Fix bug where external content (e.g. mail body) was passed to templat…

…es parsing code (#6640) It should have been part of "Fix so templating system does not mess with external (e.g. email) content (#5499)" (d02e6ea), but it wasn't.
roundcube · Mar 11, 2019 · ab28c4a · ab28c4a
1 parent 9d19d5b
commit ab28c4a
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 14 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -6,6 +6,7 @@ CHANGELOG Roundcube Webmail
 - Elastic: Changed "Move to..." icon (#6637)
 - Elastic: Add hide/show for advanced preferences (#6632)
 - Fix bug where next row wasn't selected after deleting a collapsed thread (#6655)
+- Fix bug where external content (e.g. mail body) was passed to templates parsing code (#6640)
 
 RELEASE 1.4-rc1
 ---------------

diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
@@ -1294,22 +1294,17 @@ protected function xml_command($matches)
                     $object = $this->deprecated_template_objects[$object];
                 }
 
-                // we are calling a class/method
-                if (($handler = $this->object_handlers[$object]) && is_array($handler)) {
-                    if (is_callable($handler)) {
-                        $this->prepare_object_attribs($attrib);
-
-                        // We assume that objects with src attribute are internal (in most
-                        // cases this is a watermark frame). We need this to make sure assets_path
-                        // is added to the internal assets paths
-                        $external = empty($attrib['src']);
-                        $content  = call_user_func($handler, $attrib);
-                    }
-                }
+                $handler = $this->object_handlers[$object];
+
                 // execute object handler function
-                else if (is_callable($handler)) {
+                if (is_callable($handler)) {
                     $this->prepare_object_attribs($attrib);
-                    $content = call_user_func($handler, $attrib);
+
+                    // We assume that objects with src attribute are internal (in most
+                    // cases this is a watermark frame). We need this to make sure assets_path
+                    // is added to the internal assets paths
+                    $external = empty($attrib['src']);
+                    $content  = call_user_func($handler, $attrib);
                 }
                 else if ($object == 'doctype') {
                     $content = html::doctype($attrib['value']);