diff options
Diffstat (limited to 'program/steps/mail')
| -rw-r--r-- | program/steps/mail/func.inc | 7 | ||||
| -rw-r--r-- | program/steps/mail/sendmail.inc | 2 |
2 files changed, 6 insertions, 3 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index f01e95bb9..57f20e57a 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -739,7 +739,7 @@ function rcmail_print_body($part, $safe=FALSE, $plain=FALSE) '/url\s*\(["\']?([\.\/]+[^"\'\s]+)["\']?\)/i', '/<script.+<\/script>/Umis'); - $remote_replaces = array('<img \\1src=\\2./program/blank.gif\\4', + $remote_replaces = array('<img \\1src=\\2./program/blocked.gif\\4', '', '', '', @@ -1210,7 +1210,8 @@ function rcmail_mod_html_body($body, $container_id) } // replace event handlers on any object - $body = preg_replace('/\s(on[a-z]+)=/im', ' __removed=', $body); + $body = preg_replace('/\s(on[^=]+)=/im', ' __removed=', $body); + $body = preg_replace('/\shref=["\']?(javascript:)/im', 'null:', $body); // resolve <base href> $base_reg = '/(<base.*href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]*>)/i'; @@ -1251,7 +1252,7 @@ function rcmail_alter_html_link($in) if (stristr((string)$attrib['href'], 'mailto:')) $attrib['onclick'] = sprintf("return %s.command('compose','%s',this)", $GLOBALS['JS_OBJECT_NAME'], - substr($attrib['href'], 7)); + JQ(substr($attrib['href'], 7))); else if (!empty($attrib['href']) && $attrib['href']{0}!='#') $attrib['target'] = '_blank'; diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc index 716072a48..2d2cb33db 100644 --- a/program/steps/mail/sendmail.inc +++ b/program/steps/mail/sendmail.inc @@ -100,6 +100,8 @@ function rcmail_attach_emoticons(&$mime_message) $image_name = substr($body, $pos + strlen($searchstr), $pos2 - ($pos + strlen($searchstr))); + // sanitize image name so resulting attachment doesn't leave images dir + $image_name = preg_replace('/[^a-zA-Z0-9_\.\-]/i','',$image_name); $body_post = substr($body, $pos2); |