From 86df1529feb4b7eb1a9721baa194518bacbfd8ff Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 29 Dec 2006 21:06:39 +0000
Subject: Error handling for attachment uploads; multibyte-safe string
 functions; XSS improvements

---
 program/steps/mail/func.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'program/steps/mail/func.inc')

diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index dea6c040e..b8c391aae 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1214,7 +1214,7 @@ function rcmail_mod_html_body($body, $container_id)
   while ($body != $prev_body)
     {
     $prev_body = $body;
-    $body = preg_replace('/(<[^!][^>]*?\s)(on\w+?)(=[^>]*?>)/im', '$1__removed=$3', $body);
+    $body = preg_replace('/(<[^!][^>]*?\s)(on[^=]+)(=[^>]*?>)/im', '$1__removed=$3', $body);
     $body = preg_replace('/(<[^!][^>]*?\shref=["\']?)(javascript:)([^>]*?>)/im', '$1null:$3', $body);
     }
 
-- 
cgit v1.2.3