From a92582f3b84157a2f5cc04d82f7e6d2f19b80fa5 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 8 Nov 2012 09:05:35 +0100
Subject: Fix AREA links handling (#1488792)

Conflicts:

	CHANGELOG
---
 program/steps/mail/func.inc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'program/steps')

diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 732719014..2c6db01eb 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1234,7 +1234,7 @@ function rcmail_html4inline($body, $container_id, $body_id='', &$attributes=null
 
   // modify HTML links to open a new window if clicked
   $GLOBALS['rcmail_html_container_id'] = $container_id;
-  $body = preg_replace_callback('/<(a|link)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body);
+  $body = preg_replace_callback('/<(a|link|area)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body);
   unset($GLOBALS['rcmail_html_container_id']);
 
   $body = preg_replace(array(
@@ -1347,7 +1347,11 @@ function rcmail_alter_html_link($matches)
     $attrib['target'] = '_blank';
   }
 
-  return "<$tag" . html::attrib_string($attrib, array('href','name','target','onclick','id','class','style','title','rel','type','media')) . $end;
+  // allowed attributes for a|link|area tags
+  $allow = array('href','name','target','onclick','id','class','style','title',
+    'rel','type','media','alt','coords','nohref','hreflang','shape');
+
+  return "<$tag" . html::attrib_string($attrib, $allow) . $end;
 }
 
 
-- 
cgit v1.2.3