w2: do no allow remote images in encrypted messages unless configured…

… to (astroidmail#499)
gauteh · Jun 25, 2018 · dc1b680 · dc1b680
1 parent 295d73d
commit dc1b680
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 4 deletions.
diff --git a/History.txt b/History.txt
@@ -5,6 +5,7 @@
 * Toggle between parts without re-opening
 * Configure default part
 * Show HTML parts if no other part (configurable)
+* Do not allow images in encrypted messages (#499)
 * Zoom messages with C-+ and C--
 
 == v0.12

diff --git a/src/config.cc b/src/config.cc
@@ -228,7 +228,7 @@ namespace Astroid {
 
     /* attachments
      *
-     *   a chunk is saved and opened with the this command */
+     *   a chunk is saved and opened with this command */
     default_config.put ("attachment.external_open_cmd", "xdg-open");
 
     /* thread view
@@ -240,6 +240,8 @@ namespace Astroid {
     default_config.put ("thread_view.preferred_type", "plain");
     default_config.put ("thread_view.preferred_html_only", false);
 
+    default_config.put ("thread_view.allow_remote_when_encrypted", false);
+
     /*   if a link is clicked (html, ftp, etc..) it is executed with this
      *   command. */
     default_config.put ("thread_view.open_external_link", "xdg-open");

diff --git a/src/modes/thread_view/thread_view.cc b/src/modes/thread_view/thread_view.cc
@@ -110,7 +110,7 @@ namespace Astroid {
         "enable-javascript", FALSE,
         "enable-java", FALSE,
         "enable-plugins", FALSE,
-        "auto-load-images", TRUE,
+        "auto-load-images", FALSE,
         "enable-dns-prefetching", FALSE,
         "enable-fullscreen", FALSE,
         "enable-html5-database", FALSE,
@@ -280,6 +280,8 @@ namespace Astroid {
           const gchar * uri_c = webkit_uri_request_get_uri (request);
           ustring uri (uri_c);
 
+          LOG (debug) << "tv: request for resource: " << uri;
+
           // prefix of local uris for loading image thumbnails
           vector<ustring> allowed_uris =
             {
@@ -942,8 +944,21 @@ namespace Astroid {
         });
 
     keys.register_key ("C-i", "thread_view.show_remote_images",
-        "Show remote images (warning: approves all requests to remote content!)",
-        [&] (Key) {
+        "Show remote images (warning: approves all requests to remote content for this thread!)",
+        [&] (Key) {
+          /* we only allow remote images / resources when
+           * no encrypted parts are present */
+          if (!config.get<bool> ("allow_remote_when_encrypted")) {
+            for (auto &m : mthread->messages) {
+              for (auto &c : mthread->all_parts()) {
+                if (c->isencrypted) {
+                  LOG (error) "tv: remote resources are not allowed in encrypted messages. check your configuration if you wish to change this.";
+                  return true;
+                }
+              }
+            }
+          }
+
           show_remote_images = true;
           LOG (debug) << "tv: show remote images: " << show_remote_images;
           reload_images ();