View Issue Details

IDProjectCategoryView StatusLast Update
0002437SOGoWeb Mailpublic2014-04-16 19:43
ReporterChristian Mack Assigned Tofrancis  
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.0.7 
Target Version2.2.0Fixed in Version2.2.0 
Summary0002437: pictures in emails are loaded and displayed, despite preference set to "Never"
Description

For emails you can set "Display remote inline images" to "Never".
With that pictures in HTML emails are not loaded via URLs.

But if URLs for pictures are used as background, then SOGo displays them.

That is a security related bug, so please fix it soon.

Steps To Reproduce

For user A set in "Preferences" -> "Mail options" option "Display remote inline images" to "Never".

Write a HTML email to user A with either:

<table>
<td background="http://www.heise.de/security/icons/security_logo.gif&quot; width=112 height=75>
</td>
</table>

or:

<body background="http://www.heise.de/security/icons/security_logo.gif&quot;>
Some text to inform about whatever.
</body>

When read in SOGo, the picture is loaded and displayed.
This should not happen.
There should be a "Load image" button instead.

TagsNo tags attached.

Issue History

Date Modified Username Field Change
2013-10-10 12:57 Christian Mack New Issue
2013-10-10 12:59 Christian Mack Severity minor => major
2013-10-10 13:00 Christian Mack Steps to Reproduce Updated
2013-10-18 14:33 ludovic Target Version => soon
2014-01-09 14:19 francis Note Added: 0006387
2014-01-09 14:19 francis Status new => resolved
2014-01-09 14:19 francis Fixed in Version => 2.2.0
2014-01-09 14:19 francis Resolution open => fixed
2014-01-09 14:19 francis Assigned To => francis
2014-02-01 02:53 ludovic Target Version soon => 2.2.0