From 8aafb85c8c07c67dd1ba3cfb7002456e12a522a0 Mon Sep 17 00:00:00 2001
From: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Fri, 12 Sep 2008 16:00:25 +0000
Subject: Fix xss entitiy decoding

git-svn-id: https://svn.roundcube.net/trunk@1775 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 roundcubemail/program/include/main.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'roundcubemail/program/include')

diff --git a/roundcubemail/program/include/main.inc b/roundcubemail/program/include/main.inc
index 0453b14ad..77074a0bd 100644
--- a/roundcubemail/program/include/main.inc
+++ b/roundcubemail/program/include/main.inc
@@ -643,8 +643,8 @@ function rcmail_mod_css_styles($source, $container_id, $base_url = '')
 function rcmail_xss_entitiy_decode($content)
 {
   $out = html_entity_decode(html_entity_decode($content));
-  $out = preg_replace('/\\\00([a-z0-9]{2})/ie', "chr(hexdec('\\1'))", $out);
-  $out = preg_replace('#/\*.+\*/#Um', '', $out);
+  $out = preg_replace('/\\\([a-z0-9]{4})/ie', "chr(hexdec('\\1'))", $out);
+  $out = preg_replace('#/\*.*\*/#Um', '', $out);
   return $out;
 }
 
-- 
cgit v1.2.3