From ebffb126e5affcf8feaf3614151b241c5a5f6ce2 Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Wed, 16 Nov 2016 11:43:46 +0100
Subject: [PATCH] Fixed font sizes outside of boundaries

---
 .../input/node/HtmlInputNodeSpan.class.php    | 62 +++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 wcfsetup/install/files/lib/system/html/input/node/HtmlInputNodeSpan.class.php

diff --git a/wcfsetup/install/files/lib/system/html/input/node/HtmlInputNodeSpan.class.php b/wcfsetup/install/files/lib/system/html/input/node/HtmlInputNodeSpan.class.php
new file mode 100644
index 0000000000..901dbb689b
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/html/input/node/HtmlInputNodeSpan.class.php
@@ -0,0 +1,62 @@
+<?php
+namespace wcf\system\html\input\node;
+use wcf\system\html\node\AbstractHtmlNodeProcessor;
+
+/**
+ * Processes `<span>` and sanitizes font sizes.
+ *
+ * @author      Alexander Ebert
+ * @copyright   2001-2016 WoltLab GmbH
+ * @license     GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @package     WoltLabSuite\Core\System\Html\Input\Node
+ * @since       3.0
+ */
+class HtmlInputNodeSpan extends AbstractHtmlInputNode {
+	/**
+	 * @inheritDoc
+	 */
+	protected $tagName = 'span';
+	
+	/**
+	 * @inheritDoc
+	 */
+	public function isAllowed(AbstractHtmlNodeProcessor $htmlNodeProcessor) {
+		return [];
+	}
+	
+	/**
+	 * @inheritDoc
+	 */
+	public function process(array $elements, AbstractHtmlNodeProcessor $htmlNodeProcessor) {
+		/** @var \DOMElement $element */
+		foreach ($elements as $element) {
+			$style = explode(';', $element->getAttribute('style'));
+			for ($i = 0, $length = count($style); $i < $length; $i++) {
+				if (preg_match('~^\s*font-size\s*:(.+)$~', $style[$i], $matches)) {
+					if (preg_match('~^\s*(?P<size>\d+)(?P<unit>px|pt)\s*$~', $matches[1], $innerMatches)) {
+						if ($innerMatches['unit'] === 'pt') {
+							$min = 8;
+							$max = 36;
+						}
+						else {
+							$min = 11;
+							$max = 48;
+						}
+						
+						$size = max($min, $innerMatches['size']);
+						$size = min($max, $size);
+						
+						// enforce size to be within the boundaries
+						$style[$i] = 'font-size: ' . $size . $innerMatches['unit'];
+					}
+					else {
+						// illegal unit
+						unset($style[$i]);
+					}
+				}
+			}
+			
+			$element->setAttribute('style', implode(';', $style));
+		}
+	}
+}
-- 
2.20.1