From 4774bfab80f145531e09b5bf6859188e172c1bd3 Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Tue, 24 Jul 2018 11:44:00 +0200
Subject: [PATCH] Denying external sources with the image proxy set to insecure
 only did not work

---
 .../output/node/HtmlOutputNodeImg.class.php   | 38 +++++++++++++------
 1 file changed, 26 insertions(+), 12 deletions(-)

diff --git a/wcfsetup/install/files/lib/system/html/output/node/HtmlOutputNodeImg.class.php b/wcfsetup/install/files/lib/system/html/output/node/HtmlOutputNodeImg.class.php
index ea53c1bb39..7f55a82606 100644
--- a/wcfsetup/install/files/lib/system/html/output/node/HtmlOutputNodeImg.class.php
+++ b/wcfsetup/install/files/lib/system/html/output/node/HtmlOutputNodeImg.class.php
@@ -84,6 +84,10 @@ class HtmlOutputNodeImg extends AbstractHtmlOutputNode {
 					
 					if (IMAGE_PROXY_INSECURE_ONLY && $urlComponents['scheme'] === 'https') {
 						// proxy is enabled for insecure connections only
+						if (!IMAGE_ALLOW_EXTERNAL_SOURCE && !$this->isAllowedOrigin($src)) {
+							$this->replaceExternalSource($element, $src);
+						}
+						
 						continue;
 					}
 					
@@ -127,18 +131,7 @@ class HtmlOutputNodeImg extends AbstractHtmlOutputNode {
 					}
 				}
 				else if (!IMAGE_ALLOW_EXTERNAL_SOURCE && !$this->isAllowedOrigin($src)) {
-					$element->parentNode->insertBefore($element->ownerDocument->createTextNode('[IMG:'), $element);
-					
-					$link = $element->ownerDocument->createElement('a');
-					$link->setAttribute('href', $src);
-					$link->textContent = $src;
-					HtmlOutputNodeA::markLinkAsExternal($link);
-					
-					$element->parentNode->insertBefore($link, $element);
-					
-					$element->parentNode->insertBefore($element->ownerDocument->createTextNode(']'), $element);
-					
-					$element->parentNode->removeChild($element);
+					$this->replaceExternalSource($element, $src);
 				}
 				else if (MESSAGE_FORCE_SECURE_IMAGES && Url::parse($src)['scheme'] === 'http') {
 					// rewrite protocol to `https`
@@ -148,6 +141,27 @@ class HtmlOutputNodeImg extends AbstractHtmlOutputNode {
 		}
 	}
 	
+	/**
+	 * Replaces images embedded from external sources that are not handled by the image proxy.
+	 * 
+	 * @param       \DOMElement     $element
+	 * @param       string          $src
+	 */
+	protected function replaceExternalSource(\DOMElement $element, $src) {
+		$element->parentNode->insertBefore($element->ownerDocument->createTextNode('[IMG:'), $element);
+		
+		$link = $element->ownerDocument->createElement('a');
+		$link->setAttribute('href', $src);
+		$link->textContent = $src;
+		HtmlOutputNodeA::markLinkAsExternal($link);
+		
+		$element->parentNode->insertBefore($link, $element);
+		
+		$element->parentNode->insertBefore($element->ownerDocument->createTextNode(']'), $element);
+		
+		$element->parentNode->removeChild($element);
+	}
+	
 	/**
 	 * Validates the domain name against the list of own domains
 	 * and whitelisted ones with wildcard support.
-- 
2.20.1