summaryrefslogtreecommitdiff
path: root/program/steps
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2014-06-29 16:35:18 +0200
committerAleksander Machniak <alec@alec.pl>2014-06-29 16:35:18 +0200
commit3cc1afa1c2f30bfebb30146795e50172947b4b5f (patch)
tree077d3ec048b393472f41917448b4a14b977b3e58 /program/steps
parentc3bb0d32a52687865f78816d4a88292d72803e73 (diff)
Support images in HTML signatures (#1488676)
This enables image button and file browser in html editor for signatures
Diffstat (limited to 'program/steps')
-rw-r--r--program/steps/mail/attachments.inc63
-rw-r--r--program/steps/settings/edit_identity.inc10
-rw-r--r--program/steps/settings/func.inc1
-rw-r--r--program/steps/settings/save_identity.inc34
4 files changed, 46 insertions, 62 deletions
diff --git a/program/steps/mail/attachments.inc b/program/steps/mail/attachments.inc
index fd122c5c1..5eaa655e3 100644
--- a/program/steps/mail/attachments.inc
+++ b/program/steps/mail/attachments.inc
@@ -38,7 +38,7 @@ if (!$COMPOSE) {
// remove an attachment
-if ($RCMAIL->action=='remove-attachment') {
+if ($RCMAIL->action == 'remove-attachment') {
$id = 'undefined';
if (preg_match('/^rcmfile(\w+)$/', $_POST['_file'], $regs)) {
@@ -67,66 +67,7 @@ if ($RCMAIL->action == 'display-attachment') {
$id = $regs[1];
}
- if ($attachment = $COMPOSE['attachments'][$id]) {
- $attachment = $RCMAIL->plugins->exec_hook('attachment_display', $attachment);
- }
-
- if ($attachment['status']) {
- if (empty($attachment['size'])) {
- $attachment['size'] = $attachment['data'] ? strlen($attachment['data']) : @filesize($attachment['path']);
- }
-
- // generate image thumbnail for file browser in HTML editor
- if (!empty($_GET['_thumbnail'])) {
- $temp_dir = $RCMAIL->config->get('temp_dir');
- $thumbnail_size = 80;
- list(,$ext) = explode('/', $attachment['mimetype']);
- $mimetype = $attachment['mimetype'];
- $file_ident = $attachment['id'] . ':' . $attachment['mimetype'] . ':' . $attachment['size'];
- $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);
- $cache_file = $cache_basename . '.' . $ext;
-
- // render thumbnail image if not done yet
- if (!is_file($cache_file)) {
- if (!$attachment['path']) {
- $orig_name = $filename = $cache_basename . '.orig.' . $ext;
- file_put_contents($orig_name, $attachment['data']);
- }
- else {
- $filename = $attachment['path'];
- }
-
- $image = new rcube_image($filename);
- if ($imgtype = $image->resize($thumbnail_size, $cache_file, true)) {
- $mimetype = 'image/' . $imgtype;
-
- if ($orig_name) {
- unlink($orig_name);
- }
- }
- }
-
- if (is_file($cache_file)) {
- // cache for 1h
- $RCMAIL->output->future_expire_header(3600);
- header('Content-Type: ' . $mimetype);
- header('Content-Length: ' . filesize($cache_file));
-
- readfile($cache_file);
- exit;
- }
- }
-
- header('Content-Type: ' . $attachment['mimetype']);
- header('Content-Length: ' . $attachment['size']);
-
- if ($attachment['data']) {
- echo $attachment['data'];
- }
- else if ($attachment['path']) {
- readfile($attachment['path']);
- }
- }
+ $RCMAIL->display_uploaded_file($COMPOSE['attachments'][$id]);
exit;
}
diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc
index 20f822027..34fe9798f 100644
--- a/program/steps/settings/edit_identity.inc
+++ b/program/steps/settings/edit_identity.inc
@@ -176,5 +176,15 @@ function rcube_identity_form($attrib)
$out .= $form_end;
+ // add image upload form
+ $max_filesize = $RCMAIL->upload_init($RCMAIL->config->get('identity_image_size', 64) * 1024);
+ $upload_form_id = 'identityImageUpload';
+
+ $out .= '<form id="' . $upload_form_id . '" style="display: none">'
+ . html::div('hint', $RCMAIL->gettext(array('name' => 'maxuploadsize', 'vars' => array('size' => $max_filesize))))
+ . '</form>';
+
+ $RCMAIL->output->add_gui_object('uploadform', $upload_form_id);
+
return $out;
}
diff --git a/program/steps/settings/func.inc b/program/steps/settings/func.inc
index 89103ee44..7ccbfa4a5 100644
--- a/program/steps/settings/func.inc
+++ b/program/steps/settings/func.inc
@@ -44,6 +44,7 @@ $RCMAIL->register_action_map(array(
'add-response' => 'edit_response.inc',
'save-response' => 'edit_response.inc',
'delete-response' => 'responses.inc',
+ 'upload-display' => 'upload.inc',
));
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index 77245b988..de0c84c91 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -79,8 +79,11 @@ foreach ($email_checks as $email) {
}
}
-// XSS protection in HTML signature (#1489251)
if (!empty($save_data['signature']) && !empty($save_data['html_signature'])) {
+ // replace uploaded images with data URIs
+ $save_data['signature'] = rcmail_attach_images($save_data['signature']);
+
+ // XSS protection in HTML signature (#1489251)
$save_data['signature'] = rcmail_wash_html($save_data['signature']);
// clear POST data of signature, we want to use safe content
@@ -191,6 +194,35 @@ else {
/**
+ * Attach uploaded images into signature as data URIs
+ */
+function rcmail_attach_images($html)
+{
+ global $RCMAIL;
+
+ $offset = 0;
+ $regexp = '/\s(poster|src)\s*=\s*[\'"]*\S+upload-display\S+file=rcmfile([0-9]+)[\s\'"]*/';
+
+ while (preg_match($regexp, $html, $matches, 0, $offset)) {
+ $file_id = $matches[2];
+ $data_uri = ' ';
+
+ if ($file_id && ($file = $_SESSION['identity']['files'][$file_id])) {
+ $file = $RCMAIL->plugins->exec_hook('attachment_get', $file);
+
+ $data_uri .= 'src="data:' . $file['mimetype'] . ';base64,';
+ $data_uri .= base64_encode($file['data'] ? $file['data'] : file_get_contents($file['path']));
+ $data_uri .= '" ';
+ }
+
+ $html = str_replace($matches[0], $data_uri, $html);
+ $offset += strlen($data_uri) - strlen($matches[0]) + 1;
+ }
+
+ return $html;
+}
+
+/**
* Sanity checks/cleanups on HTML body of signature
*/
function rcmail_wash_html($html)