From 23aea3864c0c84204cc76e96b2b130901100e9f5 Mon Sep 17 00:00:00 2001 From: Hadi Nategh Date: Fri, 2 Dec 2016 10:09:56 +0100 Subject: [PATCH] Keep allowExternalIMGs preference intact and use an explicit preference for allowed domains --- api/src/Html/HtmLawed.php | 3 ++- mail/inc/class.mail_hooks.inc.php | 15 +++++++++++++++ mail/js/app.js | 11 ++++++++--- 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/api/src/Html/HtmLawed.php b/api/src/Html/HtmLawed.php index 6cbd051a92..a5710ab2ff 100644 --- a/api/src/Html/HtmLawed.php +++ b/api/src/Html/HtmLawed.php @@ -400,7 +400,8 @@ function hl_email_tag_transform($element, $attribute_array=0) if (!preg_match('/^cid:.*/',$attribute_array['src'])) { $url = explode('/', preg_replace('/^(http|https):\/\//','',$attribute_array['src'])); - if (!in_array($url[0], $GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalIMGs'])) + if ($GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalIMGs'] != 1 + && !in_array($url[0], $GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalDomains'])) { //the own webserver url is not external, so it should be allowed if (empty($GLOBALS['egw_info']['server']['webserver_url'])||!preg_match("$^".$GLOBALS['egw_info']['server']['webserver_url'].".*$",$attribute_array['src'])) diff --git a/mail/inc/class.mail_hooks.inc.php b/mail/inc/class.mail_hooks.inc.php index ef34d8b0eb..900e7edbaf 100644 --- a/mail/inc/class.mail_hooks.inc.php +++ b/mail/inc/class.mail_hooks.inc.php @@ -200,6 +200,21 @@ class mail_hooks 'admin' => False, 'forced' => 'always_display', ), + 'allowExternalIMGs' => array( + 'type' => 'select', + 'label' => 'Allow external images', + 'help' => 'allow images from external sources in html emails', + 'name' => 'allowExternalIMGs', + 'values' => array( + 0 => lang('Never'), + 1 => lang('Always'), + 2 => lang('Ask for permission') + ), + 'xmlrpc' => True, + 'admin' => True, + 'default' => 2, + 'forced' => 1, + ), 'message_forwarding' => array( 'type' => 'select', 'label' => 'how to forward messages', diff --git a/mail/js/app.js b/mail/js/app.js index 4bb0c2887e..46b413c8a0 100644 --- a/mail/js/app.js +++ b/mail/js/app.js @@ -1032,6 +1032,11 @@ app.classes.mail = AppJS.extend( resolveExternalImages: function (_node) { + //Do not run resolve images if it's forced already to show them all + // or forced to not show them all. + var pref_img = egw.preference('allowExternalIMGs', 'mail'); + if (pref_img == 1 || pref_img == 0) return; + var external_images = jQuery(_node).find('img[alt*="[blocked external image:"]'); if (external_images.length > 0 && jQuery(_node).find('.mail_externalImagesMsg').length == 0) { @@ -1064,19 +1069,19 @@ app.classes.mail = AppJS.extend( if (pref.indexOf(parts.domain) == -1) { pref.push(parts.domain); - egw.set_preference( 'mail', 'allowExternalIMGs', pref); + egw.set_preference( 'mail', 'allowExternalDomains', pref); } } else { pref = [parts.domain]; - egw.set_preference( 'mail', 'allowExternalIMGs', pref); + egw.set_preference( 'mail', 'allowExternalDomains', pref); } } node.src = parts.url; }); } - var pref = egw.preference('allowExternalIMGs', 'mail'); + var pref = egw.preference('allowExternalDomains', 'mail') || {}; pref = Object.values(pref); if (pref.indexOf(host.domain)>-1) {