+ case 'https':
+ case 'http':
+ if (!$view_unsafe_images){
+
+ $sExpr = "/url\s*\(\s*[\'\"]?\s*$sProto*:.*[\'\"]?\s*\)/si";
+ $content = preg_replace($sExpr, "u\0r\0l(\\1$secremoveimg\\2)", $content);
+
+ } else {
+ $content = preg_replace('/url/i',"u\0r\0l",$content);
+ }
+ break;
+ /**
+ * Fix urls that refer to cid:
+ */
+ case 'cid':
+ $cidurl = 'cid:'. $matches[2];
+ $httpurl = sq_cid2http($message, $id, $cidurl, $mailbox);
+ // escape parentheses that can modify the regular expression
+ $cidurl = str_replace(array('(',')'),array('\\(','\\)'),$cidurl);
+ $content = preg_replace("|url\s*\(\s*$cidurl\s*\)|si",
+ "u\0r\0l($httpurl)", $content);
+ break;
+ default:
+ /**
+ * replace url with protocol other then the white list
+ * http,https and cid by an empty string.
+ */
+ $content = preg_replace("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si",
+ "", $content);
+ break;