From 3cc1afa1c2f30bfebb30146795e50172947b4b5f Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 29 Jun 2014 10:35:18 -0400
Subject: [PATCH] Support images in HTML signatures (#1488676) This enables image button and file browser in html editor for signatures
---
program/steps/settings/save_identity.inc | 34 +++++++++++++++++++++++++++++++++-
1 files changed, 33 insertions(+), 1 deletions(-)
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index 77245b9..de0c84c 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -79,8 +79,11 @@
}
}
-// XSS protection in HTML signature (#1489251)
if (!empty($save_data['signature']) && !empty($save_data['html_signature'])) {
+ // replace uploaded images with data URIs
+ $save_data['signature'] = rcmail_attach_images($save_data['signature']);
+
+ // XSS protection in HTML signature (#1489251)
$save_data['signature'] = rcmail_wash_html($save_data['signature']);
// clear POST data of signature, we want to use safe content
@@ -191,6 +194,35 @@
/**
+ * Attach uploaded images into signature as data URIs
+ */
+function rcmail_attach_images($html)
+{
+ global $RCMAIL;
+
+ $offset = 0;
+ $regexp = '/\s(poster|src)\s*=\s*[\'"]*\S+upload-display\S+file=rcmfile([0-9]+)[\s\'"]*/';
+
+ while (preg_match($regexp, $html, $matches, 0, $offset)) {
+ $file_id = $matches[2];
+ $data_uri = ' ';
+
+ if ($file_id && ($file = $_SESSION['identity']['files'][$file_id])) {
+ $file = $RCMAIL->plugins->exec_hook('attachment_get', $file);
+
+ $data_uri .= 'src="data:' . $file['mimetype'] . ';base64,';
+ $data_uri .= base64_encode($file['data'] ? $file['data'] : file_get_contents($file['path']));
+ $data_uri .= '" ';
+ }
+
+ $html = str_replace($matches[0], $data_uri, $html);
+ $offset += strlen($data_uri) - strlen($matches[0]) + 1;
+ }
+
+ return $html;
+}
+
+/**
* Sanity checks/cleanups on HTML body of signature
*/
function rcmail_wash_html($html)
--
Gitblit v1.9.1