From 83d6bb4b29bc8e1bbfb47badbb62c5599c27e0e6 Mon Sep 17 00:00:00 2001 From: pdontthink Date: Wed, 27 Feb 2019 03:31:33 +0000 Subject: [PATCH] Add new options for SVG handling and broken base64-encoded messages git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14809 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- config/conf.pl | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) diff --git a/config/conf.pl b/config/conf.pl index a37531db..5067ac2c 100755 --- a/config/conf.pl +++ b/config/conf.pl @@ -515,6 +515,9 @@ $check_referrer = '' if ( !$check_referrer ); $ask_user_info = 'true' if ( !$ask_user_info ); $use_transparent_security_image = 'true' if ( !$use_transparent_security_image ); $display_imap_login_error = 'false' if ( !$display_imap_login_error ); +$allow_svg_display = 'false' if ( !$allow_svg_display ); +$block_svg_download = 'false' if ( !$block_svg_download ); +$fix_broken_base64_encoded_messages = 'false' if ( !$fix_broken_base64_encoded_messages ); if ( $ARGV[0] eq '--install-plugin' ) { print "Activating plugin " . $ARGV[1] . "\n"; @@ -749,6 +752,9 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { print "19. Page referal requirement : $WHT$check_referrer$NRM\n"; print "20. Security image : $WHT" . (lc($use_transparent_security_image) eq 'true' ? 'Transparent' : 'Textual') . "$NRM\n"; print "21. Display login error from IMAP: $WHT$display_imap_login_error$NRM\n"; + print "22. Show inline SVG objects : $WHT$allow_svg_display$NRM\n"; + print "23. Block downloading SVG objects: $WHT$block_svg_download$NRM\n"; + print "24. Fix broken base64 messages : $WHT$fix_broken_base64_encoded_messages$NRM\n"; print "\n"; print "R Return to Main Menu\n"; } elsif ( $menu == 5 ) { @@ -1027,6 +1033,9 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { elsif ( $command == 19 ) { $check_referrer = command321(); } elsif ( $command == 20 ) { $use_transparent_security_image = command322(); } elsif ( $command == 21 ) { $display_imap_login_error = command323(); } + elsif ( $command == 22 ) { $allow_svg_display = command324(); } + elsif ( $command == 23 ) { $block_svg_download = command325(); } + elsif ( $command == 24 ) { $fix_broken_base64_encoded_messages = command326(); } } elsif ( $menu == 5 ) { if ( $command == 1 ) { $use_icons = commandB3(); } # elsif ( $command == 3 ) { $icon_theme_def = command53(); } @@ -2955,6 +2964,91 @@ sub command323 { +# allow_svg_display (since 1.5.2) +sub command324 { + print "Some email messages might contain SVG images or animations, however\n"; + print "the power and dynamic nature of SVG objects may represent security or\n"; + print "privacy vulnerabilities.\n"; + print "\n"; + print "Enabling this option will cause SquirrelMail to display any SVG objects\n"; + print "included inline in email messages when they are viewed in HTML format.\n"; + print "\n"; + + if ( lc($allow_svg_display) eq 'true' ) { + $default_value = "y"; + } else { + $default_value = "n"; + } + print "Show inline SVG objects? (y/n) [$WHT$default_value$NRM]: $WHT"; + $allow_svg_display = ; + if ( ( $allow_svg_display =~ /^y\n/i ) || ( ( $allow_svg_display =~ /^\n/ ) && ( $default_value eq "y" ) ) ) { + $allow_svg_display = 'true'; + } else { + $allow_svg_display = 'false'; + } + return $allow_svg_display; +} + + + +# block_svg_download (since 1.5.2) +sub command325 { + print "Some email messages might contain SVG image or animation attachments,\n"; + print "however even when downloaded, the power and dynamic nature of SVG\n"; + print "objects may represent security or privacy vulnerabilities.\n"; + print "\n"; + print "Enabling this option will cause SquirrelMail to hide download links\n"; + print "for any SVG objects attached to email messages, whereas disabling it\n"; + print "will allow users to download such attachments as they see fit.\n"; + print "\n"; + + if ( lc($block_svg_download) eq 'true' ) { + $default_value = "y"; + } else { + $default_value = "n"; + } + print "Hide download links for SVG objects? (y/n) [$WHT$default_value$NRM]: $WHT"; + $block_svg_download = ; + if ( ( $block_svg_download =~ /^y\n/i ) || ( ( $block_svg_download =~ /^\n/ ) && ( $default_value eq "y" ) ) ) { + $block_svg_download = 'true'; + } else { + $block_svg_download = 'false'; + } + return $block_svg_download; +} + + + +# fix_broken_base64_encoded_messages (since 1.5.2) +sub command326 { + print "Some email messages might contain base64-encoded parts, and a very\n"; + print "small number of unknown servers have been seen sending such\n"; + print "messages in a malformed but recoverable manner.\n"; + print "\n"; + print "Enabling this option will cause SquirrelMail to detect and correct\n"; + print "such messages at a slight cost in processing power. Chances are\n"; + print "somewhat low that your users would ever receive such messages.\n"; + print "\n"; + + if ( lc($fix_broken_base64_encoded_messages) eq 'true' ) { + $default_value = "y"; + } else { + $default_value = "n"; + } + print "Fix broken base64-encoded messages? (y/n) [$WHT$default_value$NRM]: $WHT"; + $fix_broken_base64_encoded_messages = ; + if ( ( $fix_broken_base64_encoded_messages =~ /^y\n/i ) || ( ( $fix_broken_base64_encoded_messages =~ /^\n/ ) && ( $default_value eq "y" ) ) ) { + $fix_broken_base64_encoded_messages = 'true'; + } else { + $fix_broken_base64_encoded_messages = 'false'; + } + return $fix_broken_base64_encoded_messages; +} + + + +#################################################################################### +#### THEMES #### sub command_userThemes { print "\nDefine the user themes that you wish to use. If you have added\n"; print "a theme of your own, just follow the instructions (?) about\n"; @@ -5286,6 +5380,10 @@ sub save_data { # boolean print CF "\$use_transparent_security_image = $use_transparent_security_image;\n"; + print CF "\$allow_svg_display = $allow_svg_display;\n"; + print CF "\$block_svg_download = $block_svg_download;\n"; + print CF "\$fix_broken_base64_encoded_messages = $fix_broken_base64_encoded_messages;\n"; + print CF "\n"; # boolean -- 2.25.1