From 99e719d96678eb565c6ad14485c923ec377e4293 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Wed, 21 May 2014 13:18:42 -0500
Subject: [PATCH] Fix external image in an inline <a> element

htmLawed stripped/discarded <div> tags nested inside inline tags such as
<a>. The previous replacement engine would replace <img> tags with <div>
tags and would cause the HTML to be corrupted by htmLawed.

This patch uses <span> tags which have CSS rules to be displayed as
inline-blocks. This should stay truer to the normal sizing and placement of
the original <img> tag.
---
 include/class.format.php | 6 +++---
 js/osticket.js           | 2 +-
 scp/js/ticket.js         | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/class.format.php b/include/class.format.php
index 96fe09d94..c77ff0f28 100644
--- a/include/class.format.php
+++ b/include/class.format.php
@@ -280,7 +280,7 @@ class Format {
             function($match) {
                 // Drop embedded classes -- they don't refer to ours
                 $match = preg_replace('/class="[^"]*"/', '', $match);
-                return sprintf('<div %s class="non-local-image" data-%s %s></div>',
+                return sprintf('<span %s class="non-local-image" data-%s %s></span>',
                     $match[1], $match[2], $match[3]);
             },
             $text);
@@ -354,7 +354,7 @@ class Format {
                 }
                 // Images which are external are rewritten to <div
                 // data-src='url...'/>
-                elseif ($e == 'div' && $a && isset($a['data-src']))
+                elseif ($e == 'span' && $a && isset($a['data-src']))
                     $a['data-src'] = 'l.php?url='.urlencode($a['data-src'])
                         .'&amp;auth='.$token;
                 // URLs for videos need to route too
@@ -373,7 +373,7 @@ class Format {
             },
             'schemes' => 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https; src: cid, http, https, data',
             'elements' => '*+iframe',
-            'spec' => 'div=data-src,width,height',
+            'spec' => 'span=data-src,width,height',
         );
         return Format::html($text, $config);
     }
diff --git a/js/osticket.js b/js/osticket.js
index f7d956e51..27a2548df 100644
--- a/js/osticket.js
+++ b/js/osticket.js
@@ -174,7 +174,7 @@ showImagesInline = function(urls, thread_id) {
     // Optionally show external images
     $('.thread-entry').each(function(i, te) {
         var extra = $(te).find('.textra'),
-            imgs = $(te).find('div.non-local-image[data-src]');
+            imgs = $(te).find('.non-local-image[data-src]');
         if (!extra) return;
         if (!imgs.length) return;
         extra.append($('<a>')
diff --git a/scp/js/ticket.js b/scp/js/ticket.js
index 357031c9e..0932616be 100644
--- a/scp/js/ticket.js
+++ b/scp/js/ticket.js
@@ -388,7 +388,7 @@ jQuery(function($) {
     // Optionally show external images
     $('.thread-entry').each(function(i, te) {
         var extra = $(te).find('.textra'),
-            imgs = $(te).find('div.non-local-image[data-src]');
+            imgs = $(te).find('.non-local-image[data-src]');
         if (!extra) return;
         if (!imgs.length) return;
         extra.append($('<a>')
-- 
GitLab