| | |
|---|
| | | { |
|---|
| | | switch($show_images) { |
|---|
| | | case '1': // known senders only |
|---|
| | | $CONTACTS = new rcube_contacts($DB, $_SESSION['user_id']); |
|---|
| | | $CONTACTS = new rcube_contacts($RCMAIL->db, $_SESSION['user_id']); |
|---|
| | | if ($CONTACTS->search('email', $message->sender['mailto'], true, false)->count) { |
|---|
| | | $message->set_safe(true); |
|---|
| | | } |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | $washer = new washtml($wash_opts); |
|---|
| | | $washer->add_callback('a', 'rcmail_washtml_callback'); |
|---|
| | | $washer->add_callback('form', 'rcmail_washtml_callback'); |
|---|
| | | |
|---|
| | | if ($p['safe']) { // allow CSS styles, will be sanitized by rcmail_washtml_callback() |
|---|
| | |
|---|
| | | $out = html::div('form', $content); |
|---|
| | | break; |
|---|
| | | |
|---|
| | | case 'a': |
|---|
| | | if ($attrib) $attrib .= ' target="_blank"'; |
|---|
| | | $out = '<a'.$attrib.'>' . $content . '</a>'; |
|---|
| | | break; |
|---|
| | | |
|---|
| | | case 'style': |
|---|
| | | // decode all escaped entities and reduce to ascii strings |
|---|
| | | $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content)); |
|---|
