washer = new rcube_washtml;
+        $washed = $washer->wash($html);
+
+        $this->assertRegExp('|</a>|', $washed, "Invalid closing tag (#1489446)");
+    }
+
 }