From ffec857b697ce0a23134f04cf345dc3a8b45a7ae Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 28 Nov 2013 03:12:03 -0500
Subject: [PATCH] Fix handling of invalid closing tags in HTML messages (#1489446)

---
 CHANGELOG                               |    1 +
 program/lib/Roundcube/rcube_washtml.php |    9 +++++++--
 tests/Framework/Washtml.php             |   13 +++++++++++++
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 3790c29..3eca150 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix handling of invalid closing tags in HTML messages (#1489446)
 - Set real content-type for file downloads (#1489439)
 - Update TinyMCE to version 3.5.10 (#1489442)
 - Fix keyboard navigation in list widgets (#1489392)
diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php
index e746754..9cf3c62 100644
--- a/program/lib/Roundcube/rcube_washtml.php
+++ b/program/lib/Roundcube/rcube_washtml.php
@@ -455,7 +455,7 @@
         }
 
         // fix (unknown/malformed) HTML tags before "wash"
-        $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)/', array($this, 'html_tag_callback'), $html);
+        $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)([^>]*)/', array($this, 'html_tag_callback'), $html);
 
         // Remove invalid HTML comments (#1487759)
         // Don't remove valid conditional comments
@@ -479,7 +479,12 @@
             '/[^a-z0-9_\[\]\!-]/i', // forbidden characters
         ), '', $tagname);
 
-        return $matches[1] . $tagname;
+        // fix invalid closing tags - remove any attributes (#1489446)
+        if ($matches[1] == '</') {
+            $matches[3] = '';
+        }
+
+        return $matches[1] . $tagname . $matches[3];
     }
 
     /**
diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php
index cb72343..0d050ff 100644
--- a/tests/Framework/Washtml.php
+++ b/tests/Framework/Washtml.php
@@ -68,4 +68,17 @@
         $this->assertRegExp('|<textarea>test</textarea>|', $washed, "Self-closing textarea (#1489137)");
     }
 
+    /**
+     * Test fixing of invalid closing tags (#1489446)
+     */
+    function test_closing_tag_attrs()
+    {
+        $html = "<a href=\"http://test.com\">test</a href>";
+
+        $washer = new rcube_washtml;
+        $washed = $washer->wash($html);
+
+        $this->assertRegExp('|</a>|', $washed, "Invalid closing tag (#1489446)");
+    }
+
 }

--
Gitblit v1.9.1