summaryrefslogtreecommitdiff
path: root/program/lib
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2011-12-10 14:16:31 +0000
committerthomascube <thomas@roundcube.net>2011-12-10 14:16:31 +0000
commite02694c3a6dbe753c5683d201b6b6b14c2b30660 (patch)
tree83af39a5d7bfaebe0dec1b4d52c5c88f6ecb5b60 /program/lib
parent19073428b195dd988b9e422b4d9ff78333a3b77a (diff)
Backported CSS sanitization (r5586:r5590)
Diffstat (limited to 'program/lib')
-rw-r--r--program/lib/washtml.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/program/lib/washtml.php b/program/lib/washtml.php
index 9c8625f30..f8c3251ad 100644
--- a/program/lib/washtml.php
+++ b/program/lib/washtml.php
@@ -168,7 +168,7 @@ class washtml
|| ($src = $this->config['cid_map'][$this->config['base_url'].$match[2]])) {
$value .= ' url('.htmlspecialchars($src, ENT_QUOTES) . ')';
}
- else if (preg_match('/^(http|https|ftp):.*$/i', $match[2], $url)) {
+ else if (preg_match('!^(https?:)?//[a-z0-9/._+-]+$!i', $match[2], $url)) {
if ($this->config['allow_remote'])
$value .= ' url('.htmlspecialchars($url[0], ENT_QUOTES).')';
else
@@ -243,7 +243,7 @@ class washtml
case XML_ELEMENT_NODE: //Check element
$tagName = strtolower($node->tagName);
if ($callback = $this->handlers[$tagName]) {
- $dump .= call_user_func($callback, $tagName, $this->wash_attribs($node), $this->dumpHtml($node));
+ $dump .= call_user_func($callback, $tagName, $this->wash_attribs($node), $this->dumpHtml($node), $this);
}
else if (isset($this->_html_elements[$tagName])) {
$content = $this->dumpHtml($node);
@@ -301,6 +301,14 @@ class washtml
return $this->dumpHtml($node);
}
+ /**
+ * Getter for config parameters
+ */
+ public function get_config($prop)
+ {
+ return $this->config[$prop];
+ }
+
}
?>