holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Keep allowExternalIMGs preference intact and use an explicit preference for allowed domains

Browse Source
This commit is contained in:
Hadi Nategh 2016-12-02 10:09:56 +01:00
parent aad82affa1
commit 23aea3864c
3 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api/src/Html/HtmLawed.php
View File

@ -400,7 +400,8 @@ function hl_email_tag_transform($element, $attribute_array=0)
if (!preg_match('/^cid:.*/',$attribute_array['src'])) if (!preg_match('/^cid:.*/',$attribute_array['src']))
{ {
$url = explode('/', preg_replace('/^(http|https):\/\//','',$attribute_array['src'])); $url = explode('/', preg_replace('/^(http|https):\/\//','',$attribute_array['src']));
if (!in_array($url[0], $GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalIMGs'])) if ($GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalIMGs'] != 1
&& !in_array($url[0], $GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalDomains']))
{ {
//the own webserver url is not external, so it should be allowed //the own webserver url is not external, so it should be allowed
if (empty($GLOBALS['egw_info']['server']['webserver_url'])||!preg_match("$^".$GLOBALS['egw_info']['server']['webserver_url'].".*$",$attribute_array['src'])) if (empty($GLOBALS['egw_info']['server']['webserver_url'])||!preg_match("$^".$GLOBALS['egw_info']['server']['webserver_url'].".*$",$attribute_array['src']))

15
mail/inc/class.mail_hooks.inc.php
View File

@ -200,6 +200,21 @@ class mail_hooks
'admin' => False, 'admin' => False,
'forced' => 'always_display', 'forced' => 'always_display',
), ),
'allowExternalIMGs' => array(
'type' => 'select',
'label' => 'Allow external images',
'help' => 'allow images from external sources in html emails',
'name' => 'allowExternalIMGs',
'values' => array(
0 => lang('Never'),
1 => lang('Always'),
2 => lang('Ask for permission')
),
'xmlrpc' => True,
'admin' => True,
'default' => 2,
'forced' => 1,
),
'message_forwarding' => array( 'message_forwarding' => array(
'type' => 'select', 'type' => 'select',
'label' => 'how to forward messages', 'label' => 'how to forward messages',

11
mail/js/app.js
View File

@ -1032,6 +1032,11 @@ app.classes.mail = AppJS.extend(
resolveExternalImages: function (_node) resolveExternalImages: function (_node)
{ {
//Do not run resolve images if it's forced already to show them all
// or forced to not show them all.
var pref_img = egw.preference('allowExternalIMGs', 'mail');
if (pref_img == 1 || pref_img == 0) return;
var external_images = jQuery(_node).find('img[alt*="[blocked external image:"]'); var external_images = jQuery(_node).find('img[alt*="[blocked external image:"]');
if (external_images.length > 0 && jQuery(_node).find('.mail_externalImagesMsg').length == 0) if (external_images.length > 0 && jQuery(_node).find('.mail_externalImagesMsg').length == 0)
{ {
@ -1064,19 +1069,19 @@ app.classes.mail = AppJS.extend(
if (pref.indexOf(parts.domain) == -1) if (pref.indexOf(parts.domain) == -1)
{ {
pref.push(parts.domain); pref.push(parts.domain);
egw.set_preference( 'mail', 'allowExternalIMGs', pref); egw.set_preference( 'mail', 'allowExternalDomains', pref);
} }
} }
else else
{ {
pref = [parts.domain]; pref = [parts.domain];
egw.set_preference( 'mail', 'allowExternalIMGs', pref); egw.set_preference( 'mail', 'allowExternalDomains', pref);
} }
} }
node.src = parts.url; node.src = parts.url;
}); });
} }
var pref = egw.preference('allowExternalIMGs', 'mail'); var pref = egw.preference('allowExternalDomains', 'mail') || {};
pref = Object.values(pref); pref = Object.values(pref);
if (pref.indexOf(host.domain)>-1) if (pref.indexOf(host.domain)>-1)
{ {