Email adjuster to attach/embed by scanning the email body

Created on 4 June 2022, over 2 years ago
Updated 30 August 2024, 4 months ago

Problem/Motivation

This issue covers the case where the module/code that builds the email does not support attachments. The site owner can use this adjuster to scan the email body to attach files or embed images.

Proposed resolution

Rough starting point see code in this comment ๐ŸŒฑ [META] Attachments support Active .

Remaining tasks

Needs changes to apply the following comments:

  1. Follow the standard method of __construct() and create()
  2. The cid doesn't need to be universally unique, just unique within this email. Probably we should get the Email object to handle assignment of a unique cid or else every caller would need to duplicate the same code.
  3. Call to realpath() is discouraged and only works for local filesystem. Probably it's unnecessary as embedFromPath() can handle it??
  4. Maybe add support for attaching files?
  5. Maybe add settings to control embedding - e.g. only local files or a max size.

User interface changes

API changes

Data model changes

โœจ Feature request
Status

Needs work

Version

1.0

Component

Code

Created by

๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • First commit to issue fork.
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    PHPLint Failed
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    PHPLint Failed
  • Status changed to Needs review over 1 year ago
  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    Hey i did rebase this MR and did try to fix the comments made by @AdamPS.

    I don't implement the CID counter and instead relied on the getContentId() from DataPart

  • Status changed to Needs work over 1 year ago
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    Great thanks. The tests are failing with a syntax error so this needs work.

  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass
  • Status changed to Needs review over 1 year ago
  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    Fixed linter issues.

  • Status changed to Needs work over 1 year ago
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    Thanks @metallized, that's some more good ideas.

    It's a good reminder to look at image:, which as far as I can see is specific to swiftmailer. It could be good to support it for back-compatibility however I would see it as deprecated. I propose we should get the main function of this issue working here, and raise a separate issue for image:.

    This issue ๐ŸŒฑ [Meta] PHP DOM (libxml2) misinterprets HTML5 Active covers HTML5 support in core, and it proposes to use html5-php. The interface seems close to \DOMDocument, so sticking with \DOMDocument is likely the best direction for now.

    Details comments are in the MR.

  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    @AdamPS, i'll wait your answer to commit the changes.

  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    The UTF-8 problem seems unpleasant, thanks for debugging it. There seems to a choice of exactly how to solve it, see discussion. Most of the options seem a bit hacky, with possible problems.

    1) According to ๐Ÿ› Deprecated function: mb_convert_encoding(): Handling HTML entities via mbstring is deprecated Fixed , the mb_convert_encoding() option could be deprecated in PHP 8.2.

    2) In tijsverkoyen/css-to-inline-styles (which is already a dependency of this module), in createDomDocumentFromHtml() it uses

    mb_encode_numericentity($html, [0x80, 0x10FFFF, 0, 0x1FFFFF], 'UTF-8')
    

    This seems even more hacky than most options however I guess there is a precedent for it.

    3) We could potentially avoid all the problems and create a future-proof solution using html5-php, as mentioned in #13.

  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    For the other question about this code:

    public function embedFromPath(string $path, string $name = NULL, string $mimeType = NULL) {
        $contentId = bin2hex(random_bytes(16));
        $name = empty($name) ? $contentId . '@symfony_mailer' : $contentId . '@' . $name;
        $this->inner->embedFromPath($path, $name, $mimeType);
    
        return $name;
      }
    

    Basically like that, however if the caller passed $name we should use it. So I would say more like this, I think better than random_bytes() is to use a hash of $path.

    if (!$name) {
      $name = sha1($path);
    }
    
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    I just spotted one more thing. The original patch had $processed_images to avoid embedding the same image twice. We still need that I think - it can be map from filename to cid. If the image was already processed, then we skip the call to embedFromPath() but still call setAttribute().

  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass
  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    I think all gets fixed, about #17, i think is not necesary cause in first place we need to get the cid from uri so we can create a $processedImage, i think we need a helper method or function to create the cid string so we skip the call to Symfony\Component\Mime\Email::embedFromPath.

  • Status changed to Needs review over 1 year ago
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    Great thanks I'll take a look

  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    So HTML5 solved all the problems??

    Interesting, core has HTML::load() and Html::serialize. I guess that would be the alternative if we find problems with the HTML5 library.

  • Assigned to metallized
  • Status changed to Needs work over 1 year ago
  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    Yeah solved all problems.

    Let me replace the use of direct HTML5 for href=" https://www.drupal.org/project/bootstrap/issues/3254714 โ†’ ">Core HTML.

  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass
  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    All done, also working encoding.

  • Issue was unassigned.
  • Status changed to Needs review over 1 year ago
  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized
  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    @AdamPS do you need something more, can we update this?

  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    Sorry I haven't forgotten, just been a bit busy. I'll get to it soon.

  • Status changed to Needs work over 1 year ago
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    Generally it's looking good thanks. This is a key issue and it's important that we do all we can to get it right๐Ÿ˜ƒ. I read through the past comments and here's what I spotted:

    1) #17/#18 seems to be still unresolved.

    embedFromPath() can keep a map with key = path and value = name. If the key already exists then skip the call to $this->inner->embedFromPath.

    2) Originally I suggested a CID counter. Unfortunately later I forgot about this idea, and suggested sha1. The counter seems better as it's faster and generates shorter names. Any reason why we can't use the original counter idea?

    3) We should have tests for new features please (true, existing test coverage is poor, at least we can stop adding new code without tests๐Ÿ˜ƒ).

    • Create a new functional test class AdjusterTest which should have a test for each adjuster. Of course you don't have to add the existing ones - just create one for the new adjuster.
    • Create a new function SymfonyMailerKernelTest::emailInterfaceTest() which should call each function on EmailInterface/BaseEmailInterface. Again just need to call the new function and try to find a way to test that it worked.

    4) Security implications. This adjuster could potentially be used to bypass access checking. The file might be in the private file system, or it could even be settings.php. Perhaps security should be a separate issue - in which case this one might need to be postponed on the other.

  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 2 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 2 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 2 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 2 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 2 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 2 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 1 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 1 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 1 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 1 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 2 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 2 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 1 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 1 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 1 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 1 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 1 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    6 pass
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 10.0.7 + Environment: PHP 8.2 & MySQL 8
    last update over 1 year ago
    6 pass
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    5 pass, 1 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    6 pass
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 10.0.7 + Environment: PHP 8.2 & MySQL 8
    last update over 1 year ago
    6 pass
  • Status changed to Needs review over 1 year ago
  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    First of all, i want to apologize for sending so many commits (i couldn't get phpunit to work on my local, but finallly i did it), i did answer to your comments on gitlab.

    1) #17/#18 seems to be still unresolved.

    Don't get me wrong but why are you concerned about this, symfony do this on Email::prepareParts() on line 502, anyway i did a extra validation on BaseEmailTrait::embedFromPath() what do you think about this?

    2) Originally I suggested a CID counter. Unfortunately later I forgot about this idea, and suggested sha1. The counter seems better as it's faster and generates shorter names. Any reason why we can't use the original counter idea?

    See my previous answer.

    3) We should have tests for new features please (true, existing test coverage is poor, at least we can stop adding new code without tests๐Ÿ˜ƒ).

    Create a new functional test class AdjusterTest which should have a test for each adjuster. Of course you don't have to add the existing ones - just create one for the new adjuster.
    Create a new function SymfonyMailerKernelTest::emailInterfaceTest() which should call each function on EmailInterface/BaseEmailInterface. Again just need to call the new function and try to find a way to test that it worked.

    What do you think about what i did?

    4) Security implications. This adjuster could potentially be used to bypass access checking. The file might be in the private file system, or it could even be settings.php. Perhaps security should be a separate issue - in which case this one might need to be postponed on the other.

    I add a validation to make sure is a image file, what do you think about this?

  • Status changed to Needs work over 1 year ago
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    Great many thanks

    1)

    Don't get me wrong but why are you concerned about this, symfony do this on Email::prepareParts() on line 502

    I am concerned about the case that the email contains the the same URI in two places. If we call embedFromPath() twice then it will create 2 identical entries in $this->attachments(), see line 391 in Email.php.

    3) Tests look good thanks.

    4) Eventually the security should be similar to the existing Drupal access system - there would be hooks that return an access result, and an adjuster to configure policy in the GUI. In the beginning we can start with a simple rule that is safe. I made a suggestion in the MR based on testing the URL protocol.

  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    6 pass
  • Status changed to Needs review over 1 year ago
  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    I made all your suggestions, please review.

  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    6 pass
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 10.0.7 + Environment: PHP 8.2 & MySQL 8
    last update over 1 year ago
    6 pass
  • Status changed to Needs work over 1 year ago
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    Great thanks. I made one comment on the new function.

  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    1 pass, 8 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    1 pass, 8 fail
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    6 pass
  • Status changed to Needs review over 1 year ago
  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    Please see my answer on gitlab, i think we should stay close to the swiftmailer implementation, we can even remove the absolutepath transformation and scheme/protocol validations.

  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 10.0.7 + Environment: PHP 8.2 & MySQL 8
    last update over 1 year ago
    6 pass
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    Great I like the mime type validation, and being similar to swiftmailer.

    In BaseEmailTrait::embedFromPath(), attachNoPath(), attachFromPath() there is a $mimeType parameter. This is passed through to the Symfony Mailer library methods which will guess a mime type if one hasn't been set. I propose that we should guess consistently and only do it once (rather than doing some guessing in the module, some in the library, and sometimes guessing the same file twice).

    It seems better to guess in the module, using the same Drupal code used throughout the website, so your new code is good. We can guess the mime type in all three BaseEmailTrait methods (except if a value is passed already), and pass the answer to the library. We can use the same mime type for allowEmbed().

    we can even remove the absolutepath transformation

    I agree - we already have AbsoluteUrlEmailAdjuster. If necessary we can make the new adjuster run after AbsoluteUrlEmailAdjuster.

    and remove the scheme/protocol validations.

    I don't think so. If an email contains a link to a private image, this is safe - the recipient can only see the image if they log in as a user with the correct permissions. If an email contains an embedded private image, then the recipient can immediately see the image without any access checking. The InlineImagesEmailAdjuster tries to embed all images, so this creates a dangerous combination.

    We should have tests to verify the access checking. Embedding should fail for a private:\\ image, settings.php, or an image denied by htaccess. Embedding should succeed for a public:\\ image, or core/themes/stark/screenshot.png.

  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    6 pass
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 10.0.7 + Environment: PHP 8.2 & MySQL 8
    last update over 1 year ago
    6 pass
  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    Great I like the mime type validation, and being similar to swiftmailer.

    In BaseEmailTrait::embedFromPath(), attachNoPath(), attachFromPath() there is a $mimeType parameter. This is passed through to the Symfony Mailer library methods which will guess a mime type if one hasn't been set. I propose that we should guess consistently and only do it once (rather than doing some guessing in the module, some in the library, and sometimes guessing the same file twice).

    It seems better to guess in the module, using the same Drupal code used throughout the website, so your new code is good. We can guess the mime type in all three BaseEmailTrait methods (except if a value is passed already), and pass the answer to the library. We can use the same mime type for allowEmbed().

    What you think about what i did?

    I don't think so. If an email contains a link to a private image, this is safe - the recipient can only see the image if they log in as a user with the correct permissions. If an email contains an embedded private image, then the recipient can immediately see the image without any access checking. The InlineImagesEmailAdjuster tries to embed all images, so this creates a dangerous combination.

    We should have tests to verify the access checking. Embedding should fail for a private:\\ image, settings.php, or an image denied by htaccess. Embedding should succeed for a public:\\ image, or core/themes/stark/screenshot.png.

    And what if a site admin/module wants/needs to embed that files?, i think we should not restrict this, at the end is the admin user/contrib or custom modules who decides what to embed.

  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    And what if a site admin/module wants/needs to embed those files?, i think we should not restrict this, in the end is the admin/modules who decides what to embed.

    But it is not only admins that can choose the content of an email. E.g. with simplenews, anyone with permission to edit a newsletter node can insert links to private images - even ones that they don't have permission to see. Maybe with contact module even anon users can insert links in emails.

    This module must not break access control of images, that would be a security issue and I cannot commit it. If we restrict too much, then true it is limiting, but I can commit it. We can add ways to manage the access in detail in another issue. Still the default must be secure.

  • Status changed to Needs work over 1 year ago
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    Many thanks, the mime type code is good, I made some detailed comments.

    I'm sorry but the security issue cannot be ignored. We have a stable release and the security team would insist on a fix or shut the module down. If the recipient of the email would not be allowed to see the image using a link then also they must not be allowed to see it using embed. We should have tests to verify this. Otherwise, an anonymous user who can guess the URL of a private image could email it to themself (e.g. using webform).

    Certainly I don't insist on a solution using scheme/protocol validations - it could also be a different solution, which could even be better. Ideally we would email a private image to the email address of a user who has permission to see it. And we would email an image within /modules or /themes except if it was blocked by .htaccess. That would mean that we fetch the image in a way that runs through the normal Drupal access checking, using the permissions of the current user.

  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    7 pass
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 10.0.7 + Environment: PHP 8.2 & MySQL 8
    last update over 1 year ago
    7 pass
  • Status changed to Needs review over 1 year ago
  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    Hi, i make all the fixes (i think ;)), about the security issues i will wait to suggestions about how to do it, i try with the Drupal path validator service, but doesn't works as need it.

    We need to make some research about how other modules do it. Note that in`SwiftMailer`, they does not do any security validation about image paths.

    If you want to mark this as posponed its OK.

  • ๐Ÿ‡ณ๐Ÿ‡ฑNetherlands dennis_meuwissen

    Embedding images works well with the new email adjuster, except that the adjuster plugin runs before the email is wrapped. Any images from the wrapped HTML (from email-wrap.html.twig) will then not be embedded. Setting the plugin weight to 850 so that it runs after the mailer_wrap_and_convert plugin solves that.

  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    Setting the plugin weight to 850 so that it runs after the mailer_wrap_and_convert plugin solves that.

    That seems to make sense. It also makes this plug-in after AbsoluteUrlEmailAdjuster, which I think should be fine.

  • Status changed to RTBC over 1 year ago
  • heddn Nicaragua

    Even if this is only scoped to an API addition for mail plugins to call embedFromPath, this is a great improvement. I vote to get this merged. It works. If the UI components are still being debated, can we move those into a follow-up so we can get the basics of this feature added to the code base?

  • Status changed to Needs work over 1 year ago
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    @heddn
    This issue is for the UI components as indicated in the title. It's not ready to commit due to legitimate security concerns that are clearly explained in earlier comments.

    However I agree it's a good idea to split the API change into a separate issue. It can take parts of this patch and likely could be committed.

  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update over 1 year ago
    7 pass
  • heddn Nicaragua

    I've rebased the MR here and moved the API additions over into ๐Ÿ“Œ embedFromPath API addition (for #3284140) Needs work .

  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps
  • I referred to the code in the PR and created a patch to scan the pictures in the email and replace them with cid. It works normally for me. According to the code in the PR above, there may be a more elegant way to solve it. I don't have time to continue researching this issue at the moment.
    my symfony mailer version is 1.2.2. This patch is only used to solve the problem that the embed image is broken in the email body.

  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 10.1.x + Environment: PHP 8.1 & MySQL 5.7
    last update over 1 year ago
    4 pass, 4 fail
  • ๐Ÿ‡ณ๐Ÿ‡ฑNetherlands e.ruiter

    Thanks for the patch. The patch is working except if I add an image to the body with a token then the image is not being processed because the token replace is being called later in the process. Any ideas in how to solve this?

  • ๐Ÿ‡ซ๐Ÿ‡ทFrance colin.eininger

    The weight of InlineImagesEmailAdjuster should be greater than the WrapAndConvertEmailAdjuster one. This way the inline images adjuster can be used in wrap templates too.

    Maybe set it to 1000.

  • ๐Ÿ‡ณ๐Ÿ‡ฑNetherlands e.ruiter

    Thanks! I was using the latest patch in this issue, when I switch to the MR it works

  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    hey @AdamPS, do you have any ideas about resolving the security issue when embedding files?, what about a whitelist/blacklist files, also i think that developers can skip this restrictions maybe an `embedFromPath` and `uncheckedEmbedFromPath`?

    Anything else i can help you?

  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    @metallized Thanks please see ๐Ÿ“Œ embedFromPath API addition (for #3284140) Needs work

  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    The API changes are now checked in so work can continue here.

  • ๐Ÿ‡จ๐Ÿ‡ดColombia metallized

    @adamps, Is there anything left here?

  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom adamps

    @metallized Yes we still need the adjuster and the test for it. The needs updating a little as the API is different. This issue no longer needs the calls to setAttribute() or setHtmlBody() because that's handled automatically in the Email class.

Production build 0.71.5 2024