* Mail: allow to configure a proxy to display external http images (eg. proxy.egroupware.org)

2024-11-07 16:44:07 +01:00 · 2020-07-09 11:54:52 +02:00 · 2020-07-09 11:54:52 +02:00 · 76c36cfbcd
commit 76c36cfbcd
parent 4fc02fbe20
5 changed files with 60 additions and 8 deletions
--- a/mail/inc/class.mail_ui.inc.php
+++ b/mail/inc/class.mail_ui.inc.php
@ -410,6 +410,26 @@ class mail_ui
 		$stmpl->exec('mail.mail_ui.subscription', $content,$sel_options,$readonlys,$preserv,2);
 	}

+	const DEFAULT_IMAGE_PROXY = 'https://';
+	const EGROUPWARE_IMAGE_PROXY = 'https://proxy.egroupware.org/7d510d4f7966f97ab56580425ddb4811e707c018/';
+	const IMAGE_PROXY_CONFIG = 'http_image_proxy';
+
+	/**
+	 * Get image proxy / http:// replacement for image urls
+	 *
+	 * @return string
+	 */
+	protected static function image_proxy()
+	{
+		$configs = Api\Config::read('mail');
+		$image_proxy = $configs[self::IMAGE_PROXY_CONFIG] ?: self::DEFAULT_IMAGE_PROXY;
+		if (strpos(self::EGROUPWARE_IMAGE_PROXY, parse_url($image_proxy, PHP_URL_HOST)))
+		{
+			$image_proxy = self::EGROUPWARE_IMAGE_PROXY;
+		}
+		return $image_proxy;
+	}
+
 	/**
 	 * Main mail page
 	 *
@ -590,6 +610,9 @@ class mail_ui
 			default:
 				$etpl->setElementAttribute('mailSplitter', 'orientation', 'v');
 		}
+		// send configured image proxy to client-side
+		$content['image_proxy'] = self::image_proxy();
+
 		return $etpl->exec('mail.mail_ui.index',$content,$sel_options,$readonlys,$preserv);
 	}

@ -2260,6 +2283,8 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
 			//error_log(__METHOD__.__LINE__.' change Profile back to where we came from->'.$rememberServerID);
 			$this->changeProfile($rememberServerID);
 		}
+		// send configured image proxy to client-side
+		$content['image_proxy'] = self::image_proxy();

 		$etpl->exec('mail.mail_ui.displayMessage',$content,$sel_options,$readonlys,$preserv,2);
 	}
--- a/mail/js/app.js
+++ b/mail/js/app.js
@ -76,6 +76,11 @@ app.classes.mail = AppJS.extend(
 	 */
 	W_TIMEOUTS: [],

+	/**
+	 * Replace http:// in external image urls with
+	 */
+	image_proxy: 'https://',
+
 	/**
 	 * Initialize javascript for this application
 	 *
@ -356,6 +361,9 @@ app.classes.mail = AppJS.extend(
 				this.mail_currentlyFocussed = this.et2.mail_currentlyFocussed;

 		}
+		// set image_proxy for resolveExternalImages
+		this.image_proxy = this.et2.getArrayMgr('content').getEntry('image_proxy') || 'https://';
+
 		this.preSetToggledOnActions ();
 	},

@ -1142,6 +1150,7 @@ app.classes.mail = AppJS.extend(

 	resolveExternalImages: function (_node)
 	{
+		let image_proxy = this.image_proxy;
 		//Do not run resolve images if it's forced already to show them all
 		// or forced to not show them all.
 		var pref_img = egw.preference('allowExternalIMGs', 'mail');
@ -1161,7 +1170,7 @@ app.classes.mail = AppJS.extend(
 				if (u.substr(0,7) == 'http://')
 				{
 					u = u.replace ('http://','');
-					url = url.replace('http://', 'https://proxy.egroupware.org/7d510d4f7966f97ab56580425ddb4811e707c018/');
+					url = url.replace('http://', image_proxy);
 					protocol = 'http';
 				}
 				else if (u.substr(0,8) == 'https://')
@ -1209,20 +1218,20 @@ app.classes.mail = AppJS.extend(
 				showImages (external_images);
 				return;
 			}
-			let message = 'In order to protect your privacy all external sources within this email are blocked.';
+			let message = this.egw.lang('In order to protect your privacy all external sources within this email are blocked.');
 			for(let i in external_images)
 			{
 				if (!external_images[i].alt) continue;
 				let r = getUrlParts(external_images[i].alt);
 				if (r && r.protocol == 'http')
 				{
-					message = 'There are Mixed Content within this message which are served under HTTP insecure protocol. Be aware Showing / Allowing them would compromise your security!!!';
+					message = this.egw.lang('This mail contains external images served via insecure HTTP protocol. Be aware showing or allowing them can compromise your security!');
 					container.addClass('red');
 					break;
 				}
 			}
 			jQuery(document.createElement('p'))
-					.text(this.egw.lang(message))
+					.text(message)
 					.appendTo(container);
 			jQuery(document.createElement('button'))
 					.addClass ('closeBtn')
--- a/mail/lang/egw_de.lang
+++ b/mail/lang/egw_de.lang
@ -77,6 +77,7 @@ before reply, visible during compose	mail	de	Vor dem zitierten Text, sichtbar w
 blacklisted mails are marked as spam	mail	de	E-Mail-Adressen, die in die Blacklist eingetragen werden, werden als Spam markiert
 but check shared folders	mail	de	aber explizite Überprüfung der Ordner unterhalb der (Benutzer-)Freigaben
 by date	mail	de	nach Datum
+by default 'http://' is just replaced with 'https://'. feel free to configure 'https://proxy.egroupware.org/' to also load images only available via http.	mail	de	Als Vorgabe wird 'http://' nur durch 'https://' ersetzt. Sie können gerne 'https://proxy.egroupware.org/' eintragen, um Bilder anzuzeigen die ausschließlich per http geladen werden können.
 can not open imap connection	mail	de	Keine Verbindung zum Mailserver möglich
 can not resolve the winmail.dat attachment!	mail	de	Der winmail.dat Anhang kann nicht geöffnet weden!
 canceled deletion due to user interaction	mail	de	Löschen durch Benutzer abgebrochen
@ -96,8 +97,8 @@ compose	mail	de	verfassen
 compose as new	mail	de	Als neu bearbeiten
 compress folder	mail	de	Ordner komprimieren
 condition	mail	de	Bedingung
-configured values will be set automatically on compose dialog for respected field when composing a new email.	mail	de	Die festgelegten Werte werden beim Verfassen einer neuen E-Mail für die entsprechenden Felder automatisch eingestellt.
 configuration settings	mail	de	Einstellungen der Konfiguration
+configured values will be set automatically on compose dialog for respected field when composing a new email.	mail	de	Die festgelegten Werte werden beim Verfassen einer neuen E-Mail für die entsprechenden Felder automatisch eingestellt.
 confirm	mail	de	Bestätigen
 confirm attach message	mail	de	Bestätigung beim Anhängen von E-Mails
 confirm move to folder	mail	de	Bestätigung vor dem Verschieben
@ -259,6 +260,7 @@ general settings	mail	de	Allgemeine Einstellungen
 get acl rights failed from imap server!	mail	de	Die Zugriffskontrollrechte konnten auf dem IMAP Server nicht gelesen werden!
 greater than	mail	de	größer als
 ham folder	mail	de	Ordner für nicht Spam-Nachrichten
+handling of external http images / mixed content in mails	mail	de	Behandlung von externen Bilder per http / gemischter Inhalt in Mails
 header	mail	de	Kopfzeilen
 header lines	mail	de	Kopfzeilen anzeigen
 high	mail	de	hoch
@ -343,8 +345,8 @@ message preview area	mail	de	Vorschaubereich
 message saved successfully.	mail	de	Nachricht wurde erfolgreich gespeichert.
 message send failed: %1	mail	de	Nachricht konnte nicht versendet werden: %1
 message send successfully.	mail	de	Nachricht wurde erfolgreich versendet.
-message verified successfully.	mail	de	Nachricht erfolgreich verifiziert.
 message verified successfully but the signer’s certificate could not be verified.	mail	de	Nachricht erfolgreich verifiziert, aber das Zertifikat des Unterzeichners konnte nicht verifiziert werden.
+message verified successfully.	mail	de	Nachricht erfolgreich verifiziert.
 miscellaneous	mail	de	Verschiedenes
 modify subject	mail	de	Betreff ändern
 modify subject of this message	mail	de	Betreff dieser Nachricht ändern
@ -456,6 +458,7 @@ rename folder	mail	de	Umbenennen
 rename folder %1 ?	mail	de	Ordner %1 umbenennen?
 rename folder %1 to:	mail	de	Ordner %1 umbenennen in:
 renamed folder %1 to %2	mail	de	Ordner %1 umbenannt in %2
+replace 'http://' in image urls with (trailing / required!)	mail	de	Ersetze 'http://' in Bild Adressen (URLs) mit (muss in einem / enden!)
 replied	mail	de	beantwortet
 reply	mail	de	antworten
 reply all	mail	de	Allen Antworten
@ -598,6 +601,7 @@ the message sender has requested a response to indicate that you have read this
 the mimeparser can not parse this message.	mail	de	Der MIME Parser versteht diese Nachricht nicht.
 the rule with priority %1 successfully saved!	mail	de	Die Regel mit Priorität %1 wurde erfolgreich gespeichert!
 then	mail	de	dann
+this mail contains external images served via insecure http protocol. be aware showing or allowing them can compromise your security!	mail	de	Diese Mail enthält externe Bilder die über das unsichere HTTP protocol ausgeliefert werden. Bitte seinen Sie sich bewußt, dass Anzeigen oder Erlauben Ihre Sicherheit beeinträchtigen kann!
 there is no imap server configured.	mail	de	Es ist kein IMAP-Server Konfiguriert
 there is no space left to store sieve script, please check sieve_maxscriptsize option on your mailserver's config.	mail	de	Es ist kein Platz mehr vorhanden, um das Sieve Skript zu speichern, bitte Sie Ihren Administrator die Option sieve_maxscriptsize in der Konfiguration Ihres Mailservers zu prüfen.
 this message is smime encrypted and password protected.	mail	de	Diese Nachricht ist S/MIME-Verschlüsselt und mit Passwort geschützt.
--- a/mail/lang/egw_en.lang
+++ b/mail/lang/egw_en.lang
@ -6,7 +6,6 @@
 %1 is not writable by you!	mail	en	%1 is NOT writable by you!
 %1 mails selected	mail	en	%1 Mails selected
 (*) please consider, forward to multiple addresses will not work if number of addresses exceeds the limit. for most mail servers the limit is 4 by default, please contact your mail server administrator for further info.	mail	en	(*) Please consider, forward to multiple addresses will not work if number of addresses exceeds the Limit. For most mail Servers the limit is 4 by default, please contact your mail server administrator for further info.
-sieve_edit_instructions	mail	en	(*) wildcards (*,?) may be used. If you are trying to match * or ? itself, you must escape them with a backslash (\). If you check "Use regular expressions" you must use valid regular expressions. In order to escape of exclamation mark (!) at the begining not being used as "NOT", use regex and backslash (\) (e.g. \!)
 (leave empty for no quota)	mail	en	(Leave empty for no quota)
 (no subject)	mail	en	(no subject)
 (not connected)	mail	en	(not connected)
@ -78,6 +77,7 @@ before reply, visible during compose	mail	en	Before reply, visible during compos
 blacklisted mails are marked as spam	mail	en	Blacklisted mails are marked as spam
 but check shared folders	mail	en	but check shared folders
 by date	mail	en	By date
+by default 'http://' is just replaced with 'https://'. feel free to configure 'https://proxy.egroupware.org/' to also load images only available via http.	mail	en	By default 'http://' is just replaced with 'https://'. Feel free to configure 'https://proxy.egroupware.org/' to also load images only available via http.
 can not open imap connection	mail	en	Can not open IMAP connection
 can not resolve the winmail.dat attachment!	mail	en	Can not resolve the winmail.dat attachment!
 canceled deletion due to user interaction	mail	en	canceled deletion due to user interaction
@ -260,6 +260,7 @@ general settings	mail	en	General settings
 get acl rights failed from imap server!	mail	en	Get ACL rights failed from IMAP server!
 greater than	mail	en	greater than
 ham folder	mail	en	Ham folder
+handling of external http images / mixed content in mails	mail	en	Handling of external http images / mixed content in mails
 header	mail	en	Header
 header lines	mail	en	Header lines
 high	mail	en	high
@ -344,8 +345,8 @@ message preview area	mail	en	Message preview area
 message saved successfully.	mail	en	Message saved successfully.
 message send failed: %1	mail	en	Message send failed: %1
 message send successfully.	mail	en	Message send successfully.
-message verified successfully.	mail	en	Message verified successfully.
 message verified successfully but the signer’s certificate could not be verified.	mail	en	Message verified successfully but the signer’s certificate could not be verified.
+message verified successfully.	mail	en	Message verified successfully.
 miscellaneous	mail	en	Miscellaneous
 modify subject	mail	en	Modify subject
 modify subject of this message	mail	en	Modify subject of this message
@ -457,6 +458,7 @@ rename folder	mail	en	Rename Folder
 rename folder %1 ?	mail	en	Rename Folder %1 ?
 rename folder %1 to:	mail	en	Rename Folder %1 to:
 renamed folder %1 to %2	mail	en	Renamed Folder %1 to %2
+replace 'http://' in image urls with (trailing / required!)	mail	en	Replace 'http://' in image urls with (trailing / required!)
 replied	mail	en	replied
 reply	mail	en	Reply
 reply all	mail	en	Reply All
@ -550,6 +552,7 @@ sieve connection status	mail	en	Sieve Connection Status
 sieve not activated	mail	en	Sieve not activated
 sieve script name	mail	en	sieve script name
 sieve server	mail	en	Sieve server
+sieve_edit_instructions	mail	en	(*) wildcards (*,?) may be used. If you are trying to match * or ? itself, you must escape them with a backslash (\). If you check "Use regular expressions" you must use valid regular expressions. In order to escape of exclamation mark (!) at the begining not being used as "NOT", use regex and backslash (\) (e.g. \!)
 sign your message with smime certificate	mail	en	Sign your message with S/MIME certificate
 signature	mail	en	Signature
 signature at top	mail	en	signature at top
@ -598,6 +601,7 @@ the message sender has requested a response to indicate that you have read this
 the mimeparser can not parse this message.	mail	en	The mimeparser can not parse this message.
 the rule with priority %1 successfully saved!	mail	en	The rule with priority %1 successfully saved!
 then	mail	en	THEN
+this mail contains external images served via insecure http protocol. be aware showing or allowing them can compromise your security!	mail	en	This mail contains external images served via insecure HTTP protocol. Be aware showing or allowing them can compromise your security!
 there is no imap server configured.	mail	en	There is no IMAP Server configured.
 there is no space left to store sieve script, please check sieve_maxscriptsize option on your mailserver's config.	mail	en	There is no space left to store sieve script, please check sieve_maxscriptsize option on your mailserver's config.
 this message is smime encrypted and password protected.	mail	en	This message is S/MIME encrypted and password protected.
--- a/mail/templates/default/config.xet
+++ b/mail/templates/default/config.xet
@ -58,6 +58,16 @@
 					<description value="provide a default vacation text, (used on new vacation messages when there was no message set up previously)"/>
 					<textbox id="newsettings[default_vacation_text]" cols="50" rows="8"/>
 				</row>
+				<row>
+					<description value="Handling of external http images / mixed content in mails" span="all" class="subHeader"/>
+				</row>
+				<row>
+					<description value="By default 'http://' is just replaced with 'https://'. Feel free to configure 'https://proxy.egroupware.org/' to also load images only available via http." span="all"/>
+				</row>
+				<row>
+					<description value="Replace 'http://' in image urls with (trailing / required!)"/>
+					<textbox id="newsettings[http_image_proxy]" blur="https://" class="et2_fullWidth" validator="/^(https:[\/]{2}(.+\/)?)?$/"/>
+				</row>
 				<row>
 					<description value="Miscellaneous" span="all" class="subHeader"/>
 				</row>