| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // make the identity a "default" if only one identity is allowed |
|---|
| | | if (IDENTITIES_LEVEL > 1) { |
|---|
| | | $save_data['standard'] = 1; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // unset email address if user has no rights to change it |
|---|
| | | if (IDENTITIES_LEVEL == 1 || IDENTITIES_LEVEL == 3) { |
|---|
| | | unset($save_data['email']); |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // XSS protection in HTML signature (#1489251) |
|---|
| | | if (!empty($save_data['signature']) && !empty($save_data['html_signature'])) { |
|---|
| | | // replace uploaded images with data URIs |
|---|
| | | $save_data['signature'] = rcmail_attach_images($save_data['signature']); |
|---|
| | | |
|---|
| | | // XSS protection in HTML signature (#1489251) |
|---|
| | | $save_data['signature'] = rcmail_wash_html($save_data['signature']); |
|---|
| | | |
|---|
| | | // clear POST data of signature, we want to use safe content |
|---|
| | |
|---|
| | | $insert_id = $plugin['result']; |
|---|
| | | |
|---|
| | | if ($insert_id) { |
|---|
| | | $RCMAIL->plugins->exec_hook('identity_create_after', array('id' => $insert_id, 'record' => $save_data)); |
|---|
| | | |
|---|
| | | $OUTPUT->show_message('successfullysaved', 'confirmation', null, false); |
|---|
| | | |
|---|
| | | $_GET['_iid'] = $insert_id; |
|---|
| | |
|---|
| | | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Attach uploaded images into signature as data URIs |
|---|
| | | */ |
|---|
| | | function rcmail_attach_images($html) |
|---|
| | | { |
|---|
| | | global $RCMAIL; |
|---|
| | | |
|---|
| | | $offset = 0; |
|---|
| | | $regexp = '/\s(poster|src)\s*=\s*[\'"]*\S+upload-display\S+file=rcmfile(\w+)[\s\'"]*/'; |
|---|
| | | |
|---|
| | | while (preg_match($regexp, $html, $matches, 0, $offset)) { |
|---|
| | | $file_id = $matches[2]; |
|---|
| | | $data_uri = ' '; |
|---|
| | | |
|---|
| | | if ($file_id && ($file = $_SESSION['identity']['files'][$file_id])) { |
|---|
| | | $file = $RCMAIL->plugins->exec_hook('attachment_get', $file); |
|---|
| | | |
|---|
| | | $data_uri .= 'src="data:' . $file['mimetype'] . ';base64,'; |
|---|
| | | $data_uri .= base64_encode($file['data'] ? $file['data'] : file_get_contents($file['path'])); |
|---|
| | | $data_uri .= '" '; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $html = str_replace($matches[0], $data_uri, $html); |
|---|
| | | $offset += strlen($data_uri) - strlen($matches[0]) + 1; |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $html; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Sanity checks/cleanups on HTML body of signature |
|---|
| | | */ |
|---|
| | | function rcmail_wash_html($html) |
|---|
