X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;ds=inline;f=banana%2Fmessage.func.inc.php;h=1628f374f4f7e6691da036fa27e3e3eeec1146ad;hb=1c71a12868e08c6050fa4c283665f82a67e50c10;hp=e50023ea90b0cc02598fe411edadc8f1ca135049;hpb=0321cbd884070b3d021b16c8ff32cd535987a86a;p=banana.git

diff --git a/banana/message.func.inc.php b/banana/message.func.inc.php
index e50023e..1628f37 100644
--- a/banana/message.func.inc.php
+++ b/banana/message.func.inc.php
@@ -284,10 +284,10 @@ function banana_cleanStyles($tag, $attributes)
     $attributes = str_replace("\n", ' ', stripslashes($attributes));
     $attributes = str_replace('= "', '="', $attributes);
     foreach ($conv as $att=>$stl) {
-        $pattern = '/\b' . preg_quote($att, '/') . '="(.+?)"/i';
+        $pattern = '/\b' . preg_quote($att, '/') . '=([\'"])?(.+?)(?(1)\1|(?:$| ))/i';
         if (preg_match($pattern, $attributes, $matches)) {
             $attributes = preg_replace($pattern, '', $attributes);
-            $val = $matches[1];
+            $val = $matches[2];
             if ($att == 'cellspacing' && strpos($style, 'border-collapse') === false) {
                 $style .= "border-collapse: separate; border-spacing: $val $val; ";
             } elseif ($att == 'cellpadding' && $tag == 'table') {
@@ -311,13 +311,20 @@ function banana_cleanStyles($tag, $attributes)
     return ' ' . $style . trim($attributes);
 }
 
+function banana__filterCss($text)
+{
+    $text = preg_replace("/(,[\s\n\r]*)/s", '\1 .banana .message .body .html ', $text);
+    return '.banana .message .body .html ' . $text;
+}
+
 function banana_filterCss($css)
 {
-    $css = preg_replace("/(^|\n|,)\s*(\w+[^\{\}\<]+\{)/s", '\1.banana .message .body .html \2', $css);
+    preg_match_all("/(^|\n|,\s*)\s*([\#\.@\w][^;\{\}\<]*?[\{])/s", $css, $matches);
+    $css = preg_replace("/(^|\n)\s*([\#\.@\w][^;\{\}\<]*?)([\{])/se", '"\1" . banana__filterCss("\2") . "\3"', $css);
     $css = preg_replace('/ body\b/i', '', $css);
     if (!Banana::$msgshow_externalimages) {
-        if (preg_match("/url\(((ht|f)tps?:.*?)\)/i", $css)) {
-            $css = preg_replace("/url\(((ht|f)tps?:.*?)\)/i", 'url(invalid-image.png)', $css);
+        if (preg_match('!url\([^:\)]+:(//|\\\).*?\)!i', $css)) {
+            $css = preg_replace('!url\([^:\)]+:(//|\\\).*?\)!i', 'url(invalid-image.png)', $css);
             Banana::$msgshow_hasextimages = true;
         }
     }
@@ -331,7 +338,7 @@ function banana_filterCss($css)
  */
 function banana_cleanHtml($source, $to_xhtml = false)
 {
-    if (!function_exists('tidy_repair_string')) {
+    if (function_exists('tidy_repair_string')) {
         $tidy_config = array('drop-empty-paras' => true,
                              'drop-proprietary-attributes' => true,
                              'hide-comments' => true,
@@ -360,7 +367,7 @@ function banana_cleanHtml($source, $to_xhtml = false)
         $css = null;
         if (preg_match('/<head.*?>(.*?)<\/head>/is', $source, $matches)) {
             $source = preg_replace('/<head.*?>.*?<\/head>/is', '', $source);
-            preg_match_all('/<style.*?type="text\/css".*?>(.*?)<\/style>/is', $matches[1], $matches);
+            preg_match_all('/<style(?:.*?type="text\/css".*?)?>(.*?)<\/style>/is', $matches[1], $matches);
             foreach ($matches[1] as &$match) {
                 $css .= $match;
             }
@@ -381,7 +388,7 @@ function banana_cleanHtml($source, $to_xhtml = false)
 
     // Use inlined style instead of old html attributes
     if ($to_xhtml) {
-        $source = preg_replace('/<(\/?\w+)(.*?)(\/?>)/ise', "'<\\1' . banana_cleanStyles('\\1', '\\2') . '\\3'", $source);
+        $source = preg_replace('/<(\/?\w+)(.*?)(\/?>)/uise', "'<\\1' . banana_cleanStyles('\\1', '\\2') . '\\3'", $source);
     }    
     return preg_replace('/<(.*?)>/ie', "'<'.banana_removeEvilAttributes('\\1').'>'", $source);
 }