Option to block images from external sources

diff --git a/com.woltlab.wcf/option.xml b/com.woltlab.wcf/option.xml
index 941f782af0e792fc7868b2c34d84e4c44c53fda0..92845b96d240e82bfe24e09b4a0fe3f692e9b2c7 100644 (file)
--- a/com.woltlab.wcf/option.xml
+++ b/com.woltlab.wcf/option.xml
@@ -201,6 +201,9 @@
                                        <category name="message.general.edit">
                                                <parent>message.general</parent>
                                        </category>
+                                       <category name="message.general.image">
+                                               <parent>message.general</parent>
+                                       </category>
                                
                                <category name="message.attachment">
                                        <parent>message</parent>
@@ -962,6 +965,14 @@ memcached:cache_source_memcached_host]]></enableoptions>
                        </option>
                        <!-- /message.general.share -->
                        
+                       <!-- message.general.image -->
+                       <option name="image_allow_external_source">
+                               <categoryname>message.general.image</categoryname>
+                               <optiontype>boolean</optiontype>
+                               <defaultvalue>0</defaultvalue>
+                       </option>
+                       <!-- /message.general.image -->
+                       
                        <!-- message.censorship -->
                        <option name="enable_censorship">
                                <categoryname>message.censorship</categoryname>

diff --git a/wcfsetup/install/files/lib/system/bbcode/ImageBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/ImageBBCode.class.php
index 0b6c05123fd8b2e173b5c4262bcfa1de8fada1bd..3465f32c5cf4efc4091ae29743c68e78edead97b 100644 (file)
--- a/wcfsetup/install/files/lib/system/bbcode/ImageBBCode.class.php
+++ b/wcfsetup/install/files/lib/system/bbcode/ImageBBCode.class.php
@@ -1,5 +1,6 @@
 <?php
 namespace wcf\system\bbcode;
+use wcf\system\application\ApplicationHandler;
 use wcf\util\StringUtil;
 
 /**
@@ -23,6 +24,10 @@ class ImageBBCode extends AbstractBBCode {
                }
                
                if ($parser->getOutputType() == 'text/html') {
+                       if (!IMAGE_ALLOW_EXTERNAL_SOURCE && !ApplicationHandler::getInstance()->isInternalURL($src)) {
+                               return '[IMG:<a href="'.$src.'">'.$src.'</a>]';
+                       }
+                       
                        $float = '';
                        if (isset($openingTag['attributes'][1])) {
                                $float = $openingTag['attributes'][1];

diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml
index 7b74caf7184b721b62a6ee55653f6c26cd3a1715..a142e11bbe28422c561660780e5d1c7fc9b237c3 100644 (file)
--- a/wcfsetup/install/lang/de.xml
+++ b/wcfsetup/install/lang/de.xml
@@ -1065,6 +1065,8 @@ GmbH=Gesellschaft mit beschränkter Haftung]]></item>
                <item name="wcf.acp.option.category.general.payment.paidSubscription"><![CDATA[Bezahlte Mitgliedschaften]]></item>
                <item name="wcf.acp.option.google_maps_api_key"><![CDATA[Browser-API-Schlüssel]]></item>
                <item name="wcf.acp.option.google_maps_api_key.description"><![CDATA[Google stellt <a href="{@$__wcf->getPath()}acp/dereferrer.php?url={'https://developers.google.com/maps/documentation/javascript/get-api-key'|rawurlencode}" class="externalURL">hier</a> eine ausführliche Anleitung bereit, wie Sie einen API-Schlüssel erstellen können.]]></item>
+               <item name="wcf.acp.option.category.message.general.image"><![CDATA[Bilder]]></item>
+               <item name="wcf.acp.option.image_allow_external_source"><![CDATA[Bilder von externen Seiten erlauben]]></item>
        </category>
        
        <category name="wcf.acp.package">

diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml
index 3574281da47d445f451ed7fdf553e2e67d04e124..a71d1146440a796c12e57ed88d802e7976e950fe 100644 (file)
--- a/wcfsetup/install/lang/en.xml
+++ b/wcfsetup/install/lang/en.xml
@@ -1082,6 +1082,8 @@
                <item name="wcf.acp.option.category.general.payment.paidSubscription"><![CDATA[Paid Subscriptions]]></item>
                <item name="wcf.acp.option.google_maps_api_key"><![CDATA[Browser API Key]]></item>
                <item name="wcf.acp.option.google_maps_api_key.description"><![CDATA[Google provides a detailed description on how to get an API key <a href="{@$__wcf->getPath()}acp/dereferrer.php?url={'https://developers.google.com/maps/documentation/javascript/get-api-key'|rawurlencode}" class="externalURL">here</a>.]]></item>
+               <item name="wcf.acp.option.category.message.general.image"><![CDATA[Images]]></item>
+               <item name="wcf.acp.option.image_allow_external_source"><![CDATA[Allow images from external sites]]></item>
        </category>
        
        <category name="wcf.acp.package">