Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content

pull/5754/head
Aleksander Machniak 8 years ago
parent c2b44147b6
commit 393e42844d

@ -9,6 +9,7 @@ CHANGELOG Roundcube Webmail
- Wash position:fixed style in HTML mail for better security (#5264)
- Fix bug where memcache_debug didn't work for session operations
- Fix bug where Message-ID domain part was tied to username instead of current identity (#5385)
- Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content
RELEASE 1.2.1
-------------

@ -849,13 +849,15 @@ function rcmail_prepare_message_body()
unset($plugin);
// add blocked.gif attachment (#1486516)
if ($isHtml && preg_match('#<img src="program/resources/blocked\.gif"#', $body)) {
$regexp = '# src="program/resources/blocked\.gif"#';
if ($isHtml && preg_match($regexp, $body)) {
$content = $RCMAIL->get_resource_content('blocked.gif');
if ($content && ($attachment = rcmail_save_image('blocked.gif', 'image/gif', $content))) {
$COMPOSE['attachments'][$attachment['id']] = $attachment;
$url = sprintf('%s&_id=%s&_action=display-attachment&_file=rcmfile%s',
$RCMAIL->comm_path, $COMPOSE['id'], $attachment['id']);
$body = preg_replace('#program/resources/blocked\.gif#', $url, $body);
$body = preg_replace($regexp, ' src="' . $url . '"', $body);
}
}

Loading…
Cancel
Save