$attributes = str_replace("\n", ' ', stripslashes($attributes));
$attributes = str_replace('= "', '="', $attributes);
foreach ($conv as $att=>$stl) {
- $pattern = '/\b' . preg_quote($att, '/') . '="(.+?)"/i';
+ $pattern = '/\b' . preg_quote($att, '/') . '=([\'"])?(.+?)(?(1)\1|(?:$| ))/i';
if (preg_match($pattern, $attributes, $matches)) {
$attributes = preg_replace($pattern, '', $attributes);
- $val = $matches[1];
+ $val = $matches[2];
if ($att == 'cellspacing' && strpos($style, 'border-collapse') === false) {
$style .= "border-collapse: separate; border-spacing: $val $val; ";
} elseif ($att == 'cellpadding' && $tag == 'table') {
return ' ' . $style . trim($attributes);
}
+function banana__filterCss($text)
+{
+ $text = preg_replace("/(,[\s\n\r]*)/s", '\1 .banana .message .body .html ', $text);
+ return '.banana .message .body .html ' . $text;
+}
+
function banana_filterCss($css)
{
- $css = preg_replace("/(^|\n|,)\s*(\w+[^\{\}\<]+\{)/s", '\1.banana .message .body .html \2', $css);
+ preg_match_all("/(^|\n|,\s*)\s*([\#\.@\w][^;\{\}\<]*?[\{])/s", $css, $matches);
+ $css = preg_replace("/(^|\n)\s*([\#\.@\w][^;\{\}\<]*?)([\{])/se", '"\1" . banana__filterCss("\2") . "\3"', $css);
$css = preg_replace('/ body\b/i', '', $css);
if (!Banana::$msgshow_externalimages) {
- if (preg_match("/url\(((ht|f)tps?:.*?)\)/i", $css)) {
- $css = preg_replace("/url\(((ht|f)tps?:.*?)\)/i", 'url(invalid-image.png)', $css);
+ if (preg_match('!url\([^:\)]+:(//|\\\).*?\)!i', $css)) {
+ $css = preg_replace('!url\([^:\)]+:(//|\\\).*?\)!i', 'url(invalid-image.png)', $css);
Banana::$msgshow_hasextimages = true;
}
}
*/
function banana_cleanHtml($source, $to_xhtml = false)
{
- if (!function_exists('tidy_repair_string')) {
+ if (function_exists('tidy_repair_string')) {
$tidy_config = array('drop-empty-paras' => true,
'drop-proprietary-attributes' => true,
'hide-comments' => true,
$css = null;
if (preg_match('/<head.*?>(.*?)<\/head>/is', $source, $matches)) {
$source = preg_replace('/<head.*?>.*?<\/head>/is', '', $source);
- preg_match_all('/<style.*?type="text\/css".*?>(.*?)<\/style>/is', $matches[1], $matches);
+ preg_match_all('/<style(?:.*?type="text\/css".*?)?>(.*?)<\/style>/is', $matches[1], $matches);
foreach ($matches[1] as &$match) {
$css .= $match;
}
// Use inlined style instead of old html attributes
if ($to_xhtml) {
- $source = preg_replace('/<(\/?\w+)(.*?)(\/?>)/ise', "'<\\1' . banana_cleanStyles('\\1', '\\2') . '\\3'", $source);
+ $source = preg_replace('/<(\/?\w+)(.*?)(\/?>)/uise', "'<\\1' . banana_cleanStyles('\\1', '\\2') . '\\3'", $source);
}
return preg_replace('/<(.*?)>/ie', "'<'.banana_removeEvilAttributes('\\1').'>'", $source);
}