extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-06 01:52:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Avoid requesting external images with mixed content

Browse Source
This commit is contained in:
Hadi Nategh 2020-06-30 15:54:21 +02:00
parent 57d03110e4
commit 6ba8210d83
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/src/Html/HtmLawed.php
View File

@ -404,7 +404,7 @@ function hl_email_tag_transform($element, $attribute_array=0)
$GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalDomains'] :
array();
if ($GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalIMGs'] != 1
&& !in_array($url[0], $domains))
&& !in_array($url[0], $domains) || substr($attribute_array['src'],0, 5) == 'http:')
{
//the own webserver url is not external, so it should be allowed
if (empty($GLOBALS['egw_info']['server']['webserver_url'])||!preg_match("$^".$GLOBALS['egw_info']['server']['webserver_url'].".*$",$attribute_array['src']))

5
mail/js/app.js
View File

@ -1140,7 +1140,7 @@ app.classes.mail = AppJS.extend(
//Do not run resolve images if it's forced already to show them all
// or forced to not show them all.
var pref_img = egw.preference('allowExternalIMGs', 'mail');
if (pref_img == 1 || pref_img == 0) return;
if (pref_img == 0) return;
var external_images = jQuery(_node).find('img[alt*="[blocked external image:"]');
if (external_images.length > 0 && jQuery(_node).find('.mail_externalImagesMsg').length == 0)
@ -1156,9 +1156,10 @@ app.classes.mail = AppJS.extend(
if (u.substr(0,7) == 'http://')
{
u = u.replace ('http://','');
url = url.replace('http://', 'https://');
protocol = 'http';
}
if (u.substr(0,8) == 'https://')
else if (u.substr(0,8) == 'https://')
{
u = u.replace ('https://','');
protocol = 'https';