Changeset 5430 in subversion

Timestamp:

Nov 15, 2011 11:47:40 AM (19 months ago)

Author:

alec

Message:

• Fix washing styles with quoted values e.g. font-family

File:

• trunk/roundcubemail/program/lib/washtml.php (modified) (5 diffs)

trunk/roundcubemail/program/lib/washtml.php

@@ -142 +142 @@
     $this->config = $p + array('show_washed'=>true, 'allow_remote'=>false, 'cid_map'=>array());
   }
-  
+
   /* Register a callback function for a certain tag */
   public function add_callback($tagName, $callback)
@@ -148 +148 @@
     $this->handlers[$tagName] = $callback;
   }
-  
+
   /* Check CSS style */
   private function wash_style($style) {
@@ -162 +162 @@
                  '|rgb\(\s*[0-9]+\s*,\s*[0-9]+\s*,\s*[0-9]+\s*\)'.
                  '|-?[0-9.]+\s*(em|ex|px|cm|mm|in|pt|pc|deg|rad|grad|ms|s|hz|khz|%)?'.
-                 '|#[0-9a-f]{3,6}|[a-z0-9\-]+'.
+                 '|#[0-9a-f]{3,6}|[a-z0-9", -]+'.
                  ')\s*/i', $str, $match)) {
           if ($match[2]) {
@@ -179 +179 @@
             }
           }
-          else if ($match[0] != 'url' && $match[0] != 'rbg') //whitelist ?
+          else if ($match[0] != 'url' && $match[0] != 'rgb') //whitelist ?
             $value .= ' ' . $match[0];
+
           $str = substr($str, strlen($match[0]));
         }
@@ -201 +202 @@
          ($key == 'href' && preg_match('/^(http:|https:|ftp:|mailto:|#).+/i', $value)))
         $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
-      else if ($key == 'style' && ($style = $this->wash_style($value)))
-        $t .= ' style="' . $style . '"';
+      else if ($key == 'style' && ($style = $this->wash_style($value))) {
+        $quot = strpos($style, '"') !== false ? "'" : '"';
+        $t .= ' style=' . $quot . $style . $quot;
+      }
       else if ($key == 'background' || ($key == 'src' && strtolower($node->tagName) == 'img')) { //check tagName anyway
         if (($src = $this->config['cid_map'][$value])