MDL-2684: kses strips out CSS from style tags unless the first property is on 'allowe...

author Sam Marshall <s.marshall@open.ac.uk>

Wed, 2 Dec 2009 17:59:43 +0000 (17:59 +0000)

committer Sam Marshall <s.marshall@open.ac.uk>

Wed, 2 Dec 2009 17:59:43 +0000 (17:59 +0000)
author Sam Marshall <s.marshall@open.ac.uk>
Wed, 2 Dec 2009 17:59:43 +0000 (17:59 +0000)
committer Sam Marshall <s.marshall@open.ac.uk>
Wed, 2 Dec 2009 17:59:43 +0000 (17:59 +0000)
diff --git a/lib/kses.php b/lib/kses.php

index 5824fa0..8d87c23 100644 (file)
--- a/lib/kses.php
+++ b/lib/kses.php
@@ -311,7 +311,12 @@ function kses_hair($attr, $allowed_protocols)
          if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match))
           # "value"
          {
-          $thisval = kses_bad_protocol($match[1], $allowed_protocols);
+          // MDL-2684 - kses stripping CSS styles that it thinks look like protocols
+          if ($attrname == 'style') {
+              $thisval = $match[1];
+          } else {
+              $thisval = kses_bad_protocol($match[1], $allowed_protocols);
+          }
  
            $attrarr[] = array
                          ('name'  => $attrname,
author	Sam Marshall <s.marshall@open.ac.uk>
	Wed, 2 Dec 2009 17:59:43 +0000 (17:59 +0000)
committer	Sam Marshall <s.marshall@open.ac.uk>
	Wed, 2 Dec 2009 17:59:43 +0000 (17:59 +0000)