diff options
author | Aleksander Machniak <alec@alec.pl> | 2012-05-12 11:27:59 +0200 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2012-05-12 11:30:00 +0200 |
commit | 6236838574ce57195cfa5947b3b9b389bbce1080 (patch) | |
tree | 4357edccee76b3c3669b2243ef331d9ba488b910 | |
parent | 8253e7d245b03a2bfd5b51573e5d1024e45022ce (diff) |
Fix handling of some HTML tags e.g. IMG (#1488471) - reworked fix for #1486812
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/lib/washtml.php | 20 |
2 files changed, 11 insertions, 10 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix handling of some HTML tags e.g. IMG (#1488471) - Use similar language as a fallback for plugin localization (#1488401) - Fix issue where signature wasn't re-added on draft compose (#1488322) - Update to TinyMCE 3.5 (#1488459) diff --git a/program/lib/washtml.php b/program/lib/washtml.php index 04a65c7a1..daff5b5f4 100644 --- a/program/lib/washtml.php +++ b/program/lib/washtml.php @@ -108,7 +108,7 @@ class washtml /* Block elements which could be empty but cannot be returned in short form (<tag />) */ static $block_elements = array('div', 'p', 'pre', 'blockquote', 'a', 'font', 'center', - 'table', 'ul', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'ol', 'dl', 'strong', 'i', 'b', 'u'); + 'table', 'ul', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'ol', 'dl', 'strong', 'i', 'b', 'u', 'span'); /* State for linked objects in HTML */ public $extlinks = false; @@ -133,7 +133,8 @@ class washtml /* Constructor */ - public function __construct($p = array()) { + public function __construct($p = array()) + { $this->_html_elements = array_flip((array)$p['html_elements']) + array_flip(self::$html_elements) ; $this->_html_attribs = array_flip((array)$p['html_attribs']) + array_flip(self::$html_attribs); $this->_ignore_elements = array_flip((array)$p['ignore_elements']) + array_flip(self::$ignore_elements); @@ -149,7 +150,8 @@ class washtml } /* Check CSS style */ - private function wash_style($style) { + private function wash_style($style) + { $s = ''; foreach (explode(';', $style) as $declaration) { @@ -191,7 +193,8 @@ class washtml } /* Take a node and return allowed attributes and check values */ - private function wash_attribs($node) { + private function wash_attribs($node) + { $t = ''; $washed; @@ -231,7 +234,8 @@ class washtml /* The main loop that recurse on a node tree. * It output only allowed tags with allowed attributes * and allowed inline styles */ - private function dumpHtml($node) { + private function dumpHtml($node) + { if(!$node->hasChildNodes()) return ''; @@ -248,9 +252,7 @@ class washtml else if (isset($this->_html_elements[$tagName])) { $content = $this->dumpHtml($node); $dump .= '<' . $tagName . $this->wash_attribs($node) . - // create closing tag for block elements, but also for elements - // with content or with some attributes (eg. style, class) (#1486812) - ($content != '' || $node->hasAttributes() || isset($this->_block_elements[$tagName]) ? ">$content</$tagName>" : ' />'); + ($content != '' || isset($this->_block_elements[$tagName]) ? ">$content</$tagName>" : ' />'); } else if (isset($this->_ignore_elements[$tagName])) { $dump .= '<!-- ' . htmlspecialchars($tagName, ENT_QUOTES) . ' not allowed -->'; @@ -310,5 +312,3 @@ class washtml } } - -?> |