[dev]
Re: [imp] mail.yahoo-esque "Block HTML graphics in email messages
from being downloaded" functionality?
Amith Varghese
amith at xalan.com
Thu Mar 13 17:05:01 PST 2003
> How about a "show images" button / link on the "command line" (up with
> source, reply, redirect, blacklist, etc).
> Element display based on user preferences is *very* easy.
>
The following is a patch that blocks images in HTML messages. Basically how
this works is that IMP goes through the HTML attachments and replaces all
graphics with imp/graphics/file/spacer.gif (a blank image). On the line that
gives the name of the attachment there is an icon that is displayed that allows
the user to "turn" the images back on.
This functionality is controlled using two preferences. The first one turn this
functionality on or off. The second preference lets e-mails that are sent by
people in your addressbook to get through without alteration.
Hopefully this will let people feel a little safer viewing HTML messages without
having to worry about web bugs that seem to be used alot.
The following in the regexp that I use to filter the messages.
preg_replace('/(<img.*src=|<input.*src=|<body.*background=|<td.*background=|<table.*background=|style=.*background-image:.*url\().*(\s|>|\))/iUs',
"$1" . $newSrc . "$2", $data);
i think this catches most images. I've tested this out on several pages and it
caught everything (HTML messages sent inline and as attachments). The only case
where this does not work is if someone uses an external css file located on a
remote server. I guess technically the program could download that and check
that file and change the <link> reference of the css file but that was a little
too involved. Someone else is free to do that if they choose.
Please look this over and make sure I'm not missing anything before its
committed. Also I have to admit its not crystal clear that the icon that I use
(which shows up next to the strip attachments icon) is used for showing images.
But I couldn't think of anything else. Let me know if there are any other
problems.
Amith
-------------- next part --------------
Index: imp/message.php
===================================================================
RCS file: /repository/imp/message.php,v
retrieving revision 2.459
diff -u -r2.459 message.php
--- imp/message.php 28 Feb 2003 01:56:28 -0000 2.459
+++ imp/message.php 13 Mar 2003 17:35:40 -0000
@@ -225,6 +225,14 @@
$imp_contents->setStripLink(true);
}
+/*
+ Determine if we should generate the <img> link so that users can
+ view images in HTML message
+*/
+if ($prefs->getValue('html_image_replacement')) {
+ $imp_contents->setImgLink(true);
+}
+
/* Don't show summary links if we are printing the message. */
$imp_contents->showSummaryLinks(!$printer_friendly);
Index: imp/config/prefs.php.dist
===================================================================
RCS file: /repository/imp/config/prefs.php.dist,v
retrieving revision 1.151
diff -u -r1.151 prefs.php.dist
--- imp/config/prefs.php.dist 4 Mar 2003 20:01:28 -0000 1.151
+++ imp/config/prefs.php.dist 13 Mar 2003 17:35:40 -0000
@@ -64,7 +64,9 @@
'column' => _("Mail Management"),
'label' => _("Message Viewing"),
'desc' => _("Set preferences for filtering messages for unwanted content."),
- 'members' => array('filtering', 'strip_attachments'));
+ 'members' => array('filtering', 'strip_attachments',
+ 'html_image_replacement',
+ 'allow_images_from_addressbook_senders'));
$prefGroups['delmove'] = array(
'column' => _("Mail Management"),
@@ -482,6 +484,29 @@
'shared' => false,
'type' => 'checkbox',
'desc' => _("Show an icon to allow stripping of attachments from messages?"));
+
+// Should we replace all image tags in HTML messages with a blank image so that
+// the user can decide whether or not to view the images?
+//
+// This could help filter out obscene images or web bugs.
+// a value of 0 = no, 1 = yes
+$_prefs['html_image_replacement'] = array(
+ 'value' => 1,
+ 'locked' => false,
+ 'shared' => false,
+ 'type' => 'checkbox',
+ 'desc' => _("Block images in HTML messages unless they are specifically requested?")
+);
+
+// By default, we automatically show images in HTML messages if the sender is in// our addressbook. However if we want to disable this set this to yes.
+// a value of 0 = no, 1 = yes
+$_prefs['allow_images_from_addressbook_senders'] = array(
+ 'value' => 1,
+ 'locked' => false,
+ 'shared' => false,
+ 'type' => 'checkbox',
+ 'desc' => _("Automatically show images in HTML messages when the sender is in my addressbook.")
+);
// End Message Viewing preferences
Index: imp/lib/Contents.php
===================================================================
RCS file: /repository/imp/lib/Contents.php,v
retrieving revision 1.105
diff -u -r1.105 Contents.php
--- imp/lib/Contents.php 28 Feb 2003 01:56:28 -0000 1.105
+++ imp/lib/Contents.php 13 Mar 2003 17:35:40 -0000
@@ -51,6 +51,13 @@
var $_strip = false;
/**
+ * Should we show the <img> link to view images in HTML messages?
+ *
+ * @var boolean $_imglink
+ */
+ var $_imglink = false;
+
+ /**
* Constructor
*
* @access public
@@ -124,6 +131,19 @@
}
/**
+ * Allow the <img> link to be generated so that a user can see images in
+ * HTML if they have blocked images by default
+ *
+ * @access public
+ *
+ * @param boolean $imglink Should the <img> link be generated?
+ */
+ function setImgLink($imglink = false)
+ {
+ $this->_imglink = $imglink;
+ }
+
+ /**
* Returns an HTML table row summarizing a part of a MIME message.
*
* @access public
@@ -155,6 +175,37 @@
$url = Horde::addParameter($url, 'imapid', $this->_getMIMEKey($mime_part, false));
$url = Horde::addParameter($url, 'index', $this->getMessageIndex());
$summary[] = Horde::link($url, _("Strip Attachment"), null, null, "return window.confirm('" . addslashes(_("Are you sure you wish to PERMANENTLY delete this attachment?")) . "');") . Horde::img('deleted.gif', _("Strip Attachment")) . '</a>';
+ } else {
+ $summary[] = ' ';
+ }
+
+ /* Add icon to allow users to view images in HTML messages? */
+ if ($this->_imglink && $mime_part->getType() == 'text/html') {
+
+ global $mime_drivers;
+
+ $viewimg = Horde::img('image.gif', _("View Images"), null, 'graphics/mime');
+ $hideimg = Horde::img('image.gif', _("Hide Images"), null, 'graphics/mime');
+ $size = $mime_part->getBytes();
+ $viewer = &parent::getMIMEViewer($mime_part);
+
+ if ($mime_drivers['imp']['html']['inline']) {
+
+ $url = Horde::selfUrl(true);
+ if (Horde::getFormData('viewimages') != 'true') {
+ $url = Horde::addParameter($url, 'viewimages', 'true');
+ $summary[] = Horde::link($url, _("View Images"), null, null, null, _("View Images"), null) . $viewimg . '</a>';
+ } else {
+ $url = Horde::removeParameter($url, array('viewimages'));
+ $summary[] = Horde::link($url, _("Hide Images"), null, null, null, _("Hide Images"), null) . $hideimg . '</a>';
+ }
+
+ } else {
+ $param_array['ctype'] = 'text/html';
+ $param_array['viewimages'] = 'true';
+ $summary[] = parent::linkViewJS($mime_part, VIEW_ATTACH, $img,
+ null, null, $param_array);
+ }
} else {
$summary[] = ' ';
}
Index: imp/lib/MIME/Viewer/html.php
===================================================================
RCS file: /repository/imp/lib/MIME/Viewer/html.php,v
retrieving revision 1.38
diff -u -r1.38 html.php
--- imp/lib/MIME/Viewer/html.php 14 Jan 2003 01:20:35 -0000 1.38
+++ imp/lib/MIME/Viewer/html.php 13 Mar 2003 17:35:40 -0000
@@ -20,6 +20,39 @@
class IMP_MIME_Viewer_html extends MIME_Viewer {
/**
+ * Determine whether sender is in addressbook
+ *
+ * @access private
+ *
+ * @param string $sender The e-mail address of the sender
+ *
+ * @return boolean Returns true or false if the sender is in one of the
+ * address books
+ */
+ function _inAddressBook($sender)
+ {
+
+ global $registry;
+
+ // Get the lists of address books through API
+ $source_list = $registry->call('contacts/sources');
+
+ // Try to get back a result from the search
+ $result = $registry->call('contacts/getField', array($sender, '__key', array_keys($source_list)));
+
+ if (is_a($result, 'PEAR_Error')) {
+ return false;
+ } else {
+ if (count($result) > 0) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ }
+
+ /**
* Render out the currently set contents.
*
* @access public
@@ -29,8 +62,10 @@
*
* @return string The rendered text in HTML.
*/
- function render($params)
+ function render($params = array())
{
+ global $registry, $prefs;
+
$contents = &$params[0];
$data = $this->mime_part->getContents();
@@ -134,6 +169,17 @@
// Filter bad language.
$data = IMP::filterText($data);
+
+ if ($prefs->getValue('html_image_replacement') &&
+ Horde::getFormData('viewimages') != 'true') {
+ $sender = $contents->getFromAddress();
+
+ if (!$prefs->getValue('allow_images_from_addressbook_senders') ||
+ !$this->_inAddressBook($sender)) {
+ $newSrc = '\'' . Horde::url($registry->getParam('webroot', 'imp') . '/graphics/folders/spacer.gif') . '\'';
+ $data = preg_replace('/(<img.*src=|<input.*src=|<body.*background=|<td.*background=|<table.*background=|style=.*background-image:.*url\().*(\s|>|\))/iUs', "$1" . $newSrc . "$2", $data);
+ }
+ }
return $data;
}
More information about the dev
mailing list