extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-03 04:29:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Avoid requesting external images with mixed content

Browse Source
This commit is contained in:
Hadi Nategh 2020-06-30 15:54:21 +02:00
parent 57d03110e4
commit 6ba8210d83
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/src/Html/HtmLawed.php
View File

@ -404,7 +404,7 @@ function hl_email_tag_transform($element, $attribute_array=0)
$GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalDomains'] : $GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalDomains'] :
array(); array();
if ($GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalIMGs'] != 1 if ($GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalIMGs'] != 1
&& !in_array($url[0], $domains)) && !in_array($url[0], $domains) || substr($attribute_array['src'],0, 5) == 'http:')
{ {
//the own webserver url is not external, so it should be allowed //the own webserver url is not external, so it should be allowed
if (empty($GLOBALS['egw_info']['server']['webserver_url'])||!preg_match("$^".$GLOBALS['egw_info']['server']['webserver_url'].".*$",$attribute_array['src'])) if (empty($GLOBALS['egw_info']['server']['webserver_url'])||!preg_match("$^".$GLOBALS['egw_info']['server']['webserver_url'].".*$",$attribute_array['src']))

5
mail/js/app.js
View File

@ -1140,7 +1140,7 @@ app.classes.mail = AppJS.extend(
//Do not run resolve images if it's forced already to show them all //Do not run resolve images if it's forced already to show them all
// or forced to not show them all. // or forced to not show them all.
var pref_img = egw.preference('allowExternalIMGs', 'mail'); var pref_img = egw.preference('allowExternalIMGs', 'mail');
if (pref_img == 1 || pref_img == 0) return; if (pref_img == 0) return;
var external_images = jQuery(_node).find('img[alt*="[blocked external image:"]'); var external_images = jQuery(_node).find('img[alt*="[blocked external image:"]');
if (external_images.length > 0 && jQuery(_node).find('.mail_externalImagesMsg').length == 0) if (external_images.length > 0 && jQuery(_node).find('.mail_externalImagesMsg').length == 0)
@ -1156,9 +1156,10 @@ app.classes.mail = AppJS.extend(
if (u.substr(0,7) == 'http://') if (u.substr(0,7) == 'http://')
{ {
u = u.replace ('http://',''); u = u.replace ('http://','');
url = url.replace('http://', 'https://');
protocol = 'http'; protocol = 'http';
} }
if (u.substr(0,8) == 'https://') else if (u.substr(0,8) == 'https://')
{ {
u = u.replace ('https://',''); u = u.replace ('https://','');
protocol = 'https'; protocol = 'https';