From c505e59a6d2cf45233c1e0de186b8d6fe9d804ba Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 05 Sep 2008 05:29:06 -0400
Subject: [PATCH] Respect Content-Location headers in multipart/related messages (#1484946)

---
 program/lib/washtml.php |   15 +++++++++------
 1 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/program/lib/washtml.php b/program/lib/washtml.php
index 340dc93..2c38baa 100644
--- a/program/lib/washtml.php
+++ b/program/lib/washtml.php
@@ -132,13 +132,14 @@
                  '|#[0-9a-f]{3,6}|[a-z0-9\-]+'.
                  ')\s*/i', $str, $match)) {
           if($match[2]) {
-            if(preg_match('/^(http|https|ftp):.*$/i', $match[2], $url)) {
+            if($src = $this->config['cid_map'][$match[2]])
+              $value .= ' url(\''.htmlspecialchars($src, ENT_QUOTES) . '\')';
+            else if(preg_match('/^(http|https|ftp):.*$/i', $match[2], $url)) {
               if($this->config['allow_remote'])
                 $value .= ' url(\''.htmlspecialchars($url[0], ENT_QUOTES).'\')';
               else
                 $this->extlinks = true;
-            } else if(preg_match('/^cid:(.*)$/i', $match[2], $cid))
-              $value .= ' url(\''.htmlspecialchars($this->config['cid_map']['cid:'.$cid[1]], ENT_QUOTES) . '\')';
+            }
           } else if($match[0] != 'url' && $match[0] != 'rbg')//whitelist ?
             $value .= ' ' . $match[0];
           $str = substr($str, strlen($match[0]));
@@ -164,7 +165,10 @@
       else if($key == 'style' && ($style = $this->wash_style($value)))
         $t .= ' style="' . $style . '"';
       else if($key == 'src' && strtolower($node->tagName) == 'img') { //check tagName anyway
-        if(preg_match('/^(http|https|ftp):.*/i', $value)) {
+        if($src = $this->config['cid_map'][$value]) {
+          $t .= ' ' . $key . '="' . htmlspecialchars($src, ENT_QUOTES) . '"';
+        }
+        else if(preg_match('/^(http|https|ftp):.*/i', $value)) {
           if($this->config['allow_remote'])
             $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
           else {
@@ -172,8 +176,7 @@
             if ($this->config['blocked_src'])
               $t .= ' src="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';
           }
-        } else if(preg_match('/^cid:(.*)$/i', $value, $cid))
-          $t .= ' ' . $key . '="' . htmlspecialchars($this->config['cid_map']['cid:'.$cid[1]], ENT_QUOTES) . '"';
+        }
       } else
         $washed .= ($washed?' ':'') . $key;
     }

--
Gitblit v1.9.1