[Rt-commit] rt branch, 4.2/inline-images, updated. rt-4.1.8-26-gf469598
Thomas Sibley
trs at bestpractical.com
Wed Apr 10 17:32:12 EDT 2013
The branch, 4.2/inline-images has been updated
via f469598ad6e4b085b11a5255c7b11526079cf013 (commit)
via 0671b7a436ac6405549fce4bc0cf8f2b6865d507 (commit)
from 4780104c3527f526d83264c01eeec1f87b71303b (commit)
Summary of changes:
etc/RT_Config.pm.in | 13 +++++++++++++
lib/RT/Interface/Web.pm | 12 ++++++++++--
share/html/Elements/MakeClicky | 2 +-
3 files changed, 24 insertions(+), 3 deletions(-)
- Log -----------------------------------------------------------------
commit 0671b7a436ac6405549fce4bc0cf8f2b6865d507
Author: Thomas Sibley <trs at bestpractical.com>
Date: Wed Apr 10 14:23:04 2013 -0700
Don't linkify URLs in HTML src attributes
Yet another problem stemming from MakeClicky treating HTML like plain
text. Unfortunately fixing that requires a much larger rework, for a
separate branch.
diff --git a/share/html/Elements/MakeClicky b/share/html/Elements/MakeClicky
index dcf6092..e10418f 100644
--- a/share/html/Elements/MakeClicky
+++ b/share/html/Elements/MakeClicky
@@ -138,7 +138,7 @@ unless ( $regexp ) {
my $pos = 0;
while ( $$content =~ /($regexp)/gsio ) {
my $match = $1;
- next if $` =~ /href=(?:"|")$/;
+ next if $` =~ /(?:href|src)=(?:"|")$/;
my $skipped_len = pos($$content) - $pos - length($match);
if ( $skipped_len > 0 ) {
my $plain;
commit f469598ad6e4b085b11a5255c7b11526079cf013
Author: Thomas Sibley <trs at bestpractical.com>
Date: Wed Apr 10 14:26:05 2013 -0700
Optionally show remote images in HTML messages
Display is off by default for security and privacy concerns, but it is a
useful option for folks who frequently receive HTML mail.
diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index 0d59ea4..8dbaaad 100755
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -1699,6 +1699,19 @@ behavior.
Set($ShowTransactionImages, 1);
+=item C<$ShowRemoteImages>
+
+By default, RT doesn't show remote images attached to incoming (and outgoing)
+ticket updates inline. Set this variable to 1 if you'd like to enable remote
+image display. Showing remote images may allow spammers and other senders to
+track when messages are viewed and see referer information.
+
+Note that this setting is independent of L</$ShowTransactionImages> above.
+
+=cut
+
+Set($ShowRemoteImages, 0);
+
=item C<$PlainTextPre>
Normally plaintext attachments are displayed as HTML with line breaks
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index cd09202..73869d7 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -3636,12 +3636,20 @@ our %SCRUBBER_ALLOWED_ATTRIBUTES = (
our %SCRUBBER_RULES = ();
# If we're displaying images, let embedded ones through
-if (RT->Config->Get('ShowTransactionImages')) {
+if (RT->Config->Get('ShowTransactionImages') or RT->Config->Get('ShowRemoteImages')) {
$SCRUBBER_RULES{'img'} = {
'*' => 0,
alt => 1,
- src => qr/^cid:/i,
};
+
+ my @src;
+ push @src, qr/^cid:/i
+ if RT->Config->Get('ShowTransactionImages');
+
+ push @src, $SCRUBBER_ALLOWED_ATTRIBUTES{'href'}
+ if RT->Config->Get('ShowRemoteImages');
+
+ $SCRUBBER_RULES{'img'}->{'src'} = join "|", @src;
}
sub _NewScrubber {
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list