From 2d233bf49c7d1eee76c2d0b9591a4576a99b5e66 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 20 May 2014 19:25:45 +0200
Subject: Fix incorrect handling of HTML comments in messages sanitization code
 (#1489904)

---
 CHANGELOG                               |  1 +
 program/lib/Roundcube/rcube_washtml.php |  2 +-
 tests/Framework/Washtml.php             | 10 ++++++++++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index c611ac059..6f7a00a1b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -5,6 +5,7 @@ CHANGELOG Roundcube Webmail
 - Fix unintentional draft autosave request if autosave is disabled (#1489882)
 - Fix malformed References: header in send/saved mail (#1489891)
 - Fix handling unicode characters in links (#1489898)
+- Fix incorrect handling of HTML comments in messages sanitization code (#1489904)
 
 RELEASE 1.0.1
 -------------
diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php
index e23e5b21d..5f40eecf4 100644
--- a/program/lib/Roundcube/rcube_washtml.php
+++ b/program/lib/Roundcube/rcube_washtml.php
@@ -456,7 +456,7 @@ class rcube_washtml
         // Remove invalid HTML comments (#1487759)
         // Don't remove valid conditional comments
         // Don't remove MSOutlook (<!-->) conditional comments (#1489004)
-        $html = preg_replace('/<!--[^->\[\n]+>/', '', $html);
+        $html = preg_replace('/<!--[^-<>\[\n]+>/', '', $html);
 
         // fix broken nested lists
         self::fix_broken_lists($html);
diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php
index ab1ada05f..5c15c692c 100644
--- a/tests/Framework/Washtml.php
+++ b/tests/Framework/Washtml.php
@@ -53,6 +53,16 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
         $washed = $washer->wash($html);
 
         $this->assertEquals('<!-- html ignored --><!-- body ignored --><p>test</p>', $washed, "HTML invalid comments (#1487759)");
+
+        $html   = "<p>para1</p><!-- comment --><p>para2</p>";
+        $washed = $washer->wash($html);
+
+        $this->assertEquals('<!-- html ignored --><!-- body ignored --><p>para1</p><!-- node type 8 --><p>para2</p>', $washed, "HTML comments - simple comment");
+
+        $html   = "<p>para1</p><!-- <hr> comment --><p>para2</p>";
+        $washed = $washer->wash($html);
+
+        $this->assertEquals('<!-- html ignored --><!-- body ignored --><p>para1</p><!-- node type 8 --><p>para2</p>', $washed, "HTML comments - tags inside (#1489904)");
     }
 
     /**
-- 
cgit v1.2.3