- MagicHTML fix for comments in styles.

ChangeLog

@@ -511,6 +511,7 @@ Version 1.5.1 -- CVS
   - Fixed character wrapping/encoding issues in Japanese translation (#1377622). 
     Issue is specific to sqBodyWrap() and string function wrappers introduced in 
     1.5.1.
+  - MagicHTML fix for comments in styles.
 
 Version 1.5.0 - 2 February 2004
 -------------------------------

functions/mime.php

@@ -1746,11 +1746,12 @@ function sq_fixstyle($body, $pos, $message, $id, $mailbox){
      * Fix stupid css declarations which lead to vulnerabilities
      * in IE.
      */
-    $match   = Array('/expression/i',
+    $match   = Array('/\/\*.*\*\//',
+                    '/expression/i',
                     '/behaviou*r/i',
                     '/binding/i',
                     '/include-source/i');
-    $replace = Array('idiocy', 'idiocy', 'idiocy', 'idiocy');
+    $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy');
     $contentNew = preg_replace($match, $replace, $contentTemp);
     if ($contentNew !== $contentTemp) {
         // insecure css declarations are used. From now on we don't care
@@ -2148,6 +2149,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
         "/^style/i" =>
             Array(
                 Array(
+                    "/\/\*.*\*\//",
                     "/expression/i",
                     "/binding/i",
                     "/behaviou*r/i",
@@ -2159,6 +2161,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
                     "/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si"
                     ),
                 Array(
+                    "",
                     "idiocy",
                     "idiocy",
                     "idiocy",