From e02694c3a6dbe753c5683d201b6b6b14c2b30660 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Sat, 10 Dec 2011 09:16:31 -0500
Subject: [PATCH] Backported CSS sanitization (r5586:r5590)

---
 program/lib/washtml.php |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/program/lib/washtml.php b/program/lib/washtml.php
index 9c8625f..f8c3251 100644
--- a/program/lib/washtml.php
+++ b/program/lib/washtml.php
@@ -168,7 +168,7 @@
                 || ($src = $this->config['cid_map'][$this->config['base_url'].$match[2]])) {
               $value .= ' url('.htmlspecialchars($src, ENT_QUOTES) . ')';
             }
-            else if (preg_match('/^(http|https|ftp):.*$/i', $match[2], $url)) {
+            else if (preg_match('!^(https?:)?//[a-z0-9/._+-]+$!i', $match[2], $url)) {
               if ($this->config['allow_remote'])
                 $value .= ' url('.htmlspecialchars($url[0], ENT_QUOTES).')';
               else
@@ -243,7 +243,7 @@
       case XML_ELEMENT_NODE: //Check element
         $tagName = strtolower($node->tagName);
         if ($callback = $this->handlers[$tagName]) {
-          $dump .= call_user_func($callback, $tagName, $this->wash_attribs($node), $this->dumpHtml($node));
+          $dump .= call_user_func($callback, $tagName, $this->wash_attribs($node), $this->dumpHtml($node), $this);
         }
         else if (isset($this->_html_elements[$tagName])) {
           $content = $this->dumpHtml($node);
@@ -301,6 +301,14 @@
     return $this->dumpHtml($node);
   }
 
+  /**
+   * Getter for config parameters
+   */
+  public function get_config($prop)
+  {
+      return $this->config[$prop];
+  }
+
 }
 
 ?>

--
Gitblit v1.9.1