diff options
author | vbenincasa <vbenincasa@gmail.com> | 2010-06-09 19:08:15 +0000 |
---|---|---|
committer | vbenincasa <vbenincasa@gmail.com> | 2010-06-09 19:08:15 +0000 |
commit | d0b981757ab416dfd182e6b91e7f9a66132116f9 (patch) | |
tree | d53b286eaba7ad3abc3584c7cc4a54d08a82624e /program/include/main.inc | |
parent | 254bfdc29ec82f95878702e44d5cfed5174880bb (diff) |
- Sanitize CSS universal selector from e-mails. Without this fix any message can play with the CSS from entire mail window or mail preview frame. Test case:
<style type="text/css">*{ background: #000; }</style>
Diffstat (limited to 'program/include/main.inc')
-rw-r--r-- | program/include/main.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/program/include/main.inc b/program/include/main.inc index f98e4311e..e5fe3929b 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -1,4 +1,4 @@ -<?php +<?php /* +-----------------------------------------------------------------------+ @@ -843,7 +843,7 @@ function rcmail_mod_css_styles($source, $container_id) $styles = preg_replace( array( '/(^\s*<!--)|(-->\s*$)/', - '/(^\s*|,\s*|\}\s*)([a-z0-9\._#][a-z0-9\.\-_]*)/im', + '/(^\s*|,\s*|\}\s*)([a-z0-9\._#\*][a-z0-9\.\-_]*)/im', "/$container_id\s+body/i", ), array( |