[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] SF.net SVN: squirrelmail:[14395] branches/SM-1_4-STABLE/squirrelmail
From: pdontthink () users ! sourceforge ! net
Date: 2013-10-23 10:07:47
Message-ID: E1VYvLz-00067d-IM () sfs-ml-3 ! v29 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Revision: 14395
http://sourceforge.net/p/squirrelmail/code/14395
Author: pdontthink
Date: 2013-10-23 10:07:45 +0000 (Wed, 23 Oct 2013)
Log Message:
-----------
Add new spacer image and allow its use for unsafe images instead of the sec_remove_* \
image -- brings HTML emails into the modern age (much more viewable)
Modified Paths:
--------------
branches/SM-1_4-STABLE/squirrelmail/config/conf.pl
branches/SM-1_4-STABLE/squirrelmail/config/config_default.php
branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog
branches/SM-1_4-STABLE/squirrelmail/functions/mime.php
branches/SM-1_4-STABLE/squirrelmail/plugins/administrator/defines.php
Added Paths:
-----------
branches/SM-1_4-STABLE/squirrelmail/images/spacer.png
Modified: branches/SM-1_4-STABLE/squirrelmail/config/conf.pl
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/config/conf.pl 2013-10-22 21:48:11 UTC (rev \
14394)
+++ branches/SM-1_4-STABLE/squirrelmail/config/conf.pl 2013-10-23 10:07:45 UTC (rev \
14395) @@ -362,6 +362,7 @@
# Added in 1.4.23
$browser_rendering_mode = 'quirks' if ( !$browser_rendering_mode );
+$use_transparent_security_image = 'true' if ( !$use_transparent_security_image );
if ( $ARGV[0] eq '--install-plugin' ) {
print "Activating plugin " . $ARGV[1] . "\n";
@@ -560,6 +561,7 @@
print "17. Disable secure forms : \
$WHT$disable_security_tokens$NRM\n";
print "18. Page referal requirement : $WHT$check_referrer$NRM\n";
print "19. Browser rendering mode : \
$WHT$browser_rendering_mode$NRM\n"; + print "20. Security image \
: $WHT" . (lc($use_transparent_security_image) eq 'true' ? 'Transparent' : 'Textual') \
. "$NRM\n"; print "\n";
print "R Return to Main Menu\n";
} elsif ( $menu == 5 ) {
@@ -780,6 +782,7 @@
elsif ( $command == 17 ) { $disable_security_tokens = command317(); }
elsif ( $command == 18 ) { $check_referrer = command318(); }
elsif ( $command == 19 ) { $browser_rendering_mode = command319(); }
+ elsif ( $command == 20 ) { $use_transparent_security_image = \
command320(); } } elsif ( $menu == 5 ) {
if ( $command == 1 ) { command41(); }
elsif ( $command == 2 ) { $theme_css = command42(); }
@@ -2573,6 +2576,34 @@
+# use_transparent_security_image (since 1.4.23)
+sub command320 {
+ print "When HTML messages are being displayed, SquirrelMail's default \
behavior\n"; + print "is to remove all remote images and replace them with a local \
one.\n"; + print "\n";
+ print "This option allows you to specify whether the local image should \
contain\n"; + print "text that indicates to the user that \"this image has been \
removed for\n"; + print "security reasons\" (translated into most languages), or \
if it should be\n"; + print "transparent.\n";
+ print "\n";
+
+ if ( lc($use_transparent_security_image) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Use transparent security image? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $use_transparent_security_image = <STDIN>;
+ if ( ( $use_transparent_security_image =~ /^y\n/i ) || ( ( \
$use_transparent_security_image =~ /^\n/ ) && ( $default_value eq "y" ) ) ) { + \
$use_transparent_security_image = 'true'; + } else {
+ $use_transparent_security_image = 'false';
+ }
+ return $use_transparent_security_image;
+}
+
+
+
####################################################################################
#### THEMES ####
sub command41 {
@@ -3625,6 +3656,9 @@
print CF "\$check_referrer = '$check_referrer';\n";
print CF "\$browser_rendering_mode = '$browser_rendering_mode';\n";
+ # boolean
+ print CF "\$use_transparent_security_image = \
$use_transparent_security_image;\n"; +
print CF "\n";
print CF "\$config_location_base = '$config_location_base';\n";
Modified: branches/SM-1_4-STABLE/squirrelmail/config/config_default.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/config/config_default.php 2013-10-22 21:48:11 \
UTC (rev 14394)
+++ branches/SM-1_4-STABLE/squirrelmail/config/config_default.php 2013-10-23 10:07:45 \
UTC (rev 14395) @@ -737,7 +737,19 @@
*/
$browser_rendering_mode = 'quirks';
+/**
+ * Security Image Type
+ *
+ * Switches between using a transparent image
+ * and one that states "this image has been
+ * removed for security reasons"
+ *
+ * @global bool $use_transparent_security_image
+ * @since 1.5.2 and 1.4.23
+ */
+$use_transparent_security_image = true;
+
/**
* Themes
* You can define your own theme and put it in this directory.
Modified: branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog 2013-10-22 21:48:11 UTC (rev \
14394)
+++ branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog 2013-10-23 10:07:45 UTC (rev \
14395) @@ -43,6 +43,9 @@
- Added Solarized Light and Solarized Dark themes, by Pavneet Arora.
- Added associative edit list option widget, with optional folder
list selector for values
+ - Added option to use blank spacer instead of security image ("This
+ image has been removed for security reasons.") for replacing
+ unsafe images.
Version 1.4.22 - 12 July 2011
-----------------------------
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/mime.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/mime.php 2013-10-22 21:48:11 UTC \
(rev 14394)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/mime.php 2013-10-23 10:07:45 UTC \
(rev 14395) @@ -1715,7 +1715,9 @@
$view_unsafe_images = false;
}
- $secremoveimg = '../images/' . _("sec_remove_eng.png");
+ global $use_transparent_security_image;
+ if ($use_transparent_security_image) $secremoveimg = '../images/spacer.png';
+ else $secremoveimg = '../images/' . _("sec_remove_eng.png");
/**
* Replace empty src tags with the blank image. src is only used
@@ -1929,8 +1931,11 @@
* and change it to .bodyclass so we can just assign it to a <div>
*/
$content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content);
- $secremoveimg = '../images/' . _("sec_remove_eng.png");
+ global $use_transparent_security_image;
+ if ($use_transparent_security_image) $secremoveimg = '../images/spacer.png';
+ else $secremoveimg = '../images/' . _("sec_remove_eng.png");
+
// first check for 8bit sequences and disallowed control characters
if (preg_match('/[\16-\37\200-\377]+/',$content)) {
$content = '<!-- style block removed by html filter due to presence of 8bit \
characters -->'; @@ -2353,7 +2358,10 @@
)
);
- $secremoveimg = "../images/" . _("sec_remove_eng.png");
+ global $use_transparent_security_image;
+ if ($use_transparent_security_image) $secremoveimg = '../images/spacer.png';
+ else $secremoveimg = '../images/' . _("sec_remove_eng.png");
+
$bad_attvals = Array(
"/.*/" =>
Array(
Added: branches/SM-1_4-STABLE/squirrelmail/images/spacer.png
===================================================================
(Binary files differ)
Index: branches/SM-1_4-STABLE/squirrelmail/images/spacer.png
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/images/spacer.png 2013-10-22 21:48:11 UTC \
(rev 14394)
+++ branches/SM-1_4-STABLE/squirrelmail/images/spacer.png 2013-10-23 10:07:45 UTC \
(rev 14395)
Property changes on: branches/SM-1_4-STABLE/squirrelmail/images/spacer.png
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/administrator/defines.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/administrator/defines.php 2013-10-22 \
21:48:11 UTC (rev 14394)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/administrator/defines.php 2013-10-23 \
10:07:45 UTC (rev 14395) @@ -265,6 +265,9 @@
'type' => SMOPT_TYPE_STRING,
'size' => 40,
'default' => '' ),
+ '$use_transparent_security_image' => array( 'name' => _("Use \
transparent security image"), + 'type' => \
SMOPT_TYPE_BOOLEAN, + 'default' => true ),
/* --------------------------------------------------------*/
'Group5' => array( 'name' => _("Message of the Day"),
'type' => SMOPT_TYPE_TITLE ),
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic