diff options
Diffstat (limited to 'program/steps/addressbook')
| -rw-r--r-- | program/steps/addressbook/func.inc | 10 | ||||
| -rw-r--r-- | program/steps/addressbook/photo.inc | 8 |
2 files changed, 13 insertions, 5 deletions
diff --git a/program/steps/addressbook/func.inc b/program/steps/addressbook/func.inc index 25dfa9009..2989dada2 100644 --- a/program/steps/addressbook/func.inc +++ b/program/steps/addressbook/func.inc @@ -799,11 +799,15 @@ function rcmail_contact_photo($attrib) } $photo_img = $RCMAIL->url($url); } - else + else { $ff_value = '-del-'; // will disable delete-photo action + } - $img = html::img(array('src' => $photo_img, 'border' => 1, 'alt' => '')); - $content = html::div($attrib, $img); + $content = html::div($attrib, html::img(array( + 'src' => $photo_img, + 'alt' => '', + 'onerror' => 'this.src = rcmail.env.photo_placeholder', + ))); if ($CONTACT_COLTYPES['photo'] && ($RCMAIL->action == 'edit' || $RCMAIL->action == 'add')) { $RCMAIL->output->add_gui_object('contactphoto', $attrib['id']); diff --git a/program/steps/addressbook/photo.inc b/program/steps/addressbook/photo.inc index 482185735..30d09ffcc 100644 --- a/program/steps/addressbook/photo.inc +++ b/program/steps/addressbook/photo.inc @@ -72,8 +72,12 @@ $plugin = $RCMAIL->plugins->exec_hook('contact_photo', if ($plugin['url']) { $RCMAIL->output->redirect($plugin['url']); } -else { - $data = $plugin['data']; + +$data = $plugin['data']; + +// detect if photo data is an URL +if (strlen($data) < 1024 && filter_var($data, FILTER_VALIDATE_URL)) { + $RCMAIL->output->redirect($data); } // deliver alt image |