Hi,
I seem to be having some issues with remote images in HTML messages when using the builtin webmail (Read Mail) module in Usermin. If I right click -> copy image location in Firefox and check the resulting URL I see http://virtualmin-server:port/mailbox/http://remote-server/image.jpg instead of http://remote-server/image.jpg.
The raw message looks ok to me. I see properly formed HTML:
<table class="emailwrapto100p" align="center" width="600"
cellspacing="0" cellpadding="0" bgcolor="#FFFFFF"
border="0">
<tbody>
<tr>
<td align="center" bgcolor="#FF0000"><img
src="http://a1708.g.akamai.net/7/1708/5303/35387866912/image.pch.com/emailima..." alt="ACTIVATE 3X ENTRIES" class="emailwrapto100p" style="display:block;" moz-do-not-send="true" width="600" height="95" border="0">
But as mentioned the image link comes out as https://[our-server:port]/mailbox/http://a1708.g.akamai.net/7/1708/5303/35387866912/image.pch.com/emailima... and shows up broken in the email.
Looking through the usermin logs I do see quite a few hits like this on our two largest servers...
grep '/mailbox/http' /var/usermin/miniserv.log |wc -l17902
grep '/mailbox/http' /var/usermin/miniserv.log |wc -l21742
The logs go back to December 2016 but these hits first start in mid December 2017. One server is the 14th and the other is the 15th. These servers get pretty decent traffic so it's possible this was working at one time and a bug in Usermin or the Authentic theme (if Authentic might play a part) poked it's head out around this time.
Looking through my December dpkg logs I see:
2017-12-08 12:09:26 upgrade webmin-virtual-server:all 6.01.gpl-3 6.02.gpl 2017-12-11 16:20:26 upgrade webmin:all 1.860 1.870
I'd feel more confident if a Usermin update was listed among these, but perhaps it's an Authentic theme issue, and there likely would have been a new theme along with the webmin 1.870 update. There's usermin update on December 18th but that wouldn't play a part here if the first hits are before that. Nothing earlier or in November. I have to go back to October for virtualmin/webmin/usermin package updates and I'm not entirely sure the issue would be that far back...
If this was Apache I could probably quickly whip up a RewriteRule or a RedirectMatch to get this working but I don't believe miniserv.pl has the ability to add custom redirects.
This does not appear to affect images with inline attachments. I sent a test to myself with an attached image used in someone's signature and that displayed properly.
The message displays properly in Roundcube.
I'm currently running webmin-1.872, usermin-1.734, and virtualmin-base 5.0-1 on Debian 8 with the Authentic theme with the latest updates applied.
Anyone else experiencing this?
Thanks alot,
Mike
Comments
Submitted by JamieCameron on Fri, 03/23/2018 - 23:22 Comment #1
Can you forward one of these emails to me at jcameron@virtualmin.com , and reference this ticket in the email subject?
Submitted by mhokenson on Mon, 03/26/2018 - 14:45 Comment #2
Hi Jamie,
I created a message with a mix of remote and attached images and sent you a copy. For me the td background works, but next 2 plain old img links don't, and the last attached image is fine.
In Firefox I'm able to right click over the 'Virtualmin logo here' text and do a Copy image location to see the broken https://server/mailbox/http://... image URLs.
Thunderbird shows the message properly as does Roundcube.
Thanks,
Mike
Submitted by JamieCameron on Mon, 03/26/2018 - 18:18 Comment #3
Thanks, got the email ... now looking into why it's happening.
Submitted by mhokenson on Fri, 03/30/2018 - 10:31 Comment #4
I haven't had much luck on this one so far..
$bodycontents in usermin/mailbox/view_mail.cgi looks fine after safe_html() and fix_cids() and all that runs on it. I printed that out to a log file and the image URLs are still good by the time it reaches the ui_table* functions, all lacking the /mailbox/ prefix. I briefly looked at those functions and there doesn't appear to be an content manipulation, just drawing the tables and whatnot, passing to functions from the theme (if available).
Could the content modification be done somewhere in javascript? One thing I noticed when I did a View selection source in Firefox is the A tag for the 2nd image had a data-original-title="" attribute added. That's not in my original message, and the only references to that I could find were in some css and js files. The A target is new as well but that's done with links_urls_new_target() and that's all that function does.
Submitted by mhokenson on Tue, 04/03/2018 - 15:08 Comment #5
I think I finally found it in /usr/share/usermin/authentic-theme/unauthenticated/js/bundle.min.js. The file is mush, "compressed" javascript, but if you search for "v___location_directory_trail_slashed+t" you'll find a chunk of code like this:
function(){var e=$(this),t=e.attr("src");t&&!t.startsWith("/")&&e.attr("src",v___location_directory_trail_slashed+t)}
If you change that test to also include !t.startsWith("http"), eg:
function(){var e=$(this),t=e.attr("src");t&&!t.startsWith("/")&&!t.startsWith("http")&&e.attr("src",v___location_directory_trail_slashed+t)}
Then the remote image links are no longer altered to include the /mailbox/ prefix and they display properly.
Submitted by JamieCameron on Tue, 04/03/2018 - 23:05 Comment #6
Ilia, any idea what's happening here?
Hi,
Even though the whole mail interface is being re-worked, it's the global bug and I made a patch for it.
Thank you for reporting.