Changeset 5428 in subversion

Timestamp:

Nov 15, 2011 7:06:58 AM (18 months ago)

Author:

alec

Message:

• Fix handling of HTML form elements in messages (#1485137)

Location:

trunk/roundcubemail

Files:

• CHANGELOG (modified) (1 diff)
• program/lib/washtml.php (modified) (3 diffs)

trunk/roundcubemail/CHANGELOG

@@ -2 +2 @@
 ===========================
 
+- Fix handling of HTML form elements in messages (#1485137)
 - Fix regression in setting recipient to self when replying to a Sent message (#1487074)
 - Fix listing of folders in hidden namespaces (#1486796)

trunk/roundcubemail/program/lib/washtml.php

@@ -82 +82 @@
 {
   /* Allowed HTML elements (default) */
-  static $html_elements = array('a', 'abbr', 'acronym', 'address', 'area', 'b', 'basefont', 'bdo', 'big', 'blockquote', 'br', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'fieldset', 'font', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'ins', 'label', 'legend', 'li', 'map', 'menu', 'nobr', 'ol', 'p', 'pre', 'q', 's', 'samp', 'small', 'span', 'strike', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'u', 'ul', 'var', 'wbr', 'img');
-  
+  static $html_elements = array('a', 'abbr', 'acronym', 'address', 'area', 'b',
+    'basefont', 'bdo', 'big', 'blockquote', 'br', 'caption', 'center',
+    'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dir', 'div', 'dl',
+    'dt', 'em', 'fieldset', 'font', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i',
+    'ins', 'label', 'legend', 'li', 'map', 'menu', 'nobr', 'ol', 'p', 'pre', 'q',
+    's', 'samp', 'small', 'span', 'strike', 'strong', 'sub', 'sup', 'table',
+    'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'u', 'ul', 'var', 'wbr', 'img',
+    // form elements
+    'button', 'input', 'textarea', 'select', 'option', 'optgroup'
+  );
+
   /* Ignore these HTML tags and their content */
   static $ignore_elements = array('script', 'applet', 'embed', 'object', 'style');
-  
+
   /* Allowed HTML attributes */
-  static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height', 'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir');  
+  static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height',
+    'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing',
+    'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight',
+    'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border',
+    'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace',
+    'cellborder', 'size', 'lang', 'dir',
+    // attributes of form elements
+    'type', 'rows', 'cols', 'disabled', 'readonly', 'checked', 'multiple', 'value'
+  );
 
   /* Block elements which could be empty but cannot be returned in short form (<tag />) */
-  static $block_elements = array('div', 'p', 'pre', 'blockquote', 'a', 'font', 'center', 'table', 'ul', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'ol', 'dl', 'strong', 'i', 'b');
-  
+  static $block_elements = array('div', 'p', 'pre', 'blockquote', 'a', 'font', 'center',
+    'table', 'ul', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'ol', 'dl', 'strong', 'i', 'b');
+
   /* State for linked objects in HTML */
   public $extlinks = false;
@@ -101 +119 @@
   /* Registered callback functions for tags */
   private $handlers = array();
-  
+
   /* Allowed HTML elements */
   private $_html_elements = array();
@@ -113 +131 @@
   /* Allowed HTML attributes */
   private $_html_attribs = array();
-  
+
 
   /* Constructor */