From: pdontthink Date: Wed, 23 Oct 2013 10:09:16 +0000 (+0000) Subject: Add new spacer image and allow its use for unsafe images instead of the sec_remove_... X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=6ab8321f9c45946886a5c34a2df36f418b9aed3a;p=squirrelmail.git Add new spacer image and allow its use for unsafe images instead of the sec_remove_* image -- brings HTML emails into the modern age (much more viewable) git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14396 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/config/conf.pl b/config/conf.pl index cf9e66be..f58cf895 100755 --- a/config/conf.pl +++ b/config/conf.pl @@ -494,6 +494,7 @@ $only_secure_cookies = 'true' if ( !$only_secure_cookies ); $disable_security_tokens = 'false' if ( !$disable_security_tokens ); $check_referrer = '' if ( !$check_referrer ); $ask_user_info = 'true' if ( !$ask_user_info ); +$use_transparent_security_image = 'true' if ( !$use_transparent_security_image ); if ( $ARGV[0] eq '--install-plugin' ) { print "Activating plugin " . $ARGV[1] . "\n"; @@ -725,6 +726,7 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { print "17. Only secure cookies if poss. : $WHT$only_secure_cookies$NRM\n"; print "18. Disable secure forms : $WHT$disable_security_tokens$NRM\n"; print "19. Page referal requirement : $WHT$check_referrer$NRM\n"; + print "20. Security image : $WHT" . (lc($use_transparent_security_image) eq 'true' ? 'Transparent' : 'Textual') . "$NRM\n"; print "\n"; print "R Return to Main Menu\n"; } elsif ( $menu == 5 ) { @@ -1001,6 +1003,7 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { elsif ( $command == 17 ) { $only_secure_cookies = command319(); } elsif ( $command == 18 ) { $disable_security_tokens = command320(); } elsif ( $command == 19 ) { $check_referrer = command321(); } + elsif ( $command == 20 ) { $use_transparent_security_image = command322(); } } elsif ( $menu == 5 ) { if ( $command == 1 ) { $use_icons = commandB3(); } # elsif ( $command == 3 ) { $icon_theme_def = command53(); } @@ -2817,7 +2820,7 @@ sub command320 { -# check_referrer (since 1.1.5.2) +# check_referrer (since 1.5.2) sub command321 { print "This option allows you to enable referal checks for all page requests\n"; print "made to SquirrelMail. This can help ensure that page requests came\n"; @@ -2848,6 +2851,34 @@ sub command321 { +# use_transparent_security_image (since 1.5.2) +sub command322 { + print "When HTML messages are being displayed, SquirrelMail's default behavior\n"; + print "is to remove all remote images and replace them with a local one.\n"; + print "\n"; + print "This option allows you to specify whether the local image should contain\n"; + print "text that indicates to the user that \"this image has been removed for\n"; + print "security reasons\" (translated into most languages), or if it should be\n"; + print "transparent.\n"; + print "\n"; + + if ( lc($use_transparent_security_image) eq 'true' ) { + $default_value = "y"; + } else { + $default_value = "n"; + } + print "Use transparent security image? (y/n) [$WHT$default_value$NRM]: $WHT"; + $use_transparent_security_image = ; + if ( ( $use_transparent_security_image =~ /^y\n/i ) || ( ( $use_transparent_security_image =~ /^\n/ ) && ( $default_value eq "y" ) ) ) { + $use_transparent_security_image = 'true'; + } else { + $use_transparent_security_image = 'false'; + } + return $use_transparent_security_image; +} + + + sub command_userThemes { print "\nDefine the user themes that you wish to use. If you have added\n"; print "a theme of your own, just follow the instructions (?) about\n"; @@ -5172,6 +5203,9 @@ sub save_data { # string print CF "\$check_referrer = '$check_referrer';\n"; + # boolean + print CF "\$use_transparent_security_image = $use_transparent_security_image;\n"; + print CF "\n"; # boolean diff --git a/config/config_default.php b/config/config_default.php index 7baba361..d5dd65a4 100644 --- a/config/config_default.php +++ b/config/config_default.php @@ -720,6 +720,18 @@ $disable_security_tokens = false; */ $check_referrer = ''; +/** + * Security Image Type + * + * Switches between using a transparent image + * and one that states "this image has been + * removed for security reasons" + * + * @global bool $use_transparent_security_image + * @since 1.5.2 and 1.4.23 + */ +$use_transparent_security_image = true; + /** * User Themes diff --git a/doc/ChangeLog b/doc/ChangeLog index 365be451..330eec1f 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -378,6 +378,9 @@ Version 1.5.2 - SVN messages sent to the recipient of the previous message (#3520988). - Added associative edit list option widget, with optional folder list selector for values + - Added option to use blank spacer instead of security image ("This + image has been removed for security reasons.") for replacing + unsafe images. Version 1.5.1 (branched on 2006-02-12) -------------------------------------- diff --git a/functions/mime.php b/functions/mime.php index a639e677..227b0ab6 100644 --- a/functions/mime.php +++ b/functions/mime.php @@ -1898,7 +1898,9 @@ function sq_fix_url($attname, &$attvalue, $message, $id, $mailbox,$sQuote = '"') // images off by default. sqgetGlobalVar('view_unsafe_images', $view_unsafe_images, SQ_GET, FALSE); - $secremoveimg = '../images/' . _("sec_remove_eng.png"); + global $use_transparent_security_image; + if ($use_transparent_security_image) $secremoveimg = '../images/spacer.png'; + else $secremoveimg = '../images/' . _("sec_remove_eng.png"); /** * Replace empty src tags with the blank image. src is only used @@ -2111,7 +2113,11 @@ function sq_fixstyle($body, $pos, $message, $id, $mailbox){ * and change it to .bodyclass so we can just assign it to a
*/ $content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content); - $secremoveimg = '../images/' . _("sec_remove_eng.png"); + + global $use_transparent_security_image; + if ($use_transparent_security_image) $secremoveimg = '../images/spacer.png'; + else $secremoveimg = '../images/' . _("sec_remove_eng.png"); + /** * Fix url('blah') declarations. */ @@ -2549,7 +2555,10 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links ) ); - $secremoveimg = "../images/" . _("sec_remove_eng.png"); + global $use_transparent_security_image; + if ($use_transparent_security_image) $secremoveimg = '../images/spacer.png'; + else $secremoveimg = '../images/' . _("sec_remove_eng.png"); + $bad_attvals = Array( "/.*/" => Array( diff --git a/images/spacer.png b/images/spacer.png new file mode 100644 index 00000000..9da19eac Binary files /dev/null and b/images/spacer.png differ diff --git a/plugins/administrator/defines.php b/plugins/administrator/defines.php index b79ef601..83fec4eb 100644 --- a/plugins/administrator/defines.php +++ b/plugins/administrator/defines.php @@ -293,6 +293,9 @@ $defcfg = array( '$config_version' => array( 'name' => _("Config File Version"), 'type' => SMOPT_TYPE_STRING, 'size' => 40, 'default' => '' ), + '$use_transparent_security_image' => array( 'name' => _("Use transparent security image"), + 'type' => SMOPT_TYPE_BOOLEAN, + 'default' => true ), /* --------------------------------------------------------*/ 'Group5' => array( 'name' => _("Message of the Day"), 'type' => SMOPT_TYPE_TITLE ),