diff options
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | program/lib/Roundcube/rcube_washtml.php | 11 | ||||
| -rw-r--r-- | tests/Framework/Washtml.php | 5 |
3 files changed, 16 insertions, 1 deletions
@@ -21,6 +21,7 @@ CHANGELOG Roundcube Webmail - Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422) - New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419) - Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449) +- Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) RELEASE 1.4-beta ---------------- diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php index 8837a917f..497a1c3e4 100644 --- a/program/lib/Roundcube/rcube_washtml.php +++ b/program/lib/Roundcube/rcube_washtml.php @@ -643,6 +643,9 @@ class rcube_washtml $html = str_replace($badwordchars, $fixedwordchars, $html); + // FIXME: HTML comments handling could be better. The code below can break comments (#6464), + // we should probably do not modify content inside comments at all. + // fix (unknown/malformed) HTML tags before "wash" $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)([^>]*)/', array($this, 'html_tag_callback'), $html); @@ -665,9 +668,15 @@ class rcube_washtml */ public static function html_tag_callback($matches) { + // It might be an ending of a comment, ignore (#6464) + if (substr($matches[3], -2) == '--') { + $matches[0] = ''; + return implode('', $matches); + } + $tagname = $matches[2]; $tagname = preg_replace(array( - '/:.*$/', // Microsoft's Smart Tags <st1:xxxx> + '/:.*$/', // Microsoft's Smart Tags <st1:xxxx> '/[^a-z0-9_\[\]\!?-]/i', // forbidden characters ), '', $tagname); diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php index 9879575a8..eebd80de5 100644 --- a/tests/Framework/Washtml.php +++ b/tests/Framework/Washtml.php @@ -98,6 +98,11 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase $washed = $this->cleanupResult($washer->wash($html)); $this->assertEquals('<p>para1</p><p>para2</p>', $washed, "HTML comments - bracket inside"); + + $html = "<p><!-- span>1</span -->\n<span>2</span>\n<!-- >3</span --><span>4</span></p>"; + $washed = $this->cleanupResult($washer->wash($html)); + + $this->assertEquals("<p>\n<span>2</span>\n<span>4</span></p>", $washed, "HTML comments (#6464)"); } /** |