From 0d3074deac715da0270637b4398536f6032e7024 Mon Sep 17 00:00:00 2001
From: Michael M Slusarz <slusarz@curecanti.org>
Date: Thu, 8 Jul 2010 23:47:41 -0600
Subject: [PATCH] Request #9129: Allow admin to define list of safe e-mail
 addresses that will not experience HTML image blocking

---
 imp/config/mime_drivers.php.dist |  5 ++++-
 imp/docs/CHANGES                 |  2 ++
 imp/lib/Mime/Viewer/Html.php     | 29 ++++++++++++++---------------
 3 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/imp/config/mime_drivers.php.dist b/imp/config/mime_drivers.php.dist
index b8dc81601..013ef973b 100644
--- a/imp/config/mime_drivers.php.dist
+++ b/imp/config/mime_drivers.php.dist
@@ -96,7 +96,10 @@ $mime_drivers['imp']['html'] = array(
      * Set to 0 to disable this check. */
     'limit_inline_size' => 1048576,
     /* Check for phishing exploits? */
-    'phishing_check' => true
+    'phishing_check' => true,
+    /* A list of from e-mail addresses that are considered "safe" for purposes
+     * of image blocking (if enabled). */
+    'safe_addrs' => array()
 );
 
 /**
diff --git a/imp/docs/CHANGES b/imp/docs/CHANGES
index 18b882b5d..91ef26dfe 100644
--- a/imp/docs/CHANGES
+++ b/imp/docs/CHANGES
@@ -2,6 +2,8 @@
 v5.0-git
 --------
 
+[mms] Allow admin to define list of safe e-mail addresses that will not
+      experience HTML image blocking (Request #9129).
 [mms] HTML compose editor uses Horde language for UI (Request #9084;
       leandro.damascena@gmail.com).
 [mms] Add config option to disable multipart/related conversions
diff --git a/imp/lib/Mime/Viewer/Html.php b/imp/lib/Mime/Viewer/Html.php
index ab410bb8b..6fb6aecd5 100644
--- a/imp/lib/Mime/Viewer/Html.php
+++ b/imp/lib/Mime/Viewer/Html.php
@@ -244,8 +244,7 @@ class IMP_Horde_Mime_Viewer_Html extends Horde_Mime_Viewer_Html
         if ($inline &&
             $GLOBALS['prefs']->getValue('html_image_replacement') &&
             preg_match($this->_img_regex, $this->_mimepart->getContents()) &&
-            (!$GLOBALS['prefs']->getValue('html_image_addrbook') ||
-             !$this->_inAddressBook())) {
+            !$this->_inAddressBook()) {
             $data = $this->blockImages($data);
 
             $status[] = array(
@@ -347,21 +346,21 @@ class IMP_Horde_Mime_Viewer_Html extends Horde_Mime_Viewer_Html
      */
     protected function _inAddressBook()
     {
-        /* If we don't have a contacts provider available, give up. */
-        if (!$GLOBALS['registry']->hasMethod('contacts/getField')) {
-            return false;
+        $from = Horde_Mime_Address::bareAddress($this->_params['contents']->getHeaderOb()->getValue('from'));
+
+        if ($GLOBALS['prefs']->getValue('html_image_addrbook') &&
+            $GLOBALS['registry']->hasMethod('contacts/getField')) {
+            $params = IMP::getAddressbookSearchParams();
+            try {
+                if ($GLOBALS['registry']->call('contacts/getField', array($from, '__key', $params['sources'], false, true))) {
+                    return true;
+                }
+            } catch (Horde_Exception $e) {}
         }
 
-        $params = IMP::getAddressbookSearchParams();
-        $headers = $this->_params['contents']->getHeaderOb();
-
-        /* Try to get back a result from the search. */
-        try {
-            $res = $GLOBALS['registry']->call('contacts/getField', array(Horde_Mime_Address::bareAddress($headers->getValue('from')), '__key', $params['sources'], false, true));
-            return count($res);
-        } catch (Horde_Exception $e) {
-            return false;
-        }
+        /* Check admin defined e-mail list. */
+        $safe_addrs = $this->getConfigParam('safe_addrs');
+        return (!empty($safe_addrs) && in_array($from, $safe_addrs));
     }
 
 }
-- 
2.11.0