- Sanitize CSS universal selector from e-mails. Without this fix any message can play with the CSS from entire mail window or mail preview frame. Test case:

author: netbit <netbit@208e9e7b-5314-0410-a742-e7e81cd9613c> 2010-06-09 19:08:15 +0000
committer: netbit <netbit@208e9e7b-5314-0410-a742-e7e81cd9613c> 2010-06-09 19:08:15 +0000
commit: f03ce0f9e2b48516566c42046834250358c27d3f (patch)
tree: 06488d2cbf678d026cea856e30fb3af92b07f5be /roundcubemail/program/include
parent: 213102e1f50d0b5daad4aecbaa77327dd45a95d2 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/roundcubemail/program/include/main.inc b/roundcubemail/program/include/main.inc
index f98e4311e..e5fe3929b 100644
--- a/roundcubemail/program/include/main.inc
+++ b/roundcubemail/program/include/main.inc
@@ -1,4 +1,4 @@
-<?php
+<?php
 
 /*
  +-----------------------------------------------------------------------+
@@ -843,7 +843,7 @@ function rcmail_mod_css_styles($source, $container_id)
   $styles = preg_replace(
     array(
       '/(^\s*<!--)|(-->\s*$)/',
-      '/(^\s*|,\s*|\}\s*)([a-z0-9\._#][a-z0-9\.\-_]*)/im',
+      '/(^\s*|,\s*|\}\s*)([a-z0-9\._#\*][a-z0-9\.\-_]*)/im',
       "/$container_id\s+body/i",
     ),
     array(
author	netbit <netbit@208e9e7b-5314-0410-a742-e7e81cd9613c>	2010-06-09 19:08:15 +0000
committer	netbit <netbit@208e9e7b-5314-0410-a742-e7e81cd9613c>	2010-06-09 19:08:15 +0000
commit	f03ce0f9e2b48516566c42046834250358c27d3f (patch)
tree	06488d2cbf678d026cea856e30fb3af92b07f5be /roundcubemail/program/include
parent	213102e1f50d0b5daad4aecbaa77327dd45a95d2 (diff)