diff --git a/CHANGELOG b/CHANGELOG index 74fd70c5aa2..16fd00aafb9 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -21,6 +21,7 @@ CHANGELOG Roundcube Webmail - Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422) - New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419) - Fix support for "allow-from " in "x_frame_options" config option (#6449) +- Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) RELEASE 1.4-beta ---------------- diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php index 8837a917f90..497a1c3e472 100644 --- a/program/lib/Roundcube/rcube_washtml.php +++ b/program/lib/Roundcube/rcube_washtml.php @@ -643,6 +643,9 @@ private function cleanup($html) $html = str_replace($badwordchars, $fixedwordchars, $html); + // FIXME: HTML comments handling could be better. The code below can break comments (#6464), + // we should probably do not modify content inside comments at all. + // fix (unknown/malformed) HTML tags before "wash" $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)([^>]*)/', array($this, 'html_tag_callback'), $html); @@ -665,9 +668,15 @@ private function cleanup($html) */ public static function html_tag_callback($matches) { + // It might be an ending of a comment, ignore (#6464) + if (substr($matches[3], -2) == '--') { + $matches[0] = ''; + return implode('', $matches); + } + $tagname = $matches[2]; $tagname = preg_replace(array( - '/:.*$/', // Microsoft's Smart Tags + '/:.*$/', // Microsoft's Smart Tags '/[^a-z0-9_\[\]\!?-]/i', // forbidden characters ), '', $tagname); diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php index 9879575a8e3..eebd80de52f 100644 --- a/tests/Framework/Washtml.php +++ b/tests/Framework/Washtml.php @@ -98,6 +98,11 @@ function test_comments() $washed = $this->cleanupResult($washer->wash($html)); $this->assertEquals('

para1

para2

', $washed, "HTML comments - bracket inside"); + + $html = "

\n2\n4

"; + $washed = $this->cleanupResult($washer->wash($html)); + + $this->assertEquals("

\n2\n4

", $washed, "HTML comments (#6464)"); } /**